public class LDAPStorageProvider extends Object implements UserStorageProvider, CredentialInputValidator, CredentialInputUpdater.Streams, CredentialAuthentication, UserLookupProvider.Streams, UserRegistrationProvider, UserQueryProvider.Streams, ImportedUserValidation
UserStorageProvider.EditMode
CredentialInputUpdater.Streams
UserLookupProvider.Streams
UserQueryProvider.Streams
Modifier and Type | Field and Description |
---|---|
protected UserStorageProvider.EditMode |
editMode |
protected LDAPStorageProviderFactory |
factory |
protected LDAPProviderKerberosConfig |
kerberosConfig |
protected LDAPIdentityStore |
ldapIdentityStore |
protected LDAPStorageMapperManager |
mapperManager |
protected UserStorageProviderModel |
model |
protected KeycloakSession |
session |
protected Set<String> |
supportedCredentialTypes |
protected PasswordUpdateCallback |
updater |
protected LDAPStorageUserManager |
userManager |
Constructor and Description |
---|
LDAPStorageProvider(LDAPStorageProviderFactory factory,
KeycloakSession session,
ComponentModel model,
LDAPIdentityStore ldapIdentityStore) |
Modifier and Type | Method and Description |
---|---|
UserModel |
addUser(RealmModel realm,
String username)
All storage providers that implement this interface will be looped through.
|
CredentialValidationOutput |
authenticate(RealmModel realm,
CredentialInput cred) |
void |
close() |
void |
disableCredentialType(RealmModel realm,
UserModel user,
String credentialType) |
protected UserModel |
findOrCreateAuthenticatedUser(RealmModel realm,
String username)
Called after successful kerberos authentication
|
Stream<String> |
getDisableableCredentialTypesStream(RealmModel realm,
UserModel user)
Obtains the set of credential types that can be disabled via
disableCredentialType . |
UserStorageProvider.EditMode |
getEditMode() |
Stream<UserModel> |
getGroupMembersStream(RealmModel realm,
GroupModel group,
Integer firstResult,
Integer maxResults)
Obtains users that belong to a specific group.
|
LDAPIdentityStore |
getLdapIdentityStore() |
LDAPStorageMapperManager |
getMapperManager() |
UserStorageProviderModel |
getModel() |
Stream<UserModel> |
getRoleMembersStream(RealmModel realm,
RoleModel role,
Integer firstResult,
Integer maxResults)
Searches for users that have the specified role.
|
KeycloakSession |
getSession() |
Set<String> |
getSupportedCredentialTypes() |
UserModel |
getUserByEmail(RealmModel realm,
String email)
Returns a user with the given email belonging to the realm
|
UserModel |
getUserById(RealmModel realm,
String id)
Returns a user with the given id belonging to the realm
|
UserModel |
getUserByUsername(RealmModel realm,
String username)
Returns a user with the given username belonging to the realm
|
LDAPStorageUserManager |
getUserManager() |
int |
getUsersCount(RealmModel realm)
Returns the number of users, without consider any service account.
|
Stream<UserModel> |
getUsersStream(RealmModel realm)
Searches all users in the realm.
|
Stream<UserModel> |
getUsersStream(RealmModel realm,
Integer firstResult,
Integer maxResults)
Searches all users in the realm, starting from the
firstResult and containing at most maxResults . |
protected UserModel |
importUserFromLDAP(KeycloakSession session,
RealmModel realm,
LDAPObject ldapUser) |
boolean |
isConfiguredFor(RealmModel realm,
UserModel user,
String credentialType) |
boolean |
isValid(RealmModel realm,
UserModel user,
CredentialInput input)
Tests whether a credential is valid
|
protected LDAPObject |
loadAndValidateUser(RealmModel realm,
UserModel local) |
LDAPObject |
loadLDAPUserByUsername(RealmModel realm,
String username) |
LDAPObject |
loadLDAPUserByUuid(RealmModel realm,
String uuid) |
List<UserModel> |
loadUsersByUsernames(List<String> usernames,
RealmModel realm) |
void |
preRemove(RealmModel realm)
Callback when a realm is removed.
|
void |
preRemove(RealmModel realm,
GroupModel group)
Callback when a group is removed.
|
void |
preRemove(RealmModel realm,
RoleModel role)
Callback when a role is removed.
|
protected UserModel |
proxy(RealmModel realm,
UserModel local,
LDAPObject ldapObject,
boolean newUser) |
protected LDAPObject |
queryByEmail(RealmModel realm,
String email) |
boolean |
removeUser(RealmModel realm,
UserModel user)
Called if user originated from this provider.
|
Stream<UserModel> |
searchForUserByUserAttributeStream(RealmModel realm,
String attrName,
String attrValue)
Searches for users that have a specific attribute with a specific value.
|
Stream<UserModel> |
searchForUserStream(RealmModel realm,
Map<String,String> params,
Integer firstResult,
Integer maxResults)
Searches for user by parameter.
