@GET @Path("/valid-credentials") @Produces(MediaType.APPLICATION_JSON) public boolean validCredentials(@QueryParam("realmName") String realmName, @QueryParam("userName") String userName, @QueryParam("password") String password) { RealmModel realm = session.realms().getRealm(realmName); if (realm == null) return false; UserProvider userProvider = session.getProvider(UserProvider.class); UserModel user = userProvider.getUserByUsername(userName, realm); return userProvider.validCredentials(session, realm, user, UserCredentialModel.password(password)); }
private static List<String> userRoles(String userName, KeycloakSession keycloakSession) { List<String> userRoles = new ArrayList<>(); for (RoleModel roleMapping : keycloakSession.users() .getUserByUsername(userName, keycloakSession.getContext().getRealm()) .getRoleMappings()) userRoles.add(roleMapping.getName()); return userRoles; }
private static List<String> userRoles(String userName, KeycloakSession keycloakSession) { List<String> userRoles = new ArrayList<>(); for (RoleModel roleMapping : keycloakSession.users() .getUserByUsername(userName, keycloakSession.getContext().getRealm()) .getRoleMappings()) userRoles.add(roleMapping.getName()); return userRoles; }
@Override public UserModel getUserByUsername(String username, RealmModel realm) { UserModel user = session.userStorage().getUserByUsername(username.toLowerCase(), realm); if (user != null) { user = validateAndProxyUser(realm, user); if (user != null) return user; } for (UserFederationProviderModel federation : realm.getUserFederationProviders()) { UserFederationProvider fed = getFederationProvider(federation); user = fed.getUserByUsername(realm, username); if (user != null) return user; } return user; }
RealmModel realm = keycloakSession.realms().getRealmByName(hostname); if (realm != null) { UserModel userModel = keycloakSession.userStorageManager().getUserByUsername(username, realm); if (userModel != null) { PasswordCredentialProvider passwordCredentialProvider = getPasswordCredentialProvider(realm, userModel);
@Override public UserModel getUserByUsername(String username, RealmModel realm) { username = username.toLowerCase(); if (!cache.isEnabled()) return getDelegate().getUserByUsername(username, realm); if (realmInvalidations.contains(realm.getId())) { return getDelegate().getUserByUsername(username, realm); } CachedUser cached = cache.getCachedUserByUsername(realm.getId(), username); if (cached == null) { UserModel model = getDelegate().getUserByUsername(username, realm); if (model == null) return null; if (managedUsers.containsKey(model.getId())) return managedUsers.get(model.getId()); if (userInvalidations.containsKey(model.getId())) return model; cached = new CachedUser(realm, model); cache.addCachedUser(realm.getId(), cached); } else if (userInvalidations.containsKey(cached.getId())) { return getDelegate().getUserById(cached.getId(), realm); } else if (managedUsers.containsKey(cached.getId())) { return managedUsers.get(cached.getId()); } UserAdapter adapter = new UserAdapter(cached, this, session, realm); managedUsers.put(cached.getId(), adapter); return adapter; }
private void updateUsers(Policy policy, AuthorizationProvider authorization, Set<String> users) { KeycloakSession session = authorization.getKeycloakSession(); RealmModel realm = authorization.getRealm(); UserProvider userProvider = session.users(); Set<String> updatedUsers = new HashSet<>(); if (users != null) { for (String userId : users) { UserModel user = null; try { user = userProvider.getUserByUsername(userId, realm); } catch (Exception ignore) { } if (user == null) { user = userProvider.getUserById(userId, realm); } if (user == null) { throw new RuntimeException("Error while updating policy [" + policy.getName() + "]. User [" + userId + "] could not be found."); } updatedUsers.add(user.getId()); } } try { policy.putConfig("users", JsonSerialization.writeValueAsString(updatedUsers)); } catch (IOException cause) { throw new RuntimeException("Failed to serialize users", cause); } }
if (realmInvalidations.contains(realm.getId())) { logger.tracev("realmInvalidations"); return getDelegate().getUserByUsername(username, realm); return getDelegate().getUserByUsername(username, realm); logger.tracev("query null"); Long loaded = cache.getCurrentRevision(cacheKey); UserModel model = getDelegate().getUserByUsername(username, realm); if (model == null) { logger.tracev("model from delegate null"); if (invalidations.contains(userId)) { logger.tracev("invalidated cache return delegate"); return getDelegate().getUserByUsername(username, realm);
String tokenUser = K8sServiceAccountCredentialProvider.authenticateToken(password, amqpServer.getOpenShiftClient(), amqpServer.getHttpClient()); if(tokenUser != null) { final UserModel user = keycloakSession.userStorageManager().getUserByUsername(tokenUser, realm); if (user != null) { if ("serviceaccount".equals(user.getFirstAttribute("authenticationType"))) { final UserModel user = keycloakSession.userStorageManager().getUserByUsername(username, realm); if (user != null) { UserCredentialModel credentialModel = "serviceaccount".equals(user.getFirstAttribute("authenticationType")) ? createServiceAccountUserCredential(password) : UserCredentialModel.password(password);
/** * Called after successful authentication * * @param realm realm * @param username username without realm prefix * @return user if found or successfully created. Null if user with same username already exists, but is not linked to this provider */ protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username) { UserModel user = session.userLocalStorage().getUserByUsername(username, realm); if (user != null) { user = session.users().getUserById(user.getId(), realm); // make sure we get a cached instance logger.debug("Kerberos authenticated user " + username + " found in Keycloak storage"); if (!model.getId().equals(user.getFederationLink())) { logger.warn("User with username " + username + " already exists, but is not linked to provider [" + model.getName() + "]"); return null; } else { UserModel proxied = validate(realm, user); if (proxied != null) { return proxied; } else { logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getName() + "] but kerberos principal is not correct. Kerberos principal on user is: " + user.getFirstAttribute(KERBEROS_PRINCIPAL)); logger.warn("Will re-create user"); new UserManager(session).removeUser(realm, user, session.userLocalStorage()); } } } logger.debug("Kerberos authenticated user " + username + " not in Keycloak storage. Creating him"); return importUserToKeycloak(realm, username); }
if (invalidations.contains(userId)) { logger.tracev("invalidated cache return delegate"); return getDelegate().getUserByUsername(username, realm);