org.keycloak.services.resources.admin.UserResource 連携図

公開メンバ関数
	UserResource (RealmModel realm, UserModel user, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)

Response	updateUser (final UserRepresentation rep)

UserRepresentation	getUser ()

Map< String, Object >	impersonate ()

List< UserSessionRepresentation >	getSessions ()

List< UserSessionRepresentation >	getOfflineSessions (final @PathParam("clientId") String clientId)

List< FederatedIdentityRepresentation >	getFederatedIdentity ()

Response	addFederatedIdentity (final @PathParam("provider") String provider, FederatedIdentityRepresentation rep)

void	removeFederatedIdentity (final @PathParam("provider") String provider)

List< Map< String, Object > >	getConsents ()

void	revokeConsent (final @PathParam("client") String clientId)

void	logout ()

Response	deleteUser ()

RoleMapperResource	getRoleMappings ()

void	disableCredentialType (List< String > credentialTypes)

void	resetPassword (CredentialRepresentation pass)

void	removeTotp ()

Response	resetPasswordEmail (@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId)

Response	executeActionsEmail (@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId, @QueryParam("lifespan") Integer lifespan, List< String > actions)

Response	sendVerifyEmail (@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId)

List< GroupRepresentation >	groupMembership ()

void	removeMembership (@PathParam("groupId") String groupId)

void	joinGroup (@PathParam("groupId") String groupId)

静的公開メンバ関数
static void	updateUserFromRep (UserModel user, UserRepresentation rep, Set< String > attrsToRemove, RealmModel realm, KeycloakSession session, boolean removeMissingRequiredActions)

限定公開変数類
RealmModel	realm

ClientConnection	clientConnection

KeycloakSession	session

HttpHeaders	headers

非公開メンバ関数
List< FederatedIdentityRepresentation >	getFederatedIdentities (UserModel user)

非公開変数類
AdminPermissionEvaluator	auth

AdminEventBuilder	adminEvent

UserModel	user

静的非公開変数類
static final Logger	logger = Logger.getLogger(UserResource.class)

詳解

Base resource for managing users

Users

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ UserResource()

org.keycloak.services.resources.admin.UserResource.UserResource	(	RealmModel	realm,
		UserModel	user,
		AdminPermissionEvaluator	auth,
		AdminEventBuilder	adminEvent
	)

inline

                                                                                                                        {
         this.auth = auth;
         this.realm = realm;
         this.user = user;
         this.adminEvent = adminEvent.resource(ResourceType.USER);
     }

関数詳解

◆ addFederatedIdentity()

Response org.keycloak.services.resources.admin.UserResource.addFederatedIdentity	(	final @PathParam("provider") String	provider,
		FederatedIdentityRepresentation	rep
	)

inline

Add a social login provider to the user

引数

provider	Social login provider id
rep

戻り値

                                                                                                                             {
         auth.users().requireManage(user);
         if (session.users().getFederatedIdentity(user, provider, realm) != null) {
             return ErrorResponse.exists("User is already linked with provider");
         }
 
         FederatedIdentityModel socialLink = new FederatedIdentityModel(provider, rep.getUserId(), rep.getUserName());
         session.users().addFederatedIdentity(realm, user, socialLink);
         adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(rep).success();
         return Response.noContent().build();
     }

◆ deleteUser()

Response org.keycloak.services.resources.admin.UserResource.deleteUser ( )

inline

Delete the user

                                  {
         auth.users().requireManage(user);
 
         boolean removed = new UserManager(session).removeUser(realm, user);
         if (removed) {
             adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
             return Response.noContent().build();
         } else {
             return ErrorResponse.error("User couldn't be deleted", Status.BAD_REQUEST);
         }
     }

◆ disableCredentialType()

void org.keycloak.services.resources.admin.UserResource.disableCredentialType ( List< String > credentialTypes )

inline

Disable all credentials for a user of a specific type

引数

credentialTypes

                                                                     {
         auth.users().requireManage(user);
         if (credentialTypes == null) return;
         for (String type : credentialTypes) {
             session.userCredentialManager().disableCredentialType(realm, user, type);
 
         }
 
 
     }

◆ executeActionsEmail()

Response org.keycloak.services.resources.admin.UserResource.executeActionsEmail	(	@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String	redirectUri,
		@QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String	clientId,
		@QueryParam("lifespan") Integer	lifespan,
		List< String >	actions
	)

inline

Send a update account email to the user

An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.

