org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper の継承関係図

org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper 連携図

公開メンバ関数
	UserAttributeLDAPStorageMapper (ComponentModel mapperModel, LDAPStorageProvider ldapProvider)

void	onImportUserFromLDAP (LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)

void	onRegisterUserToLDAP (LDAPObject ldapUser, UserModel localUser, RealmModel realm)

UserModel	proxy (final LDAPObject ldapUser, UserModel delegate, RealmModel realm)

void	beforeLDAPQuery (LDAPQuery query)

SynchronizationResult	syncDataFromFederationProviderToKeycloak (RealmModel realm)

SynchronizationResult	syncDataFromKeycloakToFederationProvider (RealmModel realm)

List< UserModel >	getGroupMembers (RealmModel realm, GroupModel group, int firstResult, int maxResults)

boolean	onAuthenticationFailure (LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm)

LDAPStorageProvider	getLdapProvider ()

void	close ()

静的公開メンバ関数
static boolean	parseBooleanParameter (ComponentModel mapperModel, String paramName)

静的公開変数類
static final String	USER_MODEL_ATTRIBUTE = "user.model.attribute"

static final String	LDAP_ATTRIBUTE = "ldap.attribute"

static final String	READ_ONLY = "read.only"

static final String	ALWAYS_READ_VALUE_FROM_LDAP = "always.read.value.from.ldap"

static final String	IS_MANDATORY_IN_LDAP = "is.mandatory.in.ldap"

static final String	IS_BINARY_ATTRIBUTE = "is.binary.attribute"

限定公開メンバ関数
void	checkDuplicateEmail (String userModelAttrName, String email, RealmModel realm, KeycloakSession session, UserModel user)

void	setPropertyOnUserModel (Property< Object > userModelProperty, UserModel user, String ldapAttrValue)

限定公開変数類
final KeycloakSession	session

final ComponentModel	mapperModel

final LDAPStorageProvider	ldapProvider

静的関数
	[static initializer]

非公開メンバ関数
boolean	isReadOnly ()

静的非公開変数類
static final Logger	logger = Logger.getLogger(UserAttributeLDAPStorageMapper.class)

static final Map< String, Property< Object > >	userModelProperties

詳解

著者: Marek Posolda

構築子と解体子

◆ UserAttributeLDAPStorageMapper()

org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.UserAttributeLDAPStorageMapper	(	ComponentModel	mapperModel,
		LDAPStorageProvider	ldapProvider
	)

inline

                                                                                                         {
         super(mapperModel, ldapProvider);
     }

関数詳解

◆ [static initializer]()

org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.[static initializer] ( )

inlinestaticpackage

◆ beforeLDAPQuery()

void org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.beforeLDAPQuery ( LDAPQuery query )

inline

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                  {
         String userModelAttrName = mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE);
         String ldapAttrName = mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE);
 
         // Add mapped attribute to returning ldap attributes
         query.addReturningLdapAttribute(ldapAttrName);
         if (isReadOnly()) {
             query.addReturningReadOnlyLdapAttribute(ldapAttrName);
         }
 
         // Change conditions and use ldapAttribute instead of userModel
         for (Condition condition : query.getConditions()) {
             condition.updateParameterName(userModelAttrName, ldapAttrName);
         }
     }

◆ checkDuplicateEmail()

void org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.checkDuplicateEmail	(	String	userModelAttrName,
		String	email,
		RealmModel	realm,
		KeycloakSession	session,
		UserModel	user
	)

inlineprotected

                                                                                                                                           {
         if (email == null || realm.isDuplicateEmailsAllowed()) return;
         if (UserModel.EMAIL.equalsIgnoreCase(userModelAttrName)) {
             // lowercase before search
             email = KeycloakModelUtils.toLowerCaseSafe(email);
 
