Examples with LDAPQuery org.keycloak.storage.ldap.idm.query.internal.LDAPQuery used on opensource projects

Search in sources :

Example 1 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class RoleLDAPStorageMapper method syncDataFromKeycloakToFederationProvider.

// Sync roles from Keycloak back to LDAP
@Override
public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm) {
    SynchronizationResult syncResult = new SynchronizationResult() {

        @Override
        public String getStatus() {
            return String.format("%d roles imported to LDAP, %d roles already existed in LDAP", getAdded(), getUpdated());
        }
    };
    if (config.getMode() != LDAPGroupMapperMode.LDAP_ONLY) {
        logger.warnf("Ignored sync for federation mapper '%s' as it's mode is '%s'", mapperModel.getName(), config.getMode().toString());
        return syncResult;
    }
    logger.debugf("Syncing roles from Keycloak into LDAP. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
    // Send LDAP query to see which roles exists there
    try (LDAPQuery ldapQuery = createRoleQuery(false)) {
        List<LDAPObject> ldapRoles = LDAPUtils.loadAllLDAPObjects(ldapQuery, ldapProvider);
        Set<String> ldapRoleNames = new HashSet<>();
        String rolesRdnAttr = config.getRoleNameLdapAttribute();
        for (LDAPObject ldapRole : ldapRoles) {
            String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
            ldapRoleNames.add(roleName);
        }
        RoleContainerModel roleContainer = getTargetRoleContainer(realm);
        Stream<RoleModel> keycloakRoles = roleContainer.getRolesStream();
        Consumer<String> syncRoleFromKCToLDAP = roleName -> {
            if (ldapRoleNames.contains(roleName)) {
                syncResult.increaseUpdated();
            } else {
                logger.debugf("Syncing role [%s] from Keycloak to LDAP", roleName);
                createLDAPRole(roleName);
                syncResult.increaseAdded();
            }
        };
        keycloakRoles.map(RoleModel::getName).forEach(syncRoleFromKCToLDAP);
        return syncResult;
    }
}
Also used : ClientModel(org.keycloak.models.ClientModel) AbstractLDAPStorageMapper(org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) Logger(org.jboss.logging.Logger) RoleContainerModel(org.keycloak.models.RoleContainerModel) RoleUtils(org.keycloak.models.utils.RoleUtils) HashSet(java.util.HashSet) UserRolesRetrieveStrategy(org.keycloak.storage.ldap.mappers.membership.UserRolesRetrieveStrategy) UserModel(org.keycloak.models.UserModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPGroupMapperMode(org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode) UserModelDelegate(org.keycloak.models.utils.UserModelDelegate) MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder) RealmModel(org.keycloak.models.RealmModel) LDAPConfig(org.keycloak.storage.ldap.LDAPConfig) Collection(java.util.Collection) Set(java.util.Set) RoleModel(org.keycloak.models.RoleModel) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) Collectors(java.util.stream.Collectors) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) Objects(java.util.Objects) Consumer(java.util.function.Consumer) List(java.util.List) Stream(java.util.stream.Stream) LDAPUtils(org.keycloak.storage.ldap.LDAPUtils) ModelException(org.keycloak.models.ModelException) CommonLDAPGroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapperConfig) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) CommonLDAPGroupMapper(org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapper) Collections(java.util.Collections) Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) RoleModel(org.keycloak.models.RoleModel) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) RoleContainerModel(org.keycloak.models.RoleContainerModel) HashSet(java.util.HashSet)

Example 2 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class RoleLDAPStorageMapper method loadRoleGroupByName.

public LDAPObject loadRoleGroupByName(String roleName) {
    try (LDAPQuery ldapQuery = createRoleQuery(true)) {
        Condition roleNameCondition = new LDAPQueryConditionsBuilder().equal(config.getRoleNameLdapAttribute(), roleName);
        ldapQuery.addWhereCondition(roleNameCondition);
        return ldapQuery.getFirstResult();
    }
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 3 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class RoleLDAPStorageMapper method syncDataFromFederationProviderToKeycloak.

