public class LDAPStorageProvider extends Object implements UserStorageProvider, CredentialInputValidator, CredentialInputUpdater.Streams, CredentialAuthentication, UserLookupProvider, UserRegistrationProvider, UserQueryProvider.Streams, ImportedUserValidation
UserStorageProvider.EditMode
CredentialInputUpdater.Streams
UserQueryProvider.Streams
Modifier and Type | Field and Description |
---|---|
protected UserStorageProvider.EditMode |
editMode |
protected LDAPStorageProviderFactory |
factory |
protected LDAPProviderKerberosConfig |
kerberosConfig |
protected LDAPIdentityStore |
ldapIdentityStore |
protected LDAPStorageMapperManager |
mapperManager |
protected UserStorageProviderModel |
model |
protected KeycloakSession |
session |
protected Set<String> |
supportedCredentialTypes |
protected PasswordUpdateCallback |
updater |
protected LDAPStorageUserManager |
userManager |
Constructor and Description |
---|
LDAPStorageProvider(LDAPStorageProviderFactory factory,
KeycloakSession session,
ComponentModel model,
LDAPIdentityStore ldapIdentityStore) |
Modifier and Type | Method and Description |
---|---|
UserModel |
addUser(RealmModel realm,
String username)
All storage providers that implement this interface will be looped through.
|
CredentialValidationOutput |
authenticate(RealmModel realm,
CredentialInput cred) |
void |
close() |
void |
disableCredentialType(RealmModel realm,
UserModel user,
String credentialType) |
protected UserModel |
findOrCreateAuthenticatedUser(RealmModel realm,
String username)
Called after successful kerberos authentication
|
Stream<String> |
getDisableableCredentialTypesStream(RealmModel realm,
UserModel user)
Obtains the set of credential types that can be disabled via
disableCredentialType . |
UserStorageProvider.EditMode |
getEditMode() |
Stream<UserModel> |
getGroupMembersStream(RealmModel realm,
GroupModel group)
Obtains users that belong to a specific group.
|
Stream<UserModel> |
getGroupMembersStream(RealmModel realm,
GroupModel group,
Integer firstResult,
Integer maxResults)
Obtains users that belong to a specific group.
|
LDAPIdentityStore |
getLdapIdentityStore() |
LDAPStorageMapperManager |
getMapperManager() |
UserStorageProviderModel |
getModel() |
Stream<UserModel> |
getRoleMembersStream(RealmModel realm,
RoleModel role)
Obtains users that have the specified role.
|
Stream<UserModel> |
getRoleMembersStream(RealmModel realm,
RoleModel role,
Integer firstResult,
Integer maxResults)
Searches for users that have the specified role.
|
KeycloakSession |
getSession() |
Set<String> |
getSupportedCredentialTypes() |
UserModel |
getUserByEmail(String email,
RealmModel realm) |
UserModel |
getUserById(String id,
RealmModel realm) |
UserModel |
getUserByUsername(String username,
RealmModel realm) |
LDAPStorageUserManager |
getUserManager() |
int |
getUsersCount(RealmModel realm)
Returns the number of users, without consider any service account.
|
Stream<UserModel> |
getUsersStream(RealmModel realm)
Searches all users in the realm.
|
Stream<UserModel> |
getUsersStream(RealmModel realm,
int firstResult,
int maxResults)
Searches all users in the realm, starting from the
firstResult and containing at most maxResults . |
protected UserModel |
importUserFromLDAP(KeycloakSession session,
RealmModel realm,
LDAPObject ldapUser) |
boolean |
isConfiguredFor(RealmModel realm,
UserModel user,
String credentialType) |
boolean |
isValid(RealmModel realm,
UserModel user,
CredentialInput input)
Tests whether a credential is valid
|
protected LDAPObject |
loadAndValidateUser(RealmModel realm,
UserModel local) |
LDAPObject |
loadLDAPUserByUsername(RealmModel realm,
String username) |
List<UserModel> |
loadUsersByUsernames(List<String> usernames,
RealmModel realm) |
void |
preRemove(RealmModel realm)
Callback when a realm is removed.
|
void |
preRemove(RealmModel realm,
GroupModel group)
Callback when a group is removed.
|
void |
preRemove(RealmModel realm,
RoleModel role)
Callback when a role is removed.
|
protected UserModel |
proxy(RealmModel realm,
UserModel local,
LDAPObject ldapObject,
boolean newUser) |
protected LDAPObject |
queryByEmail(RealmModel realm,
String email) |
boolean |
removeUser(RealmModel realm,
UserModel user)
Called if user originated from this provider.
|
Stream<UserModel> |
searchForUserByUserAttributeStream(String attrName,
String attrValue,
RealmModel realm)
Searches for users that have a specific attribute with a specific value.
|
Stream<UserModel> |
searchForUserStream(Map<String,String> params,
RealmModel realm)
Searches for user by parameter.
