Refine search
protected void deleteInvalidUser(RealmModel realm, UserModel user) { KeycloakSession tx = session.getKeycloakSessionFactory().create(); try { tx.getTransaction().begin(); RealmModel realmModel = tx.realms().getRealm(realm.getId()); if (realmModel == null) return; UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel); tx.userStorage().removeUser(realmModel, deletedUser); logger.debugf("Removed invalid user '%s'", user.getUsername()); tx.getTransaction().commit(); } finally { tx.close(); } }
@GET @Path("/valid-credentials") @Produces(MediaType.APPLICATION_JSON) public boolean validCredentials(@QueryParam("realmName") String realmName, @QueryParam("userName") String userName, @QueryParam("password") String password) { RealmModel realm = session.realms().getRealm(realmName); if (realm == null) return false; UserProvider userProvider = session.getProvider(UserProvider.class); UserModel user = userProvider.getUserByUsername(userName, realm); return userProvider.validCredentials(session, realm, user, UserCredentialModel.password(password)); }
KeycloakTransactionManager transactionManager = keycloakSession.getTransactionManager(); transactionManager.begin(); try { final RealmModel realm = keycloakSession.realms().getRealmByName(hostname); if (realm == null) { LOG.info("Realm " + hostname + " not found"); String tokenUser = K8sServiceAccountCredentialProvider.authenticateToken(password, amqpServer.getOpenShiftClient(), amqpServer.getHttpClient()); if(tokenUser != null) { final UserModel user = keycloakSession.userStorageManager().getUserByUsername(tokenUser, realm); if (user != null) { if ("serviceaccount".equals(user.getFirstAttribute("authenticationType"))) { authenticatedUser = new UserDataImpl(user.getId(), user.getUsername(), user.getGroups().stream().map(GroupModel::getName).collect(Collectors.toSet())); authenticated = true; complete = true; final UserModel user = keycloakSession.userStorageManager().getUserByUsername(username, realm); if (user != null) { UserCredentialModel credentialModel = "serviceaccount".equals(user.getFirstAttribute("authenticationType")) ? createServiceAccountUserCredential(password) : UserCredentialModel.password(password);
AuthInfo (Event event, KeycloakSession keycloakSession) { fields = new String[] { event.getDetails() != null ? event.getDetails().get("username") : keycloakSession.users().getUserById(event.getUserId(), keycloakSession.getContext().getRealm()) .getUsername(), event.getIpAddress() }; } AuthInfo(String s) {
UserModel user = session.userStorage().addUser(newRealm, userRep.getId(), userRep.getUsername(), false, false); user.setEnabled(userRep.isEnabled() != null && userRep.isEnabled()); user.setCreatedTimestamp(userRep.getCreatedTimestamp()); user.setEmail(userRep.getEmail()); if (userRep.isEmailVerified() != null) user.setEmailVerified(userRep.isEmailVerified()); user.setFirstName(userRep.getFirstName()); for (FederatedIdentityRepresentation identity : userRep.getFederatedIdentities()) { FederatedIdentityModel mappingModel = new FederatedIdentityModel(identity.getIdentityProvider(), identity.getUserId(), identity.getUserName()); session.users().addFederatedIdentity(newRealm, user, mappingModel);
keycloakSession.getTransactionManager().begin(); try { RealmModel realm = keycloakSession.realms().getRealmByName(hostname); if (realm != null) { UserModel userModel = keycloakSession.userStorageManager().getUserByUsername(username, realm); if (userModel != null) { PasswordCredentialProvider passwordCredentialProvider = getPasswordCredentialProvider(realm, userModel); credentialModel = passwordCredentialProvider.getPassword(realm, userModel); user = new UserDataImpl(userModel.getId(), userModel.getUsername(), userModel.getGroups().stream().map(GroupModel::getName).collect(Collectors.toSet()));
/** * Called after successful authentication * * @param realm realm * @param username username without realm prefix * @return user if found or successfully created. Null if user with same username already exists, but is not linked to this provider */ protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username) { UserModel user = session.userLocalStorage().getUserByUsername(username, realm); if (user != null) { user = session.users().getUserById(user.getId(), realm); // make sure we get a cached instance logger.debug("Kerberos authenticated user " + username + " found in Keycloak storage"); if (!model.getId().equals(user.getFederationLink())) { logger.warn("User with username " + username + " already exists, but is not linked to provider [" + model.getName() + "]"); return null; } else { UserModel proxied = validate(realm, user); if (proxied != null) { return proxied; } else { logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getName() + "] but kerberos principal is not correct. Kerberos principal on user is: " + user.getFirstAttribute(KERBEROS_PRINCIPAL)); logger.warn("Will re-create user"); new UserManager(session).removeUser(realm, user, session.userLocalStorage()); } } } logger.debug("Kerberos authenticated user " + username + " not in Keycloak storage. Creating him"); return importUserToKeycloak(realm, username); }
session.getKeycloakSessionFactory().publish(event); session.users().preRemove(realm, group); realm.removeDefaultGroup(group); for (GroupModel subGroup : group.getSubGroups()) { session.realms().removeGroup(realm, subGroup); if ((groupEntity == null) || (!groupEntity.getRealm().getId().equals(realm.getId()))) { return false; RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId()); realmEntity.getGroups().remove(groupEntity);
@Override public FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm) { logger.tracev("getFederatedIdentity: {0} {1}", user.getUsername(), socialProvider); String cacheKey = getFederatedIdentityLinksCacheKey(user.getId()); if (realmInvalidations.contains(realm.getId()) || invalidations.contains(user.getId()) || invalidations.contains(cacheKey)) { return getDelegate().getFederatedIdentity(user, socialProvider, realm); } Set<FederatedIdentityModel> federatedIdentities = getFederatedIdentities(user, realm); for (FederatedIdentityModel socialLink : federatedIdentities) { if (socialLink.getIdentityProvider().equals(socialProvider)) { return socialLink; } } return null; }
RoleModel role = realm.getRoleById(definition.getId()); representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId()))); representation.addClient(realm.getClientById(client).getClientId()); representation.addUser(authorization.getKeycloakSession().users().getUserById(user, realm).getUsername());
@Override public Set<FederatedIdentityModel> getFederatedIdentities(UserModel user, RealmModel realm) { logger.tracev("getFederatedIdentities: {0}", user.getUsername()); String cacheKey = getFederatedIdentityLinksCacheKey(user.getId()); if (realmInvalidations.contains(realm.getId()) || invalidations.contains(user.getId()) || invalidations.contains(cacheKey)) { return getDelegate().getFederatedIdentities(user, realm); } CachedFederatedIdentityLinks cachedLinks = cache.get(cacheKey, CachedFederatedIdentityLinks.class); if (cachedLinks == null) { Long loaded = cache.getCurrentRevision(cacheKey); Set<FederatedIdentityModel> federatedIdentities = getDelegate().getFederatedIdentities(user, realm); cachedLinks = new CachedFederatedIdentityLinks(loaded, cacheKey, realm, federatedIdentities); cache.addRevisioned(cachedLinks, startupRevision); return federatedIdentities; } else { return new HashSet<>(cachedLinks.getFederatedIdentities()); } }
@Override public UserModel getUserByUsername(String username, RealmModel realm) { username = username.toLowerCase(); if (!cache.isEnabled()) return getDelegate().getUserByUsername(username, realm); if (realmInvalidations.contains(realm.getId())) { return getDelegate().getUserByUsername(username, realm); } CachedUser cached = cache.getCachedUserByUsername(realm.getId(), username); if (cached == null) { UserModel model = getDelegate().getUserByUsername(username, realm); if (model == null) return null; if (managedUsers.containsKey(model.getId())) return managedUsers.get(model.getId()); if (userInvalidations.containsKey(model.getId())) return model; cached = new CachedUser(realm, model); cache.addCachedUser(realm.getId(), cached); } else if (userInvalidations.containsKey(cached.getId())) { return getDelegate().getUserById(cached.getId(), realm); } else if (managedUsers.containsKey(cached.getId())) { return managedUsers.get(cached.getId()); } UserAdapter adapter = new UserAdapter(cached, this, session, realm); managedUsers.put(cached.getId(), adapter); return adapter; }