// Sync roles from LDAP to Keycloak DB
@Override
public SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm) {
    SynchronizationResult syncResult = new SynchronizationResult() {

        @Override
        public String getStatus() {
            return String.format("%d imported roles, %d roles already exists in Keycloak", getAdded(), getUpdated());
        }
    };
    logger.debugf("Syncing roles from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
    // Send LDAP query to load all roles
    try (LDAPQuery ldapRoleQuery = createRoleQuery(false)) {
        List<LDAPObject> ldapRoles = LDAPUtils.loadAllLDAPObjects(ldapRoleQuery, ldapProvider);
        RoleContainerModel roleContainer = getTargetRoleContainer(realm);
        String rolesRdnAttr = config.getRoleNameLdapAttribute();
        for (LDAPObject ldapRole : ldapRoles) {
            String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
            if (roleContainer.getRole(roleName) == null) {
                logger.debugf("Syncing role [%s] from LDAP to keycloak DB", roleName);
                roleContainer.addRole(roleName);
                syncResult.increaseAdded();
            } else {
                syncResult.increaseUpdated();
            }
        }
        return syncResult;
    }
}
Also used : LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) RoleContainerModel(org.keycloak.models.RoleContainerModel)

Example 4 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class RoleLDAPStorageMapper method createRoleQuery.

// TODO: Possible to merge with GroupMapper and move to common class
public LDAPQuery createRoleQuery(boolean includeMemberAttribute) {
    LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
    // For now, use same search scope, which is configured "globally" and used for user's search.
    ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
    String rolesDn = config.getRolesDn();
    ldapQuery.setSearchDn(rolesDn);
    Collection<String> roleObjectClasses = config.getRoleObjectClasses(ldapProvider);
    ldapQuery.addObjectClasses(roleObjectClasses);
    String rolesRdnAttr = config.getRoleNameLdapAttribute();
    String customFilter = config.getCustomLdapFilter();
    if (customFilter != null && customFilter.trim().length() > 0) {
        Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
        ldapQuery.addWhereCondition(customFilterCondition);
    }
    ldapQuery.addReturningLdapAttribute(rolesRdnAttr);
    // Performance improvement
    if (includeMemberAttribute) {
        String membershipAttr = config.getMembershipLdapAttribute();
        ldapQuery.addReturningLdapAttribute(membershipAttr);
    }
    return ldapQuery;
}
Also used : Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)

Example 5 with LDAPQuery

use of org.keycloak.storage.ldap.idm.query.internal.LDAPQuery in project keycloak by keycloak.

the class LDAPTestUtils method removeAllLDAPGroups.

public static void removeAllLDAPGroups(KeycloakSession session, RealmModel appRealm, ComponentModel ldapModel, String mapperName) {
    ComponentModel mapperModel = getSubcomponentByName(appRealm, ldapModel, mapperName);
    LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
    LDAPQuery query = null;
    if (GroupLDAPStorageMapperFactory.PROVIDER_ID.equals(mapperModel.getProviderId())) {
        query = getGroupMapper(mapperModel, ldapProvider, appRealm).createGroupQuery(false);
    } else {
        query = getRoleMapper(mapperModel, ldapProvider, appRealm).createRoleQuery(false);
    }
    try (LDAPQuery roleQuery = query) {
        List<LDAPObject> ldapRoles = roleQuery.getResultList();
        for (LDAPObject ldapRole : ldapRoles) {
            ldapProvider.getLdapIdentityStore().remove(ldapRole);
        }
    }
}
Also used : LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Aggregations

LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)20 Condition (org.keycloak.storage.ldap.idm.query.Condition)13 LDAPQueryConditionsBuilder (org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)13 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)8 ComponentModel (org.keycloak.component.ComponentModel)4 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)4 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)3 RealmModel (org.keycloak.models.RealmModel)2 RoleContainerModel (org.keycloak.models.RoleContainerModel)2 UserModel (org.keycloak.models.UserModel)2 ArrayList (java.util.ArrayList)1 Collection (java.util.Collection)1 Collections (java.util.Collections)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Objects (java.util.Objects)1 Set (java.util.Set)1 Consumer (java.util.function.Consumer)1 Collectors (java.util.stream.Collectors)1 Stream (java.util.stream.Stream)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial