@Override
public boolean isConfiguredFor(RealmModel realm, UserModel user, String type) {
if (!StorageId.isLocalStorage(user)) {
String providerId = StorageId.resolveProviderId(user);
UserStorageProvider provider =
UserStorageManager.getStorageProvider(session, realm, providerId);
if (provider instanceof CredentialInputValidator) {
CredentialInputValidator validator = (CredentialInputValidator) provider;
if (validator.supportsCredentialType(type)
&& validator.isConfiguredFor(realm, user, type)) {
return true;
}
}
} else {
// <deprecate>
UserFederationProvider link = session.users().getFederationLink(realm, user);
if (link != null) {
if (link.isConfiguredFor(realm, user, type)) return true;
}
// </deprecate>
else if (user.getFederationLink() != null) {
UserStorageProvider provider =
UserStorageManager.getStorageProvider(session, realm, user.getFederationLink());
if (provider != null && provider instanceof CredentialInputValidator) {
if (((CredentialInputValidator) provider).isConfiguredFor(realm, user, type)) return true;
}
}
}
return isConfiguredLocally(realm, user, type);
}
@Override
public void updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
if (!StorageId.isLocalStorage(user)) {
String providerId = StorageId.resolveProviderId(user);
UserStorageProvider provider =
UserStorageManager.getStorageProvider(session, realm, providerId);
if (provider instanceof CredentialInputUpdater) {
CredentialInputUpdater updater = (CredentialInputUpdater) provider;
if (updater.supportsCredentialType(input.getType())) {
if (updater.updateCredential(realm, user, input)) return;
}
}
} else {
// <deprecated>
UserFederationProvider link = session.users().getFederationLink(realm, user);
if (link != null) {
if (link.updateCredential(realm, user, input)) return;
}
// </deprecated>
else if (user.getFederationLink() != null) {
UserStorageProvider provider =
UserStorageManager.getStorageProvider(session, realm, user.getFederationLink());
if (provider != null && provider instanceof CredentialInputUpdater) {
if (((CredentialInputUpdater) provider).updateCredential(realm, user, input)) return;
}
}
}
List<CredentialInputUpdater> credentialProviders =
getCredentialProviders(realm, CredentialInputUpdater.class);
for (CredentialInputUpdater updater : credentialProviders) {
if (!updater.supportsCredentialType(input.getType())) continue;
if (updater.updateCredential(realm, user, input)) return;
}
}
@Override
public void disableCredential(RealmModel realm, UserModel user, String credentialType) {
if (!StorageId.isLocalStorage(user)) {
String providerId = StorageId.resolveProviderId(user);
UserStorageProvider provider =
UserStorageManager.getStorageProvider(session, realm, providerId);
if (provider instanceof CredentialInputUpdater) {
CredentialInputUpdater updater = (CredentialInputUpdater) provider;
if (updater.supportsCredentialType(credentialType)) {
updater.disableCredentialType(realm, user, credentialType);
}
}
} else {
UserFederationProvider link = session.users().getFederationLink(realm, user);
if (link != null && link.getSupportedCredentialTypes().contains(credentialType)) {
link.disableCredentialType(realm, user, credentialType);
} else if (user.getFederationLink() != null) {
UserStorageProvider provider =
UserStorageManager.getStorageProvider(session, realm, user.getFederationLink());
if (provider != null && provider instanceof CredentialInputUpdater) {
((CredentialInputUpdater) provider).disableCredentialType(realm, user, credentialType);
}
}
}
List<CredentialInputUpdater> credentialProviders =
getCredentialProviders(realm, CredentialInputUpdater.class);
for (CredentialInputUpdater updater : credentialProviders) {
if (!updater.supportsCredentialType(credentialType)) continue;
updater.disableCredentialType(realm, user, credentialType);
}
}
@Override
public CredentialValidationOutput authenticate(
KeycloakSession session, RealmModel realm, CredentialInput input) {
List<UserFederationProviderModel> fedProviderModels = realm.getUserFederationProviders();
List<UserFederationProvider> fedProviders = new ArrayList<UserFederationProvider>();
for (UserFederationProviderModel fedProviderModel : fedProviderModels) {
UserFederationProvider provider = session.users().getFederationProvider(fedProviderModel);
if (input instanceof UserCredentialModel
&& provider != null
&& provider.supportsCredentialType(input.getType())) {
CredentialValidationOutput output =
provider.validCredentials(realm, (UserCredentialModel) input);
if (output != null) return output;
}
}
List<CredentialAuthentication> list =
UserStorageManager.getStorageProviders(session, realm, CredentialAuthentication.class);
for (CredentialAuthentication auth : list) {
if (auth.supportsCredentialAuthenticationFor(input.getType())) {
CredentialValidationOutput output = auth.authenticate(realm, input);
if (output != null) return output;
}
}
list = getCredentialProviders(realm, CredentialAuthentication.class);
for (CredentialAuthentication auth : list) {
if (auth.supportsCredentialAuthenticationFor(input.getType())) {
CredentialValidationOutput output = auth.authenticate(realm, input);
if (output != null) return output;
}
}
return null;
}
@Override
public boolean isValid(RealmModel realm, UserModel user, List<CredentialInput> inputs) {
List<CredentialInput> toValidate = new LinkedList<>();
toValidate.addAll(inputs);
if (!StorageId.isLocalStorage(user)) {
String providerId = StorageId.resolveProviderId(user);
UserStorageProvider provider =
UserStorageManager.getStorageProvider(session, realm, providerId);
if (provider instanceof CredentialInputValidator) {
Iterator<CredentialInput> it = toValidate.iterator();
while (it.hasNext()) {
CredentialInput input = it.next();
CredentialInputValidator validator = (CredentialInputValidator) provider;
if (validator.supportsCredentialType(input.getType())
&& validator.isValid(realm, user, input)) {
it.remove();
}
}
}
} else {
// <deprecate>
UserFederationProvider link = session.users().getFederationLink(realm, user);
if (link != null) {
session.users().validateUser(realm, user);
validate(realm, user, toValidate, link);
} // </deprecate>
else if (user.getFederationLink() != null) {
UserStorageProvider provider =
UserStorageManager.getStorageProvider(session, realm, user.getFederationLink());
if (provider != null && provider instanceof CredentialInputValidator) {
validate(realm, user, toValidate, ((CredentialInputValidator) provider));
}
}
}
if (toValidate.isEmpty()) return true;
List<CredentialInputValidator> credentialProviders =
getCredentialProviders(realm, CredentialInputValidator.class);
for (CredentialInputValidator validator : credentialProviders) {
validate(realm, user, toValidate, validator);
}
return toValidate.isEmpty();
}