public class LDAPStorageProvider extends Object implements UserStorageProvider, CredentialInputValidator, CredentialInputUpdater.Streams, CredentialAuthentication, UserLookupProvider.Streams, UserRegistrationProvider, UserQueryProvider.Streams, ImportedUserValidation
UserStorageProvider.EditModeCredentialInputUpdater.StreamsUserLookupProvider.StreamsUserQueryProvider.Streams| Modifier and Type | Field and Description |
|---|---|
protected UserStorageProvider.EditMode |
editMode |
protected LDAPStorageProviderFactory |
factory |
protected LDAPProviderKerberosConfig |
kerberosConfig |
protected LDAPIdentityStore |
ldapIdentityStore |
protected LDAPStorageMapperManager |
mapperManager |
protected UserStorageProviderModel |
model |
protected KeycloakSession |
session |
protected Set<String> |
supportedCredentialTypes |
protected PasswordUpdateCallback |
updater |
protected LDAPStorageUserManager |
userManager |
| Constructor and Description |
|---|
LDAPStorageProvider(LDAPStorageProviderFactory factory,
KeycloakSession session,
ComponentModel model,
LDAPIdentityStore ldapIdentityStore) |
| Modifier and Type | Method and Description |
|---|---|
UserModel |
addUser(RealmModel realm,
String username)
All storage providers that implement this interface will be looped through.
|
CredentialValidationOutput |
authenticate(RealmModel realm,
CredentialInput cred) |
void |
close() |
void |
disableCredentialType(RealmModel realm,
UserModel user,
String credentialType) |
protected UserModel |
findOrCreateAuthenticatedUser(RealmModel realm,
String username)
Called after successful kerberos authentication
|
Stream<String> |
getDisableableCredentialTypesStream(RealmModel realm,
UserModel user)
Obtains the set of credential types that can be disabled via
disableCredentialType. |
UserStorageProvider.EditMode |
getEditMode() |
Stream<UserModel> |
getGroupMembersStream(RealmModel realm,
GroupModel group,
Integer firstResult,
Integer maxResults)
Obtains users that belong to a specific group.
|
LDAPIdentityStore |
getLdapIdentityStore() |
LDAPStorageMapperManager |
getMapperManager() |
UserStorageProviderModel |
getModel() |
Stream<UserModel> |
getRoleMembersStream(RealmModel realm,
RoleModel role,
Integer firstResult,
Integer maxResults)
Searches for users that have the specified role.
|
KeycloakSession |
getSession() |
Set<String> |
getSupportedCredentialTypes() |
UserModel |
getUserByEmail(RealmModel realm,
String email)
Returns a user with the given email belonging to the realm
|
UserModel |
getUserById(RealmModel realm,
String id)
Returns a user with the given id belonging to the realm
|
UserModel |
getUserByUsername(RealmModel realm,
String username)
Returns a user with the given username belonging to the realm
|
LDAPStorageUserManager |
getUserManager() |
int |
getUsersCount(RealmModel realm)
Returns the number of users, without consider any service account.
|
Stream<UserModel> |
getUsersStream(RealmModel realm)
Searches all users in the realm.
|
Stream<UserModel> |
getUsersStream(RealmModel realm,
Integer firstResult,
Integer maxResults)
Searches all users in the realm, starting from the
firstResult and containing at most maxResults. |
protected UserModel |
importUserFromLDAP(KeycloakSession session,
RealmModel realm,
LDAPObject ldapUser) |
boolean |
isConfiguredFor(RealmModel realm,
UserModel user,
String credentialType) |
boolean |
isValid(RealmModel realm,
UserModel user,
CredentialInput input)
Tests whether a credential is valid
|
protected LDAPObject |
loadAndValidateUser(RealmModel realm,
UserModel local) |
LDAPObject |
loadLDAPUserByUsername(RealmModel realm,
String username) |
LDAPObject |
loadLDAPUserByUuid(RealmModel realm,
String uuid) |
List<UserModel> |
loadUsersByUsernames(List<String> usernames,
RealmModel realm) |
void |
preRemove(RealmModel realm)
Callback when a realm is removed.
|
void |
preRemove(RealmModel realm,
GroupModel group)
Callback when a group is removed.
|
void |
preRemove(RealmModel realm,
RoleModel role)
Callback when a role is removed.
|
protected UserModel |
proxy(RealmModel realm,
UserModel local,
LDAPObject ldapObject,
boolean newUser) |
protected LDAPObject |
queryByEmail(RealmModel realm,
String email) |
boolean |
removeUser(RealmModel realm,
UserModel user)
Called if user originated from this provider.
|
Stream<UserModel> |
searchForUserByUserAttributeStream(RealmModel realm,
String attrName,
String attrValue)
Searches for users that have a specific attribute with a specific value.
