Package org.keycloak.cache

Class DefaultAlternativeLookupProvider

java.lang.Object

org.keycloak.cache.DefaultAlternativeLookupProvider

All Implemented Interfaces:

AlternativeLookupProvider, Provider

public class DefaultAlternativeLookupProvider
extends Object
implements AlternativeLookupProvider

Method Summary

Modifier and Type	Method	Description
void	close()
ClientModel	lookupClientFromClientAttributes(KeycloakSession session, Map<String,String> attributes)
IdentityProviderModel	lookupIdentityProviderFromIssuer(KeycloakSession session, IdentityProviderType type, String issuerUrl)
RoleModel	lookupRoleFromString(RealmModel realm, String roleName)	Looks up a role from its string representation, supporting both realm and client roles.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

lookupIdentityProviderFromIssuer

public IdentityProviderModel lookupIdentityProviderFromIssuer(KeycloakSession session,
 IdentityProviderType type,
 String issuerUrl)

Specified by:

lookupIdentityProviderFromIssuer in interface AlternativeLookupProvider

lookupClientFromClientAttributes

public ClientModel lookupClientFromClientAttributes(KeycloakSession session,
 Map<String,String> attributes)

Specified by:

lookupClientFromClientAttributes in interface AlternativeLookupProvider

lookupRoleFromString

public RoleModel lookupRoleFromString(RealmModel realm,
 String roleName)

Description copied from interface: AlternativeLookupProvider

Looks up a role from its string representation, supporting both realm and client roles.

The method interprets the roleName parameter as follows:

• For realm roles: the role name directly (e.g., "admin")
• For client roles: the format "client-id.role-name" where the client ID and role name are separated by a dot separator

Since client IDs can contain dots, the method attempts multiple splits from right to left to resolve ambiguous role names. For example, "my.client.app.role" will first try to look up client "my.client.app" with role "role", then client "my.client" with role "app.role", and so on.

The lookup uses caching to reduce database load. If a role is not found in the cache, the method performs a database lookup and caches the result for subsequent calls.

Specified by:

lookupRoleFromString in interface AlternativeLookupProvider

Parameters:

realm - the realm in which to look up the role

roleName - the string representation of the role name, which can be a realm role name or a client role in the format "client-id.role-name". May be null.

Returns:

the corresponding RoleModel if found, or null if the role does not exist or if roleName is null

close

public void close()

Specified by:

close in interface Provider