Package org.keycloak.models.jpa

Class JpaRealmProvider

    • Field Detail

      • logger

        protected static final org.jboss.logging.Logger logger

      • em

        protected javax.persistence.EntityManager em

    • Constructor Detail

      • JpaRealmProvider

        public JpaRealmProvider​(KeycloakSession session,
                        javax.persistence.EntityManager em,
                        Set<String> clientSearchableAttributes,
                        Set<String> groupSearchableAttributes)

    • Method Detail

      • createRealm

        public RealmModel createRealm​(String name)
        Description copied from interface: RealmProvider
        Creates new realm with the given name. The internal ID will be generated automatically.
        Specified by:
        createRealm in interface RealmProvider
        Parameters:
        name - String name of the realm
        Returns:
        Model of the created realm.

      • createRealm

        public RealmModel createRealm​(String id,
                              String name)
        Description copied from interface: RealmProvider
        Created new realm with given ID and name.
        Specified by:
        createRealm in interface RealmProvider
        Parameters:
        id - Internal ID of the realm or null if one is to be created by the underlying store. If the store expects the ID to have a certain format (for example UUID) and the supplied ID doesn't follow the expected format, the store may replace the id with a new one at its own discretion.
        name - String name of the realm
        Returns:
        Model of the created realm.

      • getRealm

        public RealmModel getRealm​(String id)
        Description copied from interface: RealmProvider
        Exact search for a realm by its internal ID.
        Specified by:
        getRealm in interface RealmProvider
        Parameters:
        id - Internal ID of the realm.
        Returns:
        Model of the realm

      • getRealmByName

        public RealmModel getRealmByName​(String name)
        Description copied from interface: RealmProvider
        Exact search for a realm by its name.
        Specified by:
        getRealmByName in interface RealmProvider
        Parameters:
        name - String name of the realm
        Returns:
        Model of the realm

      • removeRealm

        public boolean removeRealm​(String id)
        Description copied from interface: RealmProvider
        Removes realm with the given id.
        Specified by:
        removeRealm in interface RealmProvider
        Parameters:
        id - of realm.
        Returns:
        true if the realm was successfully removed.

      • close

        public void close()
        Specified by:
        close in interface Provider

      • addRealmRole

        public RoleModel addRealmRole​(RealmModel realm,
                              String name)
        Description copied from interface: RoleProvider
        Adds a realm role with given name to the given realm. The internal ID of the role will be created automatically.
        Specified by:
        addRealmRole in interface RealmProvider
        Specified by:
        addRealmRole in interface RoleProvider
        Parameters:
        realm - Realm owning this role.
        name - String name of the role.
        Returns:
        Model of the created role.

      • addRealmRole

        public RoleModel addRealmRole​(RealmModel realm,
                              String id,
                              String name)
        Description copied from interface: RoleProvider
        Adds a realm role with given internal ID and name to the given realm.
        Specified by:
        addRealmRole in interface RealmProvider
        Specified by:
        addRealmRole in interface RoleProvider
        Parameters:
        realm - Realm owning this role.
        id - Internal ID of the role or null if one is to be created by the underlying store
        name - String name of the role.
        Returns:
        Model of the created client.

      • addClientRole

        public RoleModel addClientRole​(ClientModel client,
                               String name)
        Description copied from interface: RoleProvider
        Adds a client role with given name to the given client. The internal ID of the role will be created automatically.
        Specified by:
        addClientRole in interface RoleProvider
        Parameters:
        client - Client owning this role.
        name - String name of the role.
        Returns:
        Model of the created role.

      • addClientRole

        public RoleModel addClientRole​(ClientModel client,
                               String id,
                               String name)
        Description copied from interface: RoleProvider
        Adds a client role with given internal ID and name to the given client.
        Specified by:
        addClientRole in interface RoleProvider
        Parameters:
        client - Client owning this role.
        id - Internal ID of the client role or null if one is to be created by the underlying store.
        name - String name of the role.
        Returns:
        Model of the created role.

      • getRealmRolesStream

        public Stream<RoleModel> getRealmRolesStream​(RealmModel realm)
        Description copied from interface: RoleProvider
        Returns all the realm roles of the given realm as a stream. Effectively the same as the call getRealmRolesStream(realm, null, null).
        Specified by:
        getRealmRolesStream in interface RoleProvider
        Parameters:
        realm - Realm.
        Returns:
        Stream of the roles. Never returns null.