|
Stream<UserModel> |
searchForUserStream(RealmModel realm,
Map<String,String> params,
Integer firstResult,
Integer maxResults)
Searches for user by parameter.
|
Stream<UserModel> |
searchForUserStream(RealmModel realm,
String search,
Integer firstResult,
Integer maxResults)
Searches for users whose username, email, first name or last name contain any of the strings in
search separated by whitespace. |
protected List<LDAPObject> |
searchLDAP(RealmModel realm,
Map<String,String> attributes) |
void |
setUpdater(PasswordUpdateCallback updater) |
boolean |
supportsCredentialAuthenticationFor(String type) |
boolean |
supportsCredentialType(String credentialType) |
boolean |
synchronizeRegistrations() |
boolean |
updateCredential(RealmModel realm,
UserModel user,
CredentialInput input) |
UserModel |
validate(RealmModel realm,
UserModel local)
If this method returns null, then the user in local storage will be removed
|
boolean |
validPassword(RealmModel realm,
UserModel user,
String password) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetDisableableCredentialTypesgetUserByEmail, getUserById, getUserByUsernamegetGroupMembers, getGroupMembers, getGroupMembersStream, getUsers, getUsers, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, searchForUser, searchForUser, searchForUser, searchForUser, searchForUserByUserAttribute, searchForUserStream, searchForUserStreamcountUsersInGroups, getRoleMembers, getRoleMembers, getRoleMembersStream, getUsersCount, getUsersCountprotected LDAPStorageProviderFactory factory
protected KeycloakSession session
protected UserStorageProviderModel model
protected LDAPIdentityStore ldapIdentityStore
protected UserStorageProvider.EditMode editMode
protected LDAPProviderKerberosConfig kerberosConfig
protected PasswordUpdateCallback updater
protected LDAPStorageMapperManager mapperManager
protected LDAPStorageUserManager userManager
public LDAPStorageProvider(LDAPStorageProviderFactory factory, KeycloakSession session, ComponentModel model, LDAPIdentityStore ldapIdentityStore)
public void setUpdater(PasswordUpdateCallback updater)
public KeycloakSession getSession()
public LDAPIdentityStore getLdapIdentityStore()
public UserStorageProvider.EditMode getEditMode()
public UserStorageProviderModel getModel()
public LDAPStorageMapperManager getMapperManager()
public LDAPStorageUserManager getUserManager()
public UserModel validate(RealmModel realm, UserModel local)
ImportedUserValidationvalidate in interface ImportedUserValidationprotected UserModel proxy(RealmModel realm, UserModel local, LDAPObject ldapObject, boolean newUser)
public boolean supportsCredentialAuthenticationFor(String type)
supportsCredentialAuthenticationFor in interface CredentialAuthenticationpublic Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realm, String attrName, String attrValue)
UserQueryProvidersearchForUserByUserAttributeStream in interface UserQueryProvidersearchForUserByUserAttributeStream in interface UserQueryProvider.Streamsrealm - a reference to the realm.attrName - the attribute name.attrValue - the attribute value.Stream of users that match the search criteria.public boolean synchronizeRegistrations()
public UserModel addUser(RealmModel realm, String username)
UserRegistrationProvideraddUser in interface UserRegistrationProviderrealm - a reference to the realmusername - a username the created user will be assignedpublic boolean removeUser(RealmModel realm, UserModel user)
UserRegistrationProviderremoveUser in interface UserRegistrationProviderrealm - a reference to the realmuser - a reference to the user that is removedpublic UserModel getUserById(RealmModel realm, String id)
UserLookupProvidergetUserById in interface UserLookupProvidergetUserById in interface UserLookupProvider.Streamsrealm - the realm modelid - id of the usernull if no such user existspublic int getUsersCount(RealmModel realm)
UserQueryProvidergetUsersCount in interface UserQueryProviderrealm - the realmpublic Stream<UserModel> getUsersStream(RealmModel realm)
UserQueryProvidergetUsersStream in interface UserQueryProvidergetUsersStream in interface UserQueryProvider.Streamsrealm - a reference to the realm.Stream of users.public Stream<UserModel> getUsersStream(RealmModel realm, Integer firstResult, Integer maxResults)
UserQueryProviderfirstResult and containing at most maxResults.getUsersStream in interface UserQueryProvidergetUsersStream in interface UserQueryProvider.Streamsrealm - a reference to the realm.firstResult - first result to return. Ignored if negative or null.maxResults - maximum number of results to return. Ignored if negative or null.Stream of users.public Stream<UserModel> searchForUserStream(RealmModel realm, String search, Integer firstResult, Integer maxResults)
UserQueryProvidersearch separated by whitespace.
If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).