|
Stream<UserModel> |
searchForUserStream(RealmModel realm,
String search,
Integer firstResult,
Integer maxResults)
Searches for users whose username, email, first name or last name contain any of the strings in
search separated by whitespace. |
protected List<LDAPObject> |
searchLDAP(RealmModel realm,
Map<String,String> attributes) |
void |
setUpdater(PasswordUpdateCallback updater) |
boolean |
supportsCredentialAuthenticationFor(String type) |
boolean |
supportsCredentialType(String credentialType) |
boolean |
synchronizeRegistrations() |
boolean |
updateCredential(RealmModel realm,
UserModel user,
CredentialInput input) |
UserModel |
validate(RealmModel realm,
UserModel local)
If this method returns null, then the user in local storage will be removed
|
boolean |
validPassword(RealmModel realm,
UserModel user,
String password) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getDisableableCredentialTypes
getUserByEmail, getUserById, getUserByUsername
getGroupMembers, getGroupMembers, getGroupMembersStream, getUsers, getUsers, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, searchForUser, searchForUser, searchForUser, searchForUser, searchForUserByUserAttribute, searchForUserStream, searchForUserStream
countUsersInGroups, getRoleMembers, getRoleMembers, getRoleMembersStream, getUsersCount, getUsersCount
protected LDAPStorageProviderFactory factory
protected KeycloakSession session
protected UserStorageProviderModel model
protected LDAPIdentityStore ldapIdentityStore
protected UserStorageProvider.EditMode editMode
protected LDAPProviderKerberosConfig kerberosConfig
protected PasswordUpdateCallback updater
protected LDAPStorageMapperManager mapperManager
protected LDAPStorageUserManager userManager
public LDAPStorageProvider(LDAPStorageProviderFactory factory, KeycloakSession session, ComponentModel model, LDAPIdentityStore ldapIdentityStore)
public void setUpdater(PasswordUpdateCallback updater)
public KeycloakSession getSession()
public LDAPIdentityStore getLdapIdentityStore()
public UserStorageProvider.EditMode getEditMode()
public UserStorageProviderModel getModel()
public LDAPStorageMapperManager getMapperManager()
public LDAPStorageUserManager getUserManager()
public UserModel validate(RealmModel realm, UserModel local)
ImportedUserValidation
validate
in interface ImportedUserValidation
protected UserModel proxy(RealmModel realm, UserModel local, LDAPObject ldapObject, boolean newUser)
public boolean supportsCredentialAuthenticationFor(String type)
supportsCredentialAuthenticationFor
in interface CredentialAuthentication
public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realm, String attrName, String attrValue)
UserQueryProvider
searchForUserByUserAttributeStream
in interface UserQueryProvider
searchForUserByUserAttributeStream
in interface UserQueryProvider.Streams
realm
- a reference to the realm.attrName
- the attribute name.attrValue
- the attribute value.Stream
of users that match the search criteria.public boolean synchronizeRegistrations()
public UserModel addUser(RealmModel realm, String username)
UserRegistrationProvider
addUser
in interface UserRegistrationProvider
realm
- a reference to the realmusername
- a username the created user will be assignedpublic boolean removeUser(RealmModel realm, UserModel user)
UserRegistrationProvider
removeUser
in interface UserRegistrationProvider
realm
- a reference to the realmuser
- a reference to the user that is removedpublic UserModel getUserById(RealmModel realm, String id)
UserLookupProvider
getUserById
in interface UserLookupProvider
getUserById
in interface UserLookupProvider.Streams
realm
- the realm modelid
- id of the usernull
if no such user existspublic int getUsersCount(RealmModel realm)
UserQueryProvider
getUsersCount
in interface UserQueryProvider
realm
- the realmpublic Stream<UserModel> getUsersStream(RealmModel realm)
UserQueryProvider
getUsersStream
in interface UserQueryProvider
getUsersStream
in interface UserQueryProvider.Streams
realm
- a reference to the realm.Stream
of users.public Stream<UserModel> getUsersStream(RealmModel realm, Integer firstResult, Integer maxResults)
UserQueryProvider
firstResult
and containing at most maxResults
.getUsersStream
in interface UserQueryProvider
getUsersStream
in interface UserQueryProvider.Streams
realm
- a reference to the realm.firstResult
- first result to return. Ignored if negative or null
.maxResults
- maximum number of results to return. Ignored if negative or null
.Stream
of users.public Stream<UserModel> searchForUserStream(RealmModel realm, String search, Integer firstResult, Integer maxResults)
UserQueryProvider
search
separated by whitespace.
If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).
