@Override public UserModel getUserById(String id, RealmModel realm) { UserModel user = session.userStorage().getUserById(id, realm); if (user != null) { user = validateAndProxyUser(realm, user); } return user; }
private UserModel getUserModel() { return userProviderCache.getDelegate().getUserById(cached.getId(), realm); } }
public UserModel getUser() { return session.users().getUserById(entity.getUser(), realm); }
@Override public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) { UserPolicyRepresentation userRep = toRepresentation(policy, authorizationProvider); Map<String, String> config = new HashMap<>(); try { UserProvider userProvider = authorizationProvider.getKeycloakSession().users(); RealmModel realm = authorizationProvider.getRealm(); config.put("users", JsonSerialization.writeValueAsString(userRep.getUsers().stream().map(id -> userProvider.getUserById(id, realm).getUsername()).collect(Collectors.toList()))); } catch (IOException cause) { throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause); } representation.setConfig(config); }
protected void getDelegateForUpdate() { if (updated == null) { userProviderCache.registerUserInvalidation(realm, getId()); updated = userProviderCache.getDelegate().getUserById(getId(), realm); if (updated == null) throw new IllegalStateException("Not found in database"); } } @Override
@Override public UserModel getUserById(String id, RealmModel realm) { if (!cache.isEnabled()) return getDelegate().getUserById(id, realm); if (isRegisteredForInvalidation(realm, id)) { return getDelegate().getUserById(id, realm); } CachedUser cached = cache.getCachedUser(realm.getId(), id); if (cached == null) { UserModel model = getDelegate().getUserById(id, realm); if (model == null) return null; if (managedUsers.containsKey(id)) return managedUsers.get(id); if (userInvalidations.containsKey(id)) return model; cached = new CachedUser(realm, model); cache.addCachedUser(realm.getId(), cached); } else if (managedUsers.containsKey(id)) { return managedUsers.get(id); } UserAdapter adapter = new UserAdapter(cached, this, session, realm); managedUsers.put(id, adapter); return adapter; }
@Override public UserModel getUserById(String id, RealmModel realm) { logger.tracev("getuserById {0}", id); if (isRegisteredForInvalidation(realm, id)) { logger.trace("registered for invalidation return delegate"); return getDelegate().getUserById(id, realm); } if (managedUsers.containsKey(id)) { logger.trace("return managedusers"); return managedUsers.get(id); } CachedUser cached = cache.get(id, CachedUser.class); UserModel adapter = null; if (cached == null) { logger.trace("not cached"); Long loaded = cache.getCurrentRevision(id); UserModel delegate = getDelegate().getUserById(id, realm); if (delegate == null) { logger.trace("delegate returning null"); return null; } adapter = cacheUser(realm, delegate, loaded); } else { adapter = validateCache(realm, cached); } managedUsers.put(id, adapter); return adapter; }
@Override public UserModel getAuthenticatedUser() { return entity.getAuthUserId() == null ? null : session.users().getUserById(entity.getAuthUserId(), getRealm()); }
results.add(users.getUserById(entity.getId(), realm));
private void updateUsers(Policy policy, AuthorizationProvider authorization, Set<String> users) { KeycloakSession session = authorization.getKeycloakSession(); RealmModel realm = authorization.getRealm(); UserProvider userProvider = session.users(); Set<String> updatedUsers = new HashSet<>(); if (users != null) { for (String userId : users) { UserModel user = null; try { user = userProvider.getUserByUsername(userId, realm); } catch (Exception ignore) { } if (user == null) { user = userProvider.getUserById(userId, realm); } if (user == null) { throw new RuntimeException("Error while updating policy [" + policy.getName() + "]. User [" + userId + "] could not be found."); } updatedUsers.add(user.getId()); } } try { policy.putConfig("users", JsonSerialization.writeValueAsString(updatedUsers)); } catch (IOException cause) { throw new RuntimeException("Failed to serialize users", cause); } }
AuthInfo (Event event, KeycloakSession keycloakSession) { fields = new String[] { event.getDetails() != null ? event.getDetails().get("username") : keycloakSession.users().getUserById(event.getUserId(), keycloakSession.getContext().getRealm()) .getUsername(), event.getIpAddress() }; } AuthInfo(String s) {
AuthInfo (Event event, KeycloakSession keycloakSession) { fields = new String[] { event.getDetails() != null ? event.getDetails().get("username") : keycloakSession.users().getUserById(event.getUserId(), keycloakSession.getContext().getRealm()) .getUsername(), event.getIpAddress() }; } AuthInfo(String s) {