|
Stream<UserModel> |
searchForUserStream(Map<String,String> params,
RealmModel realm,
Integer firstResult,
Integer maxResults)
Searches for user by parameter.
|
Stream<UserModel> |
searchForUserStream(String search,
RealmModel realm)
Searches for users with username, email or first + last name that is like search string.
|
Stream<UserModel> |
searchForUserStream(String search,
RealmModel realm,
Integer firstResult,
Integer maxResults)
Searches for users with username, email or first + last name that is like search string.
|
protected List<LDAPObject> |
searchLDAP(RealmModel realm,
Map<String,String> attributes) |
void |
setUpdater(PasswordUpdateCallback updater) |
boolean |
supportsCredentialAuthenticationFor(String type) |
boolean |
supportsCredentialType(String credentialType) |
boolean |
synchronizeRegistrations() |
boolean |
updateCredential(RealmModel realm,
UserModel user,
CredentialInput input) |
UserModel |
validate(RealmModel realm,
UserModel local)
If this method returns null, then the user in local storage will be removed
|
boolean |
validPassword(RealmModel realm,
UserModel user,
String password) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getDisableableCredentialTypes
getGroupMembers, getGroupMembers, getUsers, getUsers, searchForUser, searchForUser, searchForUser, searchForUser, searchForUserByUserAttribute
countUsersInGroups, getRoleMembers, getRoleMembers, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount
protected LDAPStorageProviderFactory factory
protected KeycloakSession session
protected UserStorageProviderModel model
protected LDAPIdentityStore ldapIdentityStore
protected UserStorageProvider.EditMode editMode
protected LDAPProviderKerberosConfig kerberosConfig
protected PasswordUpdateCallback updater
protected LDAPStorageMapperManager mapperManager
protected LDAPStorageUserManager userManager
public LDAPStorageProvider(LDAPStorageProviderFactory factory, KeycloakSession session, ComponentModel model, LDAPIdentityStore ldapIdentityStore)
public void setUpdater(PasswordUpdateCallback updater)
public KeycloakSession getSession()
public LDAPIdentityStore getLdapIdentityStore()
public UserStorageProvider.EditMode getEditMode()
public UserStorageProviderModel getModel()
public LDAPStorageMapperManager getMapperManager()
public LDAPStorageUserManager getUserManager()
public UserModel validate(RealmModel realm, UserModel local)
ImportedUserValidation
validate
in interface ImportedUserValidation
protected UserModel proxy(RealmModel realm, UserModel local, LDAPObject ldapObject, boolean newUser)
public boolean supportsCredentialAuthenticationFor(String type)
supportsCredentialAuthenticationFor
in interface CredentialAuthentication
public Stream<UserModel> searchForUserByUserAttributeStream(String attrName, String attrValue, RealmModel realm)
UserQueryProvider
UserFederatedStorageProvider
as this is done automatically.searchForUserByUserAttributeStream
in interface UserQueryProvider
searchForUserByUserAttributeStream
in interface UserQueryProvider.Streams
attrName
- the attribute name.attrValue
- the attribute value.realm
- a reference to the realm.Stream
of users that match the search criteria.UserFederatedStorageProvider
public boolean synchronizeRegistrations()
public UserModel addUser(RealmModel realm, String username)
UserRegistrationProvider
addUser
in interface UserRegistrationProvider
public boolean removeUser(RealmModel realm, UserModel user)
UserRegistrationProvider
removeUser
in interface UserRegistrationProvider
public UserModel getUserById(String id, RealmModel realm)
getUserById
in interface UserLookupProvider
public int getUsersCount(RealmModel realm)
UserQueryProvider
getUsersCount
in interface UserQueryProvider
realm
- the realmpublic Stream<UserModel> getUsersStream(RealmModel realm)
UserQueryProvider
getUsersStream
in interface UserQueryProvider
getUsersStream
in interface UserQueryProvider.Streams
realm
- a reference to the realm.Stream
of users.public Stream<UserModel> getUsersStream(RealmModel realm, int firstResult, int maxResults)
UserQueryProvider
firstResult
and containing at most maxResults
.getUsersStream
in interface UserQueryProvider
getUsersStream
in interface UserQueryProvider.Streams
realm
- a reference to the realm.firstResult
- first result to return. Ignored if negative.maxResults
- maximum number of results to return. Ignored if negative.Stream
of users.public Stream<UserModel> searchForUserStream(String search, RealmModel realm)
UserQueryProvider
searchForUserStream
in interface UserQueryProvider
searchForUserStream
in interface UserQueryProvider.Streams
search
- case sensitive search string.realm
- a reference to the realm.Stream
of users that match the search string.public Stream<UserModel> searchForUserStream(String search, RealmModel realm, Integer firstResult, Integer maxResults)
UserQueryProvider
searchForUserStream
in interface UserQueryProvider
searchForUserStream
in interface UserQueryProvider.Streams
search
- case sensitive search string.realm
- a reference to the realm.firstResult
- first result to return. Ignored if negative.maxResults
- maximum number of results to return. Ignored if negative.Stream