引数

redirectUri	Redirect uri
clientId	Client id
lifespan	Number of seconds after which the generated token expires
actions	required actions the user needs to complete

戻り値

                                                               {
         auth.users().requireManage(user);
 
         if (user.getEmail() == null) {
             return ErrorResponse.error("User email missing", Status.BAD_REQUEST);
         }
 
         if (!user.isEnabled()) {
             throw new WebApplicationException(
                 ErrorResponse.error("User is disabled", Status.BAD_REQUEST));
         }
 
         if (redirectUri != null && clientId == null) {
             throw new WebApplicationException(
                 ErrorResponse.error("Client id missing", Status.BAD_REQUEST));
         }
 
         if (clientId == null) {
             clientId = Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
         }
 
         ClientModel client = realm.getClientByClientId(clientId);
         if (client == null || !client.isEnabled()) {
             throw new WebApplicationException(
                 ErrorResponse.error(clientId + " not enabled", Status.BAD_REQUEST));
         }
 
         String redirect;
         if (redirectUri != null) {
             redirect = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), redirectUri, realm, client);
             if (redirect == null) {
                 throw new WebApplicationException(
                     ErrorResponse.error("Invalid redirect uri.", Status.BAD_REQUEST));
             }
         }
 
         if (lifespan == null) {
             lifespan = realm.getActionTokenGeneratedByAdminLifespan();
         }
         int expiration = Time.currentTime() + lifespan;
         ExecuteActionsActionToken token = new ExecuteActionsActionToken(user.getId(), expiration, actions, redirectUri, clientId);
 
         try {
             UriBuilder builder = LoginActionsService.actionTokenProcessor(session.getContext().getUri());
             builder.queryParam("key", token.serialize(session, realm, session.getContext().getUri()));
 
             String link = builder.build(realm.getName()).toString();
 
             this.session.getProvider(EmailTemplateProvider.class)
               .setAttribute(Constants.TEMPLATE_ATTR_REQUIRED_ACTIONS, token.getRequiredActions())
               .setRealm(realm)
               .setUser(user)
               .sendExecuteActions(link, TimeUnit.SECONDS.toMinutes(lifespan));
 
             //audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success();
 
             adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
 
             return Response.ok().build();
         } catch (EmailException e) {
             ServicesLogger.LOGGER.failedToSendActionsEmail(e);
             return ErrorResponse.error("Failed to send execute actions email", Status.INTERNAL_SERVER_ERROR);
         }
     }

◆ getConsents()

List<Map<String, Object> > org.keycloak.services.resources.admin.UserResource.getConsents ( )

inline

Get consents granted by the user

戻り値

                                                    {
         auth.users().requireView(user);
         List<Map<String, Object>> result = new LinkedList<>();
 
         Set<ClientModel> offlineClients = new UserSessionManager(session).findClientsWithOfflineToken(realm, user);
 
         for (ClientModel client : realm.getClients()) {
             UserConsentModel consent = session.users().getConsentByClient(realm, user.getId(), client.getId());
             boolean hasOfflineToken = offlineClients.contains(client);
 
             if (consent == null && !hasOfflineToken) {
                 continue;
             }
 
             UserConsentRepresentation rep = (consent == null) ? null : ModelToRepresentation.toRepresentation(consent);
 
             Map<String, Object> currentRep = new HashMap<>();
             currentRep.put("clientId", client.getClientId());
             currentRep.put("grantedClientScopes", (rep==null ? Collections.emptyList() : rep.getGrantedClientScopes()));
             currentRep.put("createdDate", (rep==null ? null : rep.getCreatedDate()));
             currentRep.put("lastUpdatedDate", (rep==null ? null : rep.getLastUpdatedDate()));
 
             List<Map<String, String>> additionalGrants = new LinkedList<>();
             if (hasOfflineToken) {
                 Map<String, String> offlineTokens = new HashMap<>();
                 offlineTokens.put("client", client.getId());
                 // TODO: translate
                 offlineTokens.put("key", "Offline Token");
                 additionalGrants.add(offlineTokens);
             }
             currentRep.put("additionalGrants", additionalGrants);
 
             result.add(currentRep);
         }
 
         return result;
     }

◆ getFederatedIdentities()

