Package org.keycloak.storage.adapter
Class AbstractUserAdapterFederatedStorage
- java.lang.Object
-
- org.keycloak.models.UserModelDefaultMethods
-
- org.keycloak.storage.adapter.AbstractUserAdapterFederatedStorage
-
- All Implemented Interfaces:
RoleMapperModel
,UserModel
- Direct Known Subclasses:
AbstractUserAdapterFederatedStorage.Streams
public abstract class AbstractUserAdapterFederatedStorage extends UserModelDefaultMethods
Assumes everything is managed by federated storage except for username. getId() returns a default value of "f:" + providerId + ":" + getUsername(). UserModel properties like enabled, firstName, lastName, email, etc. are all stored as attributes in federated storage. isEnabled() defaults to true if the ENABLED_ATTRIBUTE isn't set in federated storage- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
AbstractUserAdapterFederatedStorage.Streams
TheAbstractUserAdapterFederatedStorage.Streams
class extends theAbstractUserAdapterFederatedStorage
abstract class and implements theUserModel.Streams
interface, allowing subclasses to focus on the implementation of theStream
-based query methods and providing default implementations for the collections-based variants that delegate to theirStream
counterparts.-
Nested classes/interfaces inherited from interface org.keycloak.models.UserModel
UserModel.RequiredAction, UserModel.SearchableFields, UserModel.UserRemovedEvent
-
-
Field Summary
Fields Modifier and Type Field Description static String
CREATED_TIMESTAMP_ATTRIBUTE
static String
EMAIL_ATTRIBUTE
static String
EMAIL_VERIFIED_ATTRIBUTE
static String
ENABLED_ATTRIBUTE
static String
FIRST_NAME_ATTRIBUTE
static String
LAST_NAME_ATTRIBUTE
protected RealmModel
realm
protected KeycloakSession
session
protected StorageId
storageId
protected ComponentModel
storageProviderModel
-
Fields inherited from interface org.keycloak.models.UserModel
COMPARE_BY_USERNAME, DISABLED_REASON, EMAIL, EMAIL_VERIFIED, ENABLED, EXACT, FIRST_NAME, GROUPS, IDP_ALIAS, IDP_USER_ID, INCLUDE_SERVICE_ACCOUNT, LAST_NAME, LOCALE, SEARCH, USERNAME
-
-
Constructor Summary
Constructors Constructor Description AbstractUserAdapterFederatedStorage(KeycloakSession session, RealmModel realm, ComponentModel storageProviderModel)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addRequiredAction(String action)
void
addRequiredAction(UserModel.RequiredAction action)
protected boolean
appendDefaultGroups()
Should the realm's default groups be appended to getGroups() call? If your storage provider is not managing group mappings then it is recommended that this method return trueprotected boolean
appendDefaultRolesToRoleMappings()
Should the realm's default roles be appended to getRoleMappings() call? If your storage provider is not managing all role mappings then it is recommended that this method return truevoid
deleteRoleMapping(RoleModel role)
Removes the given role mapping from this object.boolean
equals(Object o)
List<String>
getAttribute(String name)
Map<String,List<String>>
getAttributes()
Set<RoleModel>
getClientRoleMappings(ClientModel app)
Gets role mappings from federated storage and automatically appends default roles.Long
getCreatedTimestamp()
Get timestamp of user creation.protected Set<RoleModel>
getFederatedRoleMappings()
UserFederatedStorageProvider
getFederatedStorage()
String
getFederationLink()
This method should not be overridenString
getFirstAttribute(String name)
Set<GroupModel>
getGroups()
Gets groups from federated storage and automatically appends default groups of realm.protected Set<GroupModel>
getGroupsInternal()
Get group membership mappings that are managed by this storage providerString
getId()
Defaults to 'f:' + storageProvider.getId() + ':' + getUsername()Set<RoleModel>
getRealmRoleMappings()
Gets role mappings from federated storage and automatically appends default roles.Set<String>
getRequiredActions()
Set<RoleModel>
getRoleMappings()
Gets role mappings from federated storage and automatically appends default roles.protected Set<RoleModel>
getRoleMappingsInternal()
String
getServiceAccountClientLink()
This method should not be overridenvoid
grantRole(RoleModel role)
Grants the given role to this object.int
hashCode()
boolean
hasRole(RoleModel role)
Returnstrue
if this object is directly or indirectly assigned the given role,false
otherwise.boolean
isEmailVerified()
boolean
isEnabled()
boolean
isMemberOf(GroupModel group)
void
joinGroup(GroupModel group)
void
leaveGroup(GroupModel group)
protected String
mapAttribute(String attributeName)
void
removeAttribute(String name)
void
removeRequiredAction(String action)
void
removeRequiredAction(UserModel.RequiredAction action)
void
setAttribute(String name, List<String> values)
void
setCreatedTimestamp(Long timestamp)
void
setEmailVerified(boolean verified)
Stores as attribute in federated storage.void
setEnabled(boolean enabled)
void
setFederationLink(String link)
This method should not be overridenvoid
setServiceAccountClientLink(String clientInternalId)
This method should not be overridenvoid
setSingleAttribute(String name, String value)
Set single value of specified attribute.-
Methods inherited from class org.keycloak.models.UserModelDefaultMethods
getEmail, getFirstName, getLastName, setEmail, setFirstName, setLastName, toString
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.keycloak.models.RoleMapperModel
getClientRoleMappingsStream, getRealmRoleMappingsStream, getRoleMappingsStream, hasDirectRole
-
Methods inherited from interface org.keycloak.models.UserModel