private void updateUsers(Policy policy, AuthorizationProvider authorization, Set<String> users) { KeycloakSession session = authorization.getKeycloakSession(); RealmModel realm = authorization.getRealm(); UserProvider userProvider = session.users(); Set<String> updatedUsers = new HashSet<>(); if (users != null) { for (String userId : users) { UserModel user = null; try { user = userProvider.getUserByUsername(userId, realm); } catch (Exception ignore) { } if (user == null) { user = userProvider.getUserById(userId, realm); } if (user == null) { throw new RuntimeException("Error while updating policy [" + policy.getName() + "]. User [" + userId + "] could not be found."); } updatedUsers.add(user.getId()); } } try { policy.putConfig("users", JsonSerialization.writeValueAsString(updatedUsers)); } catch (IOException cause) { throw new RuntimeException("Failed to serialize users", cause); } }
private static List<String> userRoles(String userName, KeycloakSession keycloakSession) { List<String> userRoles = new ArrayList<>(); for (RoleModel roleMapping : keycloakSession.users() .getUserByUsername(userName, keycloakSession.getContext().getRealm()) .getRoleMappings()) userRoles.add(roleMapping.getName()); return userRoles; }
predicates.add(builder.equal(root.get("realmId"), realm.getId())); if (!session.getAttributeOrDefault(UserModel.INCLUDE_SERVICE_ACCOUNT, true)) { predicates.add(root.get("serviceAccountClientLink").isNull()); Set<String> userGroups = (Set<String>) session.getAttribute(UserModel.GROUPS); UserProvider users = session.users(); results.add(users.getUserById(entity.getId(), realm));
username = username.toLowerCase(); RealmModel realm = client.getRealm(); if (realmInvalidations.contains(realm.getId())) { logger.tracev("realmInvalidations"); return getDelegate().getServiceAccount(client); String cacheKey = getUserByUsernameCacheKey(realm.getId(), username); if (invalidations.contains(cacheKey)) { logger.tracev("invalidations"); return getDelegate().getServiceAccount(client); logger.tracev("query null"); Long loaded = cache.getCurrentRevision(cacheKey); UserModel model = getDelegate().getServiceAccount(client); if (model == null) { logger.tracev("model from delegate null"); return null; userId = model.getId(); if (invalidations.contains(userId)) return model; if (managedUsers.containsKey(userId)) { query = new UserListQuery(loaded, cacheKey, realm, model.getId()); cache.addRevisioned(query, startupRevision); if (invalidations.contains(userId)) { logger.tracev("invalidated cache return delegate"); return getDelegate().getUserByUsername(username, realm);
session.users().preRemove(adapter); session.realms().removeGroup(adapter, group); em.clear(); session.getKeycloakSessionFactory().publish(new RealmModel.RealmRemovedEvent() { @Override public RealmModel getRealm() {
logger.tracev("getUserByUsername: {0}", username); username = username.toLowerCase(); if (realmInvalidations.contains(realm.getId())) { logger.tracev("realmInvalidations"); return getDelegate().getUserByUsername(username, realm); String cacheKey = getUserByUsernameCacheKey(realm.getId(), username); if (invalidations.contains(cacheKey)) { logger.tracev("invalidations"); return getDelegate().getUserByUsername(username, realm); logger.tracev("query null"); Long loaded = cache.getCurrentRevision(cacheKey); UserModel model = getDelegate().getUserByUsername(username, realm); if (model == null) { logger.tracev("model from delegate null"); return null; userId = model.getId(); if (invalidations.contains(userId)) return model; if (managedUsers.containsKey(userId)) { query = new UserListQuery(loaded, cacheKey, realm, model.getId()); cache.addRevisioned(query, startupRevision); if (invalidations.contains(userId)) { logger.tracev("invalidated cache return delegate"); return getDelegate().getUserByUsername(username, realm);