Class UserStorageManager

    • Constructor Detail

      • UserStorageManager

        public UserStorageManager​(KeycloakSession session)
    • Method Detail

      • importValidation

        protected UserModel importValidation​(RealmModel realm,
                                             UserModel user)
        Allows a UserStorageProvider to proxy and/or synchronize an imported user.
        Parameters:
        realm -
        user -
        Returns:
      • query

        protected Stream<UserModel> query​(org.keycloak.storage.UserStorageManager.PaginatedQuery pagedQuery,
                                          org.keycloak.storage.UserStorageManager.CountQuery countQuery,
                                          RealmModel realm,
                                          Integer firstResult,
                                          Integer maxResults)
      • removeUser

        public boolean removeUser​(RealmModel realm,
                                  UserModel user)
        Description copied from interface: UserRegistrationProvider
        Called if user originated from this provider. If a local user is linked to this provider, this method will be called before local storage's removeUser() method is invoked. If you are using an import strategy, and this is a local user linked to this provider, this method will be called before local storage's removeUser() method is invoked. Also, you DO NOT need to remove the imported user. The runtime will handle this for you.
        Specified by:
        removeUser in interface UserRegistrationProvider
        Parameters:
        realm - a reference to the realm
        user - a reference to the user that is removed
        Returns:
        true if the user was removed, false otherwise
      • getUserByUsername

        public UserModel getUserByUsername​(RealmModel realm,
                                           String username)
        Description copied from interface: UserLookupProvider
        Exact search for a user by its username. Returns a user with the given username belonging to the realm
        Specified by:
        getUserByUsername in interface UserLookupProvider
        Parameters:
        realm - the realm model
        username - (case-sensitivity is controlled by storage)
        Returns:
        found user model, or null if no such user exists
      • getUserByEmail

        public UserModel getUserByEmail​(RealmModel realm,
                                        String email)
        Description copied from interface: UserLookupProvider
        Returns a user with the given email belonging to the realm
        Specified by:
        getUserByEmail in interface UserLookupProvider
        Parameters:
        realm - the realm model
        email - email address
        Returns:
        found user model, or null if no such user exists
      • getRoleMembersStream

        public Stream<UserModel> getRoleMembersStream​(RealmModel realm,
                                                      RoleModel role,
                                                      Integer firstResult,
                                                      Integer maxResults)
        Description copied from interface: UserQueryProvider
        Searches for users that have the specified role.
        Specified by:
        getRoleMembersStream in interface UserQueryProvider
        Parameters:
        realm - a reference to the realm.
        role - a reference to the role.
        firstResult - first result to return. Ignored if negative or null.
        maxResults - maximum number of results to return. Ignored if negative or null.
        Returns:
        a non-null Stream of users that have the specified role.
      • getUsersCount

        public int getUsersCount​(RealmModel realm,
                                 boolean includeServiceAccount)
        Description copied from interface: UserQueryProvider
        Returns the number of users.
        Specified by:
        getUsersCount in interface UserQueryProvider
        Parameters:
        realm - the realm
        includeServiceAccount - if true, the number of users will also include service accounts. Otherwise, only the number of users.
        Returns:
        the number of users
      • getUsersCount

        public int getUsersCount​(RealmModel realm)
        Description copied from interface: UserQueryProvider
        Returns the number of users, without consider any service account.
        Specified by:
        getUsersCount in interface UserQueryProvider
        Parameters:
        realm - the realm
        Returns:
        the number of users
      • getUsersCount

        public int getUsersCount​(RealmModel realm,
                                 Set<String> groupIds)
        Description copied from interface: UserQueryProvider
        Returns the number of users that are in at least one of the groups given.
        Specified by:
        getUsersCount in interface UserQueryProvider
        Parameters:
        realm - the realm
        groupIds - set of groups IDs, the returned user needs to belong to at least one of them
        Returns:
        the number of users that are in at least one of the groups
      • getUsersCount

        public int getUsersCount​(RealmModel realm,
                                 String search)
        Description copied from interface: UserQueryProvider
        Returns the number of users that would be returned by a call to searchForUserStream
        Specified by:
        getUsersCount in interface UserQueryProvider
        Parameters:
        realm - the realm
        search - case insensitive list of strings separated by whitespaces.
        Returns:
        number of users that match the search
      • getUsersCount