      • getRealmRolesStream

        public Stream<RoleModel> getRealmRolesStream​(RealmModel realm,
                                             Integer first,
                                             Integer max)
        Description copied from interface: RoleProvider
        Returns the realm roles of the given realm as a stream.
        Specified by:
        getRealmRolesStream in interface RoleProvider
        Parameters:
        realm - Realm.
        first - First result to return. Ignored if negative or null.
        max - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of the roles. Never returns null.

      • getRolesStream

        public Stream<RoleModel> getRolesStream​(RealmModel realm,
                                        Stream<String> ids,
                                        String search,
                                        Integer first,
                                        Integer max)
        Description copied from interface: RoleProvider
        Returns a paginated stream of roles with given ids and given search value in role names.
        Specified by:
        getRolesStream in interface RoleProvider
        Parameters:
        realm - Realm. Cannot be null.
        ids - Stream of ids. Returns empty Stream when null.
        search - Case-insensitive string to search by role's name or description. Ignored if null.
        first - Index of the first result to return. Ignored if negative or null.
        max - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of desired roles. Never returns null.

      • getClientRolesStream

        public Stream<RoleModel> getClientRolesStream​(ClientModel client,
                                              Integer first,
                                              Integer max)
        Description copied from interface: RoleProvider
        Returns the client roles of the given client.
        Specified by:
        getClientRolesStream in interface RoleProvider
        Parameters:
        client - Client.
        first - First result to return. Ignored if negative or null.
        max - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of the roles. Never returns null.

      • searchForClientRolesStream

        public Stream<RoleModel> searchForClientRolesStream​(ClientModel client,
                                                    String search,
                                                    Integer first,
                                                    Integer max)
        Description copied from interface: RoleLookupProvider
        Case-insensitive search for client roles that contain the given string in their name or description.
        Specified by:
        searchForClientRolesStream in interface RoleLookupProvider
        Parameters:
        client - Client.
        search - String to search by role's name or description.
        first - First result to return. Ignored if negative or null.
        max - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of the client roles their name or description contains given search string. Never returns null.

      • searchForRolesStream

        public Stream<RoleModel> searchForRolesStream​(RealmModel realm,
                                              String search,
                                              Integer first,
                                              Integer max)
        Description copied from interface: RoleLookupProvider
        Case-insensitive search for roles that contain the given string in their name or description.
        Specified by:
        searchForRolesStream in interface RoleLookupProvider
        Parameters:
        realm - Realm.
        search - Searched substring of the role's name or description.
        first - First result to return. Ignored if negative or null.
        max - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of the realm roles their name or description contains given search string. Never returns null.

      • removeRole

        public boolean removeRole​(RoleModel role)
        Description copied from interface: RoleProvider
        Removes given realm role from the given realm.
        Specified by:
        removeRole in interface RoleProvider
        Parameters:
        role - Role to be removed.
        Returns:
        true if the role existed and has been removed, false otherwise.

      • removeRoles

        public void removeRoles​(RealmModel realm)
        Description copied from interface: RoleProvider
        Removes all roles from the given realm.
        Specified by:
        removeRoles in interface RoleProvider
        Parameters:
        realm - Realm.

      • removeRoles

        public void removeRoles​(ClientModel client)
        Description copied from interface: RoleProvider
        Removes all roles from the given client.
        Specified by:
        removeRoles in interface RoleProvider
        Parameters:
        client - Client.

      • moveGroup

        public void moveGroup​(RealmModel realm,
                      GroupModel group,
                      GroupModel toParent)
        Description copied from interface: GroupProvider
        This method is used for moving groups in group structure, for example:
        • making an existing child group child group of some other group,
        • setting a top level group (i.e. group without parent group) child of some group,
        • making a child group top level group (i.e. removing its parent group).
          Specified by:
          moveGroup in interface GroupProvider
          Specified by:
          moveGroup in interface RealmProvider
          Parameters:
          realm - Realm owning this group.
          group - Group to update.
          toParent - New parent group, or null if we are moving the group to top level group.