This method is used by the admin console search boxsearchForUserStream
in interface UserQueryProvider
searchForUserStream
in interface UserQueryProvider.Streams
realm
- a reference to the realm.search
- case insensitive list of string separated by whitespaces.firstResult
- first result to return. Ignored if negative, zero, or null
.maxResults
- maximum number of results to return. Ignored if negative or null
.Stream
of users that match the search criteria.public Stream<UserModel> searchForUserStream(RealmModel realm, Map<String,String> params, Integer firstResult, Integer maxResults)
UserQueryProvider
UserModel.FIRST_NAME
- first name (case insensitive string)UserModel.LAST_NAME
- last name (case insensitive string)UserModel.EMAIL
- email (case insensitive string)UserModel.USERNAME
- username (case insensitive string)UserModel.EMAIL_VERIFIED
- search only for users with verified/non-verified email (true/false)UserModel.ENABLED
- search only for enabled/disabled users (true/false)UserModel.IDP_ALIAS
- search only for users that have a federated identity
from idp with the given alias configured (case sensitive string)UserModel.IDP_USER_ID
- search for users with federated identity with
the given userId (case sensitive string)searchForUserStream
in interface UserQueryProvider
searchForUserStream
in interface UserQueryProvider.Streams
realm
- a reference to the realm.params
- a map containing the search parameters.firstResult
- first result to return. Ignored if negative, zero, or null
.maxResults
- maximum number of results to return. Ignored if negative or null
.Stream
of users that match the search criteria.public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult, Integer maxResults)
UserQueryProvider
getGroupMembersStream
in interface UserQueryProvider
getGroupMembersStream
in interface UserQueryProvider.Streams
realm
- a reference to the realm.group
- a reference to the group.firstResult
- first result to return. Ignored if negative, zero, or null
.maxResults
- maximum number of results to return. Ignored if negative or null
.Stream
of users that belong to the group.public Stream<UserModel> getRoleMembersStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults)
UserQueryProvider
getRoleMembersStream
in interface UserQueryProvider
realm
- a reference to the realm.role
- a reference to the role.firstResult
- first result to return. Ignored if negative or null
.maxResults
- maximum number of results to return. Ignored if negative or null
.Stream
of users that have the specified role.public List<UserModel> loadUsersByUsernames(List<String> usernames, RealmModel realm)
protected List<LDAPObject> searchLDAP(RealmModel realm, Map<String,String> attributes)
protected LDAPObject loadAndValidateUser(RealmModel realm, UserModel local)
local
- public UserModel getUserByUsername(RealmModel realm, String username)
UserLookupProvider
getUserByUsername
in interface UserLookupProvider
getUserByUsername
in interface UserLookupProvider.Streams
realm
- the realm modelusername
- case insensitive username (case-sensitivity is controlled by storage)null
if no such user existsprotected UserModel importUserFromLDAP(KeycloakSession session, RealmModel realm, LDAPObject ldapUser)
protected LDAPObject queryByEmail(RealmModel realm, String email)
public UserModel getUserByEmail(RealmModel realm, String email)
UserLookupProvider
getUserByEmail
in interface UserLookupProvider
getUserByEmail
in interface UserLookupProvider.Streams
realm
- the realm modelemail
- case insensitive email address (case-sensitivity is controlled by storage)null
if no such user existspublic void preRemove(RealmModel realm)
UserStorageProvider
preRemove
in interface UserStorageProvider
public void preRemove(RealmModel realm, RoleModel role)
UserStorageProvider
preRemove
in interface UserStorageProvider
public void preRemove(RealmModel realm, GroupModel group)
UserStorageProvider
preRemove
in interface UserStorageProvider
public boolean validPassword(RealmModel realm, UserModel user, String password)
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input)
updateCredential
in interface CredentialInputUpdater
public void disableCredentialType(RealmModel realm, UserModel user, String credentialType)
disableCredentialType
in interface CredentialInputUpdater
public Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user)
CredentialInputUpdater
disableCredentialType
.getDisableableCredentialTypesStream
in interface CredentialInputUpdater
getDisableableCredentialTypesStream
in interface CredentialInputUpdater.Streams
realm
- a reference to the realm.user
- the user whose credentials are being searched.Stream
of credential types.public boolean supportsCredentialType(String credentialType)
supportsCredentialType
in interface CredentialInputUpdater
supportsCredentialType
in interface CredentialInputValidator
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType)
isConfiguredFor
in interface CredentialInputValidator
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input)
CredentialInputValidator
isValid
in interface CredentialInputValidator
realm
- The realm in which to which the credential belongs touser
- The user for which to test the credentialinput
- the credential details to verifypublic CredentialValidationOutput authenticate(RealmModel realm, CredentialInput cred)
authenticate
in interface CredentialAuthentication
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username)
realm
- realmusername
- username without realm prefixpublic LDAPObject loadLDAPUserByUsername(RealmModel realm, String username)
public LDAPObject loadLDAPUserByUuid(RealmModel realm, String uuid)
Copyright © 2021 JBoss by Red Hat. All rights reserved.