             UserModel that = session.userLocalStorage().getUserByEmail(email, realm);
             if (that != null && !that.getId().equals(user.getId())) {
                 session.getTransactionManager().setRollbackOnly();
                 String exceptionMessage = String.format("Can't import user '%s' from LDAP because email '%s' already exists in Keycloak. Existing user with this email is '%s'", user.getUsername(), email, that.getUsername());
                 throw new ModelDuplicateException(exceptionMessage, UserModel.EMAIL);
             }
         }
     }

◆ close()

void org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.close ( )

inlineinherited

org.keycloak.provider.Providerを実装しています。

                         {
 
     }

◆ getGroupMembers()

List<UserModel> org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.getGroupMembers	(	RealmModel	realm,
		GroupModel	group,
		int	firstResult,
		int	maxResults
	)

inlineinherited

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                                                 {
         return Collections.emptyList();
     }

◆ getLdapProvider()

LDAPStorageProvider org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.getLdapProvider ( )

inlineinherited

                                                  {
         return ldapProvider;
     }

◆ isReadOnly()

boolean org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.isReadOnly ( )

inlineprivate

                                  {
         return parseBooleanParameter(mapperModel, READ_ONLY);
     }

◆ onAuthenticationFailure()

boolean org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.onAuthenticationFailure	(	LDAPObject	ldapUser,
		UserModel	user,
		AuthenticationException	ldapException,
		RealmModel	realm
	)

inlineinherited

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                                                                          {
         return false;
     }

◆ onImportUserFromLDAP()

void org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.onImportUserFromLDAP	(	LDAPObject	ldapUser,
		UserModel	user,
		RealmModel	realm,
		boolean	isCreate
	)

inline

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                                               {
         String userModelAttrName = mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE);
         String ldapAttrName = mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE);
 
         // We won't update binary attributes to Keycloak DB. They might be too big
         boolean isBinaryAttribute = mapperModel.get(IS_BINARY_ATTRIBUTE, false);
         if (isBinaryAttribute) {
             return;
         }
 
         Property<Object> userModelProperty = userModelProperties.get(userModelAttrName.toLowerCase());
 
         if (userModelProperty != null) {
 
             // we have java property on UserModel
             String ldapAttrValue = ldapUser.getAttributeAsString(ldapAttrName);
 
             checkDuplicateEmail(userModelAttrName, ldapAttrValue, realm, ldapProvider.getSession(), user);
 
             setPropertyOnUserModel(userModelProperty, user, ldapAttrValue);
         } else {
 
             // we don't have java property. Let's set attribute
             Set<String> ldapAttrValue = ldapUser.getAttributeAsSet(ldapAttrName);
             if (ldapAttrValue != null) {
                 user.setAttribute(userModelAttrName, new ArrayList<>(ldapAttrValue));
             } else {
                 user.removeAttribute(userModelAttrName);
             }
         }
     }

◆ onRegisterUserToLDAP()

void org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.onRegisterUserToLDAP	(	LDAPObject	ldapUser,
		UserModel	localUser,
		RealmModel	realm
	)

inline

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                                  {
         String userModelAttrName = mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE);
         String ldapAttrName = mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE);
         boolean isMandatoryInLdap = parseBooleanParameter(mapperModel, IS_MANDATORY_IN_LDAP);
 
         Property<Object> userModelProperty = userModelProperties.get(userModelAttrName.toLowerCase());
 
         if (userModelProperty != null) {
 
             // we have java property on UserModel. Assuming we support just properties of simple types
             Object attrValue = userModelProperty.getValue(localUser);
 
             if (attrValue == null) {
                 if (isMandatoryInLdap) {
                     ldapUser.setSingleAttribute(ldapAttrName, LDAPConstants.EMPTY_ATTRIBUTE_VALUE);
                 } else {
                     ldapUser.setAttribute(ldapAttrName, new LinkedHashSet<String>());
                 }
             } else {
                 ldapUser.setSingleAttribute(ldapAttrName, attrValue.toString());
             }
         } else {
 
