Java Code Examples for org.keycloak.models.UserModel#setFederationLink()

@Override
public boolean validCredentials(RealmModel realm, UserModel user, List<UserCredentialModel> input) {

    LOG.infof("Validating credentials for %s", user.getUsername());

    if (input == null || input.isEmpty()) {
        throw new IllegalArgumentException("UserCredentialModel list is empty or null!");
    }

    UserCredentialModel credentials = input.get(0);
    Response response = federatedUserService.validateLogin(user.getUsername(), new UserCredentialsDto(credentials.getValue()));
    boolean valid = HttpStatus.SC_OK == response.getStatus();

    if (valid) {
        user.updateCredential(credentials);
        user.setFederationLink(null);
    }

    return valid;
}
 

@Override
public UserModel getUserByUsername(String uname, RealmModel realm) {
    checkForceFail();
    if (!username.equals(uname)) return null;
    UserModel local = session.userLocalStorage().getUserByUsername(uname, realm);
    if (local != null && !model.getId().equals(local.getFederationLink())) {
        throw new RuntimeException("local storage has wrong federation link");
    }
    if (local != null) return new Delegate(local);
    local = session.userLocalStorage().addUser(realm, uname);
    local.setEnabled(true);
    local.setFirstName(first);
    local.setLastName(last);
    local.setEmail(email);
    local.setFederationLink(model.getId());
    for (String key : attributes.keySet()) {
        List<String> values = attributes.get(key);
        if (values == null) continue;
        local.setAttribute(key, values);
    }
    return new Delegate(local);
}
 

protected UserModel importUserToKeycloak(RealmModel realm, String username) {
    // Just guessing email from kerberos realm
    String email = username + "@" + kerberosConfig.getKerberosRealm().toLowerCase();

    logger.debugf("Creating kerberos user: %s, email: %s to local Keycloak storage", username, email);
    UserModel user = session.userLocalStorage().addUser(realm, username);
    user.setEnabled(true);
    user.setEmail(email);
    user.setFederationLink(model.getId());
    user.setSingleAttribute(KERBEROS_PRINCIPAL, username + "@" + kerberosConfig.getKerberosRealm());

    if (kerberosConfig.isUpdateProfileFirstLogin()) {
        user.addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE);
    }

    return validate(realm, user);
}
 

private UserModel createUserModel(RealmModel realm, String rawUsername) throws NotFoundException {

        String username = rawUsername.toLowerCase().trim();
        FederatedUserModel remoteUser = federatedUserService.getUserDetails(username);
        LOG.infof("Creating user model for: %s", username);
        UserModel userModel = session.userStorage().addUser(realm, username);

        if (!username.equals(remoteUser.getEmail())) {
            throw new IllegalStateException(String.format("Local and remote users differ: [%s != %s]", username, remoteUser.getUsername()));
        }

        userModel.setFederationLink(model.getId());
        userModel.setEnabled(remoteUser.isEnabled());
        userModel.setEmail(username);
        userModel.setEmailVerified(remoteUser.isEmailVerified());
        userModel.setFirstName(remoteUser.getFirstName());
        userModel.setLastName(remoteUser.getLastName());

        if (remoteUser.getAttributes() != null) {
            Map<String, List<String>> attributes = remoteUser.getAttributes();
            for (String attributeName : attributes.keySet())
                userModel.setAttribute(attributeName, attributes.get(attributeName));
        }

        if (remoteUser.getRoles() != null) {
            for (String role : remoteUser.getRoles()) {
                RoleModel roleModel = realm.getRole(role);
                if (roleModel != null) {
                    userModel.grantRole(roleModel);
                    LOG.infof("Granted user %s, role %s", username, role);
                }
            }
        }

        return userModel;
    }
 

private UserModel createUser(RealmModel realm, String username) {
    UserModel user;
    if (isImportEnabled()) {
        user = session.userLocalStorage().addUser(realm, username);
        user.setEnabled(true);
        user.setFederationLink(model.getId());
    } else {
        user = new AbstractUserAdapterFederatedStorage(session, realm, model) {
            @Override
            public String getUsername() {
                return username;
            }

            @Override
            public void setUsername(String innerUsername) {
                if (! Objects.equals(innerUsername, username)) {
                    throw new RuntimeException("Unsupported");
                }
            }

            @Override
            public void leaveGroup(GroupModel group) {
                UserMapStorage.this.leaveGroup(realm, getUsername(), group);
            }

            @Override
            public void joinGroup(GroupModel group) {
                UserMapStorage.this.joinGroup(realm, getUsername(), group);
            }

            @Override
            public String getFederationLink() {
                return model.getId();
            }
        };
    }

    return user;
}
 

@Override
public UserModel addUser(RealmModel realm, String username) {
    UserModel local = session.userLocalStorage().addUser(realm, username);
    local.setFederationLink(component.getId());

    users.put(username, local);
    return local;
}
 

public static UserModel createUser(KeycloakSession session, RealmModel newRealm, UserRepresentation userRep) {
    convertDeprecatedSocialProviders(userRep);

    // Import users just to user storage. Don't federate
    UserModel user = session.userLocalStorage().addUser(newRealm, userRep.getId(), userRep.getUsername(), false, false);
    user.setEnabled(userRep.isEnabled() != null && userRep.isEnabled());
    user.setCreatedTimestamp(userRep.getCreatedTimestamp());
    user.setEmail(userRep.getEmail());
    if (userRep.isEmailVerified() != null) user.setEmailVerified(userRep.isEmailVerified());
    user.setFirstName(userRep.getFirstName());
    user.setLastName(userRep.getLastName());
    user.setFederationLink(userRep.getFederationLink());
    if (userRep.getAttributes() != null) {
        for (Map.Entry<String, List<String>> entry : userRep.getAttributes().entrySet()) {
            List<String> value = entry.getValue();
            if (value != null) {
                user.setAttribute(entry.getKey(), new ArrayList<>(value));
            }
        }
    }
    if (userRep.getRequiredActions() != null) {
        for (String requiredAction : userRep.getRequiredActions()) {
            try {
                user.addRequiredAction(UserModel.RequiredAction.valueOf(requiredAction.toUpperCase()));
            } catch (IllegalArgumentException iae) {
                user.addRequiredAction(requiredAction);
            }
        }
    }
    createCredentials(userRep, session, newRealm, user, false);
    createFederatedIdentities(userRep, session, newRealm, user);
    createRoleMappings(userRep, user, newRealm);
    if (userRep.getClientConsents() != null) {
        for (UserConsentRepresentation consentRep : userRep.getClientConsents()) {
            UserConsentModel consentModel = toModel(newRealm, consentRep);
            session.users().addConsent(newRealm, user.getId(), consentModel);
        }
    }

    if (userRep.getNotBefore() != null) {
        session.users().setNotBeforeForUser(newRealm, user, userRep.getNotBefore());
    }

    if (userRep.getServiceAccountClientId() != null) {
        String clientId = userRep.getServiceAccountClientId();
        ClientModel client = newRealm.getClientByClientId(clientId);
        if (client == null) {
            throw new RuntimeException("Unable to find client specified for service account link. Client: " + clientId);
        }
        user.setServiceAccountClientLink(client.getId());
    }
    createGroups(userRep, newRealm, user);
    return user;
}