Package org.keycloak.models.cache.infinispan

Class UserCacheSession

java.lang.Object
org.keycloak.models.cache.infinispan.UserCacheSession
All Implemented Interfaces:
UserCache, UserProvider, Provider, OnCreateComponent, OnUpdateComponent, UserBulkUpdateProvider, UserCountMethodsProvider, UserLookupProvider, UserQueryMethodsProvider, UserQueryProvider, UserRegistrationProvider
public class UserCacheSession extends Object implements UserCache, OnCreateComponent, OnUpdateComponent
Version:
$Revision: 1 $
Author:
Bill Burke

  • Field Details

    • logger

      protected static final org.jboss.logging.Logger logger

    • cache

      protected UserCacheManager cache

    • session

      protected KeycloakSession session

    • delegate

      protected UserProvider delegate

    • transactionActive

      protected boolean transactionActive

    • setRollbackOnly

      protected boolean setRollbackOnly

    • startupRevision

      protected final long startupRevision

    • invalidations

      protected Set<String> invalidations

    • realmInvalidations

      protected Set<String> realmInvalidations

    • invalidationEvents

      protected Set<InvalidationEvent> invalidationEvents

    • managedUsers

      protected Map<String,UserModel> managedUsers

  • Constructor Details

  • Method Details

    • clear

      public void clear()
      Description copied from interface: UserCache
      Clear cache entirely.
      Specified by:
      clear in interface UserCache

    • getDelegate

      public UserProvider getDelegate()

    • registerUserInvalidation

      public void registerUserInvalidation(RealmModel realm, CachedUser user)

    • evict

      public void evict(RealmModel realm, UserModel user)
      Description copied from interface: UserCache
      Evict user from cache.
      Specified by:
      evict in interface UserCache

    • evict

      public void evict(RealmModel realm)
      Description copied from interface: UserCache
      Evict users of a specific realm
      Specified by:
      evict in interface UserCache

    • runInvalidations

      protected void runInvalidations()

    • getUserById

      public UserModel getUserById(RealmModel realm, String id)
      Description copied from interface: UserLookupProvider
      Returns a user with the given id belonging to the realm
      Specified by:
      getUserById in interface UserLookupProvider
      Parameters:
      realm - the realm model
      id - id of the user
      Returns:
      found user model, or null if no such user exists

    • getUserByUsername

      public UserModel getUserByUsername(RealmModel realm, String username)
      Description copied from interface: UserLookupProvider
      Exact search for a user by its username. Returns a user with the given username belonging to the realm
      Specified by:
      getUserByUsername in interface UserLookupProvider
      Parameters:
      realm - the realm model
      username - (case-sensitivity is controlled by storage)
      Returns:
      found user model, or null if no such user exists

    • getUserAdapter

      protected UserModel getUserAdapter(RealmModel realm, String userId, Long loaded, UserModel delegate)

    • validateCache

      protected UserModel validateCache(RealmModel realm, CachedUser cached)

    • cacheUser

      protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision)

    • getUserByEmail

      public UserModel getUserByEmail(RealmModel realm, String email)
      Description copied from interface: UserLookupProvider
      Returns a user with the given email belonging to the realm
      Specified by:
      getUserByEmail in interface UserLookupProvider
      Parameters:
      realm - the realm model
      email - email address
      Returns:
      found user model, or null if no such user exists

    • close

      public void close()
      Specified by:
      close in interface Provider

    • getUserByFederatedIdentity

      public UserModel getUserByFederatedIdentity(RealmModel realm, FederatedIdentityModel socialLink)
      Description copied from interface: UserProvider
      Returns a userModel that corresponds to the given socialLink.
      Specified by:
      getUserByFederatedIdentity in interface UserProvider
      Parameters:
      realm - a reference to the realm
      socialLink - the socialLink
      Returns:
      the user corresponding to socialLink and null if no such user exists

    • getGroupMembersStream

      public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult, Integer maxResults)
      Description copied from interface: UserQueryMethodsProvider
      Obtains users that belong to a specific group.
      Specified by:
      getGroupMembersStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      group - a reference to the group.
      firstResult - first result to return. Ignored if negative, zero, or null.
      maxResults - maximum number of results to return. Ignored if negative or null.
      Returns:
      a non-null Stream of users that belong to the group.

