org.keycloak.models.utils

Class KeycloakModelUtils

java.lang.Object

org.keycloak.models.utils.KeycloakModelUtils

public final class KeycloakModelUtils
extends Object

Set of helper methods, which are useful in various model implementations.

Author:

Marek Posolda

Method Summary

Modifier and Type	Method and Description
static Function<KeycloakSessionFactory,ComponentModel>	componentModelGetter(String realmId, String componentId)
static String	convertClientScopeName(String previousName) Replace spaces in the name with underscore, so that scope name can be used as value of scope parameter
static ComponentModel	createComponentModel(String name, String parentId, String providerId, String providerType, String... config)
static ClientModel	createManagementClient(RealmModel realm, String name)
static ClientModel	createPublicClient(RealmModel realm, String name)
static void	deepFindAuthenticationExecutions(RealmModel realm, AuthenticationFlowModel flow, List<AuthenticationExecutionModel> result) Recursively find all AuthenticationExecutionModel from specified flow or all it's subflows
static ClientScopeModel	findClientScopeById(RealmModel realm, ClientModel client, String clientScopeId) Lookup clientScope OR client by id.
static GroupModel	findGroupByPath(RealmModel realm, String path)
static UserModel	findUserByNameOrEmail(KeycloakSession session, RealmModel realm, String username) Try to find user by username or email for authentication
static UserStorageProviderModel	findUserStorageProviderById(String fedProviderId, RealmModel realm)
static UserStorageProviderModel	findUserStorageProviderByName(String displayName, RealmModel realm)
static String	generateCodeSecret()
static String	generateId()
static CertificateRepresentation	generateKeyPairCertificate(String subject)
static byte[]	generateSecret()
static UserCredentialModel	generateSecret(ClientModel client)
static byte[]	generateSecret(int bytes)
static X509Certificate	getCertificate(String cert)
static ClientScopeModel	getClientScopeByName(RealmModel realm, String clientScopeName)
static Set<RoleModel>	getClientScopeMappings(ClientModel client, ScopeContainerModel container) Deprecated. Use getClientScopeMappingsStream(ClientModel, ScopeContainerModel) getClientScopeMappingsStream} instead.
static Stream<RoleModel>	getClientScopeMappingsStream(ClientModel client, ScopeContainerModel container)
static <T extends Provider> ProviderFactory<T>	getComponentFactory(KeycloakSessionFactory factory, Class<T> providerClass, Config.Scope config, String spiName)
static ComponentModel	getComponentModel(KeycloakSessionFactory factory, String realmId, String componentId)
static String	getDefaultClientAuthenticatorType()
static String	getIdentityProviderDisplayName(KeycloakSession session, IdentityProviderModel provider)
static String	getMasterRealmAdminApplicationClientId(String realmName)
static String	getPemFromCertificate(X509Certificate certificate)
static String	getPemFromKey(Key key)
static PrivateKey	getPrivateKey(String privateKeyPem)
static PublicKey	getPublicKey(String publicKeyPem)
static RoleModel	getRoleFromString(RealmModel realm, String roleName)
static Key	getSecretKey(String secret)
static boolean	isClientScopeUsed(RealmModel realm, ClientScopeModel clientScope)
static boolean	isFlowUsed(RealmModel realm, AuthenticationFlowModel model) Check to see if a flow is currently in use
static boolean	isRealmProviderJpa(KeycloakSession session)
static String[]	parseRole(String role)
static List<String>	resolveAttribute(GroupModel group, String name)
static Collection<String>	resolveAttribute(UserModel user, String name, boolean aggregateAttrs)
static String	resolveFirstAttribute(GroupModel group, String name)
static void	runJobInTransaction(KeycloakSessionFactory factory, KeycloakSessionTask task) Wrap given runnable job into KeycloakTransaction.
static void	runJobInTransactionWithTimeout(KeycloakSessionFactory factory, KeycloakSessionTask task, int timeoutInSeconds) Wrap given runnable job into KeycloakTransaction.
static boolean	searchFor(RoleModel role, RoleModel composite, Set<String> visited) Deep search if given role is descendant of composite role
static void	setupAuthorizationServices(RealmModel realm)
static void	setupDefaultRole(RealmModel realm, String defaultRoleName) Creates default role for particular realm with the given name.
static void	setupDeleteAccount(ClientModel accountClient)
static RoleModel	setupOfflineRole(RealmModel realm)
static void	suspendJtaTransaction(KeycloakSessionFactory factory, Runnable runnable)
static String	toLowerCaseSafe(String str)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

generateId

public static String generateId()

generateSecret

public static byte[] generateSecret()

generateSecret

public static byte[] generateSecret(int bytes)

getPublicKey

public static PublicKey getPublicKey(String publicKeyPem)

getCertificate

public static X509Certificate getCertificate(String cert)

getPrivateKey

public static PrivateKey getPrivateKey(String privateKeyPem)

getSecretKey

public static Key getSecretKey(String secret)

getPemFromKey

public static String getPemFromKey(Key key)

getPemFromCertificate

public static String getPemFromCertificate(X509Certificate certificate)

generateKeyPairCertificate

public static CertificateRepresentation generateKeyPairCertificate(String subject)

generateSecret

public static UserCredentialModel generateSecret(ClientModel client)

getDefaultClientAuthenticatorType

public static String getDefaultClientAuthenticatorType()

generateCodeSecret

public static String generateCodeSecret()

createManagementClient

public static ClientModel createManagementClient(RealmModel realm,
                                                 String name)

createPublicClient

public static ClientModel createPublicClient(RealmModel realm,
                                             String name)

searchFor

public static boolean searchFor(RoleModel role,
                                RoleModel composite,
                                Set<String> visited)

Deep search if given role is descendant of composite role

Parameters:

role - role to check

composite - composite role

visited - set of already visited roles (used for recursion)

Returns:

true if "role" is descendant of "composite"

findUserByNameOrEmail

public static UserModel findUserByNameOrEmail(KeycloakSession session,
                                              RealmModel realm,
                                              String username)

Try to find user by username or email for authentication

Parameters:

realm - realm

username - username or email of user

Returns:

found user

runJobInTransaction

public static void runJobInTransaction(KeycloakSessionFactory factory,
                                       KeycloakSessionTask task)

Wrap given runnable job into KeycloakTransaction.

