@GET @Path("/clear-admin-event-store") @Produces(MediaType.APPLICATION_JSON) public Response clearAdminEventStore() { EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class); eventStore.clearAdmin(); return Response.ok().build(); }
@GET @Path("/get-user-by-service-account-client") @Produces(MediaType.APPLICATION_JSON) public UserRepresentation getUserByServiceAccountClient(@QueryParam("realmName") String realmName, @QueryParam("clientId") String clientId) { RealmModel realm = getRealmByName(realmName); ClientModel client = realm.getClientByClientId(clientId); UserModel user = session.users().getServiceAccount(client); if (user == null) return null; return ModelToRepresentation.toRepresentation(user); }
@GET @Path("/valid-credentials") @Produces(MediaType.APPLICATION_JSON) public boolean validCredentials(@QueryParam("realmName") String realmName, @QueryParam("userName") String userName, @QueryParam("password") String password) { RealmModel realm = session.realms().getRealm(realmName); if (realm == null) return false; UserProvider userProvider = session.getProvider(UserProvider.class); UserModel user = userProvider.getUserByUsername(userName, realm); return userProvider.validCredentials(session, realm, user, UserCredentialModel.password(password)); }
protected void deleteInvalidUser(RealmModel realm, UserModel user) { KeycloakSession tx = session.getKeycloakSessionFactory().create(); try { tx.getTransaction().begin(); RealmModel realmModel = tx.realms().getRealm(realm.getId()); if (realmModel == null) return; UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel); tx.userStorage().removeUser(realmModel, deletedUser); logger.debugf("Removed invalid user '%s'", user.getUsername()); tx.getTransaction().commit(); } finally { tx.close(); } }
private static List<String> userRoles(String userName, KeycloakSession keycloakSession) { List<String> userRoles = new ArrayList<>(); for (RoleModel roleMapping : keycloakSession.users() .getUserByUsername(userName, keycloakSession.getContext().getRealm()) .getRoleMappings()) userRoles.add(roleMapping.getName()); return userRoles; }
@GET @Path("{clientId}") @Produces(MediaType.APPLICATION_JSON) public Response getOIDC(@PathParam("clientId") String clientId) { ClientRepresentation client = get(clientId); OIDCClientRepresentation clientOIDC = DescriptionConverterExt.toExternalResponse(session, client, session.getContext().getUri().getRequestUri()); return Response.ok(clientOIDC).build(); }
@GET @Path("/user-by-username-from-fed-factory") @Produces(MediaType.APPLICATION_JSON) public UserRepresentation getUserByUsernameFromFedProviderFactory(@QueryParam("realmName") String realmName, @QueryParam("userName") String userName) { RealmModel realm = getRealmByName(realmName); UserFederationProviderFactory factory = (UserFederationProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, "dummy"); UserModel user = factory.getInstance(session, null).getUserByUsername(realm, userName); if (user == null) return null; return ModelToRepresentation.toRepresentation(user); }
@PUT @Path("{clientId}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public Response updateOIDC(@PathParam("clientId") String clientId, OIDCClientRepresentationExtended clientOIDC) { try { ClientRepresentation client = DescriptionConverterExt.toInternal(session, clientOIDC); OIDCClientRegistrationContext oidcContext = new OIDCClientRegistrationContext(session, client, this, clientOIDC); client = update(clientId, oidcContext); ClientModel clientModel = session.getContext().getRealm().getClientByClientId(client.getClientId()); updatePairwiseSubMappers(clientModel, SubjectType.parse(clientOIDC.getSubjectType()), clientOIDC.getSectorIdentifierUri()); updateClientRepWithProtocolMappers(clientModel, client); URI uri = session.getContext().getUri().getAbsolutePathBuilder().path(client.getClientId()).build(); OIDCClientRepresentationExtended clientOIDCResponse = DescriptionConverterExt.toExternalResponse(session, client, uri); return Response.ok(clientOIDCResponse).build(); } catch (ClientRegistrationException cre) { ServicesLogger.LOGGER.clientRegistrationException(cre.getMessage()); throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST); } }
@Path("{id}") @DELETE @NoCache public Response delete(final @Context UriInfo uriInfo, final @PathParam("id") String id) { auth.checkManageBeer(); BeerEntity beer = find(id); em.remove(beer); em.flush(); adminEvent .operation(OperationType.DELETE) // .resource(ResourceType.of("BEER")) .resourcePath(uriInfo) .success(); if (session.getTransactionManager().isActive()) { session.getTransactionManager().commit(); } return Response.noContent().build(); }
@POST @Path("") @NoCache @Consumes(MediaType.APPLICATION_JSON) public Response createCompany(CompanyRepresentation rep) { session.getProvider(ExampleService.class).addCompany(rep); return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(rep.getId()).build()).build(); }
AuthInfo (Event event, KeycloakSession keycloakSession) { fields = new String[] { event.getDetails() != null ? event.getDetails().get("username") : keycloakSession.users().getUserById(event.getUserId(), keycloakSession.getContext().getRealm()) .getUsername(), event.getIpAddress() }; } AuthInfo(String s) {