    • getGroupMembersStream

      public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group)
      Description copied from interface: UserQueryMethodsProvider
      Obtains users that belong to a specific group.
      Specified by:
      getGroupMembersStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      group - a reference to the group.
      Returns:
      a non-null Stream of users that belong to the group.

    • getRoleMembersStream

      public Stream<UserModel> getRoleMembersStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults)
      Description copied from interface: UserQueryMethodsProvider
      Searches for users that have the specified role.
      Specified by:
      getRoleMembersStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      role - a reference to the role.
      firstResult - first result to return. Ignored if negative or null.
      maxResults - maximum number of results to return. Ignored if negative or null.
      Returns:
      a non-null Stream of users that have the specified role.

    • getRoleMembersStream

      public Stream<UserModel> getRoleMembersStream(RealmModel realm, RoleModel role)
      Description copied from interface: UserQueryMethodsProvider
      Obtains users that have the specified role.
      Specified by:
      getRoleMembersStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      role - a reference to the role.
      Returns:
      a non-null Stream of users that have the specified role.

    • getServiceAccount

      public UserModel getServiceAccount(ClientModel client)
      Description copied from interface: UserProvider
      Return a UserModel representing service account of the client
      Specified by:
      getServiceAccount in interface UserProvider
      Parameters:
      client - the client model
      Returns:
      userModel representing service account of the client

    • findServiceAccount

      public UserModel findServiceAccount(ClientModel client)

    • getUserByCredential

      public CredentialValidationOutput getUserByCredential(RealmModel realm, CredentialInput input)
      Specified by:
      getUserByCredential in interface UserLookupProvider

    • getUsersCount

      public int getUsersCount(RealmModel realm, boolean includeServiceAccount)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users.
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      includeServiceAccount - if true, the number of users will also include service accounts. Otherwise, only the number of users.
      Returns:
      the number of users

    • getUsersCount

      public int getUsersCount(RealmModel realm, Set<String> groupIds)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users that are in at least one of the groups given.
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      groupIds - set of groups IDs, the returned user needs to belong to at least one of them
      Returns:
      the number of users that are in at least one of the groups

    • getUsersCount

      public int getUsersCount(RealmModel realm, String search)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users that would be returned by a call to searchForUserStream
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      search - case insensitive list of strings separated by whitespaces.
      Returns:
      number of users that match the search

    • getUsersCount

      public int getUsersCount(RealmModel realm, String search, Set<String> groupIds)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users that would be returned by a call to searchForUserStream and are members of at least one of the groups given by the groupIds set.
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      search - case insensitive list of strings separated by whitespaces.
      groupIds - set of groups IDs, the returned user needs to belong to at least one of them
      Returns:
      number of users that match the search and given groups

    • getUsersCount

      public int getUsersCount(RealmModel realm, Map<String,String> params)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users that match the given filter parameters.
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      params - filter parameters
      Returns:
      number of users that match the given filters

    • getUsersCount

      public int getUsersCount(RealmModel realm, Map<String,String> params, Set<String> groupIds)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users that match the given filter parameters and is in at least one of the given groups.
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      params - filter parameters
      groupIds - set if groups to check for
      Returns:
      number of users that match the given filters and groups

    • searchForUserStream

      public Stream<UserModel> searchForUserStream(RealmModel realm, String search)
      Description copied from interface: UserQueryMethodsProvider
      Searches for users whose username, email, first name or last name contain any of the strings in search separated by whitespace.

      If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).

      This method is used by the admin console search box

      Specified by:
      searchForUserStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      search - case insensitive list of string separated by whitespaces.
      Returns:
      a non-null Stream of users that match the search string.

    • searchForUserStream

      public Stream<UserModel> searchForUserStream(RealmModel realm, String search, Integer firstResult, Integer maxResults)
      Description copied from interface: UserQueryMethodsProvider
      Searches for users whose username, email, first name or last name contain any of the strings in search separated by whitespace.

      If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).

      This method is used by the admin console search box

      Specified by:
      searchForUserStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      search - case insensitive list of string separated by whitespaces.
      firstResult - first result to return. Ignored if negative, zero, or null.
      maxResults - maximum number of results to return. Ignored if negative or null.
      Returns:
      a non-null Stream of users that match the search criteria.

    • searchForUserStream

      public Stream<UserModel> searchForUserStream(RealmModel realm, Map<String,String> attributes)
      Description copied from interface: UserQueryMethodsProvider
      Searches for user by parameter. If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).

