Package org.keycloak.storage

Class RoleStorageManager

java.lang.Object

org.keycloak.storage.RoleStorageManager

All Implemented Interfaces:

RoleProvider, Provider, RoleLookupProvider

public class RoleStorageManager
extends Object
implements RoleProvider

Field Summary

Fields

Modifier and Type	Field	Description
protected KeycloakSession	session

Constructor Summary

Constructors

Constructor	Description
RoleStorageManager(KeycloakSession session, long roleStorageProviderTimeout)

Method Summary

Modifier and Type	Method	Description
RoleModel	addClientRole(ClientModel client, String name)	Adds a client role with given name to the given client.
RoleModel	addClientRole(ClientModel client, String id, String name)	Adds a client role with given internal ID and name to the given client.
RoleModel	addRealmRole(RealmModel realm, String name)	Adds a realm role with given name to the given realm.
RoleModel	addRealmRole(RealmModel realm, String id, String name)	Adds a realm role with given internal ID and name to the given realm.
void	close()
RoleModel	getClientRole(ClientModel client, String name)	Exact search for a client role by given name.
Stream<RoleModel>	getClientRolesStream(ClientModel client)	Returns all the client roles of the given client.
Stream<RoleModel>	getClientRolesStream(ClientModel client, Integer first, Integer max)	Returns the client roles of the given client.
static <T> Stream<T>	getEnabledStorageProviders(KeycloakSession session, RealmModel realm, Class<T> type)
RoleModel	getRealmRole(RealmModel realm, String name)	Exact search for a role by given name.
Stream<RoleModel>	getRealmRolesStream(RealmModel realm, Integer first, Integer max)	Returns the realm roles of the given realm as a stream.
RoleModel	getRoleById(RealmModel realm, String id)	Exact search for a role by its internal ID..
Stream<RoleModel>	getRolesStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max)	Returns a paginated stream of roles with given ids and given search value in role names.
static RoleStorageProvider	getStorageProvider(KeycloakSession session, RealmModel realm, String componentId)
static RoleStorageProvider	getStorageProviderInstance(KeycloakSession session, RoleStorageProviderModel model, RoleStorageProviderFactory factory)
static RoleStorageProviderModel	getStorageProviderModel(RealmModel realm, String componentId)
static <T> Stream<T>	getStorageProviders(KeycloakSession session, RealmModel realm, Class<T> type)
static <T> Stream<RoleStorageProviderModel>	getStorageProviders(RealmModel realm, KeycloakSession session, Class<T> type)
static boolean	isStorageProviderEnabled(RealmModel realm, String providerId)
boolean	removeRole(RoleModel role)	Removes given realm role from the given realm.
void	removeRoles(ClientModel client)	Removes all roles from the given client.
void	removeRoles(RealmModel realm)	Removes all roles from the given realm.
Stream<RoleModel>	searchForClientRolesStream(ClientModel client, String search, Integer first, Integer max)	Obtaining roles from an external role storage is time-bounded.
Stream<RoleModel>	searchForClientRolesStream(RealmModel realm, String search, Stream<String> excludedIds, Integer first, Integer max)	Case-insensitive search for client roles that contain the given string in their name or their client's public identifier (clientId - (client_id in OIDC or entityID in SAML)).
Stream<RoleModel>	searchForClientRolesStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max)	Case-insensitive search for client roles that contain the given string in its name or their client's public identifier (clientId - (client_id in OIDC or entityID in SAML)).
Stream<RoleModel>	searchForRolesStream(RealmModel realm, String search, Integer first, Integer max)	Obtaining roles from an external role storage is time-bounded.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.models.RoleProvider

getRealmRolesStream

Field Details

session

protected KeycloakSession session

Constructor Details

RoleStorageManager

public RoleStorageManager(KeycloakSession session,
 long roleStorageProviderTimeout)

Method Details

isStorageProviderEnabled

public static boolean isStorageProviderEnabled(RealmModel realm,
 String providerId)

getStorageProviderModel

public static RoleStorageProviderModel getStorageProviderModel(RealmModel realm,
 String componentId)

getStorageProvider

public static RoleStorageProvider getStorageProvider(KeycloakSession session,
 RealmModel realm,
 String componentId)

getStorageProviders

public static <T> Stream<RoleStorageProviderModel> getStorageProviders(RealmModel realm,
 KeycloakSession session,
 Class<T> type)

getStorageProviderInstance

public static RoleStorageProvider getStorageProviderInstance(KeycloakSession session,
 RoleStorageProviderModel model,
 RoleStorageProviderFactory factory)

getStorageProviders

public static <T> Stream<T> getStorageProviders(KeycloakSession session,
 RealmModel realm,
 Class<T> type)

getEnabledStorageProviders

public static <T> Stream<T> getEnabledStorageProviders(KeycloakSession session,
 RealmModel realm,
 Class<T> type)

addRealmRole

public RoleModel addRealmRole(RealmModel realm,
 String name)

Description copied from interface: RoleProvider

Adds a realm role with given name to the given realm. The internal ID of the role will be created automatically.

