Package org.keycloak.models.utils
Class KeycloakModelUtils
- java.lang.Object
-
- org.keycloak.models.utils.KeycloakModelUtils
-
public final class KeycloakModelUtils extends Object
Set of helper methods, which are useful in various model implementations.- Author:
- Marek Posolda
-
-
Method Summary
-
-
-
Method Detail
-
generateId
public static String generateId()
-
getCertificate
public static X509Certificate getCertificate(String cert)
-
getPrivateKey
public static PrivateKey getPrivateKey(String privateKeyPem)
-
getPemFromCertificate
public static String getPemFromCertificate(X509Certificate certificate)
-
generateKeyPairCertificate
public static CertificateRepresentation generateKeyPairCertificate(String subject)
-
generateSecret
public static String generateSecret(ClientModel client)
-
getDefaultClientAuthenticatorType
public static String getDefaultClientAuthenticatorType()
-
generateCodeSecret
public static String generateCodeSecret()
-
createManagementClient
public static ClientModel createManagementClient(RealmModel realm, String name)
-
createPublicClient
public static ClientModel createPublicClient(RealmModel realm, String name)
-
searchFor
public static boolean searchFor(RoleModel role, RoleModel composite, Set<String> visited)
Deep search if given role is descendant of composite role- Parameters:
role- role to checkcomposite- composite rolevisited- set of already visited roles (used for recursion)- Returns:
- true if "role" is descendant of "composite"
-
findUserByNameOrEmail
public static UserModel findUserByNameOrEmail(KeycloakSession session, RealmModel realm, String username)
Try to find user by username or email for authentication- Parameters:
realm- realmusername- username or email of user- Returns:
- found user
-
runJobInTransaction
public static void runJobInTransaction(KeycloakSessionFactory factory, KeycloakSessionTask task)
Wrap given runnable job into KeycloakTransaction.- Parameters:
factory-task-
-
runJobInTransactionWithTimeout
public static void runJobInTransactionWithTimeout(KeycloakSessionFactory factory, KeycloakSessionTask task, int timeoutInSeconds)
Wrap given runnable job into KeycloakTransaction. Set custom timeout for the JTA transaction (in case we're in the environment with JTA enabled)- Parameters:
factory-task-timeoutInSeconds-
-
setTransactionLimit
public static void setTransactionLimit(KeycloakSessionFactory factory, int timeoutInSeconds)
-
componentModelGetter
public static Function<KeycloakSessionFactory,ComponentModel> componentModelGetter(String realmId, String componentId)
-
getComponentModel
public static ComponentModel getComponentModel(KeycloakSessionFactory factory, String realmId, String componentId)
-
getComponentFactory
public static <T extends Provider> ProviderFactory<T> getComponentFactory(KeycloakSessionFactory factory, Class<T> providerClass, Config.Scope config, String spiName)
-
getMasterRealmAdminApplicationClientId
public static String getMasterRealmAdminApplicationClientId(String realmName)
-
findUserStorageProviderByName
public static UserStorageProviderModel findUserStorageProviderByName(String displayName, RealmModel realm)
-
findUserStorageProviderById
public static UserStorageProviderModel findUserStorageProviderById(String fedProviderId, RealmModel realm)
-
createComponentModel
public static ComponentModel createComponentModel(String name, String parentId, String providerId, String providerType, String... config)
-
setupDefaultRole
public static void setupDefaultRole(RealmModel realm, String defaultRoleName)
Creates default role for particular realm with the given name.- Parameters:
realm- RealmdefaultRoleName- Name of the newly created defaultRole
-
setupOfflineRole
public static RoleModel setupOfflineRole(RealmModel realm)
-
setupDeleteAccount
public static void setupDeleteAccount(ClientModel accountClient)
-
deepFindAuthenticationExecutions
public static void deepFindAuthenticationExecutions(RealmModel realm, AuthenticationFlowModel flow, List<AuthenticationExecutionModel> result)
Recursively find all AuthenticationExecutionModel from specified flow or all it's subflows- Parameters:
realm-flow-result- input should be empty list. At the end will be all executions added to this list
-
resolveFirstAttribute
public static String resolveFirstAttribute(GroupModel group, String name)
-
resolveAttribute
public static List<String> resolveAttribute(GroupModel group, String name)
-
resolveAttribute
public static Collection<String> resolveAttribute(UserModel user, String name, boolean aggregateAttrs)
-
findGroupByPath
public static GroupModel findGroupByPath(RealmModel realm, String path)
-
getClientScopeMappings
@Deprecated public static Set<RoleModel> getClientScopeMappings(ClientModel client, ScopeContainerModel container)
Deprecated.UsegetClientScopeMappingsStream(ClientModel, ScopeContainerModel)getClientScopeMappingsStream} instead.- Parameters:
client-ClientModelcontainer-ScopeContainerModel- Returns:
-
getClientScopeMappingsStream
public static Stream<RoleModel> getClientScopeMappingsStream(ClientModel client, ScopeContainerModel container)
-
getRoleFromString
public static RoleModel getRoleFromString(RealmModel realm, String roleName)
-
isFlowUsed
public static boolean isFlowUsed(RealmModel realm, AuthenticationFlowModel model)
Check to see if a flow is currently in use- Parameters:
realm-model-- Returns:
-
getClientScopeByName
public static ClientScopeModel getClientScopeByName(RealmModel realm, String clientScopeName)
-
findClientScopeById
public static ClientScopeModel findClientScopeById(RealmModel realm, ClientModel client, String clientScopeId)
Lookup clientScope OR client by id. Method is useful if you know just ID, but you don't know if underlying model is clientScope or client
-
convertClientScopeName
public static String convertClientScopeName(String previousName)
Replace spaces in the name with underscore, so that scope name can be used as value of scope parameter
-
setupAuthorizationServices
public static void setupAuthorizationServices(RealmModel realm)
-
suspendJtaTransaction
public static void suspendJtaTransaction(KeycloakSessionFactory factory, Runnable runnable)
-
getIdentityProviderDisplayName
public static String getIdentityProviderDisplayName(KeycloakSession session, IdentityProviderModel provider)
-
isRealmProviderJpa
public static boolean isRealmProviderJpa(KeycloakSession session)
- Returns:
- true if implementation of realmProvider is "jpa" . Which is always the case in standard Keycloak installations.
-
-