public ScramSaslAuthenticator(final KeycloakSessionFactory keycloakSessionFactory, final String hostname, String digestName, String hmacName, Map<String, Function<CredentialModel, StoredAndServerKey>> keyRetrievalFunctions) { this.keycloakSession = keycloakSessionFactory.create(); this.hostname = hostname; this.randomBytes = new byte[32]; (new SecureRandom()).nextBytes(this.randomBytes); this.digestName = digestName; this.hmacName = hmacName; this.keyRetrievalFunctions = new HashMap<>(keyRetrievalFunctions); }
@Override public void postInit(KeycloakSessionFactory factory) { Cache<ActionTokenReducedKey, ActionTokenValueEntity> cache = this.actionTokenCache; // It is necessary to put the cache initialization here, otherwise the cache would be initialized lazily, that // means also listeners will start only after first cache initialization - that would be too late if (cache == null) { synchronized (this) { cache = this.actionTokenCache; if (cache == null) { this.actionTokenCache = initActionTokenCache(factory.create()); } } } }
private Set<String> getPasswordHashAlgorithms() { Set<String> hashAlgos = new HashSet<>(); boolean enmasseRealmsFound = false; KeycloakSession keycloakSession = keycloakSessionFactory.create(); KeycloakTransactionManager transactionManager = keycloakSession.getTransactionManager(); transactionManager.begin(); try { List<RealmModel> realms = keycloakSession.realms().getRealms(); for(RealmModel realm : realms) { if(realm.getAttribute("enmasse-realm",Boolean.FALSE)) { enmasseRealmsFound = true; hashAlgos.add(realm.getPasswordPolicy().getHashAlgorithm()); } } } finally { transactionManager.commit(); keycloakSession.close(); } if(!enmasseRealmsFound) { LOG.warn("No realms with attribute \"enmasse-realm\" found, only universally accepted SASL mechanisms will be offered"); } return hashAlgos; }
KeycloakSession keycloakSession = keycloakSessionFactory.create(); KeycloakTransactionManager transactionManager = keycloakSession.getTransactionManager(); transactionManager.begin();
private void tryCreateMasterRealmAdminUser() { KeycloakSession session = getSessionFactory().create(); ApplianceBootstrap applianceBootstrap = new ApplianceBootstrap(session); AdminUser admin = keycloakServerProperties.getAdminUser(); try { session.getTransactionManager().begin(); applianceBootstrap.createMasterRealmUser(admin.getUsername(), admin.getPassword()); session.getTransactionManager().commit(); } catch (Exception ex) { LOG.warn("Couldn't create keycloak master admin user: {}", ex.getMessage()); session.getTransactionManager().rollback(); } session.close(); }
KeycloakSession keycloakSession = keycloakSessionFactory.create(); keycloakSession.getTransactionManager().begin(); try {
/** * Wrap given runnable job into KeycloakTransaction. * * @param factory * @param task */ public static void runJobInTransaction(KeycloakSessionFactory factory, KeycloakSessionTask task) { KeycloakSession session = factory.create(); KeycloakTransaction tx = session.getTransaction(); try { tx.begin(); task.run(session); if (tx.isActive()) { if (tx.getRollbackOnly()) { tx.rollback(); } else { tx.commit(); } } } catch (RuntimeException re) { if (tx.isActive()) { tx.rollback(); } throw re; } finally { session.close(); } }
protected void deleteInvalidUser(RealmModel realm, UserModel user) { KeycloakSession tx = session.getKeycloakSessionFactory().create(); try { tx.getTransaction().begin(); RealmModel realmModel = tx.realms().getRealm(realm.getId()); if (realmModel == null) return; UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel); tx.userStorage().removeUser(realmModel, deletedUser); logger.debugf("Removed invalid user '%s'", user.getUsername()); tx.getTransaction().commit(); } finally { tx.close(); } }