Specified by:

addRealmRole in interface RoleProvider

Parameters:

realm - Realm owning this role.

name - String name of the role.

Returns:

Model of the created role.

addRealmRole

public RoleModel addRealmRole(RealmModel realm,
 String id,
 String name)

Description copied from interface: RoleProvider

Adds a realm role with given internal ID and name to the given realm.

Specified by:

addRealmRole in interface RoleProvider

Parameters:

realm - Realm owning this role.

id - Internal ID of the role or null if one is to be created by the underlying store

name - String name of the role.

Returns:

Model of the created client.

getRealmRole

public RoleModel getRealmRole(RealmModel realm,
 String name)

Description copied from interface: RoleLookupProvider

Exact search for a role by given name.

Specified by:

getRealmRole in interface RoleLookupProvider

Parameters:

realm - Realm.

name - String name of the role.

Returns:

Model of the role, or null if no role is found.

getRoleById

public RoleModel getRoleById(RealmModel realm,
 String id)

Description copied from interface: RoleLookupProvider

Exact search for a role by its internal ID..

Specified by:

getRoleById in interface RoleLookupProvider

Parameters:

realm - Realm.

id - Internal ID of the role.

Returns:

Model of the role.

getRealmRolesStream

public Stream<RoleModel> getRealmRolesStream(RealmModel realm,
 Integer first,
 Integer max)

Description copied from interface: RoleProvider

Returns the realm roles of the given realm as a stream.

Specified by:

getRealmRolesStream in interface RoleProvider

Parameters:

realm - Realm.

first - First result to return. Ignored if negative or null.

max - Maximum number of results to return. Ignored if negative or null.

Returns:

Stream of the roles. Never returns null.

getRolesStream

public Stream<RoleModel> getRolesStream(RealmModel realm,
 Stream<String> ids,
 String search,
 Integer first,
 Integer max)

Description copied from interface: RoleProvider

Returns a paginated stream of roles with given ids and given search value in role names.

Specified by:

getRolesStream in interface RoleProvider

Parameters:

realm - Realm. Cannot be null.

ids - Stream of ids. Returns empty Stream when null.

search - Case-insensitive string to search by role's name or description. Ignored if null.

first - Index of the first result to return. Ignored if negative or null.

max - Maximum number of results to return. Ignored if negative or null.

Returns:

Stream of desired roles. Never returns null.

searchForRolesStream

public Stream<RoleModel> searchForRolesStream(RealmModel realm,
 String search,
 Integer first,
 Integer max)

Obtaining roles from an external role storage is time-bounded. In case the external role storage isn't available at least roles from a local storage are returned. For this purpose the org.keycloak.services.DefaultKeycloakSessionFactory#getRoleStorageProviderTimeout() property is used. Default value is 3000 milliseconds and it's configurable. See org.keycloak.services.DefaultKeycloakSessionFactory for details.

Specified by:

searchForRolesStream in interface RoleLookupProvider

Parameters:

realm - Realm.

search - Searched substring of the role's name or description.

first - First result to return. Ignored if negative or null.

max - Maximum number of results to return. Ignored if negative or null.

Returns:

Stream of the realm roles their name or description contains given search string. Never returns null.

removeRole

public boolean removeRole(RoleModel role)

Description copied from interface: RoleProvider

Removes given realm role from the given realm.

Specified by:

removeRole in interface RoleProvider

Parameters:

role - Role to be removed.

Returns:

true if the role existed and has been removed, false otherwise.

removeRoles

public void removeRoles(RealmModel realm)

Description copied from interface: RoleProvider

Removes all roles from the given realm.

Specified by:

removeRoles in interface RoleProvider

Parameters:

realm - Realm.

removeRoles

public void removeRoles(ClientModel client)

Description copied from interface: RoleProvider

Removes all roles from the given client.

Specified by:

removeRoles in interface RoleProvider

Parameters:

client - Client.

addClientRole

public RoleModel addClientRole(ClientModel client,
 String name)

Description copied from interface: RoleProvider

Adds a client role with given name to the given client. The internal ID of the role will be created automatically.

Specified by:

addClientRole in interface RoleProvider

Parameters:

client - Client owning this role.

name - String name of the role.

Returns:

Model of the created role.

addClientRole

public RoleModel addClientRole(ClientModel client,
 String id,
 String name)

Description copied from interface: RoleProvider

Adds a client role with given internal ID and name to the given client.

Specified by:

addClientRole in interface RoleProvider

Parameters:

client - Client owning this role.

id - Internal ID of the client role or null if one is to be created by the underlying store.

name - String name of the role.

Returns:

Model of the created role.

getClientRole

public RoleModel getClientRole(ClientModel client,
 String name)

Description copied from interface: RoleLookupProvider

Exact search for a client role by given name.

Specified by:

getClientRole in interface RoleLookupProvider

Parameters:

client - Client.

name - String name of the role.

Returns:

Model of the role, or null if no role is found.

getClientRolesStream

public Stream<RoleModel> getClientRolesStream(ClientModel client)

Description copied from interface: RoleProvider

Returns all the client roles of the given client. Effectively the same as the call getClientRoles(client, null, null).

Specified by:

getClientRolesStream in interface RoleProvider

Parameters:

client - Client.

Returns:

Stream of the roles. Never returns null.

getClientRolesStream

public Stream<RoleModel> getClientRolesStream(ClientModel client,
 Integer first,
 Integer max)

Description copied from interface: RoleProvider

Returns the client roles of the given client.

Specified by:

getClientRolesStream in interface RoleProvider

Parameters:

client - Client.

first - First result to return. Ignored if negative or null.

max - Maximum number of results to return. Ignored if negative or null.

Returns:

Stream of the roles. Never returns null.

searchForClientRolesStream

public Stream<RoleModel> searchForClientRolesStream(ClientModel client,
 String search,
 Integer first,
 Integer max)

Obtaining roles from an external role storage is time-bounded. In case the external role storage isn't available at least roles from a local storage are returned. For this purpose the org.keycloak.services.DefaultKeycloakSessionFactory#getRoleStorageProviderTimeout()} property is used. Default value is 3000 milliseconds and it's configurable. See org.keycloak.services.DefaultKeycloakSessionFactory for details.

Specified by:

searchForClientRolesStream in interface RoleLookupProvider

Parameters:

client - Client.

search - String to search by role's name or description.

first - First result to return. Ignored if negative or null.

max - Maximum number of results to return. Ignored if negative or null.

Returns:

Stream of the client roles their name or description contains given search string. Never returns null.

searchForClientRolesStream

public Stream<RoleModel> searchForClientRolesStream(RealmModel realm,
 Stream<String> ids,
 String search,
 Integer first,
 Integer max)

Description copied from interface: RoleLookupProvider

Case-insensitive search for client roles that contain the given string in its name or their client's public identifier (clientId - (client_id in OIDC or entityID in SAML)).

Specified by:

searchForClientRolesStream in interface RoleLookupProvider

Parameters:

realm - Realm.

ids - Stream of ids to include in search. Ignored when null. Returns empty Stream when empty.

search - String to search by role's name or client's public identifier.

first - First result to return. Ignored if negative or null.

max - Maximum number of results to return. Ignored if negative or null.

Returns:

Stream of the client roles where role name or client public identifier contains given search string. Never returns null.

searchForClientRolesStream

public Stream<RoleModel> searchForClientRolesStream(RealmModel realm,
 String search,
 Stream<String> excludedIds,
 Integer first,
 Integer max)

Description copied from interface: RoleLookupProvider

Case-insensitive search for client roles that contain the given string in their name or their client's public identifier (clientId - (client_id in OIDC or entityID in SAML)).

Specified by:

searchForClientRolesStream in interface RoleLookupProvider

Parameters:

realm - Realm.

search - String to search by role's name or client's public identifier.

excludedIds - Stream of ids to exclude. Ignored if empty or null.

first - First result to return. Ignored if negative or null.

max - Maximum number of results to return. Ignored if negative or null.

Returns:

Stream of the client roles where role name or client's public identifier contains given search string. Never returns null.

close

public void close()

Specified by:

close in interface Provider