java - Keycloak 用户存储 SPI 实现

Question

我正在尝试实现一个自定义 keycloack 身份 validator SPI，用于针对外部数据源进行身份验证。 Spring boot Rest Service 也可用，我也可以使用它。

我试图解决的用例是

User is presented keycloak login screen. Onsubmission User is validated against external Datasource.

Retrieve some attributes from external datasource, map it to keycloak's id and access token.

Also put in a condition of user restriction of same user logging in multiple times at the same time.

I was thinking, it could be solved by retrieving user session information that's available in the keycloak datasource. If i use external datasource, does keycloak still maintain session information?

我遵循了官方指南( https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi_walkthrough )的第 8.3 节，这与我需要的非常相似。

现在我跳过并开始按照第 11 节(https://www.keycloak.org/docs/latest/server_development/index.html#_user-storage-spi)似乎也更合适。

我所做的是从实现自定义身份 validator SPI 开始，认为这不是正确的方法，现在实现了 UserStorageProvider。

/***
 * From UserLookupProvider
 */
public UserModel getUserById(String id, RealmModel realm) {
    System.out.println("ID: " + id + ":REALM:" + realm);
    StorageId storageId = new StorageId(id);
    /**
     * StorageId.getExternalId() method is invoked to obtain 
     * the username embeded in the id parameter
     */
    String username = storageId.getExternalId();
    System.out.println("Name:" + username);
    return getUserByUsername(username, realm);
}

/***
 * From UserLookupProvider
 * This method is invoked by the Keycloak login page when a user logs in
 */
public UserModel getUserByUsername(String username, RealmModel realm) {
    System.out.println("USERNAME: " + username + ":REALM:" + realm);
    UserModel userModel = loadedUsers.get(username);
    if (userModel == null) {
        String password = properties.getProperty(username);
        if (password != null) {
            userModel = createUserModel(realm, username);
            System.out.println("New UserModel:");
            System.out.println(userModel.toString());
            loadedUsers.put(username, userModel);
        }
    }
    return userModel;
}

protected UserModel createUserModel(RealmModel realm, String username) {
    return new AbstractUserAdapter(session, realm, model) {
        @Override
        public String getUsername() {
            return username;
        }
    };
}

已关注文档( https://www.keycloak.org/docs/latest/server_development/index.html#packaging-and-deployment-2 )

The class files for our provider implementation should be placed in a jar. You also have to declare the provider factory class within the META-INF/services/org.keycloak.storage.UserStorageProviderFactory file.

这里的问题是:我创建的 jar 在“META-INF”文件夹中没有 services 目录，我需要手动创建并添加它吗？

org.keycloak.examples.federation.properties.FilePropertiesStorageFactory Once you create the jar you can deploy it using regular WildFly means: copy the jar into the deploy/ directory or using the JBoss CLI.

使用maven创建jar后，将jar复制到“keycloak-6.0.1\standalone\deployments”文件夹中。但我在“用户联合列表”中没有看到我的提供商

任何建议/帮助将不胜感激!!

预先感谢您的建议。

Answer 1

如果有人遇到这样的问题:

由于 META-INF/services 文件夹，UserStorage SPI 未显示。文档中提供了但不清楚

在src/main/resources中，创建文件夹结构META-INF/services

在 META-INF/services 目录中创建一个名为 org.keycloak.storage.UserStorageProviderFactory 的文件(整个内容就是文件名)。它的内容是 SPI 的完全限定类名:com.test.UserSpi