             // we don't have java property. Let's set attribute
             List<String> attrValues = localUser.getAttribute(userModelAttrName);
 
             if (attrValues.size() == 0) {
                 if (isMandatoryInLdap) {
                     ldapUser.setSingleAttribute(ldapAttrName, LDAPConstants.EMPTY_ATTRIBUTE_VALUE);
                 } else {
                     ldapUser.setAttribute(ldapAttrName, new LinkedHashSet<String>());
                 }
             } else {
                 ldapUser.setAttribute(ldapAttrName, new LinkedHashSet<>(attrValues));
             }
         }
 
         if (isReadOnly()) {
             ldapUser.addReadOnlyAttributeName(ldapAttrName);
         }
     }

◆ parseBooleanParameter()

static boolean org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.parseBooleanParameter	(	ComponentModel	mapperModel,
		String	paramName
	)

inlinestaticinherited

                                                                                               {
         String paramm = mapperModel.getConfig().getFirst(paramName);
         return Boolean.parseBoolean(paramm);
     }

◆ proxy()

UserModel org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.proxy	(	final LDAPObject	ldapUser,
		UserModel	delegate,
		RealmModel	realm
	)

inline

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                             {
         final String userModelAttrName = mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE);
         final String ldapAttrName = mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE);
         boolean isAlwaysReadValueFromLDAP = parseBooleanParameter(mapperModel, ALWAYS_READ_VALUE_FROM_LDAP);
         final boolean isMandatoryInLdap = parseBooleanParameter(mapperModel, IS_MANDATORY_IN_LDAP);
         final boolean isBinaryAttribute = parseBooleanParameter(mapperModel, IS_BINARY_ATTRIBUTE);
 
         // For writable mode, we want to propagate writing of attribute to LDAP as well
         if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && !isReadOnly()) {
 
             delegate = new TxAwareLDAPUserModelDelegate(delegate, ldapProvider, ldapUser) {
 
                 @Override
                 public void setSingleAttribute(String name, String value) {
                     if (setLDAPAttribute(name, value)) {
                         super.setSingleAttribute(name, value);
                     }
                 }
 
                 @Override
                 public void setAttribute(String name, List<String> values) {
                     if (setLDAPAttribute(name, values)) {
                         super.setAttribute(name, values);
                     }
                 }
 
                 @Override
                 public void removeAttribute(String name) {
                     if ( setLDAPAttribute(name, null)) {
                         super.removeAttribute(name);
                     }
                 }
 
                 @Override
                 public void setEmail(String email) {
                     checkDuplicateEmail(userModelAttrName, email, realm, ldapProvider.getSession(), this);
 
                     setLDAPAttribute(UserModel.EMAIL, email);
                     super.setEmail(email);
                 }
 
                 @Override
                 public void setLastName(String lastName) {
                     setLDAPAttribute(UserModel.LAST_NAME, lastName);
                     super.setLastName(lastName);
                 }
 
                 @Override
                 public void setFirstName(String firstName) {
                     setLDAPAttribute(UserModel.FIRST_NAME, firstName);
                     super.setFirstName(firstName);
                 }
 
                 protected boolean setLDAPAttribute(String modelAttrName, Object value) {
                     if (modelAttrName.equalsIgnoreCase(userModelAttrName)) {
                         if (UserAttributeLDAPStorageMapper.logger.isTraceEnabled()) {
                             UserAttributeLDAPStorageMapper.logger.tracef("Pushing user attribute to LDAP. username: %s, Model attribute name: %s, LDAP attribute name: %s, Attribute value: %s", getUsername(), modelAttrName, ldapAttrName, value);
                         }
 
                         ensureTransactionStarted();
 
                         if (value == null) {
                             if (isMandatoryInLdap) {
                                 ldapUser.setSingleAttribute(ldapAttrName, LDAPConstants.EMPTY_ATTRIBUTE_VALUE);
                             } else {
                                 ldapUser.setAttribute(ldapAttrName, new LinkedHashSet<String>());
                             }
                         } else if (value instanceof String) {
                             ldapUser.setSingleAttribute(ldapAttrName, (String) value);
                         } else {
                             List<String> asList = (List<String>) value;
                             if (asList.isEmpty() && isMandatoryInLdap) {
                                 ldapUser.setSingleAttribute(ldapAttrName, LDAPConstants.EMPTY_ATTRIBUTE_VALUE);
                             } else {
                                 ldapUser.setAttribute(ldapAttrName, new LinkedHashSet<>(asList));
                             }
                         }
 
