Package org.keycloak.storage.adapter

Class AbstractUserAdapterFederatedStorage

  • All Implemented Interfaces:
    RoleMapperModel, UserModel
    Direct Known Subclasses:
    AbstractUserAdapterFederatedStorage.Streams
    public abstract class AbstractUserAdapterFederatedStorage
extends UserModelDefaultMethods
    Assumes everything is managed by federated storage except for username. getId() returns a default value of "f:" + providerId + ":" + getUsername(). UserModel properties like enabled, firstName, lastName, email, etc. are all stored as attributes in federated storage. isEnabled() defaults to true if the ENABLED_ATTRIBUTE isn't set in federated storage
    Version:
    $Revision: 1 $
    Author:
    Bill Burke

    • Field Detail

      • FIRST_NAME_ATTRIBUTE

        public static String FIRST_NAME_ATTRIBUTE

      • LAST_NAME_ATTRIBUTE

        public static String LAST_NAME_ATTRIBUTE

      • EMAIL_ATTRIBUTE

        public static String EMAIL_ATTRIBUTE

      • EMAIL_VERIFIED_ATTRIBUTE

        public static String EMAIL_VERIFIED_ATTRIBUTE

      • CREATED_TIMESTAMP_ATTRIBUTE

        public static String CREATED_TIMESTAMP_ATTRIBUTE

      • ENABLED_ATTRIBUTE

        public static String ENABLED_ATTRIBUTE

    • Method Detail

      • getRequiredActionsStream

        public Stream<String> getRequiredActionsStream()
        Description copied from interface: UserModel
        Obtains the names of required actions associated with the user.
        Returns:
        a non-null Stream of required action names.

      • addRequiredAction

        public void addRequiredAction​(String action)

      • removeRequiredAction

        public void removeRequiredAction​(String action)

      • getGroupsInternal

        protected Set<GroupModel> getGroupsInternal()
        Get group membership mappings that are managed by this storage provider
        Returns:

      • appendDefaultGroups

        protected boolean appendDefaultGroups()
        Should the realm's default groups be appended to getGroups() call? If your storage provider is not managing group mappings then it is recommended that this method return true
        Returns:

      • getGroups

        public Set<GroupModel> getGroups()
        Deprecated.
        Use getGroupsStream() instead
        Gets groups from federated storage and automatically appends default groups of realm. Also calls getGroupsInternal() method to pull group membership from provider. Implementors can override that method
        Returns:

      • getGroupsStream

        public Stream<GroupModel> getGroupsStream()
        Description copied from interface: UserModel
        Obtains the groups associated with the user.
        Returns:
        a non-null Stream of groups.

      • joinGroup

        public void joinGroup​(GroupModel group)

      • leaveGroup

        public void leaveGroup​(GroupModel group)

      • isMemberOf

        public boolean isMemberOf​(GroupModel group)

      • getRealmRoleMappings

        public Set<RoleModel> getRealmRoleMappings()
        Deprecated.
        Use getRealmRoleMappingsStream() instead
        Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method
        Returns:

      • getRealmRoleMappingsStream

        public Stream<RoleModel> getRealmRoleMappingsStream()
        Description copied from interface: RoleMapperModel
        Returns stream of realm roles that are directly set to this object.
        Returns:
        Stream of RoleModel. Never returns null.

      • getClientRoleMappings

        public Set<RoleModel> getClientRoleMappings​(ClientModel app)
        Deprecated.
        Use getClientRoleMappingsStream(ClientModel) instead
        Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method
        Returns:

      • getClientRoleMappingsStream

        public Stream<RoleModel> getClientRoleMappingsStream​(ClientModel app)
        Description copied from interface: RoleMapperModel
        Returns stream of client roles that are directly set to this object for the given client.
        Parameters:
        app - ClientModel Client to get the roles for.
        Returns:
        Stream of RoleModel. Never returns null.