        public int getUsersCount​(RealmModel realm,
                                 String search,
                                 Set<String> groupIds)
        Description copied from interface: UserQueryProvider
        Returns the number of users that would be returned by a call to searchForUserStream and are members of at least one of the groups given by the groupIds set.
        Specified by:
        getUsersCount in interface UserQueryProvider
        Parameters:
        realm - the realm
        search - case insensitive list of strings separated by whitespaces.
        groupIds - set of groups IDs, the returned user needs to belong to at least one of them
        Returns:
        number of users that match the search and given groups
      • getUsersCount

        public int getUsersCount​(RealmModel realm,
                                 Map<String,​String> params)
        Description copied from interface: UserQueryProvider
        Returns the number of users that match the given filter parameters.
        Specified by:
        getUsersCount in interface UserQueryProvider
        Parameters:
        realm - the realm
        params - filter parameters
        Returns:
        number of users that match the given filters
      • getUsersCount

        public int getUsersCount​(RealmModel realm,
                                 Map<String,​String> params,
                                 Set<String> groupIds)
        Description copied from interface: UserQueryProvider
        Returns the number of users that match the given filter parameters and is in at least one of the given groups.
        Specified by:
        getUsersCount in interface UserQueryProvider
        Parameters:
        realm - the realm
        params - filter parameters
        groupIds - set if groups to check for
        Returns:
        number of users that match the given filters and groups
      • searchForUserStream

        public Stream<UserModel> searchForUserStream​(RealmModel realm,
                                                     String search,
                                                     Integer firstResult,
                                                     Integer maxResults)
        Description copied from interface: UserQueryProvider
        Searches for users whose username, email, first name or last name contain any of the strings in search separated by whitespace.

        If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).

        This method is used by the admin console search box

        Specified by:
        searchForUserStream in interface UserQueryProvider
        Parameters:
        realm - a reference to the realm.
        search - case insensitive list of string separated by whitespaces.
        firstResult - first result to return. Ignored if negative, zero, or null.
        maxResults - maximum number of results to return. Ignored if negative or null.
        Returns:
        a non-null Stream of users that match the search criteria.
      • searchForUserStream

        public Stream<UserModel> searchForUserStream​(RealmModel realm,
                                                     Map<String,​String> attributes,
                                                     Integer firstResult,
                                                     Integer maxResults)
        Description copied from interface: UserQueryProvider
        Searches for user by parameter. If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).

        Valid parameters are:

        Any other parameters will be treated as custom user attributes. This method is used by the REST API when querying users.
        Specified by:
        searchForUserStream in interface UserQueryProvider
        Parameters:
        realm - a reference to the realm.
        attributes - a map containing the search parameters.
        firstResult - first result to return. Ignored if negative, zero, or null.
        maxResults - maximum number of results to return. Ignored if negative or null.
        Returns:
        a non-null Stream of users that match the search criteria.
      • preRemove

        public void preRemove​(RealmModel realm,
                              GroupModel group)
        Description copied from interface: UserProvider
        Called when a group is removed. Should remove the group membership for each user.
        Specified by:
        preRemove in interface UserProvider
        Parameters:
        realm - a reference to the realm
        group - the group model
      • preRemove

        public void preRemove​(RealmModel realm,
                              RoleModel role)
        Description copied from interface: UserProvider
        Called when a role is removed. Should remove the role membership for each user.
        Specified by:
        preRemove in interface UserProvider
        Parameters:
        realm - a reference to the realm
        role - the role model
      • addUser

        public UserModel addUser​(RealmModel realm,
                                 String id,
                                 String username,
                                 boolean addDefaultRoles,
                                 boolean addDefaultRequiredActions)
        UserStorageProvider methods implementation end here UserProvider methods implementations start here -> no StorageProviders involved
        Specified by:
        addUser in interface UserProvider
        Parameters:
        realm - the realm that user will be created in
        id - id of the new user. Should be generated to a random value if null.
        username - username
        addDefaultRoles - if true, the user should join all realm default roles
        addDefaultRequiredActions - if true, all default required actions are added to the created user
        Returns:
        model of created user
      • addFederatedIdentity