      Valid parameters are:

      • UserModel.SEARCH - search for users whose username, email, first name or last name contain any of the strings in search separated by whitespace, when SEARCH is set all other params are ignored
      • UserModel.FIRST_NAME - first name (case insensitive string)
      • UserModel.LAST_NAME - last name (case insensitive string)
      • UserModel.EMAIL - email (case insensitive string)
      • UserModel.USERNAME - username (case insensitive string)
      • UserModel.EXACT - whether search with FIRST_NAME, LAST_NAME, USERNAME or EMAIL should be exact match
      • UserModel.EMAIL_VERIFIED - search only for users with verified/non-verified email (true/false)
      • UserModel.ENABLED - search only for enabled/disabled users (true/false)
      • UserModel.IDP_ALIAS - search only for users that have a federated identity from idp with the given alias configured (case sensitive string)
      • UserModel.IDP_USER_ID - search for users with federated identity with the given userId (case sensitive string)

      This method is used by the REST API when querying users.

      Specified by:
      searchForUserStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      attributes - a map containing the search parameters.
      Returns:
      a non-null Stream of users that match the search parameters.

    • searchForUserStream

      public Stream<UserModel> searchForUserStream(RealmModel realm, Map<String,String> attributes, Integer firstResult, Integer maxResults)
      Description copied from interface: UserQueryMethodsProvider
      Searches for user by parameter. If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).

      Valid parameters are:

      • UserModel.SEARCH - search for users whose username, email, first name or last name contain any of the strings in search separated by whitespace, when SEARCH is set all other params are ignored
      • UserModel.FIRST_NAME - first name (case insensitive string)
      • UserModel.LAST_NAME - last name (case insensitive string)
      • UserModel.EMAIL - email (case insensitive string)
      • UserModel.USERNAME - username (case insensitive string)
      • UserModel.EXACT - whether search with FIRST_NAME, LAST_NAME, USERNAME or EMAIL should be exact match
      • UserModel.EMAIL_VERIFIED - search only for users with verified/non-verified email (true/false)
      • UserModel.ENABLED - search only for enabled/disabled users (true/false)
      • UserModel.IDP_ALIAS - search only for users that have a federated identity from idp with the given alias configured (case sensitive string)
      • UserModel.IDP_USER_ID - search for users with federated identity with the given userId (case sensitive string)

      Any other parameters will be treated as custom user attributes.

      This method is used by the REST API when querying users.

      Specified by:
      searchForUserStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      attributes - a map containing the search parameters.
      firstResult - first result to return. Ignored if negative, zero, or null.
      maxResults - maximum number of results to return. Ignored if negative or null.
      Returns:
      a non-null Stream of users that match the search criteria.

    • searchForUserByUserAttributeStream

      public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realm, String attrName, String attrValue)
      Description copied from interface: UserQueryMethodsProvider
      Searches for users that have a specific attribute with a specific value.
      Specified by:
      searchForUserByUserAttributeStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      attrName - the attribute name.
      attrValue - the attribute value.
      Returns:
      a non-null Stream of users that match the search criteria.

    • getFederatedIdentitiesStream

      public Stream<FederatedIdentityModel> getFederatedIdentitiesStream(RealmModel realm, UserModel user)
      Description copied from interface: UserProvider
      Obtains the federated identities of the specified user.
      Specified by:
      getFederatedIdentitiesStream in interface UserProvider
      Parameters:
      realm - a reference to the realm.
      user - the reference to the user.
      Returns:
      a non-null Stream of federated identities associated with the user.

    • getFederatedIdentity

      public FederatedIdentityModel getFederatedIdentity(RealmModel realm, UserModel user, String socialProvider)
      Description copied from interface: UserProvider
      Returns details of the association between the user and the socialProvider.
      Specified by:
      getFederatedIdentity in interface UserProvider
      Parameters:
      realm - a reference to the realm
      user - the user model
      socialProvider - the id of the identity provider
      Returns:
      federatedIdentityModel or null if no association exists

    • updateConsent

      public void updateConsent(RealmModel realm, String userId, UserConsentModel consent)
      Description copied from interface: UserProvider
      Update client scopes in the stored user consent
      Specified by:
      updateConsent in interface UserProvider
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      consent - new details of the user consent

