Search in sources :

Example 16 with StorageId

use of org.keycloak.storage.StorageId in project keycloak by keycloak.

the class BackwardsCompatibilityUserStorage method getUserById.

@Override
public UserModel getUserById(String id, RealmModel realm) {
    StorageId storageId = new StorageId(id);
    final String username = storageId.getExternalId();
    if (!users.containsKey(translateUserName(username)))
        return null;
    return createUser(realm, username);
}
Also used : StorageId(org.keycloak.storage.StorageId)

Example 17 with StorageId

use of org.keycloak.storage.StorageId in project keycloak by keycloak.

the class LDAPStorageProvider method importUserFromLDAP.

protected UserModel importUserFromLDAP(KeycloakSession session, RealmModel realm, LDAPObject ldapUser) {
    String ldapUsername = LDAPUtils.getUsername(ldapUser, ldapIdentityStore.getConfig());
    LDAPUtils.checkUuid(ldapUser, ldapIdentityStore.getConfig());
    UserModel imported = null;
    if (model.isImportEnabled()) {
        // Search if there is already an existing user, which means the username might have changed in LDAP without Keycloak knowing about it
        UserModel existingLocalUser = session.userLocalStorage().searchForUserByUserAttributeStream(realm, LDAPConstants.LDAP_ID, ldapUser.getUuid()).findFirst().orElse(null);
        if (existingLocalUser != null) {
            imported = existingLocalUser;
            // Need to evict the existing user from cache
            if (session.userCache() != null) {
                session.userCache().evict(realm, existingLocalUser);
            }
        } else {
            imported = session.userLocalStorage().addUser(realm, ldapUsername);
        }
    } else {
        InMemoryUserAdapter adapter = new InMemoryUserAdapter(session, realm, new StorageId(model.getId(), ldapUsername).getId());
        adapter.addDefaults();
        imported = adapter;
    }
    imported.setEnabled(true);
    UserModel finalImported = imported;
    realm.getComponentsStream(model.getId(), LDAPStorageMapper.class.getName()).sorted(ldapMappersComparator.sortDesc()).forEachOrdered(mapperModel -> {
        if (logger.isTraceEnabled()) {
            logger.tracef("Using mapper %s during import user from LDAP", mapperModel);
        }
        LDAPStorageMapper ldapMapper = mapperManager.getMapper(mapperModel);
        ldapMapper.onImportUserFromLDAP(ldapUser, finalImported, realm, true);
    });
    String userDN = ldapUser.getDn().toString();
    if (model.isImportEnabled())
        imported.setFederationLink(model.getId());
    imported.setSingleAttribute(LDAPConstants.LDAP_ID, ldapUser.getUuid());
    imported.setSingleAttribute(LDAPConstants.LDAP_ENTRY_DN, userDN);
    if (getLdapIdentityStore().getConfig().isTrustEmail()) {
        imported.setEmailVerified(true);
    }
    logger.debugf("Imported new user from LDAP to Keycloak DB. Username: [%s], Email: [%s], LDAP_ID: [%s], LDAP Entry DN: [%s]", imported.getUsername(), imported.getEmail(), ldapUser.getUuid(), userDN);
    UserModel proxy = proxy(realm, imported, ldapUser, false);
    return proxy;
}
Also used : CachedUserModel(org.keycloak.models.cache.CachedUserModel) UserModel(org.keycloak.models.UserModel) LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper) InMemoryUserAdapter(org.keycloak.storage.adapter.InMemoryUserAdapter) StorageId(org.keycloak.storage.StorageId)

Example 18 with StorageId

use of org.keycloak.storage.StorageId in project keycloak by keycloak.

the class RealmCacheSession method cacheClient.