List<FederatedIdentityRepresentation> org.keycloak.services.resources.admin.UserResource.getFederatedIdentities ( UserModel user )

inlineprivate

                                                                                          {
         Set<FederatedIdentityModel> identities = session.users().getFederatedIdentities(user, realm);
         List<FederatedIdentityRepresentation> result = new ArrayList<FederatedIdentityRepresentation>();
 
         for (FederatedIdentityModel identity : identities) {
             for (IdentityProviderModel identityProviderModel : realm.getIdentityProviders()) {
                 if (identityProviderModel.getAlias().equals(identity.getIdentityProvider())) {
                     FederatedIdentityRepresentation rep = ModelToRepresentation.toRepresentation(identity);
                     result.add(rep);
                 }
             }
         }
         return result;
     }

◆ getFederatedIdentity()

List<FederatedIdentityRepresentation> org.keycloak.services.resources.admin.UserResource.getFederatedIdentity ( )

inline

Get social logins associated with the user

戻り値

                                                                         {
         auth.users().requireView(user);
 
         return getFederatedIdentities(user);
     }

◆ getOfflineSessions()

List<UserSessionRepresentation> org.keycloak.services.resources.admin.UserResource.getOfflineSessions ( final @PathParam("clientId") String clientId )

inline

Get offline sessions associated with the user and client

戻り値

                                                                                                             {
         auth.users().requireView(user);
         ClientModel client = realm.getClientById(clientId);
         if (client == null) {
             throw new NotFoundException("Client not found");
         }
         List<UserSessionModel> sessions = new UserSessionManager(session).findOfflineSessions(realm, user);
         List<UserSessionRepresentation> reps = new ArrayList<UserSessionRepresentation>();
         for (UserSessionModel session : sessions) {
             UserSessionRepresentation rep = ModelToRepresentation.toRepresentation(session);
 
             // Update lastSessionRefresh with the timestamp from clientSession
             AuthenticatedClientSessionModel clientSession = session.getAuthenticatedClientSessionByClient(clientId);
 
             // Skip if userSession is not for this client
             if (clientSession == null) {
                 continue;
             }
 
             rep.setLastAccess(clientSession.getTimestamp());
 
             reps.add(rep);
         }
         return reps;
     }

◆ getRoleMappings()

RoleMapperResource org.keycloak.services.resources.admin.UserResource.getRoleMappings ( )

inline

                                                 {
         AdminPermissionEvaluator.RequirePermissionCheck manageCheck = () -> auth.users().requireMapRoles(user);
         AdminPermissionEvaluator.RequirePermissionCheck viewCheck = () -> auth.users().requireView(user);
         RoleMapperResource resource =  new RoleMapperResource(realm, auth, user, adminEvent, manageCheck, viewCheck);
         ResteasyProviderFactory.getInstance().injectProperties(resource);
         return resource;
 
     }

◆ getSessions()

List<UserSessionRepresentation> org.keycloak.services.resources.admin.UserResource.getSessions ( )

inline

Get sessions associated with the user

戻り値

                                                          {
         auth.users().requireView(user);
         List<UserSessionModel> sessions = session.sessions().getUserSessions(realm, user);
         List<UserSessionRepresentation> reps = new ArrayList<UserSessionRepresentation>();
         for (UserSessionModel session : sessions) {
             UserSessionRepresentation rep = ModelToRepresentation.toRepresentation(session);
             reps.add(rep);
         }
         return reps;
     }

◆ getUser()

UserRepresentation org.keycloak.services.resources.admin.UserResource.getUser ( )

inline

Get representation of the user

戻り値

                                         {
         auth.users().requireView(user);
 
         UserRepresentation rep = ModelToRepresentation.toRepresentation(session, realm, user);
 
         if (realm.isIdentityFederationEnabled()) {
             List<FederatedIdentityRepresentation> reps = getFederatedIdentities(user);
             rep.setFederatedIdentities(reps);
         }
 
         if (session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, user)) {
             rep.setEnabled(false);
         }
         rep.setAccess(auth.users().getAccess(user));
 
         return rep;
     }

◆ groupMembership()

List<GroupRepresentation> org.keycloak.services.resources.admin.UserResource.groupMembership ( )

inline

                                                        {
         auth.users().requireView(user);
         List<GroupRepresentation> memberships = new LinkedList<>();
         for (GroupModel group : user.getGroups()) {
             memberships.add(ModelToRepresentation.toRepresentation(group, false));
         }
         return memberships;
     }

◆ impersonate()