UserModel user = session.userStorage().addUser(newRealm, userRep.getId(), userRep.getUsername(), false, false); user.setEnabled(userRep.isEnabled() != null && userRep.isEnabled()); user.setCreatedTimestamp(userRep.getCreatedTimestamp()); user.setEmail(userRep.getEmail()); if (userRep.isEmailVerified() != null) user.setEmailVerified(userRep.isEmailVerified()); user.setFirstName(userRep.getFirstName()); for (FederatedIdentityRepresentation identity : userRep.getFederatedIdentities()) { FederatedIdentityModel mappingModel = new FederatedIdentityModel(identity.getIdentityProvider(), identity.getUserId(), identity.getUserName()); session.users().addFederatedIdentity(newRealm, user, mappingModel);
keycloakSession.getTransactionManager().begin(); try { RealmModel realm = keycloakSession.realms().getRealmByName(hostname); if (realm != null) { UserModel userModel = keycloakSession.userStorageManager().getUserByUsername(username, realm); if (userModel != null) { PasswordCredentialProvider passwordCredentialProvider = getPasswordCredentialProvider(realm, userModel); credentialModel = passwordCredentialProvider.getPassword(realm, userModel); user = new UserDataImpl(userModel.getId(), userModel.getUsername(), userModel.getGroups().stream().map(GroupModel::getName).collect(Collectors.toSet())); keycloakSession.getTransactionManager().commit();
keycloakSession.getTransactionManager().begin(); try { final RealmModel realm = keycloakSession.realms().getRealmByName(hostname); if (realm == null) { LOG.info("Realm " + hostname + " not found"); ClientModel clientModel = realm.getClientByClientId(token.getIssuedFor()); } else { authenticated = true; authenticatedUser = new UserDataImpl(user.getId(), user.getUsername(), user.getGroups().stream().map(GroupModel::getName).collect(Collectors.toSet())); keycloakSession.getTransactionManager().commit(); keycloakSession.close();
/** * Called after successful authentication * * @param realm realm * @param username username without realm prefix * @return user if found or successfully created. Null if user with same username already exists, but is not linked to this provider */ protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username) { UserModel user = session.userLocalStorage().getUserByUsername(username, realm); if (user != null) { user = session.users().getUserById(user.getId(), realm); // make sure we get a cached instance logger.debug("Kerberos authenticated user " + username + " found in Keycloak storage"); if (!model.getId().equals(user.getFederationLink())) { logger.warn("User with username " + username + " already exists, but is not linked to provider [" + model.getName() + "]"); return null; } else { UserModel proxied = validate(realm, user); if (proxied != null) { return proxied; } else { logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getName() + "] but kerberos principal is not correct. Kerberos principal on user is: " + user.getFirstAttribute(KERBEROS_PRINCIPAL)); logger.warn("Will re-create user"); new UserManager(session).removeUser(realm, user, session.userLocalStorage()); } } } logger.debug("Kerberos authenticated user " + username + " not in Keycloak storage. Creating him"); return importUserToKeycloak(realm, username); }
session.getKeycloakSessionFactory().publish(event); session.users().preRemove(realm, group); realm.removeDefaultGroup(group); for (GroupModel subGroup : group.getSubGroups()) { session.realms().removeGroup(realm, subGroup); if ((groupEntity == null) || (!groupEntity.getRealm().getId().equals(realm.getId()))) { return false; RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId()); realmEntity.getGroups().remove(groupEntity);
Set<FederatedIdentityModel> socialLinks = session.users().getFederatedIdentities(user, realm); List<FederatedIdentityRepresentation> socialLinkReps = new ArrayList<FederatedIdentityRepresentation>(); for (FederatedIdentityModel socialLink : socialLinks) { Set<RoleModel> roles = user.getRoleMappings(); List<String> realmRoleNames = new ArrayList<>(); Map<String, List<String>> clientRoleNames = new HashMap<>(); List<UserCredentialValueModel> creds = user.getCredentialsDirectly(); List<CredentialRepresentation> credReps = new ArrayList<CredentialRepresentation>(); for (UserCredentialValueModel cred : creds) { userRep.setFederationLink(user.getFederationLink()); if (user.getServiceAccountClientLink() != null) { String clientInternalId = user.getServiceAccountClientLink(); ClientModel client = realm.getClientById(clientInternalId); if (client != null) { userRep.setServiceAccountClientId(client.getClientId());
@Override public ClientModel getClientByClientId(String clientId, RealmModel realm) { TypedQuery<String> query = em.createNamedQuery("findClientIdByClientId", String.class); query.setParameter("clientId", clientId); query.setParameter("realm", realm.getId()); List<String> results = query.getResultList(); if (results.isEmpty()) return null; String id = results.get(0); return session.realms().getClientById(id, realm); }
RoleModel role = realm.getRoleById(definition.getId()); representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId()))); representation.addClient(realm.getClientById(client).getClientId()); representation.addUser(authorization.getKeycloakSession().users().getUserById(user, realm).getUsername());
private void removeExpiredOfflineClientSessions(RealmModel realm) { UserSessionPersisterProvider persister = session.getProvider(UserSessionPersisterProvider.class); int expiredOffline = Time.currentTime() - realm.getOfflineSessionIdleTimeout(); Iterator<String> itr = offlineSessionCache.entrySet().stream().filter(ClientSessionPredicate.create(realm.getId()).expiredRefresh(expiredOffline)).map(Mappers.sessionId()).iterator(); while (itr.hasNext()) { String sessionId = itr.next(); tx.remove(offlineSessionCache, sessionId); persister.removeClientSession(sessionId, true); } }