This method is used by the admin console search boxsearchForUserStream in interface UserQueryProvidersearchForUserStream in interface UserQueryProvider.Streamsrealm - a reference to the realm.search - case insensitive list of string separated by whitespaces.firstResult - first result to return. Ignored if negative, zero, or null.maxResults - maximum number of results to return. Ignored if negative or null.Stream of users that match the search criteria.public Stream<UserModel> searchForUserStream(RealmModel realm, Map<String,String> params, Integer firstResult, Integer maxResults)
UserQueryProviderUserModel.FIRST_NAME - first name (case insensitive string)UserModel.LAST_NAME - last name (case insensitive string)UserModel.EMAIL - email (case insensitive string)UserModel.USERNAME - username (case insensitive string)UserModel.EMAIL_VERIFIED - search only for users with verified/non-verified email (true/false)UserModel.ENABLED - search only for enabled/disabled users (true/false)UserModel.IDP_ALIAS - search only for users that have a federated identity
from idp with the given alias configured (case sensitive string)UserModel.IDP_USER_ID - search for users with federated identity with
the given userId (case sensitive string)searchForUserStream in interface UserQueryProvidersearchForUserStream in interface UserQueryProvider.Streamsrealm - a reference to the realm.params - a map containing the search parameters.firstResult - first result to return. Ignored if negative, zero, or null.maxResults - maximum number of results to return. Ignored if negative or null.Stream of users that match the search criteria.public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult, Integer maxResults)
UserQueryProvidergetGroupMembersStream in interface UserQueryProvidergetGroupMembersStream in interface UserQueryProvider.Streamsrealm - a reference to the realm.group - a reference to the group.firstResult - first result to return. Ignored if negative, zero, or null.maxResults - maximum number of results to return. Ignored if negative or null.Stream of users that belong to the group.public Stream<UserModel> getRoleMembersStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults)
UserQueryProvidergetRoleMembersStream in interface UserQueryProviderrealm - a reference to the realm.role - a reference to the role.firstResult - first result to return. Ignored if negative or null.maxResults - maximum number of results to return. Ignored if negative or null.Stream of users that have the specified role.public List<UserModel> loadUsersByUsernames(List<String> usernames, RealmModel realm)
protected List<LDAPObject> searchLDAP(RealmModel realm, Map<String,String> attributes)
protected LDAPObject loadAndValidateUser(RealmModel realm, UserModel local)
local - public UserModel getUserByUsername(RealmModel realm, String username)
UserLookupProvidergetUserByUsername in interface UserLookupProvidergetUserByUsername in interface UserLookupProvider.Streamsrealm - the realm modelusername - case insensitive username (case-sensitivity is controlled by storage)null if no such user existsprotected UserModel importUserFromLDAP(KeycloakSession session, RealmModel realm, LDAPObject ldapUser)
protected LDAPObject queryByEmail(RealmModel realm, String email)
public UserModel getUserByEmail(RealmModel realm, String email)
UserLookupProvidergetUserByEmail in interface UserLookupProvidergetUserByEmail in interface UserLookupProvider.Streamsrealm - the realm modelemail - case insensitive email address (case-sensitivity is controlled by storage)null if no such user existspublic void preRemove(RealmModel realm)
UserStorageProviderpreRemove in interface UserStorageProviderpublic void preRemove(RealmModel realm, RoleModel role)
UserStorageProviderpreRemove in interface UserStorageProviderpublic void preRemove(RealmModel realm, GroupModel group)
UserStorageProviderpreRemove in interface UserStorageProviderpublic boolean validPassword(RealmModel realm, UserModel user, String password)
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input)
updateCredential in interface CredentialInputUpdaterpublic void disableCredentialType(RealmModel realm, UserModel user, String credentialType)
disableCredentialType in interface CredentialInputUpdaterpublic Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user)
CredentialInputUpdaterdisableCredentialType.getDisableableCredentialTypesStream in interface CredentialInputUpdatergetDisableableCredentialTypesStream in interface CredentialInputUpdater.Streamsrealm - a reference to the realm.user - the user whose credentials are being searched.Stream of credential types.public boolean supportsCredentialType(String credentialType)
supportsCredentialType in interface CredentialInputUpdatersupportsCredentialType in interface CredentialInputValidatorpublic boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType)
isConfiguredFor in interface CredentialInputValidatorpublic boolean isValid(RealmModel realm, UserModel user, CredentialInput input)
CredentialInputValidatorisValid in interface CredentialInputValidatorrealm - The realm in which to which the credential belongs touser - The user for which to test the credentialinput - the credential details to verifypublic CredentialValidationOutput authenticate(RealmModel realm, CredentialInput cred)
authenticate in interface CredentialAuthenticationprotected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username)
realm - realmusername - username without realm prefixpublic LDAPObject loadLDAPUserByUsername(RealmModel realm, String username)
public LDAPObject loadLDAPUserByUuid(RealmModel realm, String uuid)
Copyright © 2021 JBoss by Red Hat. All rights reserved.