public class LDAPStorageProvider extends Object implements UserStorageProvider, CredentialInputValidator, CredentialInputUpdater.Streams, CredentialAuthentication, UserLookupProvider, UserRegistrationProvider, UserQueryProvider.Streams, ImportedUserValidation
UserStorageProvider.EditModeCredentialInputUpdater.StreamsUserQueryProvider.Streams| Modifier and Type | Field and Description |
|---|---|
protected UserStorageProvider.EditMode |
editMode |
protected LDAPStorageProviderFactory |
factory |
protected LDAPProviderKerberosConfig |
kerberosConfig |
protected LDAPIdentityStore |
ldapIdentityStore |
protected LDAPStorageMapperManager |
mapperManager |
protected UserStorageProviderModel |
model |
protected KeycloakSession |
session |
protected Set<String> |
supportedCredentialTypes |
protected PasswordUpdateCallback |
updater |
protected LDAPStorageUserManager |
userManager |
| Constructor and Description |
|---|
LDAPStorageProvider(LDAPStorageProviderFactory factory,
KeycloakSession session,
ComponentModel model,
LDAPIdentityStore ldapIdentityStore) |
| Modifier and Type | Method and Description |
|---|---|
UserModel |
addUser(RealmModel realm,
String username)
All storage providers that implement this interface will be looped through.
|
CredentialValidationOutput |
authenticate(RealmModel realm,
CredentialInput cred) |
void |
close() |
void |
disableCredentialType(RealmModel realm,
UserModel user,
String credentialType) |
protected UserModel |
findOrCreateAuthenticatedUser(RealmModel realm,
String username)
Called after successful kerberos authentication
|
Stream<String> |
getDisableableCredentialTypesStream(RealmModel realm,
UserModel user)
Obtains the set of credential types that can be disabled via
disableCredentialType. |
UserStorageProvider.EditMode |
getEditMode() |
Stream<UserModel> |
getGroupMembersStream(RealmModel realm,
GroupModel group)
Obtains users that belong to a specific group.
|
Stream<UserModel> |
getGroupMembersStream(RealmModel realm,
GroupModel group,
Integer firstResult,
Integer maxResults)
Obtains users that belong to a specific group.
|
LDAPIdentityStore |
getLdapIdentityStore() |
LDAPStorageMapperManager |
getMapperManager() |
UserStorageProviderModel |
getModel() |
Stream<UserModel> |
getRoleMembersStream(RealmModel realm,
RoleModel role)
Obtains users that have the specified role.
|
Stream<UserModel> |
getRoleMembersStream(RealmModel realm,
RoleModel role,
Integer firstResult,
Integer maxResults)
Searches for users that have the specified role.
|
KeycloakSession |
getSession() |
Set<String> |
getSupportedCredentialTypes() |
UserModel |
getUserByEmail(String email,
RealmModel realm) |
UserModel |
getUserById(String id,
RealmModel realm) |
UserModel |
getUserByUsername(String username,
RealmModel realm) |
LDAPStorageUserManager |
getUserManager() |
int |
getUsersCount(RealmModel realm)
Returns the number of users, without consider any service account.
|
Stream<UserModel> |
getUsersStream(RealmModel realm)
Searches all users in the realm.
|
Stream<UserModel> |
getUsersStream(RealmModel realm,
int firstResult,
int maxResults)
Searches all users in the realm, starting from the
firstResult and containing at most maxResults. |
protected UserModel |
importUserFromLDAP(KeycloakSession session,
RealmModel realm,
LDAPObject ldapUser) |
boolean |
isConfiguredFor(RealmModel realm,
UserModel user,
String credentialType) |
boolean |
isValid(RealmModel realm,
UserModel user,
CredentialInput input)
Tests whether a credential is valid
|
protected LDAPObject |
loadAndValidateUser(RealmModel realm,
UserModel local) |
LDAPObject |
loadLDAPUserByUsername(RealmModel realm,
String username) |
List<UserModel> |
loadUsersByUsernames(List<String> usernames,
RealmModel realm) |
void |
preRemove(RealmModel realm)
Callback when a realm is removed.
|
void |
preRemove(RealmModel realm,
GroupModel group)
Callback when a group is removed.
|
void |
preRemove(RealmModel realm,
RoleModel role)
Callback when a role is removed.
|
protected UserModel |
proxy(RealmModel realm,
UserModel local,
LDAPObject ldapObject,
boolean newUser) |
protected LDAPObject |
queryByEmail(RealmModel realm,
String email) |
boolean |
removeUser(RealmModel realm,
UserModel user)
Called if user originated from this provider.
|
Stream<UserModel> |
searchForUserByUserAttributeStream(String attrName,
String attrValue,
RealmModel realm)
Searches for users that have a specific attribute with a specific value.