      • hasRole

        public boolean hasRole​(RoleModel role)
        Description copied from interface: RoleMapperModel
        Returns true if this object is directly or indirectly assigned the given role, false otherwise.

        For example, true is returned for hasRole(R) if:

        • R is directly assigned to this object
        • R is indirectly assigned to this object via composites
        • R is not assigned to this object but this object belongs to a group G which is assigned the role R
        • R is not assigned to this object but this object belongs to a group G, and G belongs to group H which is assigned the role R
        Returns:
        see description
        See Also:
        if you want to check if this object is directly assigned to a role

      • grantRole

        public void grantRole​(RoleModel role)
        Description copied from interface: RoleMapperModel
        Grants the given role to this object.

      • appendDefaultRolesToRoleMappings

        protected boolean appendDefaultRolesToRoleMappings()
        Should the realm's default roles be appended to getRoleMappings() call? If your storage provider is not managing all role mappings then it is recommended that this method return true
        Returns:

      • getRoleMappingsInternal

        protected Set<RoleModel> getRoleMappingsInternal()

      • getRoleMappings

        public Set<RoleModel> getRoleMappings()
        Deprecated.
        Use getRoleMappingsStream() instead
        Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method
        Returns:

      • getRoleMappingsStream

        public Stream<RoleModel> getRoleMappingsStream()
        Description copied from interface: RoleMapperModel
        Returns stream of all role (both realm all client) that are directly set to this object.
        Returns:
        Stream of RoleModel. Never returns null.

      • getFederatedRoleMappings

        protected Set<RoleModel> getFederatedRoleMappings()

      • deleteRoleMapping

        public void deleteRoleMapping​(RoleModel role)
        Description copied from interface: RoleMapperModel
        Removes the given role mapping from this object.
        Parameters:
        role - Role to remove

      • isEnabled

        public boolean isEnabled()

      • setEnabled

        public void setEnabled​(boolean enabled)

      • getFederationLink

        public String getFederationLink()
        This method should not be overriden
        Returns:

      • setFederationLink

        public void setFederationLink​(String link)
        This method should not be overriden

      • getServiceAccountClientLink

        public String getServiceAccountClientLink()
        This method should not be overriden
        Returns:

      • setServiceAccountClientLink

        public void setServiceAccountClientLink​(String clientInternalId)
        This method should not be overriden

      • getId

        public String getId()
        Defaults to 'f:' + storageProvider.getId() + ':' + getUsername()
        Returns:

      • getCreatedTimestamp

        public Long getCreatedTimestamp()
        Description copied from interface: UserModel
        Get timestamp of user creation. May be null for old users created before this feature introduction.

      • setCreatedTimestamp

        public void setCreatedTimestamp​(Long timestamp)

      • setSingleAttribute

        public void setSingleAttribute​(String name,
                               String value)
        Description copied from interface: UserModel
        Set single value of specified attribute. Remove all other existing values of this attribute

      • removeAttribute

        public void removeAttribute​(String name)

      • setAttribute

        public void setAttribute​(String name,
                         List<String> values)

      • getFirstAttribute

        public String getFirstAttribute​(String name)
        Returns:
        null if there is not any value of specified attribute or first value otherwise. Don't throw exception if there are more values of the attribute

      • getAttributeStream

        public Stream<String> getAttributeStream​(String name)
        Description copied from interface: UserModel
        Obtains all values associated with the specified attribute name.
        Parameters:
        name - the name of the attribute.
        Returns:
        a non-null Stream of attribute values.

      • mapAttribute

        protected String mapAttribute​(String attributeName)

      • isEmailVerified

        public boolean isEmailVerified()

      • setEmailVerified

        public void setEmailVerified​(boolean verified)
        Stores as attribute in federated storage. EMAIL_VERIFIED_ATTRIBUTE
        Parameters:
        verified -

      • credentialManager

        public SubjectCredentialManager credentialManager()
        Description copied from interface: UserModel
        Instance of a user credential manager to validate and update the credentials of this user.

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object