        • getGroupsStream

          public Stream<GroupModel> getGroupsStream​(RealmModel realm,
                                          Stream<String> ids,
                                          String search,
                                          Integer first,
                                          Integer max)
          Description copied from interface: GroupProvider
          Returns a paginated stream of groups with given ids and given search value in group names.
          Specified by:
          getGroupsStream in interface GroupProvider
          Parameters:
          realm - Realm.
          ids - Stream of ids.
          search - Case insensitive string which will be searched for. Ignored if null.
          first - Index of the first result to return. Ignored if negative or null.
          max - Maximum number of results to return. Ignored if negative or null.
          Returns:
          Stream of desired groups. Never returns null.

        • getGroupsStream

          public Stream<GroupModel> getGroupsStream​(RealmModel realm,
                                          Stream<String> ids,
                                          Integer first,
                                          Integer max)
          Description copied from interface: GroupProvider
          Returns a paginated stream of groups with given ids. Effectively the same as getGroupsStream(realm, ids, null, first, max).
          Specified by:
          getGroupsStream in interface GroupProvider
          Parameters:
          realm - Realm.
          ids - Stream of ids.
          first - Index of the first result to return. Ignored if negative or null.
          max - Maximum number of results to return. Ignored if negative or null.
          Returns:
          Stream of GroupModels with the specified ids

        • getGroupsStream

          public Stream<GroupModel> getGroupsStream​(RealmModel realm,
                                          Stream<String> ids)
          Description copied from interface: GroupProvider
          Returns a stream of groups with given ids. Effectively the same as getGroupsStream(realm, ids, null, null, null).
          Specified by:
          getGroupsStream in interface GroupProvider
          Parameters:
          realm - Realm.
          ids - Stream of ids.
          Returns:
          Stream of GroupModels with the specified ids

        • getGroupsCount

          public Long getGroupsCount​(RealmModel realm,
                           Stream<String> ids,
                           String search)
          Description copied from interface: GroupProvider
          Returns a number of groups that contains the search string in the name
          Specified by:
          getGroupsCount in interface GroupProvider
          Parameters:
          realm - Realm.
          ids - List of ids.
          search - Case insensitive string which will be searched for. Ignored if null.
          Returns:
          Number of groups.

        • getGroupsCount

          public Long getGroupsCount​(RealmModel realm,
                           Boolean onlyTopGroups)
          Description copied from interface: GroupProvider
          Returns a number of groups/top level groups (i.e. groups without parent group) for the given realm.
          Specified by:
          getGroupsCount in interface GroupProvider
          Specified by:
          getGroupsCount in interface RealmProvider
          Parameters:
          realm - Realm.
          onlyTopGroups - When true the function returns a count of top level groups only.
          Returns:
          Number of groups/top level groups.

        • getGroupsByRoleStream

          public Stream<GroupModel> getGroupsByRoleStream​(RealmModel realm,
                                                RoleModel role,
                                                Integer firstResult,
                                                Integer maxResults)
          Description copied from interface: GroupProvider
          Returns groups with the given role in the given realm.
          Specified by:
          getGroupsByRoleStream in interface GroupProvider
          Parameters:
          realm - Realm.
          role - Role.
          firstResult - First result to return. Ignored if negative or null.
          maxResults - Maximum number of results to return. Ignored if negative or null.
          Returns:
          Stream of groups with the given role. Never returns null.

        • getTopLevelGroupsStream

          public Stream<GroupModel> getTopLevelGroupsStream​(RealmModel realm)
          Description copied from interface: GroupProvider
          Returns all top level groups (i.e. groups without parent group) for the given realm.
          Specified by:
          getTopLevelGroupsStream in interface GroupProvider
          Parameters:
          realm - Realm.
          Returns:
          Stream of all top level groups in the realm. Never returns null.

        • getTopLevelGroupsStream

          public Stream<GroupModel> getTopLevelGroupsStream​(RealmModel realm,
                                                  Integer first,
                                                  Integer max)
          Description copied from interface: GroupProvider
          Returns top level groups (i.e. groups without parent group) for the given realm.
          Specified by:
          getTopLevelGroupsStream in interface GroupProvider
          Parameters:
          realm - Realm.
          first - First result to return. Ignored if negative or null.
          max - Maximum number of results to return. Ignored if negative or null.
          Returns:
          Stream of top level groups in the realm. Never returns null.