|
Stream<UserModel> |
searchForUserStream(Map<String,String> params,
RealmModel realm)
Searches for user by parameter.
|
Stream<UserModel> |
searchForUserStream(Map<String,String> params,
RealmModel realm,
Integer firstResult,
Integer maxResults)
Searches for user by parameter.
|
Stream<UserModel> |
searchForUserStream(String search,
RealmModel realm)
Searches for users with username, email or first + last name that is like search string.
|
Stream<UserModel> |
searchForUserStream(String search,
RealmModel realm,
Integer firstResult,
Integer maxResults)
Searches for users with username, email or first + last name that is like search string.
|
protected List<LDAPObject> |
searchLDAP(RealmModel realm,
Map<String,String> attributes) |
void |
setUpdater(PasswordUpdateCallback updater) |
boolean |
supportsCredentialAuthenticationFor(String type) |
boolean |
supportsCredentialType(String credentialType) |
boolean |
synchronizeRegistrations() |
boolean |
updateCredential(RealmModel realm,
UserModel user,
CredentialInput input) |
UserModel |
validate(RealmModel realm,
UserModel local)
If this method returns null, then the user in local storage will be removed
|
boolean |
validPassword(RealmModel realm,
UserModel user,
String password) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetDisableableCredentialTypesgetGroupMembers, getGroupMembers, getUsers, getUsers, searchForUser, searchForUser, searchForUser, searchForUser, searchForUserByUserAttributecountUsersInGroups, getRoleMembers, getRoleMembers, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCountprotected LDAPStorageProviderFactory factory
protected KeycloakSession session
protected UserStorageProviderModel model
protected LDAPIdentityStore ldapIdentityStore
protected UserStorageProvider.EditMode editMode
protected LDAPProviderKerberosConfig kerberosConfig
protected PasswordUpdateCallback updater
protected LDAPStorageMapperManager mapperManager
protected LDAPStorageUserManager userManager
public LDAPStorageProvider(LDAPStorageProviderFactory factory, KeycloakSession session, ComponentModel model, LDAPIdentityStore ldapIdentityStore)
public void setUpdater(PasswordUpdateCallback updater)
public KeycloakSession getSession()
public LDAPIdentityStore getLdapIdentityStore()
public UserStorageProvider.EditMode getEditMode()
public UserStorageProviderModel getModel()
public LDAPStorageMapperManager getMapperManager()
public LDAPStorageUserManager getUserManager()
public UserModel validate(RealmModel realm, UserModel local)
ImportedUserValidationvalidate in interface ImportedUserValidationprotected UserModel proxy(RealmModel realm, UserModel local, LDAPObject ldapObject, boolean newUser)
public boolean supportsCredentialAuthenticationFor(String type)
supportsCredentialAuthenticationFor in interface CredentialAuthenticationpublic Stream<UserModel> searchForUserByUserAttributeStream(String attrName, String attrValue, RealmModel realm)
UserQueryProviderUserFederatedStorageProvider as this is done automatically.searchForUserByUserAttributeStream in interface UserQueryProvidersearchForUserByUserAttributeStream in interface UserQueryProvider.StreamsattrName - the attribute name.attrValue - the attribute value.realm - a reference to the realm.Stream of users that match the search criteria.UserFederatedStorageProviderpublic boolean synchronizeRegistrations()
public UserModel addUser(RealmModel realm, String username)
UserRegistrationProvideraddUser in interface UserRegistrationProviderpublic boolean removeUser(RealmModel realm, UserModel user)
UserRegistrationProviderremoveUser in interface UserRegistrationProviderpublic UserModel getUserById(String id, RealmModel realm)
getUserById in interface UserLookupProviderpublic int getUsersCount(RealmModel realm)
UserQueryProvidergetUsersCount in interface UserQueryProviderrealm - the realmpublic Stream<UserModel> getUsersStream(RealmModel realm)
UserQueryProvidergetUsersStream in interface UserQueryProvidergetUsersStream in interface UserQueryProvider.Streamsrealm - a reference to the realm.Stream of users.public Stream<UserModel> getUsersStream(RealmModel realm, int firstResult, int maxResults)
UserQueryProviderfirstResult and containing at most maxResults.getUsersStream in interface UserQueryProvidergetUsersStream in interface UserQueryProvider.Streamsrealm - a reference to the realm.firstResult - first result to return. Ignored if negative.maxResults - maximum number of results to return. Ignored if negative.Stream of users.public Stream<UserModel> searchForUserStream(String search, RealmModel realm)
UserQueryProvidersearchForUserStream in interface UserQueryProvidersearchForUserStream in interface UserQueryProvider.Streamssearch - case sensitive search string.realm - a reference to the realm.Stream of users that match the search string.public Stream<UserModel> searchForUserStream(String search, RealmModel realm, Integer firstResult, Integer maxResults)
UserQueryProvidersearchForUserStream in interface UserQueryProvidersearchForUserStream in interface UserQueryProvider.Streamssearch - case sensitive search string.realm - a reference to the realm.firstResult - first result to return. Ignored if negative.maxResults - maximum number of results to return. Ignored if negative.Stream of users that match the search criteria.public Stream<UserModel> searchForUserStream(Map<String,String> params, RealmModel realm)