getAttributeStream, getGroups, getGroups, getGroupsCount, getGroupsCountByNameContaining, getGroupsStream, getGroupsStream, getRequiredActionsStream, getUsername, setUsername
-
-
-
-
Field Detail
-
FIRST_NAME_ATTRIBUTE
public static String FIRST_NAME_ATTRIBUTE
-
LAST_NAME_ATTRIBUTE
public static String LAST_NAME_ATTRIBUTE
-
EMAIL_ATTRIBUTE
public static String EMAIL_ATTRIBUTE
-
EMAIL_VERIFIED_ATTRIBUTE
public static String EMAIL_VERIFIED_ATTRIBUTE
-
CREATED_TIMESTAMP_ATTRIBUTE
public static String CREATED_TIMESTAMP_ATTRIBUTE
-
ENABLED_ATTRIBUTE
public static String ENABLED_ATTRIBUTE
-
session
protected KeycloakSession session
-
realm
protected RealmModel realm
-
storageProviderModel
protected ComponentModel storageProviderModel
-
storageId
protected StorageId storageId
-
-
Constructor Detail
-
AbstractUserAdapterFederatedStorage
public AbstractUserAdapterFederatedStorage(KeycloakSession session, RealmModel realm, ComponentModel storageProviderModel)
-
-
Method Detail
-
getFederatedStorage
public UserFederatedStorageProvider getFederatedStorage()
-
addRequiredAction
public void addRequiredAction(String action)
-
removeRequiredAction
public void removeRequiredAction(String action)
-
addRequiredAction
public void addRequiredAction(UserModel.RequiredAction action)
-
removeRequiredAction
public void removeRequiredAction(UserModel.RequiredAction action)
-
getGroupsInternal
protected Set<GroupModel> getGroupsInternal()
Get group membership mappings that are managed by this storage provider- Returns:
-
appendDefaultGroups
protected boolean appendDefaultGroups()
Should the realm's default groups be appended to getGroups() call? If your storage provider is not managing group mappings then it is recommended that this method return true- Returns:
-
getGroups
public Set<GroupModel> getGroups()
Gets groups from federated storage and automatically appends default groups of realm. Also calls getGroupsInternal() method to pull group membership from provider. Implementors can override that method- Returns:
-
joinGroup
public void joinGroup(GroupModel group)
-
leaveGroup
public void leaveGroup(GroupModel group)
-
isMemberOf
public boolean isMemberOf(GroupModel group)
-
getRealmRoleMappings
public Set<RoleModel> getRealmRoleMappings()
Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method- Returns:
-
getClientRoleMappings
public Set<RoleModel> getClientRoleMappings(ClientModel app)
Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method- Parameters:
app
- Client to get the roles for- Returns:
-
hasRole
public boolean hasRole(RoleModel role)
Description copied from interface:RoleMapperModel
Returnstrue
if this object is directly or indirectly assigned the given role,false
otherwise.For example,
true
is returned for hasRole(R) if:- R is directly assigned to this object
- R is not assigned to this object but this object belongs to a group G which is assigned the role R
- R is not assigned to this object but this object belongs to a group G, and G belongs to group H which is assigned the role R
- Returns:
- see description
- See Also:
if you want to check if this object is directly assigned to a role
-
grantRole
public void grantRole(RoleModel role)
Description copied from interface:RoleMapperModel
Grants the given role to this object.
-
appendDefaultRolesToRoleMappings
protected boolean appendDefaultRolesToRoleMappings()
Should the realm's default roles be appended to getRoleMappings() call? If your storage provider is not managing all role mappings then it is recommended that this method return true- Returns:
-
getRoleMappings
public Set<RoleModel> getRoleMappings()
Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method- Returns:
-
deleteRoleMapping
public void deleteRoleMapping(RoleModel role)
Description copied from interface:RoleMapperModel
Removes the given role mapping from this object.- Parameters:
role
- Role to remove
-
isEnabled
public boolean isEnabled()
-
setEnabled
public void setEnabled(boolean enabled)
-
getFederationLink
public String getFederationLink()
This method should not be overriden- Returns:
-
setFederationLink
public void setFederationLink(String link)
This method should not be overriden
-
getServiceAccountClientLink
public String getServiceAccountClientLink()
This method should not be overriden- Returns:
-
setServiceAccountClientLink
public void setServiceAccountClientLink(String clientInternalId)
This method should not be overriden
-
getId
public String getId()
Defaults to 'f:' + storageProvider.getId() + ':' + getUsername()- Returns:
-
getCreatedTimestamp
public Long getCreatedTimestamp()
Description copied from interface:UserModel
Get timestamp of user creation. May be null for old users created before this feature introduction.
-
setCreatedTimestamp
public void setCreatedTimestamp(Long timestamp)
-
setSingleAttribute
public void setSingleAttribute(String name, String value)
Description copied from interface:UserModel
Set single value of specified attribute. Remove all other existing values of this attribute
-
removeAttribute
public void removeAttribute(String name)
-
getFirstAttribute
public String getFirstAttribute(String name)
- Returns:
- null if there is not any value of specified attribute or first value otherwise. Don't throw exception if there are more values of the attribute
-
getAttribute
public List<String> getAttribute(String name)
- Returns:
- list of all attribute values or empty list if there are not any values. Never return null
-
isEmailVerified
public boolean isEmailVerified()
-
setEmailVerified
public void setEmailVerified(boolean verified)
Stores as attribute in federated storage. EMAIL_VERIFIED_ATTRIBUTE- Parameters:
verified
-
-
-