Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.imetrik.saas.server.services.insuranceWebUIBackend.dao.federation;
- import com.imetrik.global.common.util.PasswordHasher;
- import lombok.Getter;
- import org.keycloak.models.*;
- import org.skife.jdbi.v2.DBI;
- import java.util.*;
- /**
- * User: Remi
- * Date: 2015-10-05
- * Time: 12:20 PM
- */
- public class JdbcUserFederationProvider implements UserFederationProvider {
- protected static final Set<String> supportedCredentialTypes = new HashSet<String>();
- @Getter
- private KeycloakSession session;
- @Getter
- private UserFederationProviderModel model;
- @Getter
- private DBI dbi;
- static {
- supportedCredentialTypes.add(UserCredentialModel.PASSWORD);
- }
- public JdbcUserFederationProvider(KeycloakSession session, UserFederationProviderModel model, DBI dbi) {
- this.session = session;
- this.model = model;
- this.dbi = dbi;
- }
- @Override
- public UserModel validateAndProxy(RealmModel realm, UserModel local) {
- return local;
- }
- @Override
- public boolean synchronizeRegistrations() {
- return false;
- }
- @Override
- public UserModel register(RealmModel realm, UserModel user) {
- throw new IllegalStateException("Registration not supported");
- }
- @Override
- public boolean removeUser(RealmModel realm, UserModel user) {
- throw new IllegalStateException("Remove not supported");
- }
- //This method is called if the user doesn't exist in keycloak
- @Override
- public UserModel getUserByUsername(RealmModel realm, String username) {
- Map<String,Object> map = getDbi().withHandle(handle -> handle.createQuery("SELECT * FROM users WHERE username = :username").bind("username",username).first());
- if (map != null) {
- UserModel userModel = session.userStorage().addUser(realm, username);
- //How to update the email field ?
- userModel.setEmail((String) map.get("email"));
- return userModel;
- }
- return null;
- }
- @Override
- public UserModel getUserByEmail(RealmModel realm, String email) {
- Map<String,Object> map = getDbi().withHandle(handle -> handle.createQuery("SELECT * FROM users WHERE email = :email").bind("email",email).first());
- if (map != null) {
- UserModel userModel = session.userStorage().addUser(realm, (String) map.get("username"));
- //How to update the email field ?
- userModel.setEmail(email);
- return userModel;
- }
- return null;
- }
- @Override
- public List<UserModel> searchByAttributes(Map<String, String> attributes, RealmModel realm, int maxResults) {
- return Collections.emptyList();
- }
- @Override
- public void preRemove(RealmModel realm) {
- //nothing to do
- }
- @Override
- public void preRemove(RealmModel realm, RoleModel role) {
- //nothing to do
- }
- //Because we are importing over time in keycloak, we don't care about the origin
- @Override
- public boolean isValid(RealmModel realm, UserModel local) {
- return true;
- }
- @Override
- public Set<String> getSupportedCredentialTypes(UserModel user) {
- return supportedCredentialTypes;
- }
- @Override
- public Set<String> getSupportedCredentialTypes() {
- return supportedCredentialTypes;
- }
- @Override
- public boolean validCredentials(RealmModel realm, UserModel user, List<UserCredentialModel> input) {
- return validCredentials(realm, user, input.toArray(new UserCredentialModel[input.size()]));
- }
- @Override
- public boolean validCredentials(RealmModel realm, UserModel user, UserCredentialModel... input) {
- for (UserCredentialModel cred : input) {
- if (cred.getType().equals(UserCredentialModel.PASSWORD)) {
- String hashedPassword = getDbi().withHandle(handle -> handle.createQuery("SELECT password FROM users WHERE username = :username").bind("username", user.getUsername()).mapTo(String.class).first());
- if (PasswordHasher.hashPassword(cred.getValue(), user.getUsername()).equals(hashedPassword)) {
- //User has valid password in the old system, so we will update his password in keycloak
- //is this the right way to do it ?
- user.updateCredential(cred);
- user.setFederationLink(null); //no more federated
- }
- } else {
- return false; // invalid cred type
- }
- }
- return false;
- }
- @Override
- public CredentialValidationOutput validCredentials(RealmModel realm, UserCredentialModel credential) {
- return CredentialValidationOutput.failed();
- }
- @Override
- public void close() {
- //nothing to do
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement