Tessl Tile for maven/org.keycloak/keycloak-server-spi@26.2.0

or run

npx @tessl/cli init

Version

Tile

Overview

Evals

Files

docs

authentication-sessions.md component-framework.md core-models.md credential-management.md index.md organization-management.md provider-framework.md session-management.md user-storage.md validation-framework.md vault-integration.md

core-models.mddocs/

0
# Core Models
1

2
The core model interfaces represent the primary entities in Keycloak: realms, users, clients, roles, and groups. These interfaces define the contract for accessing and manipulating these entities through various provider implementations.
3

4
## Realm Model
5

6
### RealmModel
7

8
Represents a Keycloak realm and extends role container functionality.
9

10
```java { .api }
11
public interface RealmModel extends RoleContainerModel {
12
    Comparator<RealmModel> COMPARE_BY_NAME = Comparator.comparing(RealmModel::getName);
13

14
    // Basic realm properties
15
    String getId();
16
    String getName();
17
    void setName(String name);
18
    
19
    String getDisplayName();
20
    void setDisplayName(String displayName);
21
    
22
    String getDisplayNameHtml();
23
    void setDisplayNameHtml(String displayNameHtml);
24
    
25
    boolean isEnabled();
26
    void setEnabled(boolean enabled);
27
    
28
    // SSL configuration
29
    SslRequired getSslRequired();
30
    void setSslRequired(SslRequired sslRequired);
31
    
32
    // Registration and login settings
33
    boolean isRegistrationAllowed();
34
    void setRegistrationAllowed(boolean registrationAllowed);
35
    
36
    boolean isRegistrationEmailAsUsername();
37
    void setRegistrationEmailAsUsername(boolean registrationEmailAsUsername);
38
    
39
    boolean isRememberMe();
40
    void setRememberMe(boolean rememberMe);
41
    
42
    boolean isVerifyEmail();
43
    void setVerifyEmail(boolean verifyEmail);
44
    
45
    boolean isLoginWithEmailAllowed();
46
    void setLoginWithEmailAllowed(boolean loginWithEmailAllowed);
47
    
48
    boolean isDuplicateEmailsAllowed();
49
    void setDuplicateEmailsAllowed(boolean duplicateEmailsAllowed);
50
    
51
    boolean isResetPasswordAllowed();
52
    void setResetPasswordAllowed(boolean resetPasswordAllowed);
53
    
54
    // User profile and attributes
55
    boolean isEditUsernameAllowed();
56
    void setEditUsernameAllowed(boolean editUsernameAllowed);
57
    
58
    boolean isUserManagedAccessAllowed();
59
    void setUserManagedAccessAllowed(boolean userManagedAccessAllowed);
60
    
61
    // Session timeouts
62
    int getSsoSessionIdleTimeout();
63
    void setSsoSessionIdleTimeout(int seconds);
64
    
65
    int getSsoSessionMaxLifespan();
66
    void setSsoSessionMaxLifespan(int seconds);
67
    
68
    int getSsoSessionIdleTimeoutRememberMe();
69
    void setSsoSessionIdleTimeoutRememberMe(int seconds);
70
    
71
    int getSsoSessionMaxLifespanRememberMe();
72
    void setSsoSessionMaxLifespanRememberMe(int seconds);
73
    
74
    int getOfflineSessionIdleTimeout();
75
    void setOfflineSessionIdleTimeout(int seconds);
76
    
77
    int getOfflineSessionMaxLifespanEnabled();
78
    void setOfflineSessionMaxLifespanEnabled(boolean offlineSessionMaxLifespanEnabled);
79
    
80
    int getOfflineSessionMaxLifespan();
81
    void setOfflineSessionMaxLifespan(int seconds);
82
    
83
    int getClientSessionIdleTimeout();
84
    void setClientSessionIdleTimeout(int seconds);
85
    
86
    int getClientSessionMaxLifespan();
87
    void setClientSessionMaxLifespan(int seconds);
88
    
89
    int getClientOfflineSessionIdleTimeout();
90
    void setClientOfflineSessionIdleTimeout(int seconds);
91
    