        • removeGroup

          public boolean removeGroup​(RealmModel realm,
                           GroupModel group)
          Description copied from interface: GroupProvider
          Removes the given group for the given realm.
          Specified by:
          removeGroup in interface GroupProvider
          Specified by:
          removeGroup in interface RealmProvider
          Parameters:
          realm - Realm.
          group - Group.
          Returns:
          true if the group was removed, false if group doesn't exist or doesn't belong to the given realm

        • createGroup

          public GroupModel createGroup​(RealmModel realm,
                              String id,
                              String name,
                              GroupModel toParent)
          Description copied from interface: GroupProvider
          Creates a new group with the given name, id, name and parent to the given realm.
          Specified by:
          createGroup in interface GroupProvider
          Specified by:
          createGroup in interface RealmProvider
          Parameters:
          realm - Realm.
          id - Id, will be generated if null.
          name - Name.
          toParent - Parent group, or null if the group is top level group
          Returns:
          Model of the created group

        • addClient

          public ClientModel addClient​(RealmModel realm,
                             String clientId)
          Description copied from interface: ClientProvider
          Adds a client with given clientId to the given realm. The internal ID of the client will be created automatically.
          Specified by:
          addClient in interface ClientProvider
          Specified by:
          addClient in interface RealmProvider
          Parameters:
          realm - Realm owning this client.
          clientId - String that identifies the client to the external parties. Maps to client_id in OIDC or entityID in SAML.
          Returns:
          Model of the created client.

        • addClient

          public ClientModel addClient​(RealmModel realm,
                             String id,
                             String clientId)
          Description copied from interface: ClientProvider
          Adds a client with given internal ID and clientId to the given realm.
          Specified by:
          addClient in interface ClientProvider
          Specified by:
          addClient in interface RealmProvider
          Parameters:
          realm - Realm owning this client.
          id - Internal ID of the client or null if one is to be created by the underlying store
          clientId - String that identifies the client to the external parties. Maps to client_id in OIDC or entityID in SAML.
          Returns:
          Model of the created client.

        • getClientsStream

          public Stream<ClientModel> getClientsStream​(RealmModel realm)
          Description copied from interface: ClientProvider
          Returns all the clients of the given realm as a stream. Effectively the same as the call getClientsStream(realm, null, null).
          Specified by:
          getClientsStream in interface ClientProvider
          Parameters:
          realm - Realm.
          Returns:
          Stream of the clients. Never returns null.

        • getClientsStream

          public Stream<ClientModel> getClientsStream​(RealmModel realm,
                                            Integer firstResult,
                                            Integer maxResults)
          Description copied from interface: ClientProvider
          Returns the clients of the given realm as a stream.
          Specified by:
          getClientsStream in interface ClientProvider
          Parameters:
          realm - Realm.
          firstResult - First result to return. Ignored if negative or null.
          maxResults - Maximum number of results to return. Ignored if negative or null.
          Returns:
          Stream of the clients. Never returns null.

        • getClientByClientId

          public ClientModel getClientByClientId​(RealmModel realm,
                                       String clientId)
          Description copied from interface: ClientLookupProvider
          Exact search for a client by its public client identifier.
          Specified by:
          getClientByClientId in interface ClientLookupProvider
          Parameters:
          realm - Realm to limit the search for clients.
          clientId - String that identifies the client to the external parties. Maps to client_id in OIDC or entityID in SAML.
          Returns:
          Model of the client, or null if no client is found.

        • searchClientsByClientIdStream

          public Stream<ClientModel> searchClientsByClientIdStream​(RealmModel realm,
                                                         String clientId,
                                                         Integer firstResult,
                                                         Integer maxResults)
          Description copied from interface: ClientLookupProvider
          Case-insensitive search for clients that contain the given string in their public client identifier.
          Specified by:
          searchClientsByClientIdStream in interface ClientLookupProvider
          Parameters:
          realm - Realm to limit the search for clients.
          clientId - Searched substring of the public client identifier (client_id in OIDC or entityID in SAML.)
          firstResult - First result to return. Ignored if negative or null.
          maxResults - Maximum number of results to return. Ignored if negative or null.
          Returns:
          Stream of ClientModel or an empty stream if no client is found. Never returns null.