    • revokeConsentForClient

      public boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId)
      Description copied from interface: UserProvider
      Remove a user consent given by the user id and client id
      Specified by:
      revokeConsentForClient in interface UserProvider
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      clientInternalId - id of the client
      Returns:
      true if the consent was removed, false otherwise TODO: Make this method return Boolean so that store can return "I don't know" answer, this can be used for example in async stores

    • addConsent

      public void addConsent(RealmModel realm, String userId, UserConsentModel consent)
      Description copied from interface: UserProvider
      Add user consent for the user.
      Specified by:
      addConsent in interface UserProvider
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      consent - all details corresponding to the granted consent

    • getConsentByClient

      public UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientId)
      Description copied from interface: UserProvider
      Returns UserConsentModel given by a user with the userId for the client with clientInternalId
      Specified by:
      getConsentByClient in interface UserProvider
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      clientId - id of the client
      Returns:
      consent given by the user to the client or null if no consent or user exists

    • getConsentsStream

      public Stream<UserConsentModel> getConsentsStream(RealmModel realm, String userId)
      Description copied from interface: UserProvider
      Obtains the consents associated with the user identified by the specified userId.
      Specified by:
      getConsentsStream in interface UserProvider
      Parameters:
      realm - a reference to the realm.
      userId - the user identifier.
      Returns:
      a non-null Stream of consents associated with the user.

    • setNotBeforeForUser

      public void setNotBeforeForUser(RealmModel realm, UserModel user, int notBefore)
      Description copied from interface: UserProvider
      Sets the notBefore value for the given user
      Specified by:
      setNotBeforeForUser in interface UserProvider
      Parameters:
      realm - a reference to the realm
      user - the user model
      notBefore - new value for notBefore

    • getNotBeforeOfUser

      public int getNotBeforeOfUser(RealmModel realm, UserModel user)
      Description copied from interface: UserProvider
      Gets the notBefore value for the given user
      Specified by:
      getNotBeforeOfUser in interface UserProvider
      Parameters:
      realm - a reference to the realm
      user - the user model
      Returns:
      the value of notBefore

    • addUser

      public UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles, boolean addDefaultRequiredActions)
      Description copied from interface: UserProvider
      Adds a new user into the storage.

      only used for local storage

      Specified by:
      addUser in interface UserProvider
      Parameters:
      realm - the realm that user will be created in
      id - id of the new user. Should be generated to a random value if null.
      username - username
      addDefaultRoles - if true, the user should join all realm default roles
      addDefaultRequiredActions - if true, all default required actions are added to the created user
      Returns:
      model of created user

    • addUser

      public UserModel addUser(RealmModel realm, String username)
      Description copied from interface: UserRegistrationProvider
      All storage providers that implement this interface will be looped through. If this method returns null, then the next storage provider's addUser() method will be called. If no storage providers handle the add, then the user will be created in local storage. Returning null is useful when you want optional support for adding users. For example, our LDAP provider can enable and disable the ability to add users.
      Specified by:
      addUser in interface UserRegistrationProvider
      Parameters:
      realm - a reference to the realm
      username - a username the created user will be assigned
      Returns:
      a model of created user

    • fullyInvalidateUser

      protected void fullyInvalidateUser(RealmModel realm, UserModel user)

    • removeUser

      public boolean removeUser(RealmModel realm, UserModel user)
      Description copied from interface: UserRegistrationProvider
      Called if user originated from this provider. If a local user is linked to this provider, this method will be called before local storage's removeUser() method is invoked. If you are using an import strategy, and this is a local user linked to this provider, this method will be called before local storage's removeUser() method is invoked. Also, you DO NOT need to remove the imported user. The runtime will handle this for you.
      Specified by:
      removeUser in interface UserRegistrationProvider
      Parameters:
      realm - a reference to the realm
      user - a reference to the user that is removed
      Returns:
      true if the user was removed, false otherwise

    • addFederatedIdentity

      public void addFederatedIdentity(RealmModel realm, UserModel user, FederatedIdentityModel socialLink)
      Description copied from interface: UserProvider
      Adds a federated identity link for the user within the realm
      Specified by:
      addFederatedIdentity in interface UserProvider
      Parameters:
      realm - a reference to the realm
      user - the user model
      socialLink - the federated identity model containing all details of the association between the user and the identity provider