Parameters:

factory -

task -

runJobInTransactionWithTimeout

public static void runJobInTransactionWithTimeout(KeycloakSessionFactory factory,
                                                  KeycloakSessionTask task,
                                                  int timeoutInSeconds)

Wrap given runnable job into KeycloakTransaction. Set custom timeout for the JTA transaction (in case we're in the environment with JTA enabled)

Parameters:

factory -

task -

timeoutInSeconds -

componentModelGetter

public static Function<KeycloakSessionFactory,ComponentModel> componentModelGetter(String realmId,
                                                                                   String componentId)

getComponentModel

public static ComponentModel getComponentModel(KeycloakSessionFactory factory,
                                               String realmId,
                                               String componentId)

getComponentFactory

public static <T extends Provider> ProviderFactory<T> getComponentFactory(KeycloakSessionFactory factory,
                                                                          Class<T> providerClass,
                                                                          Config.Scope config,
                                                                          String spiName)

getMasterRealmAdminApplicationClientId

public static String getMasterRealmAdminApplicationClientId(String realmName)

findUserStorageProviderByName

public static UserStorageProviderModel findUserStorageProviderByName(String displayName,
                                                                     RealmModel realm)

findUserStorageProviderById

public static UserStorageProviderModel findUserStorageProviderById(String fedProviderId,
                                                                   RealmModel realm)

createComponentModel

public static ComponentModel createComponentModel(String name,
                                                  String parentId,
                                                  String providerId,
                                                  String providerType,
                                                  String... config)

toLowerCaseSafe

public static String toLowerCaseSafe(String str)

setupDefaultRole

public static void setupDefaultRole(RealmModel realm,
                                    String defaultRoleName)

Creates default role for particular realm with the given name.

Parameters:

realm - Realm

defaultRoleName - Name of the newly created defaultRole

setupOfflineRole

public static RoleModel setupOfflineRole(RealmModel realm)

setupDeleteAccount

public static void setupDeleteAccount(ClientModel accountClient)

deepFindAuthenticationExecutions

public static void deepFindAuthenticationExecutions(RealmModel realm,
                                                    AuthenticationFlowModel flow,
                                                    List<AuthenticationExecutionModel> result)

Recursively find all AuthenticationExecutionModel from specified flow or all it's subflows

Parameters:

realm -

flow -

result - input should be empty list. At the end will be all executions added to this list

resolveFirstAttribute

public static String resolveFirstAttribute(GroupModel group,
                                           String name)

resolveAttribute

public static List<String> resolveAttribute(GroupModel group,
                                            String name)

resolveAttribute

public static Collection<String> resolveAttribute(UserModel user,
                                                  String name,
                                                  boolean aggregateAttrs)

findGroupByPath

public static GroupModel findGroupByPath(RealmModel realm,
                                         String path)

getClientScopeMappings

@Deprecated
public static Set<RoleModel> getClientScopeMappings(ClientModel client,
                                                                ScopeContainerModel container)

Deprecated. Use getClientScopeMappingsStream(ClientModel, ScopeContainerModel) getClientScopeMappingsStream} instead.

Parameters:

client - ClientModel

container - ScopeContainerModel

Returns:

getClientScopeMappingsStream

public static Stream<RoleModel> getClientScopeMappingsStream(ClientModel client,
                                                             ScopeContainerModel container)

getRoleFromString

public static RoleModel getRoleFromString(RealmModel realm,
                                          String roleName)

parseRole

public static String[] parseRole(String role)

isFlowUsed

public static boolean isFlowUsed(RealmModel realm,
                                 AuthenticationFlowModel model)

Check to see if a flow is currently in use

Parameters:

realm -

model -

Returns:

isClientScopeUsed

public static boolean isClientScopeUsed(RealmModel realm,
                                        ClientScopeModel clientScope)

getClientScopeByName

public static ClientScopeModel getClientScopeByName(RealmModel realm,
                                                    String clientScopeName)

findClientScopeById

public static ClientScopeModel findClientScopeById(RealmModel realm,
                                                   ClientModel client,
                                                   String clientScopeId)

Lookup clientScope OR client by id. Method is useful if you know just ID, but you don't know if underlying model is clientScope or client

convertClientScopeName

public static String convertClientScopeName(String previousName)

Replace spaces in the name with underscore, so that scope name can be used as value of scope parameter

setupAuthorizationServices

public static void setupAuthorizationServices(RealmModel realm)

suspendJtaTransaction

public static void suspendJtaTransaction(KeycloakSessionFactory factory,
                                         Runnable runnable)

getIdentityProviderDisplayName

public static String getIdentityProviderDisplayName(KeycloakSession session,
                                                    IdentityProviderModel provider)

isRealmProviderJpa

public static boolean isRealmProviderJpa(KeycloakSession session)

Returns:

true if implementation of realmProvider is "jpa" . Which is always the case in standard Keycloak installations.