protected ClientModel cacheClient(RealmModel realm, ClientModel delegate, Long revision) {
    if (invalidations.contains(delegate.getId()))
        return delegate;
    StorageId storageId = new StorageId(delegate.getId());
    CachedClient cached = null;
    ClientAdapter adapter = null;
    if (!storageId.isLocal()) {
        ComponentModel component = realm.getComponent(storageId.getProviderId());
        ClientStorageProviderModel model = new ClientStorageProviderModel(component);
        if (!model.isEnabled()) {
            return delegate;
        }
        ClientStorageProviderModel.CachePolicy policy = model.getCachePolicy();
        if (policy != null && policy == ClientStorageProviderModel.CachePolicy.NO_CACHE) {
            return delegate;
        }
        cached = new CachedClient(revision, realm, delegate);
        adapter = new ClientAdapter(realm, cached, this);
        long lifespan = model.getLifespan();
        if (lifespan > 0) {
            cache.addRevisioned(cached, startupRevision, lifespan);
        } else {
            cache.addRevisioned(cached, startupRevision);
        }
    } else {
        cached = new CachedClient(revision, realm, delegate);
        adapter = new ClientAdapter(realm, cached, this);
        cache.addRevisioned(cached, startupRevision);
    }
    return adapter;
}
Also used : ComponentModel(org.keycloak.component.ComponentModel) ClientStorageProviderModel(org.keycloak.storage.client.ClientStorageProviderModel) StorageId(org.keycloak.storage.StorageId)

Example 19 with StorageId

use of org.keycloak.storage.StorageId in project keycloak by keycloak.

the class BackwardsCompatibilityUserStorageTest method addUserAndResetPassword.

private String addUserAndResetPassword(String username, String password) {
    // Save user and assert he is saved in the new storage
    UserRepresentation user = new UserRepresentation();
    user.setEnabled(true);
    user.setUsername(username);
    Response response = testRealmResource().users().create(user);
    String userId = ApiUtil.getCreatedId(response);
    Assert.assertEquals(backwardsCompProviderId, new StorageId(userId).getProviderId());
    // Update his password
    CredentialRepresentation passwordRep = new CredentialRepresentation();
    passwordRep.setType(CredentialModel.PASSWORD);
    passwordRep.setValue(password);
    passwordRep.setTemporary(false);
    testRealmResource().users().get(userId).resetPassword(passwordRep);
    return userId;
}
Also used : Response(javax.ws.rs.core.Response) CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) StorageId(org.keycloak.storage.StorageId) UserRepresentation(org.keycloak.representations.idm.UserRepresentation)

Example 20 with StorageId

use of org.keycloak.storage.StorageId in project keycloak by keycloak.

the class LDAPProvidersIntegrationNoImportTest method assertFederatedUserLink.

@Override
protected void assertFederatedUserLink(UserRepresentation user) {
    StorageId storageId = new StorageId(user.getId());
    Assert.assertFalse(storageId.isLocal());
    Assert.assertEquals(ldapModelId, storageId.getProviderId());
    // TODO: It should be possibly LDAP_ID (LDAP UUID) used as an externalId inside storageId...
    Assert.assertEquals(storageId.getExternalId(), user.getUsername());
    Assert.assertNull(user.getFederationLink());
}
Also used : StorageId(org.keycloak.storage.StorageId)

Aggregations

StorageId (org.keycloak.storage.StorageId)44 UserModel (org.keycloak.models.UserModel)7 RealmModel (org.keycloak.models.RealmModel)6 ComponentModel (org.keycloak.component.ComponentModel)5 ClientModel (org.keycloak.models.ClientModel)5 ClientScopeModel (org.keycloak.models.ClientScopeModel)5 List (java.util.List)3 Objects (java.util.Objects)3 Stream (java.util.stream.Stream)3 Test (org.junit.Test)3 KeycloakSession (org.keycloak.models.KeycloakSession)3 ModelException (org.keycloak.models.ModelException)3 UserConsentModel (org.keycloak.models.UserConsentModel)3 Collection (java.util.Collection)2 Collections (java.util.Collections)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 Set (java.util.Set)2 Function (java.util.function.Function)2 Predicate (java.util.function.Predicate)2