Map<String, Object> org.keycloak.services.resources.admin.UserResource.impersonate ( )

inline

Impersonate the user

戻り値

                                              {
         ProfileHelper.requireFeature(Profile.Feature.IMPERSONATION);
 
         auth.users().requireImpersonate(user);
         RealmModel authenticatedRealm = auth.adminAuth().getRealm();
         // if same realm logout before impersonation
         boolean sameRealm = false;
         if (authenticatedRealm.getId().equals(realm.getId())) {
             sameRealm = true;
             UserSessionModel userSession = session.sessions().getUserSession(authenticatedRealm, auth.adminAuth().getToken().getSessionState());
             AuthenticationManager.expireIdentityCookie(realm, session.getContext().getUri(), clientConnection);
             AuthenticationManager.expireRememberMeCookie(realm, session.getContext().getUri(), clientConnection);
             AuthenticationManager.backchannelLogout(session, authenticatedRealm, userSession, session.getContext().getUri(), clientConnection, headers, true);
         }
         EventBuilder event = new EventBuilder(realm, session, clientConnection);
 
         UserSessionModel userSession = session.sessions().createUserSession(realm, user, user.getUsername(), clientConnection.getRemoteAddr(), "impersonate", false, null, null);
         AuthenticationManager.createLoginCookie(session, realm, userSession.getUser(), userSession, session.getContext().getUri(), clientConnection);
         URI redirect = AccountFormService.accountServiceApplicationPage(session.getContext().getUri()).build(realm.getName());
         Map<String, Object> result = new HashMap<>();
         result.put("sameRealm", sameRealm);
         result.put("redirect", redirect.toString());
         event.event(EventType.IMPERSONATE)
              .session(userSession)
              .user(user)
              .detail(Details.IMPERSONATOR_REALM,authenticatedRealm.getName())
              .detail(Details.IMPERSONATOR, auth.adminAuth().getUser().getUsername()).success();
 
         return result;
     }

◆ joinGroup()

void org.keycloak.services.resources.admin.UserResource.joinGroup ( @PathParam("groupId") String groupId )

inline

                                                                 {
         auth.users().requireManageGroupMembership(user);
         GroupModel group = session.realms().getGroupById(groupId, realm);
         if (group == null) {
             throw new NotFoundException("Group not found");
         }
         auth.groups().requireManageMembership(group);
         if (!user.isMemberOf(group)){
             user.joinGroup(group);
             adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(session.getContext().getUri()).success();
         }
     }

◆ logout()

void org.keycloak.services.resources.admin.UserResource.logout ( )

inline

Remove all user sessions associated with the user

Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.

                          {
         auth.users().requireManage(user);
 
         session.users().setNotBeforeForUser(realm, user, Time.currentTime());
 
         List<UserSessionModel> userSessions = session.sessions().getUserSessions(realm, user);
         for (UserSessionModel userSession : userSessions) {
             AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, true);
         }
         adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
     }

◆ removeFederatedIdentity()

void org.keycloak.services.resources.admin.UserResource.removeFederatedIdentity ( final @PathParam("provider") String provider )

inline

Remove a social login provider from user

引数

provider Social login provider id

                                                                                       {
         auth.users().requireManage(user);
         if (!session.users().removeFederatedIdentity(realm, user, provider)) {
             throw new NotFoundException("Link not found");
         }
         adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
     }

◆ removeMembership()

void org.keycloak.services.resources.admin.UserResource.removeMembership ( @PathParam("groupId") String groupId )

inline

                                                                        {
         auth.users().requireManageGroupMembership(user);
 
         GroupModel group = session.realms().getGroupById(groupId, realm);
         if (group == null) {
             throw new NotFoundException("Group not found");
         }
         auth.groups().requireManageMembership(group);
 
         try {
             if (user.isMemberOf(group)){
                 user.leaveGroup(group);
                 adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(session.getContext().getUri()).success();
             }
         } catch (ModelException me) {
             Properties messages = AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale());
             throw new ErrorResponseException(me.getMessage(), MessageFormat.format(messages.getProperty(me.getMessage(), me.getMessage()), me.getParameters()),
                     Status.BAD_REQUEST);
         }
     }

◆ removeTotp()

void org.keycloak.services.resources.admin.UserResource.removeTotp ( )

inline

Remove TOTP from the user

                              {
         auth.users().requireManage(user);
 
         session.userCredentialManager().disableCredentialType(realm, user, CredentialModel.OTP);
         adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
     }

◆ resetPassword()

void org.keycloak.services.resources.admin.UserResource.resetPassword ( CredentialRepresentation pass )

inline

Set up a temporary password for the user

User will have to reset the temporary password next time they log in.