        public void addFederatedIdentity​(RealmModel realm,
                                         UserModel user,
                                         FederatedIdentityModel socialLink)
        Description copied from interface: UserProvider
        Adds a federated identity link for the user within the realm
        Specified by:
        addFederatedIdentity in interface UserProvider
        Parameters:
        realm - a reference to the realm
        user - the user model
        socialLink - the federated identity model containing all details of the association between the user and the identity provider
      • updateFederatedIdentity

        public void updateFederatedIdentity​(RealmModel realm,
                                            UserModel federatedUser,
                                            FederatedIdentityModel federatedIdentityModel)
        Description copied from interface: UserProvider
        Update details of association between the federatedUser and the idp given by the federatedIdentityModel
        Specified by:
        updateFederatedIdentity in interface UserProvider
        Parameters:
        realm - a reference to the realm
        federatedUser - the user model
        federatedIdentityModel - the federated identity model containing all details of the association between the user and the identity provider
      • removeFederatedIdentity

        public boolean removeFederatedIdentity​(RealmModel realm,
                                               UserModel user,
                                               String socialProvider)
        Description copied from interface: UserProvider
        Removes federation link between the user and the identity provider given by its id
        Specified by:
        removeFederatedIdentity in interface UserProvider
        Parameters:
        realm - a reference to the realm
        user - the user model
        socialProvider - alias of the identity provider, see IdentityProviderModel.getAlias()
        Returns:
        true if the association was removed, false otherwise TODO: Make this method return Boolean so that store can return "I don't know" answer, this can be used for example in async stores
      • preRemove

        public void preRemove​(RealmModel realm,
                              IdentityProviderModel provider)
        Description copied from interface: UserProvider
        Called when an identity provider is removed. Should remove all federated identities assigned to users from the provider.
        Specified by:
        preRemove in interface UserProvider
        Parameters:
        realm - a reference to the realm
        provider - provider model
      • addConsent

        public void addConsent​(RealmModel realm,
                               String userId,
                               UserConsentModel consent)
        Description copied from interface: UserProvider
        Add user consent for the user.
        Specified by:
        addConsent in interface UserProvider
        Parameters:
        realm - a reference to the realm
        userId - id of the user
        consent - all details corresponding to the granted consent
      • getConsentByClient

        public UserConsentModel getConsentByClient​(RealmModel realm,
                                                   String userId,
                                                   String clientInternalId)
        Description copied from interface: UserProvider
        Returns UserConsentModel given by a user with the userId for the client with clientInternalId
        Specified by:
        getConsentByClient in interface UserProvider
        Parameters:
        realm - a reference to the realm
        userId - id of the user
        clientInternalId - id of the client
        Returns:
        consent given by the user to the client or null if no consent or user exists
      • getConsentsStream

        public Stream<UserConsentModel> getConsentsStream​(RealmModel realm,
                                                          String userId)
        Description copied from interface: UserProvider
        Obtains the consents associated with the user identified by the specified userId.
        Specified by:
        getConsentsStream in interface UserProvider
        Parameters:
        realm - a reference to the realm.
        userId - the user identifier.
        Returns:
        a non-null Stream of consents associated with the user.
      • updateConsent

        public void updateConsent​(RealmModel realm,
                                  String userId,
                                  UserConsentModel consent)
        Description copied from interface: UserProvider
        Update client scopes in the stored user consent
        Specified by:
        updateConsent in interface UserProvider
        Parameters:
        realm - a reference to the realm
        userId - id of the user
        consent - new details of the user consent
      • revokeConsentForClient

        public boolean revokeConsentForClient​(RealmModel realm,
                                              String userId,
                                              String clientInternalId)
        Description copied from interface: UserProvider
        Remove a user consent given by the user id and client id
        Specified by:
        revokeConsentForClient in interface UserProvider
        Parameters:
        realm - a reference to the realm
        userId - id of the user
        clientInternalId - id of the client
        Returns:
        true if the consent was removed, false otherwise TODO: Make this method return Boolean so that store can return "I don't know" answer, this can be used for example in async stores
      • setNotBeforeForUser