                         if (isBinaryAttribute) {
                             UserAttributeLDAPStorageMapper.logger.debugf("Skip writing model attribute '%s' to DB for user '%s' as it is mapped to binary LDAP attribute.", userModelAttrName, getUsername());
                             return false;
                         } else {
                             return true;
                         }
                     }
 
                     return true;
                 }
 
             };
 
         } else if (isBinaryAttribute) {
 
             delegate = new UserModelDelegate(delegate) {
 
                 @Override
                 public void setSingleAttribute(String name, String value) {
                     if (name.equalsIgnoreCase(userModelAttrName)) {
                         logSkipDBWrite();
                     } else {
                         super.setSingleAttribute(name, value);
                     }
                 }
 
                 @Override
                 public void setAttribute(String name, List<String> values) {
                     if (name.equalsIgnoreCase(userModelAttrName)) {
                         logSkipDBWrite();
                     } else {
                         super.setAttribute(name, values);
                     }
                 }
 
                 @Override
                 public void removeAttribute(String name) {
                     if (name.equalsIgnoreCase(userModelAttrName)) {
                         logSkipDBWrite();
                     } else {
                         super.removeAttribute(name);
                     }
                 }
 
                 private void logSkipDBWrite() {
                     logger.debugf("Skip writing model attribute '%s' to DB for user '%s' as it is mapped to binary LDAP attribute", userModelAttrName, getUsername());
                 }
 
             };
 
         }
 
         // We prefer to read attribute value from LDAP instead of from local Keycloak DB
         if (isAlwaysReadValueFromLDAP) {
 
             delegate = new UserModelDelegate(delegate) {
 
                 @Override
                 public String getFirstAttribute(String name) {
                     if (name.equalsIgnoreCase(userModelAttrName)) {
                         return ldapUser.getAttributeAsString(ldapAttrName);
                     } else {
                         return super.getFirstAttribute(name);
                     }
                 }
 
                 @Override
                 public List<String> getAttribute(String name) {
                     if (name.equalsIgnoreCase(userModelAttrName)) {
                         Collection<String> ldapAttrValue = ldapUser.getAttributeAsSet(ldapAttrName);
                         if (ldapAttrValue == null) {
                             return Collections.emptyList();
                         } else {
                             return new ArrayList<>(ldapAttrValue);
                         }
                     } else {
                         return super.getAttribute(name);
                     }
                 }
 
                 @Override
                 public Map<String, List<String>> getAttributes() {
                     Map<String, List<String>> attrs = new HashMap<>(super.getAttributes());
 
                     // Ignore UserModel properties
                     if (userModelProperties.get(userModelAttrName.toLowerCase()) != null) {
                         return attrs;
                     }
 
                     Set<String> allLdapAttrValues = ldapUser.getAttributeAsSet(ldapAttrName);
                     if (allLdapAttrValues != null) {
                         attrs.put(userModelAttrName, new ArrayList<>(allLdapAttrValues));
                     }
                     return attrs;
                 }
 
                 @Override
                 public String getEmail() {
                     if (UserModel.EMAIL.equalsIgnoreCase(userModelAttrName)) {
                         return ldapUser.getAttributeAsString(ldapAttrName);
                     } else {
                         return super.getEmail();
                     }
                 }
 
                 @Override
                 public String getLastName() {
                     if (UserModel.LAST_NAME.equalsIgnoreCase(userModelAttrName)) {
                         return ldapUser.getAttributeAsString(ldapAttrName);
                     } else {
                         return super.getLastName();
                     }
                 }
 