引数

pass	A Temporary password

                                                              {
         auth.users().requireManage(user);
         if (pass == null || pass.getValue() == null || !CredentialRepresentation.PASSWORD.equals(pass.getType())) {
             throw new BadRequestException("No password provided");
         }
         if (Validation.isBlank(pass.getValue())) {
             throw new BadRequestException("Empty password not allowed");
         }
 
         UserCredentialModel cred = UserCredentialModel.password(pass.getValue(), true);
         try {
             session.userCredentialManager().updateCredential(realm, user, cred);
         } catch (IllegalStateException ise) {
             throw new BadRequestException("Resetting to N old passwords is not allowed.");
         } catch (ReadOnlyException mre) {
             throw new BadRequestException("Can't reset password as account is read only");
         } catch (ModelException e) {
             Properties messages = AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale());
             throw new ErrorResponseException(e.getMessage(), MessageFormat.format(messages.getProperty(e.getMessage(), e.getMessage()), e.getParameters()),
                     Status.BAD_REQUEST);
         }
         if (pass.isTemporary() != null && pass.isTemporary()) user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
 
         adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
     }

◆ resetPasswordEmail()

Response org.keycloak.services.resources.admin.UserResource.resetPasswordEmail	(	@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String	redirectUri,
		@QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String	clientId
	)

inline

Send an email to the user with a link they can click to reset their password. The redirectUri and clientId parameters are optional. The default for the redirect is the account client.

This endpoint has been deprecated. Please use the execute-actions-email passing a list with UPDATE_PASSWORD within it.

引数

redirectUri	redirect uri
clientId	client id

戻り値

                                                                                                        {
         List<String> actions = new LinkedList<>();
         actions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
         return executeActionsEmail(redirectUri, clientId, null, actions);
     }

◆ revokeConsent()

void org.keycloak.services.resources.admin.UserResource.revokeConsent ( final @PathParam("client") String clientId )

inline

Revoke consent and offline tokens for particular client from user

引数

clientId Client id

                                                                           {
         auth.users().requireManage(user);
 
         ClientModel client = realm.getClientByClientId(clientId);
         if (client == null) {
             throw new NotFoundException("Client not found");
         }
         boolean revokedConsent = session.users().revokeConsentForClient(realm, user.getId(), client.getId());
         boolean revokedOfflineToken = new UserSessionManager(session).revokeOfflineToken(user, client);
 
         if (revokedConsent) {
             // Logout clientSessions for this user and client
             AuthenticationManager.backchannelLogoutUserFromClient(session, realm, user, client, session.getContext().getUri(), headers);
         }
 
         if (!revokedConsent && !revokedOfflineToken) {
             throw new NotFoundException("Consent nor offline token not found");
         }
         adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
     }

◆ sendVerifyEmail()

Response org.keycloak.services.resources.admin.UserResource.sendVerifyEmail	(	@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String	redirectUri,
		@QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String	clientId
	)

inline

Send an email-verification email to the user

An email contains a link the user can click to verify their email address. The redirectUri and clientId parameters are optional. The default for the redirect is the account client.

引数

redirectUri	Redirect uri
clientId	Client id

戻り値

                                                                                                                                                                           {
         List<String> actions = new LinkedList<>();
         actions.add(UserModel.RequiredAction.VERIFY_EMAIL.name());
         return executeActionsEmail(redirectUri, clientId, null, actions);
     }

◆ updateUser()

Response org.keycloak.services.resources.admin.UserResource.updateUser ( final UserRepresentation rep )

inline

Update the user

引数

rep

戻り値

                                                              {
 
         auth.users().requireManage(user);
         try {
             Set<String> attrsToRemove;
             if (rep.getAttributes() != null) {
                 attrsToRemove = new HashSet<>(user.getAttributes().keySet());
                 attrsToRemove.removeAll(rep.getAttributes().keySet());
             } else {
                 attrsToRemove = Collections.emptySet();
             }
 
             if (rep.isEnabled() != null && rep.isEnabled()) {
                 UserLoginFailureModel failureModel = session.sessions().getUserLoginFailure(realm, user.getId());
                 if (failureModel != null) {
                     failureModel.clearFailures();
                 }
             }
 
             updateUserFromRep(user, rep, attrsToRemove, realm, session, true);
             RepresentationToModel.createCredentials(rep, session, realm, user, true);
             adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
 