UserQueryProvidersearchForUserStream in interface UserQueryProvidersearchForUserStream in interface UserQueryProvider.Streamsparams - a map containing the search parameters.realm - a reference to the realm.Stream of users that match the search parameters.public Stream<UserModel> searchForUserStream(Map<String,String> params, RealmModel realm, Integer firstResult, Integer maxResults)
UserQueryProvidersearchForUserStream in interface UserQueryProvidersearchForUserStream in interface UserQueryProvider.Streamsparams - a map containing the search parameters.realm - a reference to the realm.firstResult - first result to return. Ignored if negative.maxResults - maximum number of results to return. Ignored if negative.Stream of users that match the search criteria.public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group)
UserQueryProviderUserFederatedStorageProvider
as this is done automatically.getGroupMembersStream in interface UserQueryProvidergetGroupMembersStream in interface UserQueryProvider.Streamsrealm - a reference to the realm.group - a reference to the group.Stream of users that belong to the group.UserFederatedStorageProviderpublic Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult, Integer maxResults)
UserQueryProviderUserFederatedStorageProvider
as this is done automatically.getGroupMembersStream in interface UserQueryProvidergetGroupMembersStream in interface UserQueryProvider.Streamsrealm - a reference to the realm.group - a reference to the group.firstResult - first result to return. Ignored if negative.maxResults - maximum number of results to return. Ignored if negative.Stream of users that belong to the group.UserFederatedStorageProviderpublic Stream<UserModel> getRoleMembersStream(RealmModel realm, RoleModel role)
UserQueryProvidergetRoleMembersStream in interface UserQueryProviderrealm - a reference to the realm.role - a reference to the role.Stream of users that have the specified role.public Stream<UserModel> getRoleMembersStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults)
UserQueryProvidergetRoleMembersStream in interface UserQueryProviderrealm - a reference to the realm.role - a reference to the role.firstResult - first result to return. Ignored if negative.maxResults - maximum number of results to return. Ignored if negative.Stream of users that have the specified role.public List<UserModel> loadUsersByUsernames(List<String> usernames, RealmModel realm)
protected List<LDAPObject> searchLDAP(RealmModel realm, Map<String,String> attributes)
protected LDAPObject loadAndValidateUser(RealmModel realm, UserModel local)
local - public UserModel getUserByUsername(String username, RealmModel realm)
getUserByUsername in interface UserLookupProviderprotected UserModel importUserFromLDAP(KeycloakSession session, RealmModel realm, LDAPObject ldapUser)
protected LDAPObject queryByEmail(RealmModel realm, String email)
public UserModel getUserByEmail(String email, RealmModel realm)
getUserByEmail in interface UserLookupProviderpublic void preRemove(RealmModel realm)
UserStorageProviderpreRemove in interface UserStorageProviderpublic void preRemove(RealmModel realm, RoleModel role)
UserStorageProviderpreRemove in interface UserStorageProviderpublic void preRemove(RealmModel realm, GroupModel group)
UserStorageProviderpreRemove in interface UserStorageProviderpublic boolean validPassword(RealmModel realm, UserModel user, String password)
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input)
updateCredential in interface CredentialInputUpdaterpublic void disableCredentialType(RealmModel realm, UserModel user, String credentialType)
disableCredentialType in interface CredentialInputUpdaterpublic Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user)
CredentialInputUpdaterdisableCredentialType.getDisableableCredentialTypesStream in interface CredentialInputUpdatergetDisableableCredentialTypesStream in interface CredentialInputUpdater.Streamsrealm - a reference to the realm.user - the user whose credentials are being searched.Stream of credential types.public boolean supportsCredentialType(String credentialType)
supportsCredentialType in interface CredentialInputUpdatersupportsCredentialType in interface CredentialInputValidatorpublic boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType)
isConfiguredFor in interface CredentialInputValidatorpublic boolean isValid(RealmModel realm, UserModel user, CredentialInput input)
CredentialInputValidatorisValid in interface CredentialInputValidatorrealm - The realm in which to which the credential belongs touser - The user for which to test the credentialinput - the credential details to verifypublic CredentialValidationOutput authenticate(RealmModel realm, CredentialInput cred)
authenticate in interface CredentialAuthenticationprotected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username)
realm - realmusername - username without realm prefixpublic LDAPObject loadLDAPUserByUsername(RealmModel realm, String username)
Copyright © 2021 JBoss by Red Hat. All rights reserved.