        public void setNotBeforeForUser​(RealmModel realm,
                                        UserModel user,
                                        int notBefore)
        Description copied from interface: UserProvider
        Sets the notBefore value for the given user
        Specified by:
        setNotBeforeForUser in interface UserProvider
        Parameters:
        realm - a reference to the realm
        user - the user model
        notBefore - new value for notBefore
      • getNotBeforeOfUser

        public int getNotBeforeOfUser​(RealmModel realm,
                                      UserModel user)
        Description copied from interface: UserProvider
        Gets the notBefore value for the given user
        Specified by:
        getNotBeforeOfUser in interface UserProvider
        Parameters:
        realm - a reference to the realm
        user - the user model
        Returns:
        the value of notBefore
      • getUserByFederatedIdentity

        public UserModel getUserByFederatedIdentity​(RealmModel realm,
                                                    FederatedIdentityModel socialLink)
        Description copied from interface: UserProvider
        Returns a userModel that corresponds to the given socialLink.
        Specified by:
        getUserByFederatedIdentity in interface UserProvider
        Parameters:
        realm - a reference to the realm
        socialLink - the socialLink
        Returns:
        the user corresponding to socialLink and null if no such user exists
      • getServiceAccount

        public UserModel getServiceAccount​(ClientModel client)
        Description copied from interface: UserProvider
        Return a UserModel representing service account of the client
        Specified by:
        getServiceAccount in interface UserProvider
        Parameters:
        client - the client model
        Returns:
        userModel representing service account of the client
      • getFederatedIdentity

        public FederatedIdentityModel getFederatedIdentity​(RealmModel realm,
                                                           UserModel user,
                                                           String socialProvider)
        Description copied from interface: UserProvider
        Returns details of the association between the user and the socialProvider.
        Specified by:
        getFederatedIdentity in interface UserProvider
        Parameters:
        realm - a reference to the realm
        user - the user model
        socialProvider - the id of the identity provider
        Returns:
        federatedIdentityModel or null if no association exists
      • preRemove

        public void preRemove​(RealmModel realm,
                              ClientModel client)
        Description copied from interface: UserProvider
        Called when a client is removed. Should remove all user consents associated with the client
        Specified by:
        preRemove in interface UserProvider
        Parameters:
        realm - a reference to the realm
        client - the client model
      • preRemove

        public void preRemove​(ProtocolMapperModel protocolMapper)
        Description copied from interface: UserProvider
        Called when a protocolMapper is removed
        Specified by:
        preRemove in interface UserProvider
        Parameters:
        protocolMapper - the protocolMapper model
      • preRemove

        public void preRemove​(ClientScopeModel clientScope)
        Description copied from interface: UserProvider
        Called when a client scope is removed. Should remove the clientScope from each user consent
        Specified by:
        preRemove in interface UserProvider
        Parameters:
        clientScope - the clientScope model
      • preRemove

        public void preRemove​(RealmModel realm,
                              ComponentModel component)
        Description copied from interface: UserProvider
        Called when a component is removed. Should remove all data in UserStorage associated with removed component. For example,
        • if component corresponds to UserStorageProvider all imported users from the provider should be removed,
        • if component corresponds to ClientStorageProvider all consents granted for clients imported from the provider should be removed
        Specified by:
        preRemove in interface UserProvider
        Parameters:
        realm - a reference to the realm
        component - the component model
      • removeImportedUsers

        public void removeImportedUsers​(RealmModel realm,
                                        String storageProviderId)
        Description copied from interface: UserProvider
        Removes any imported users from a specific User Storage Provider.
        Specified by:
        removeImportedUsers in interface UserProvider
        Parameters:
        realm - a reference to the realm
        storageProviderId - id of the user storage provider
      • unlinkUsers

        public void unlinkUsers​(RealmModel realm,
                                String storageProviderId)
        Description copied from interface: UserProvider
        Set federation link to null to imported users of a specific User Storage Provider
        Specified by:
        unlinkUsers in interface UserProvider
        Parameters:
        realm - a reference to the realm
        storageProviderId - id of the storage provider