Examples with ReadOnlyUserModelDelegate org.keycloak.models.utils.ReadOnlyUserModelDelegate used on opensource projects

Example 1 with ReadOnlyUserModelDelegate

use of org.keycloak.models.utils.ReadOnlyUserModelDelegate in project keycloak by keycloak.

the class UserCacheSession method cacheUser.

protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision) {
    int notBefore = getDelegate().getNotBeforeOfUser(realm, delegate);
    StorageId storageId = delegate.getFederationLink() != null ? new StorageId(delegate.getFederationLink(), delegate.getId()) : new StorageId(delegate.getId());
    CachedUser cached = null;
    UserAdapter adapter = null;
    if (!storageId.isLocal()) {
        ComponentModel component = realm.getComponent(storageId.getProviderId());
        UserStorageProviderModel model = new UserStorageProviderModel(component);
        if (!model.isEnabled()) {
            return new ReadOnlyUserModelDelegate(delegate) {

                @Override
                public boolean isEnabled() {
                    return false;
                }
            };
        }
        UserStorageProviderModel.CachePolicy policy = model.getCachePolicy();
        if (policy != null && policy == UserStorageProviderModel.CachePolicy.NO_CACHE) {
            return delegate;
        }
        cached = new CachedUser(revision, realm, delegate, notBefore);
        adapter = new UserAdapter(cached, this, session, realm);
        onCache(realm, adapter, delegate);
        long lifespan = model.getLifespan();
        if (lifespan > 0) {
            cache.addRevisioned(cached, startupRevision, lifespan);
        } else {
            cache.addRevisioned(cached, startupRevision);
        }
    } else {
        cached = new CachedUser(revision, realm, delegate, notBefore);
        adapter = new UserAdapter(cached, this, session, realm);
        onCache(realm, adapter, delegate);
        cache.addRevisioned(cached, startupRevision);
    }
    return adapter;
}

Example 2 with ReadOnlyUserModelDelegate

use of org.keycloak.models.utils.ReadOnlyUserModelDelegate in project keycloak by keycloak.

the class UserStorageManager method importValidation.

/**
 * Allows a UserStorageProvider to proxy and/or synchronize an imported user.
 *
 * @param realm
 * @param user
 * @return
 */
protected UserModel importValidation(RealmModel realm, UserModel user) {
    if (user == null || user.getFederationLink() == null)
        return user;
    UserStorageProviderModel model = getStorageProviderModel(realm, user.getFederationLink());
    if (model == null) {
        // remove linked user with unknown storage provider.
        logger.debugf("Removed user with federation link of unknown storage provider '%s'", user.getUsername());
        deleteInvalidUser(realm, user);
        return null;
    }
    if (!model.isEnabled()) {
        return new ReadOnlyUserModelDelegate(user) {

            @Override
            public boolean isEnabled() {
                return false;
            }
        };
    }
    ImportedUserValidation importedUserValidation = getStorageProviderInstance(model, ImportedUserValidation.class, true);
    if (importedUserValidation == null)
        return user;
    UserModel validated = importedUserValidation.validate(realm, user);
    if (validated == null) {
        deleteInvalidUser(realm, user);
        return null;
    } else {
        return validated;
    }
}

Example 3 with ReadOnlyUserModelDelegate

use of org.keycloak.models.utils.ReadOnlyUserModelDelegate in project keycloak by keycloak.

the class LDAPStorageProvider method proxy.

protected UserModel proxy(RealmModel realm, UserModel local, LDAPObject ldapObject, boolean newUser) {
    UserModel existing = userManager.getManagedProxiedUser(local.getId());
    if (existing != null) {
        return existing;
    }
    // We need to avoid having CachedUserModel as cache is upper-layer then LDAP. Hence having CachedUserModel here may cause StackOverflowError
    if (local instanceof CachedUserModel) {
        local = session.userStorageManager().getUserById(realm, local.getId());
        existing = userManager.getManagedProxiedUser(local.getId());
        if (existing != null) {
            return existing;
        }
    }
    UserModel proxied = local;
    checkDNChanged(realm, local, ldapObject);
    switch(editMode) {
        case READ_ONLY:
            if (model.isImportEnabled()) {
                proxied = new ReadonlyLDAPUserModelDelegate(local);
            } else {
                proxied = new ReadOnlyUserModelDelegate(local);
            }
            break;
        case WRITABLE:
        case UNSYNCED:
            // This check is skipped when register new user as there are many "generic" attributes always written (EG. enabled, emailVerified) and those are usually unsupported by LDAP schema
            if (!model.isImportEnabled() && !newUser) {
                UserModel readOnlyDelegate = new ReadOnlyUserModelDelegate(local, ModelException::new);
                proxied = new LDAPWritesOnlyUserModelDelegate(readOnlyDelegate, this);
            }
            break;
    }
    AtomicReference<UserModel> proxy = new AtomicReference<>(proxied);
    realm.getComponentsStream(model.getId(), LDAPStorageMapper.class.getName()).sorted(ldapMappersComparator.sortAsc()).forEachOrdered(mapperModel -> {
        LDAPStorageMapper ldapMapper = mapperManager.getMapper(mapperModel);
        proxy.set(ldapMapper.proxy(ldapObject, proxy.get(), realm));
    });
    proxied = proxy.get();
    if (!model.isImportEnabled()) {
        proxied = new UpdateOnlyChangeUserModelDelegate(proxied);
    }
    userManager.setManagedProxiedUser(proxied, ldapObject);
    return proxied;
}