        • removeClient

          public boolean removeClient​(RealmModel realm,
                            String id)
          Description copied from interface: ClientProvider
          Removes given client from the given realm.
          Specified by:
          removeClient in interface ClientProvider
          Parameters:
          realm - Realm.
          id - Internal ID of the client
          Returns:
          true if the client existed and has been removed, false otherwise.

        • addClientScope

          public ClientScopeModel addClientScope​(RealmModel realm,
                                       String id,
                                       String name)
          Description copied from interface: ClientScopeProvider
          Creates new client scope with given internal ID and name to the given realm. Spaces in name will be replaced by underscore so that scope name can be used as value of scope parameter.
          Specified by:
          addClientScope in interface ClientScopeProvider
          Parameters:
          realm - Realm owning this client scope.
          id - Internal ID of the client scope or null if one is to be created by the underlying store
          name - String name of the client scope.
          Returns:
          Model of the created client scope.

        • removeClientScope

          public boolean removeClientScope​(RealmModel realm,
                                 String id)
          Description copied from interface: ClientScopeProvider
          Removes client scope from the given realm.
          Specified by:
          removeClientScope in interface ClientScopeProvider
          Parameters:
          realm - Realm.
          id - Internal ID of the client scope
          Returns:
          true if the client scope existed and has been removed, false otherwise.

        • addClientScopes

          public void addClientScopes​(RealmModel realm,
                            ClientModel client,
                            Set<ClientScopeModel> clientScopes,
                            boolean defaultScope)
          Description copied from interface: ClientProvider
          Assign clientScopes to the client. Add as default scopes (if parameter 'defaultScope' is true) or optional scopes (if parameter 'defaultScope' is false)
          Specified by:
          addClientScopes in interface ClientProvider
          Parameters:
          realm - Realm.
          client - Client.
          clientScopes - to be assigned
          defaultScope - if true the scopes are assigned as default, or optional in case of false

        • getClientScopes

          public Map<String,​ClientScopeModel> getClientScopes​(RealmModel realm,
                                                          ClientModel client,
                                                          boolean defaultScope)
          Description copied from interface: ClientLookupProvider
          Return all default scopes (if defaultScope is true) or all optional scopes (if defaultScope is false) linked with the client
          Specified by:
          getClientScopes in interface ClientLookupProvider
          Parameters:
          realm - Realm
          client - Client
          defaultScope - if true default scopes, if false optional scopes, are returned
          Returns:
          map where key is the name of the clientScope, value is particular clientScope. Returns empty map if no scopes linked (never returns null).

        • searchForGroupByNameStream

          public Stream<GroupModel> searchForGroupByNameStream​(RealmModel realm,
                                                     String search,
                                                     Boolean exact,
                                                     Integer first,
                                                     Integer max)
          Description copied from interface: GroupLookupProvider
          Returns the group hierarchy with the given string in name for the given realm. For a matching group node the parent group is fetched by id (with all children) and added to the result stream. This is done until the group node does not have a parent (root group)
          Specified by:
          searchForGroupByNameStream in interface GroupLookupProvider
          Parameters:
          realm - Realm.
          search - Case sensitive searched string.
          exact - Boolean which defines wheather search param should be matched exactly.
          first - First result to return. Ignored if negative or null.
          max - Maximum number of results to return. Ignored if negative or null.
          Returns:
          Stream of root groups that have the given string in their name themself or a group in their child-collection has. The returned hierarchy contains siblings that do not necessarily have a matching name. Never returns null.

        • searchGroupsByAttributes

          public Stream<GroupModel> searchGroupsByAttributes​(RealmModel realm,
                                                   Map<String,​String> attributes,
                                                   Integer firstResult,
                                                   Integer maxResults)
          Description copied from interface: GroupLookupProvider
          Returns the groups filtered by attribute names and attribute values for the given realm.
          Specified by:
          searchGroupsByAttributes in interface GroupLookupProvider
          Parameters:
          realm - Realm.
          attributes - name-value pairs that are compared to group attributes.
          firstResult - First result to return. Ignored if negative or null.
          maxResults - Maximum number of results to return. Ignored if negative or null.
          Returns:
          Stream of groups with attributes matching all searched attributes. Never returns null.

        • getClientSearchableAttributes

          public Set<String> getClientSearchableAttributes()