Package org.keycloak.cache

Interface AlternativeLookupProvider

All Superinterfaces:
Provider
All Known Implementing Classes:
DefaultAlternativeLookupProvider
public interface AlternativeLookupProvider extends Provider

  • Method Details

    • lookupIdentityProviderFromIssuer

      IdentityProviderModel lookupIdentityProviderFromIssuer(KeycloakSession session, IdentityProviderType type, String issuerUrl)

    • lookupClientFromClientAttributes

      ClientModel lookupClientFromClientAttributes(KeycloakSession session, Map<String,String> attributes)

    • lookupRoleFromString

      RoleModel lookupRoleFromString(RealmModel realm, String roleName)
      Looks up a role from its string representation, supporting both realm and client roles.

      The method interprets the roleName parameter as follows:

      • For realm roles: the role name directly (e.g., "admin")
      • For client roles: the format "client-id.role-name" where the client ID and role name are separated by a dot separator

      Since client IDs can contain dots, the method attempts multiple splits from right to left to resolve ambiguous role names. For example, "my.client.app.role" will first try to look up client "my.client.app" with role "role", then client "my.client" with role "app.role", and so on.

      The lookup uses caching to reduce database load. If a role is not found in the cache, the method performs a database lookup and caches the result for subsequent calls.

      Parameters:
      realm - the realm in which to look up the role
      roleName - the string representation of the role name, which can be a realm role name or a client role in the format "client-id.role-name". May be null.
      Returns:
      the corresponding RoleModel if found, or null if the role does not exist or if roleName is null