             if (session.getTransactionManager().isActive()) {
                 session.getTransactionManager().commit();
             }
             return Response.noContent().build();
         } catch (ModelDuplicateException e) {
             return ErrorResponse.exists("User exists with same username or email");
         } catch (ReadOnlyException re) {
             return ErrorResponse.exists("User is read only!");
         } catch (ModelException me) {
             logger.warn("Could not update user!", me);
             return ErrorResponse.exists("Could not update user!");
         } catch (ForbiddenException fe) {
             throw fe;
         } catch (Exception me) { // JPA
             logger.warn("Could not update user!", me);// may be committed by JTA which can't
             return ErrorResponse.exists("Could not update user!");
         }
     }

◆ updateUserFromRep()

static void org.keycloak.services.resources.admin.UserResource.updateUserFromRep	(	UserModel	user,
		UserRepresentation	rep,
		Set< String >	attrsToRemove,
		RealmModel	realm,
		KeycloakSession	session,
		boolean	removeMissingRequiredActions
	)

inlinestatic

                                                                                                                                                                                              {
         if (rep.getUsername() != null && realm.isEditUsernameAllowed()) {
             user.setUsername(rep.getUsername());
         }
         if (rep.getEmail() != null) user.setEmail(rep.getEmail());
         if (rep.getEmail() == "") user.setEmail(null);
         if (rep.getFirstName() != null) user.setFirstName(rep.getFirstName());
         if (rep.getLastName() != null) user.setLastName(rep.getLastName());
 
         if (rep.isEnabled() != null) user.setEnabled(rep.isEnabled());
         if (rep.isEmailVerified() != null) user.setEmailVerified(rep.isEmailVerified());
 
         if (rep.getFederationLink() != null) user.setFederationLink(rep.getFederationLink());
 
         List<String> reqActions = rep.getRequiredActions();
 
         if (reqActions != null) {
             Set<String> allActions = new HashSet<>();
             for (ProviderFactory factory : session.getKeycloakSessionFactory().getProviderFactories(RequiredActionProvider.class)) {
                 allActions.add(factory.getId());
             }
             for (String action : allActions) {
                 if (reqActions.contains(action)) {
                     user.addRequiredAction(action);
                 } else if (removeMissingRequiredActions) {
                     user.removeRequiredAction(action);
                 }
             }
         }
 
         if (rep.getAttributes() != null) {
             for (Map.Entry<String, List<String>> attr : rep.getAttributes().entrySet()) {
                 user.setAttribute(attr.getKey(), attr.getValue());
             }
 
             for (String attr : attrsToRemove) {
                 user.removeAttribute(attr);
             }
         }
     }

メンバ詳解

◆ adminEvent

AdminEventBuilder org.keycloak.services.resources.admin.UserResource.adminEvent

private

◆ auth

AdminPermissionEvaluator org.keycloak.services.resources.admin.UserResource.auth

private

◆ clientConnection

ClientConnection org.keycloak.services.resources.admin.UserResource.clientConnection

protected

◆ headers

HttpHeaders org.keycloak.services.resources.admin.UserResource.headers

protected

◆ logger

final Logger org.keycloak.services.resources.admin.UserResource.logger = Logger.getLogger(UserResource.class)

staticprivate

◆ realm

RealmModel org.keycloak.services.resources.admin.UserResource.realm

protected

◆ session

KeycloakSession org.keycloak.services.resources.admin.UserResource.session

protected

◆ user

UserModel org.keycloak.services.resources.admin.UserResource.user

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java

公開メンバ関数

静的公開メンバ関数

限定公開変数類

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ UserResource()

関数詳解

◆ addFederatedIdentity()

◆ deleteUser()

◆ disableCredentialType()

◆ executeActionsEmail()

◆ getConsents()

◆ getFederatedIdentities()

◆ getFederatedIdentity()

◆ getOfflineSessions()

◆ getRoleMappings()

◆ getSessions()

◆ getUser()

◆ groupMembership()

◆ impersonate()

◆ joinGroup()

◆ logout()

◆ removeFederatedIdentity()

◆ removeMembership()

◆ removeTotp()

◆ resetPassword()

◆ resetPasswordEmail()

◆ revokeConsent()

◆ sendVerifyEmail()

◆ updateUser()

◆ updateUserFromRep()

メンバ詳解

◆ adminEvent

◆ auth

◆ clientConnection

◆ headers

◆ logger

◆ realm

◆ session

◆ user