                 @Override
                 public String getFirstName() {
                     if (UserModel.FIRST_NAME.equalsIgnoreCase(userModelAttrName)) {
                         return ldapUser.getAttributeAsString(ldapAttrName);
                     } else {
                         return super.getFirstName();
                     }
                 }
 
             };
         }
 
         return delegate;
     }

◆ setPropertyOnUserModel()

void org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.setPropertyOnUserModel	(	Property< Object >	userModelProperty,
		UserModel	user,
		String	ldapAttrValue
	)

inlineprotected

                                                                                                                     {
         if (ldapAttrValue == null) {
             userModelProperty.setValue(user, null);
         } else {
             Class<Object> clazz = userModelProperty.getJavaClass();
 
             if (String.class.equals(clazz)) {
                 userModelProperty.setValue(user, ldapAttrValue);
             } else if (Boolean.class.equals(clazz) || boolean.class.equals(clazz)) {
                 Boolean boolVal = Boolean.valueOf(ldapAttrValue);
                 userModelProperty.setValue(user, boolVal);
             } else {
                 logger.warnf("Don't know how to set the property '%s' on user '%s' . Value of LDAP attribute is '%s' ", userModelProperty.getName(), user.getUsername(), ldapAttrValue.toString());
             }
         }
     }

◆ syncDataFromFederationProviderToKeycloak()

SynchronizationResult org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.syncDataFromFederationProviderToKeycloak ( RealmModel realm )

inlineinherited

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                             {
         return new SynchronizationResult();
     }

◆ syncDataFromKeycloakToFederationProvider()

SynchronizationResult org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.syncDataFromKeycloakToFederationProvider ( RealmModel realm )

inlineinherited

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                             {
         return new SynchronizationResult();
     }

メンバ詳解

◆ ALWAYS_READ_VALUE_FROM_LDAP

final String org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP = "always.read.value.from.ldap"

static

◆ IS_BINARY_ATTRIBUTE

final String org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.IS_BINARY_ATTRIBUTE = "is.binary.attribute"

static

◆ IS_MANDATORY_IN_LDAP

final String org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP = "is.mandatory.in.ldap"

static

◆ LDAP_ATTRIBUTE

final String org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE = "ldap.attribute"

static

◆ ldapProvider

final LDAPStorageProvider org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.ldapProvider

protectedinherited

◆ logger

final Logger org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.logger = Logger.getLogger(UserAttributeLDAPStorageMapper.class)

staticprivate

◆ mapperModel

final ComponentModel org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.mapperModel

protectedinherited

◆ READ_ONLY

final String org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.READ_ONLY = "read.only"

static

◆ session

final KeycloakSession org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.session

protectedinherited

◆ USER_MODEL_ATTRIBUTE

final String org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE = "user.model.attribute"

static

◆ userModelProperties

final Map<String, Property<Object> > org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.userModelProperties

staticprivate

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapper.java

公開メンバ関数

静的公開メンバ関数

静的公開変数類

限定公開メンバ関数

限定公開変数類

静的関数

非公開メンバ関数

静的非公開変数類

詳解

構築子と解体子

◆ UserAttributeLDAPStorageMapper()

関数詳解

◆ [static initializer]()

◆ beforeLDAPQuery()

◆ checkDuplicateEmail()

◆ close()

◆ getGroupMembers()

◆ getLdapProvider()

◆ isReadOnly()

◆ onAuthenticationFailure()

◆ onImportUserFromLDAP()

◆ onRegisterUserToLDAP()

◆ parseBooleanParameter()

◆ proxy()

◆ setPropertyOnUserModel()

◆ syncDataFromFederationProviderToKeycloak()

◆ syncDataFromKeycloakToFederationProvider()

メンバ詳解

◆ ALWAYS_READ_VALUE_FROM_LDAP

◆ IS_BINARY_ATTRIBUTE

◆ IS_MANDATORY_IN_LDAP

◆ LDAP_ATTRIBUTE

◆ ldapProvider

◆ logger

◆ mapperModel

◆ READ_ONLY

◆ session

◆ USER_MODEL_ATTRIBUTE

◆ userModelProperties