org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate クラス

org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate の継承関係図

org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate 連携図

公開メンバ関数
	MSADUserModelDelegate (UserModel delegate, LDAPObject ldapUser)
boolean	isEnabled ()
void	setEnabled (boolean enabled)
void	addRequiredAction (RequiredAction action)
void	addRequiredAction (String action)
void	removeRequiredAction (RequiredAction action)
void	removeRequiredAction (String action)
Set< String >	getRequiredActions ()

静的公開変数類
static final Logger	logger = Logger.getLogger(TxAwareLDAPUserModelDelegate.class)

限定公開メンバ関数
long	getPwdLastSet ()
void	ensureTransactionStarted ()

限定公開変数類
LDAPStorageProvider	provider

非公開変数類
final LDAPObject	ldapUser

詳解

構築子と解体子

MSADUserModelDelegate()

org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate.MSADUserModelDelegate ( UserModel  delegate, LDAPObject  ldapUser  )

inline

                                                                              {
            super(delegate, ldapProvider, ldapUser);
            this.ldapUser = ldapUser;
        }

関数詳解

addRequiredAction() [1/2]

void org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate.addRequiredAction ( RequiredAction  action )

inline

                                                             {
            String actionName = action.name();
            addRequiredAction(actionName);
        }

addRequiredAction() [2/2]

void org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate.addRequiredAction ( String  action )

inline

                                                     {
            // Always update DB
            super.addRequiredAction(action);

            if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && RequiredAction.UPDATE_PASSWORD.toString().equals(action)) {
                logger.debugf("Going to propagate required action UPDATE_PASSWORD to MSAD for ldap user '%s' ", ldapUser.getDn().toString());

                // Normally it's read-only
                ldapUser.removeReadOnlyAttributeName(LDAPConstants.PWD_LAST_SET);

                ldapUser.setSingleAttribute(LDAPConstants.PWD_LAST_SET, "0");

                ensureTransactionStarted();
            }
        }

ensureTransactionStarted()

void org.keycloak.storage.ldap.mappers.TxAwareLDAPUserModelDelegate.ensureTransactionStarted ( )

inlineprotectedinherited

                                              {
        LDAPTransaction transaction = provider.getUserManager().getTransaction(getId());
        if (transaction.getState() == LDAPTransaction.TransactionState.NOT_STARTED) {
            if (logger.isTraceEnabled()) {
                logger.trace("Starting and enlisting transaction for object " + ldapUser.getDn().toString());
            }

            this.provider.getSession().getTransactionManager().enlistAfterCompletion(transaction);
        }
    }

getPwdLastSet()

long org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate.getPwdLastSet ( )

inlineprotected

                                       {
            String pwdLastSet = ldapUser.getAttributeAsString(LDAPConstants.PWD_LAST_SET);
            return pwdLastSet == null ? 0 : Long.parseLong(pwdLastSet);
        }

getRequiredActions()

Set<String> org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate.getRequiredActions ( )

inline

                                                {
            Set<String> requiredActions = super.getRequiredActions();

            if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE) {
                if (getPwdLastSet() == 0 || getUserAccountControl(ldapUser).has(UserAccountControl.PASSWORD_EXPIRED)) {
                    requiredActions = new HashSet<>(requiredActions);
                    requiredActions.add(RequiredAction.UPDATE_PASSWORD.toString());
                    return requiredActions;
                }
            }

            return requiredActions;
        }

isEnabled()

boolean org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate.isEnabled ( )

inline

                                   {
            boolean kcEnabled = super.isEnabled();

            if (getPwdLastSet() > 0) {
                // Merge KC and MSAD
                return kcEnabled && !getUserAccountControl(ldapUser).has(UserAccountControl.ACCOUNTDISABLE);
            } else {
                // If new MSAD user is created and pwdLastSet is still 0, MSAD account is in disabled state. So read just from Keycloak DB. User is not able to login via MSAD anyway
                return kcEnabled;
            }
        }

removeRequiredAction() [1/2]

void org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate.removeRequiredAction ( RequiredAction  action )

inline

                                                                {
            String actionName = action.name();
            removeRequiredAction(actionName);
        }

removeRequiredAction() [2/2]

void org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate.removeRequiredAction ( String  action )

inline

                                                        {
            // Always update DB
            super.removeRequiredAction(action);

            if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && RequiredAction.UPDATE_PASSWORD.toString().equals(action)) {

                // Don't set pwdLastSet in MSAD when it is new user
                UserAccountControl accountControl = getUserAccountControl(ldapUser);
                if (accountControl.getValue() != 0 && !accountControl.has(UserAccountControl.PASSWD_NOTREQD)) {
                    logger.debugf("Going to remove required action UPDATE_PASSWORD from MSAD for ldap user '%s' ", ldapUser.getDn().toString());

                    // Normally it's read-only
                    ldapUser.removeReadOnlyAttributeName(LDAPConstants.PWD_LAST_SET);

                    ldapUser.setSingleAttribute(LDAPConstants.PWD_LAST_SET, "-1");

                    ensureTransactionStarted();
                }
            }
        }

setEnabled()

void org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate.setEnabled ( boolean  enabled )

inline

                                                {
            // Always update DB
            super.setEnabled(enabled);

            if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && getPwdLastSet() > 0) {
                logger.debugf("Going to propagate enabled=%s for ldapUser '%s' to MSAD", enabled, ldapUser.getDn().toString());

                UserAccountControl control = getUserAccountControl(ldapUser);
                if (enabled) {
                    control.remove(UserAccountControl.ACCOUNTDISABLE);
                } else {
                    control.add(UserAccountControl.ACCOUNTDISABLE);
                }

                ensureTransactionStarted();

                updateUserAccountControl(false, ldapUser, control);
            }
        }

メンバ詳解

ldapUser

final LDAPObject org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper.MSADUserModelDelegate.ldapUser

private

logger

final Logger org.keycloak.storage.ldap.mappers.TxAwareLDAPUserModelDelegate.logger = Logger.getLogger(TxAwareLDAPUserModelDelegate.class)

staticinherited

provider

LDAPStorageProvider org.keycloak.storage.ldap.mappers.TxAwareLDAPUserModelDelegate.provider

protectedinherited

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/federation/src/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java