Search in sources :

Example 1 with ReadOnlyUserModelDelegate

use of org.keycloak.models.utils.ReadOnlyUserModelDelegate in project keycloak by keycloak.

the class UserCacheSession method cacheUser.

protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision) {
    int notBefore = getDelegate().getNotBeforeOfUser(realm, delegate);
    StorageId storageId = delegate.getFederationLink() != null ? new StorageId(delegate.getFederationLink(), delegate.getId()) : new StorageId(delegate.getId());
    CachedUser cached = null;
    UserAdapter adapter = null;
    if (!storageId.isLocal()) {
        ComponentModel component = realm.getComponent(storageId.getProviderId());
        UserStorageProviderModel model = new UserStorageProviderModel(component);
        if (!model.isEnabled()) {
            return new ReadOnlyUserModelDelegate(delegate) {

                @Override
                public boolean isEnabled() {
                    return false;
                }
            };
        }
        UserStorageProviderModel.CachePolicy policy = model.getCachePolicy();
        if (policy != null && policy == UserStorageProviderModel.CachePolicy.NO_CACHE) {
            return delegate;
        }
        cached = new CachedUser(revision, realm, delegate, notBefore);
        adapter = new UserAdapter(cached, this, session, realm);
        onCache(realm, adapter, delegate);
        long lifespan = model.getLifespan();
        if (lifespan > 0) {
            cache.addRevisioned(cached, startupRevision, lifespan);
        } else {
            cache.addRevisioned(cached, startupRevision);
        }
    } else {
        cached = new CachedUser(revision, realm, delegate, notBefore);
        adapter = new UserAdapter(cached, this, session, realm);
        onCache(realm, adapter, delegate);
        cache.addRevisioned(cached, startupRevision);
    }
    return adapter;
}
Also used : ReadOnlyUserModelDelegate(org.keycloak.models.utils.ReadOnlyUserModelDelegate) ComponentModel(org.keycloak.component.ComponentModel) CachedUser(org.keycloak.models.cache.infinispan.entities.CachedUser) UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel) StorageId(org.keycloak.storage.StorageId)

Example 2 with ReadOnlyUserModelDelegate

use of org.keycloak.models.utils.ReadOnlyUserModelDelegate in project keycloak by keycloak.

the class UserStorageManager method importValidation.

/**
 * Allows a UserStorageProvider to proxy and/or synchronize an imported user.
 *
 * @param realm
 * @param user
 * @return
 */
protected UserModel importValidation(RealmModel realm, UserModel user) {
    if (user == null || user.getFederationLink() == null)
        return user;
    UserStorageProviderModel model = getStorageProviderModel(realm, user.getFederationLink());
    if (model == null) {
        // remove linked user with unknown storage provider.
        logger.debugf("Removed user with federation link of unknown storage provider '%s'", user.getUsername());
        deleteInvalidUser(realm, user);
        return null;
    }
    if (!model.isEnabled()) {
        return new ReadOnlyUserModelDelegate(user) {

            @Override
            public boolean isEnabled() {
                return false;
            }
        };
    }
    ImportedUserValidation importedUserValidation = getStorageProviderInstance(model, ImportedUserValidation.class, true);
    if (importedUserValidation == null)
        return user;
    UserModel validated = importedUserValidation.validate(realm, user);
    if (validated == null) {
        deleteInvalidUser(realm, user);
        return null;
    } else {
        return validated;
    }
}
Also used : ReadOnlyUserModelDelegate(org.keycloak.models.utils.ReadOnlyUserModelDelegate) UserModel(org.keycloak.models.UserModel) CachedUserModel(org.keycloak.models.cache.CachedUserModel) ImportedUserValidation(org.keycloak.storage.user.ImportedUserValidation)

Example 3 with ReadOnlyUserModelDelegate

use of org.keycloak.models.utils.ReadOnlyUserModelDelegate in project keycloak by keycloak.

the class LDAPStorageProvider method proxy.

protected UserModel proxy(RealmModel realm, UserModel local, LDAPObject ldapObject, boolean newUser) {
    UserModel existing = userManager.getManagedProxiedUser(local.getId());
    if (existing != null) {
        return existing;
    }
    // We need to avoid having CachedUserModel as cache is upper-layer then LDAP. Hence having CachedUserModel here may cause StackOverflowError
    if (local instanceof CachedUserModel) {
        local = session.userStorageManager().getUserById(realm, local.getId());
        existing = userManager.getManagedProxiedUser(local.getId());
        if (existing != null) {
            return existing;
        }
    }
    UserModel proxied = local;
    checkDNChanged(realm, local, ldapObject);
    switch(editMode) {
        case READ_ONLY:
            if (model.isImportEnabled()) {
                proxied = new ReadonlyLDAPUserModelDelegate(local);
            } else {
                proxied = new ReadOnlyUserModelDelegate(local);
            }
            break;
        case WRITABLE:
        case UNSYNCED:
            // This check is skipped when register new user as there are many "generic" attributes always written (EG. enabled, emailVerified) and those are usually unsupported by LDAP schema
            if (!model.isImportEnabled() && !newUser) {
                UserModel readOnlyDelegate = new ReadOnlyUserModelDelegate(local, ModelException::new);
                proxied = new LDAPWritesOnlyUserModelDelegate(readOnlyDelegate, this);
            }
            break;
    }
    AtomicReference<UserModel> proxy = new AtomicReference<>(proxied);
    realm.getComponentsStream(model.getId(), LDAPStorageMapper.class.getName()).sorted(ldapMappersComparator.sortAsc()).forEachOrdered(mapperModel -> {
        LDAPStorageMapper ldapMapper = mapperManager.getMapper(mapperModel);
        proxy.set(ldapMapper.proxy(ldapObject, proxy.get(), realm));
    });
    proxied = proxy.get();
    if (!model.isImportEnabled()) {
        proxied = new UpdateOnlyChangeUserModelDelegate(proxied);
    }
    userManager.setManagedProxiedUser(proxied, ldapObject);
    return proxied;
}
Also used : CachedUserModel(org.keycloak.models.cache.CachedUserModel) UserModel(org.keycloak.models.UserModel) ReadOnlyUserModelDelegate(org.keycloak.models.utils.ReadOnlyUserModelDelegate) LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper) ModelException(org.keycloak.models.ModelException) CachedUserModel(org.keycloak.models.cache.CachedUserModel) AtomicReference(java.util.concurrent.atomic.AtomicReference) UpdateOnlyChangeUserModelDelegate(org.keycloak.storage.adapter.UpdateOnlyChangeUserModelDelegate)

Aggregations

ReadOnlyUserModelDelegate (org.keycloak.models.utils.ReadOnlyUserModelDelegate)3 UserModel (org.keycloak.models.UserModel)2 CachedUserModel (org.keycloak.models.cache.CachedUserModel)2 AtomicReference (java.util.concurrent.atomic.AtomicReference)1 ComponentModel (org.keycloak.component.ComponentModel)1 ModelException (org.keycloak.models.ModelException)1 CachedUser (org.keycloak.models.cache.infinispan.entities.CachedUser)1 StorageId (org.keycloak.storage.StorageId)1 UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)1 UpdateOnlyChangeUserModelDelegate (org.keycloak.storage.adapter.UpdateOnlyChangeUserModelDelegate)1 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)1 ImportedUserValidation (org.keycloak.storage.user.ImportedUserValidation)1