/** * Called after successful authentication * * @param realm realm * @param username username without realm prefix * @return user if found or successfully created. Null if user with same username already exists, but is not linked to this provider */ protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username) { UserModel user = session.userLocalStorage().getUserByUsername(username, realm); if (user != null) { user = session.users().getUserById(user.getId(), realm); // make sure we get a cached instance logger.debug("Kerberos authenticated user " + username + " found in Keycloak storage"); if (!model.getId().equals(user.getFederationLink())) { logger.warn("User with username " + username + " already exists, but is not linked to provider [" + model.getName() + "]"); return null; } else { UserModel proxied = validate(realm, user); if (proxied != null) { return proxied; } else { logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getName() + "] but kerberos principal is not correct. Kerberos principal on user is: " + user.getFirstAttribute(KERBEROS_PRINCIPAL)); logger.warn("Will re-create user"); new UserManager(session).removeUser(realm, user, session.userLocalStorage()); } } } logger.debug("Kerberos authenticated user " + username + " not in Keycloak storage. Creating him"); return importUserToKeycloak(realm, username); }
@Override public UserModel getUserByUsername(String username, RealmModel realm) { username = username.toLowerCase(); if (!cache.isEnabled()) return getDelegate().getUserByUsername(username, realm); if (realmInvalidations.contains(realm.getId())) { return getDelegate().getUserByUsername(username, realm); } CachedUser cached = cache.getCachedUserByUsername(realm.getId(), username); if (cached == null) { UserModel model = getDelegate().getUserByUsername(username, realm); if (model == null) return null; if (managedUsers.containsKey(model.getId())) return managedUsers.get(model.getId()); if (userInvalidations.containsKey(model.getId())) return model; cached = new CachedUser(realm, model); cache.addCachedUser(realm.getId(), cached); } else if (userInvalidations.containsKey(cached.getId())) { return getDelegate().getUserById(cached.getId(), realm); } else if (managedUsers.containsKey(cached.getId())) { return managedUsers.get(cached.getId()); } UserAdapter adapter = new UserAdapter(cached, this, session, realm); managedUsers.put(cached.getId(), adapter); return adapter; }
@Override public List<UserSessionModel> loadUserSessions(int firstResult, int maxResults, boolean offline) { DBObject query = new QueryBuilder() .get(); DBObject sort = new BasicDBObject("id", 1); Class<? extends MongoUserSessionEntity> clazz = offline ? MongoOfflineUserSessionEntity.class : MongoOnlineUserSessionEntity.class; List<? extends MongoUserSessionEntity> entities = getMongoStore().loadEntities(clazz, query, sort, firstResult, maxResults, invocationContext); List<UserSessionModel> results = new LinkedList<>(); for (MongoUserSessionEntity entity : entities) { RealmModel realm = session.realms().getRealm(entity.getRealmId()); UserModel user = session.users().getUserById(entity.getUserId(), realm); // Case when user was deleted in the meantime if (user == null) { onUserRemoved(realm, entity.getUserId()); return loadUserSessions(firstResult, maxResults, offline); } PersistentUserSessionAdapter userSession = toAdapter(realm, user, entity); results.add(userSession); } return results; }
representation.addUser(authorization.getKeycloakSession().users().getUserById(user, realm).getUsername());
AuthInfo (AdminEvent adminEvent, KeycloakSession keycloakSession) { AuthDetails authDetails = adminEvent.getAuthDetails(); fields = new String[] { keycloakSession.users().getUserById(authDetails.getUserId(), keycloakSession.getContext().getRealm()) .getUsername(), authDetails.getIpAddress(), adminEvent.getResourceType().name(), adminEvent.getResourcePath(), adminEvent.getRepresentation() }; } AuthInfo(String s) {
AuthInfo (AdminEvent adminEvent, KeycloakSession keycloakSession) { AuthDetails authDetails = adminEvent.getAuthDetails(); fields = new String[] { keycloakSession.users().getUserById(authDetails.getUserId(), keycloakSession.getContext().getRealm()) .getUsername(), authDetails.getIpAddress(), adminEvent.getOperationType().name() + " " + adminEvent.getResourceType().name(), adminEvent.getResourcePath(), adminEvent.getRepresentation() }; } AuthInfo(String s) {
protected UserModel validateCache(RealmModel realm, CachedUser cached) { if (!realm.getId().equals(cached.getRealm())) { return null; } StorageId storageId = cached.getFederationLink() != null ? new StorageId(cached.getFederationLink(), cached.getId()) : new StorageId(cached.getId()); if (!storageId.isLocal()) { ComponentModel component = realm.getComponent(storageId.getProviderId()); CacheableStorageProviderModel model = new CacheableStorageProviderModel(component); // although we do set a timeout, Infinispan has no guarantees when the user will be evicted // its also hard to test stuff if (model.shouldInvalidate(cached)) { registerUserInvalidation(realm, cached); return getDelegate().getUserById(cached.getId(), realm); } } return new UserAdapter(cached, this, session, realm); }
protected void deleteInvalidUser(RealmModel realm, UserModel user) { KeycloakSession tx = session.getKeycloakSessionFactory().create(); try { tx.getTransaction().begin(); RealmModel realmModel = tx.realms().getRealm(realm.getId()); if (realmModel == null) return; UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel); tx.userStorage().removeUser(realmModel, deletedUser); logger.debugf("Removed invalid user '%s'", user.getUsername()); tx.getTransaction().commit(); } finally { tx.close(); } }