    • updateFederatedIdentity

      public void updateFederatedIdentity(RealmModel realm, UserModel federatedUser, FederatedIdentityModel federatedIdentityModel)
      Description copied from interface: UserProvider
      Update details of association between the federatedUser and the idp given by the federatedIdentityModel
      Specified by:
      updateFederatedIdentity in interface UserProvider
      Parameters:
      realm - a reference to the realm
      federatedUser - the user model
      federatedIdentityModel - the federated identity model containing all details of the association between the user and the identity provider

    • removeFederatedIdentity

      public boolean removeFederatedIdentity(RealmModel realm, UserModel user, String socialProvider)
      Description copied from interface: UserProvider
      Removes federation link between the user and the identity provider given by its id
      Specified by:
      removeFederatedIdentity in interface UserProvider
      Parameters:
      realm - a reference to the realm
      user - the user model
      socialProvider - alias of the identity provider, see IdentityProviderModel.getAlias()
      Returns:
      true if the association was removed, false otherwise TODO: Make this method return Boolean so that store can return "I don't know" answer, this can be used for example in async stores

    • preRemove

      public void preRemove(RealmModel realm, IdentityProviderModel provider)
      Description copied from interface: UserProvider
      Called when an identity provider is removed. Should remove all federated identities assigned to users from the provider.
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm
      provider - provider model

    • grantToAllUsers

      public void grantToAllUsers(RealmModel realm, RoleModel role)
      Description copied from interface: UserBulkUpdateProvider
      Grants the given role to all users from particular realm. The role has to belong to the realm.
      Specified by:
      grantToAllUsers in interface UserBulkUpdateProvider
      Parameters:
      realm - Realm
      role - Role to be granted

    • preRemove

      public void preRemove(RealmModel realm)
      Description copied from interface: UserProvider
      Called when a realm is removed. Should remove all users that belong to the realm.
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm

    • preRemove

      public void preRemove(RealmModel realm, RoleModel role)
      Description copied from interface: UserProvider
      Called when a role is removed. Should remove the role membership for each user.
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm
      role - the role model

    • preRemove

      public void preRemove(RealmModel realm, GroupModel group)
      Description copied from interface: UserProvider
      Called when a group is removed. Should remove the group membership for each user.
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm
      group - the group model

    • preRemove

      public void preRemove(RealmModel realm, ClientModel client)
      Description copied from interface: UserProvider
      Called when a client is removed. Should remove all user consents associated with the client
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm
      client - the client model

    • preRemove

      public void preRemove(ProtocolMapperModel protocolMapper)
      Description copied from interface: UserProvider
      Called when a protocolMapper is removed
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      protocolMapper - the protocolMapper model

    • preRemove

      public void preRemove(ClientScopeModel clientScope)
      Description copied from interface: UserProvider
      Called when a client scope is removed. Should remove the clientScope from each user consent
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      clientScope - the clientScope model

    • preRemove

      public void preRemove(RealmModel realm, ComponentModel component)
      Description copied from interface: UserProvider
      Called when a component is removed. Should remove all data in UserStorage associated with removed component. For example,
      • if component corresponds to UserStorageProvider all imported users from the provider should be removed,
      • if component corresponds to ClientStorageProvider all consents granted for clients imported from the provider should be removed
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm
      component - the component model

    • removeImportedUsers

      public void removeImportedUsers(RealmModel realm, String storageProviderId)
      Description copied from interface: UserProvider
      Removes any imported users from a specific User Storage Provider.
      Specified by:
      removeImportedUsers in interface UserProvider
      Parameters:
      realm - a reference to the realm
      storageProviderId - id of the user storage provider

    • unlinkUsers

      public void unlinkUsers(RealmModel realm, String storageProviderId)
      Description copied from interface: UserProvider
      Set federation link to null to imported users of a specific User Storage Provider
      Specified by:
      unlinkUsers in interface UserProvider
      Parameters:
      realm - a reference to the realm
      storageProviderId - id of the storage provider

    • onUpdate

      public void onUpdate(KeycloakSession session, RealmModel realm, ComponentModel oldModel, ComponentModel newModel)
      Specified by:
      onUpdate in interface OnUpdateComponent

    • onCreate

      public void onCreate(KeycloakSession session, RealmModel realm, ComponentModel model)
      Specified by:
      onCreate in interface OnCreateComponent