of users that match the search criteria.public Stream<UserModel> searchForUserStream(Map<String,String> params, RealmModel realm)
UserQueryProvider
searchForUserStream
in interface UserQueryProvider
searchForUserStream
in interface UserQueryProvider.Streams
params
- a map containing the search parameters.realm
- a reference to the realm.Stream
of users that match the search parameters.public Stream<UserModel> searchForUserStream(Map<String,String> params, RealmModel realm, Integer firstResult, Integer maxResults)
UserQueryProvider
searchForUserStream
in interface UserQueryProvider
searchForUserStream
in interface UserQueryProvider.Streams
params
- a map containing the search parameters.realm
- a reference to the realm.firstResult
- first result to return. Ignored if negative.maxResults
- maximum number of results to return. Ignored if negative.Stream
of users that match the search criteria.public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group)
UserQueryProvider
UserFederatedStorageProvider
as this is done automatically.getGroupMembersStream
in interface UserQueryProvider
getGroupMembersStream
in interface UserQueryProvider.Streams
realm
- a reference to the realm.group
- a reference to the group.Stream
of users that belong to the group.UserFederatedStorageProvider
public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult, Integer maxResults)
UserQueryProvider
UserFederatedStorageProvider
as this is done automatically.getGroupMembersStream
in interface UserQueryProvider
getGroupMembersStream
in interface UserQueryProvider.Streams
realm
- a reference to the realm.group
- a reference to the group.firstResult
- first result to return. Ignored if negative.maxResults
- maximum number of results to return. Ignored if negative.Stream
of users that belong to the group.UserFederatedStorageProvider
public Stream<UserModel> getRoleMembersStream(RealmModel realm, RoleModel role)
UserQueryProvider
getRoleMembersStream
in interface UserQueryProvider
realm
- a reference to the realm.role
- a reference to the role.Stream
of users that have the specified role.public Stream<UserModel> getRoleMembersStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults)
UserQueryProvider
getRoleMembersStream
in interface UserQueryProvider
realm
- a reference to the realm.role
- a reference to the role.firstResult
- first result to return. Ignored if negative.maxResults
- maximum number of results to return. Ignored if negative.Stream
of users that have the specified role.public List<UserModel> loadUsersByUsernames(List<String> usernames, RealmModel realm)
protected List<LDAPObject> searchLDAP(RealmModel realm, Map<String,String> attributes)
protected LDAPObject loadAndValidateUser(RealmModel realm, UserModel local)
local
- public UserModel getUserByUsername(String username, RealmModel realm)
getUserByUsername
in interface UserLookupProvider
protected UserModel importUserFromLDAP(KeycloakSession session, RealmModel realm, LDAPObject ldapUser)
protected LDAPObject queryByEmail(RealmModel realm, String email)
public UserModel getUserByEmail(String email, RealmModel realm)
getUserByEmail
in interface UserLookupProvider
public void preRemove(RealmModel realm)
UserStorageProvider
preRemove
in interface UserStorageProvider
public void preRemove(RealmModel realm, RoleModel role)
UserStorageProvider
preRemove
in interface UserStorageProvider
public void preRemove(RealmModel realm, GroupModel group)
UserStorageProvider
preRemove
in interface UserStorageProvider
public boolean validPassword(RealmModel realm, UserModel user, String password)
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input)
updateCredential
in interface CredentialInputUpdater
public void disableCredentialType(RealmModel realm, UserModel user, String credentialType)
disableCredentialType
in interface CredentialInputUpdater
public Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user)
CredentialInputUpdater
disableCredentialType
.getDisableableCredentialTypesStream
in interface CredentialInputUpdater
getDisableableCredentialTypesStream
in interface CredentialInputUpdater.Streams
realm
- a reference to the realm.user
- the user whose credentials are being searched.Stream
of credential types.public boolean supportsCredentialType(String credentialType)
supportsCredentialType
in interface CredentialInputUpdater
supportsCredentialType
in interface CredentialInputValidator
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType)
isConfiguredFor
in interface CredentialInputValidator
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input)
CredentialInputValidator
isValid
in interface CredentialInputValidator
realm
- The realm in which to which the credential belongs touser
- The user for which to test the credentialinput
- the credential details to verifypublic CredentialValidationOutput authenticate(RealmModel realm, CredentialInput cred)
authenticate
in interface CredentialAuthentication
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username)
realm
- realmusername
- username without realm prefixpublic LDAPObject loadLDAPUserByUsername(RealmModel realm, String username)
Copyright © 2020 JBoss by Red Hat. All rights reserved.