Package org.keycloak.models

Interface UserCredentialManager

All Superinterfaces:

Provider, UserCredentialStore

All Known Subinterfaces:

UserCredentialManager.Streams

All Known Implementing Classes:

UserCredentialStoreManager

@Deprecated
public interface UserCredentialManager
extends UserCredentialStore

Deprecated.

Instead of this class, use UserModel.credentialManager() instead.

Manage the credentials for a user.

Version:

$Revision: 1 $

Author:

Bill Burke

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	UserCredentialManager.Streams	Deprecated. This interface is no longer necessary, collection-based methods were removed from the parent interface and therefore the parent interface can be used directly

Method Summary

Modifier and Type	Method	Description
CredentialValidationOutput	authenticate(KeycloakSession session, RealmModel realm, CredentialInput input)	Deprecated. Given a CredentialInput, authenticate the user.
CredentialModel	createCredentialThroughProvider(RealmModel realm, UserModel user, CredentialModel model)	Deprecated. Creates a credential from the credentialModel, by looping through the providers to find a match for the type
void	disableCredentialType(RealmModel realm, UserModel user, String credentialType)	Deprecated. Calls disableCredential on UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.
default Stream<String>	getConfiguredUserStorageCredentialTypesStream(RealmModel realm, UserModel user)	Deprecated. Use UserModel.credentialManager() and then call SubjectCredentialManager.getConfiguredUserStorageCredentialTypesStream()
default Stream<String>	getDisableableCredentialTypesStream(RealmModel realm, UserModel user)	Deprecated. Use UserModel.credentialManager() and then call SubjectCredentialManager.getDisableableCredentialTypesStream()
boolean	isConfiguredFor(RealmModel realm, UserModel user, String type)	Deprecated. Checks to see if user has credential type configured.
boolean	isConfiguredLocally(RealmModel realm, UserModel user, String type)	Deprecated. Only loops through each CredentialProvider to see if credential type is configured for the user.
boolean	isValid(RealmModel realm, UserModel user, List<CredentialInput> inputs)	Deprecated. Validates list of credentials.
boolean	isValid(RealmModel realm, UserModel user, CredentialInput... inputs)	Deprecated. Validates list of credentials.
boolean	updateCredential(RealmModel realm, UserModel user, CredentialInput input)	Deprecated. Updates a credential.
void	updateCredentialLabel(RealmModel realm, UserModel user, String credentialId, String userLabel)	Deprecated. Updates the credential label and invalidates the cache for the user.

Methods inherited from interface org.keycloak.provider.Provider

close

Methods inherited from interface org.keycloak.credential.UserCredentialStore

createCredential, getStoredCredentialById, getStoredCredentialByNameAndType, getStoredCredentialsByTypeStream, getStoredCredentialsStream, moveCredentialTo, removeStoredCredential, updateCredential

Method Detail

isValid

boolean isValid(RealmModel realm,
                UserModel user,
                List<CredentialInput> inputs)

Deprecated.

Validates list of credentials. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.

Parameters:

realm -

user -

inputs -

Returns:

isValid

boolean isValid(RealmModel realm,
                UserModel user,
                CredentialInput... inputs)

Deprecated.

Validates list of credentials. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.

Parameters:

realm -

user -

inputs -

Returns:

updateCredential

boolean updateCredential(RealmModel realm,
                         UserModel user,
                         CredentialInput input)

Deprecated.

Updates a credential. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider. Update is finished whenever any one provider returns true.

Parameters:

realm -

user -

Returns:

true if credential was successfully updated by UserStorage or any CredentialInputUpdater

createCredentialThroughProvider

CredentialModel createCredentialThroughProvider(RealmModel realm,
                                                UserModel user,
                                                CredentialModel model)

Deprecated.

Creates a credential from the credentialModel, by looping through the providers to find a match for the type

Parameters:

realm -

user -

model -

Returns:

updateCredentialLabel

void updateCredentialLabel(RealmModel realm,
                           UserModel user,
                           String credentialId,
                           String userLabel)

Deprecated.

Updates the credential label and invalidates the cache for the user.

Parameters:

realm -

user -

credentialId -

userLabel -

disableCredentialType

void disableCredentialType(RealmModel realm,
                           UserModel user,
                           String credentialType)

Deprecated.

Calls disableCredential on UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.

Parameters:

realm -

user -

credentialType -

getDisableableCredentialTypesStream

default Stream<String> getDisableableCredentialTypesStream(RealmModel realm,
                                                           UserModel user)

Deprecated.

Use UserModel.credentialManager() and then call SubjectCredentialManager.getDisableableCredentialTypesStream()

Obtains the credential types that can be disabled. method.

Parameters:

realm - a reference to the realm.

user - the user whose credentials are being searched.

Returns:

a non-null Stream of credential types.

isConfiguredFor

boolean isConfiguredFor(RealmModel realm,
                        UserModel user,
                        String type)

Deprecated.

Checks to see if user has credential type configured. Looks in UserStorageProvider or UserFederationProvider first, then loops through each CredentialProvider.

Parameters:

realm -

user -

type -

Returns:

isConfiguredLocally

boolean isConfiguredLocally(RealmModel realm,
                            UserModel user,
                            String type)

Deprecated.

Only loops through each CredentialProvider to see if credential type is configured for the user. This allows UserStorageProvider and UserFederationProvider isValid() implementations to punt to local storage when validating a credential that has been overriden in Keycloak storage.

Parameters:

realm -

user -

type -

Returns:

authenticate

CredentialValidationOutput authenticate(KeycloakSession session,
                                        RealmModel realm,
                                        CredentialInput input)

Deprecated.

Given a CredentialInput, authenticate the user. This is used in the case where the credential must be processed to determine and find the user. An example is Kerberos where the kerberos token might be validated and processed by a variety of different storage providers.

Parameters:

session -

realm -

input -

Returns:

getConfiguredUserStorageCredentialTypesStream

default Stream<String> getConfiguredUserStorageCredentialTypesStream(RealmModel realm,
                                                                     UserModel user)

Deprecated.

Use UserModel.credentialManager() and then call SubjectCredentialManager.getConfiguredUserStorageCredentialTypesStream()

Obtains the credential types provided by the user storage where the specified user is stored. Examples of returned values are "password", "otp", etc.

This method will always return an empty stream for "local" users - i.e. users that are not backed by any user storage.

Parameters:

realm - a reference to the realm.

user - a reference to the user.

Returns:

a non-null Stream of credential types.