92
    int getClientOfflineSessionMaxLifespan();
93
    void setClientOfflineSessionMaxLifespan(int seconds);
94
    
95
    // Access token timeouts
96
    int getAccessTokenLifespan();
97
    void setAccessTokenLifespan(int seconds);
98
    
99
    int getAccessTokenLifespanForImplicitFlow();
100
    void setAccessTokenLifespanForImplicitFlow(int seconds);
101
    
102
    int getAccessCodeLifespan();
103
    void setAccessCodeLifespan(int seconds);
104
    
105
    int getAccessCodeLifespanUserAction();
106
    void setAccessCodeLifespanUserAction(int seconds);
107
    
108
    int getAccessCodeLifespanLogin();
109
    void setAccessCodeLifespanLogin(int seconds);
110
    
111
    int getActionTokenGeneratedByAdminLifespan();
112
    void setActionTokenGeneratedByAdminLifespan(int seconds);
113
    
114
    int getActionTokenGeneratedByUserLifespan();
115
    void setActionTokenGeneratedByUserLifespan(int seconds);
116
    
117
    // Client and authentication settings
118
    Map<String, String> getBrowserSecurityHeaders();
119
    void setBrowserSecurityHeaders(Map<String, String> headers);
120
    void setBrowserSecurityHeader(String name, String value);
121
    
122
    Map<String, String> getSmtpConfig();
123
    void setSmtpConfig(Map<String, String> smtpConfig);
124
    
125
    // OTP Policy
126
    OTPPolicy getOTPPolicy();
127
    void setOTPPolicy(OTPPolicy policy);
128
    
129
    // WebAuthn Policy
130
    WebAuthnPolicy getWebAuthnPolicy();
131
    void setWebAuthnPolicy(WebAuthnPolicy policy);
132
    
133
    WebAuthnPolicy getWebAuthnPolicyPasswordless();
134
    void setWebAuthnPolicyPasswordless(WebAuthnPolicy policy);
135
    
136
    // Client management
137
    Stream<ClientModel> getClientsStream();
138
    Stream<ClientModel> getClientsStream(Integer firstResult, Integer maxResults);
139
    Long getClientsCount();
140
    
141
    Stream<ClientModel> getAlwaysDisplayInConsoleClientsStream();
142
    ClientModel addClient(String name);
143
    ClientModel addClient(String id, String clientId);
144
    boolean removeClient(String id);
145
    ClientModel getClientById(String id);
146
    ClientModel getClientByClientId(String clientId);
147
    
148
    // Group management
149
    void moveGroup(GroupModel group, GroupModel toParent);
150
    Stream<GroupModel> getGroupsStream();
151
    Stream<GroupModel> getTopLevelGroupsStream();
152
    Stream<GroupModel> getTopLevelGroupsStream(String search);
153
    Stream<GroupModel> getTopLevelGroupsStream(String search, Integer firstResult, Integer maxResults);
154
    boolean removeGroup(GroupModel group);
155
    GroupModel createGroup(String id, String name, GroupModel toParent);
156
    GroupModel createGroup(String name);
157
    GroupModel createGroup(String id, String name);
158
    GroupModel getGroupById(String id);
159
    Stream<GroupModel> searchForGroupByNameStream(String search, Integer firstResult, Integer maxResults);
160
    Long getGroupsCount(Boolean onlyTopGroups);
161
    Long getGroupsCountByNameContaining(String search);
162
    
163
    // Identity providers
164
    Stream<IdentityProviderModel> getIdentityProvidersStream();
165
    IdentityProviderModel getIdentityProviderByAlias(String alias);
166
    void addIdentityProvider(IdentityProviderModel identityProvider);
167
    void removeIdentityProviderByAlias(String alias);
168
    void updateIdentityProvider(IdentityProviderModel identityProvider);
169
    
170
    Stream<IdentityProviderMapperModel> getIdentityProviderMappersStream();
171
    Stream<IdentityProviderMapperModel> getIdentityProviderMappersByAliasStream(String brokerAlias);
172
    IdentityProviderMapperModel addIdentityProviderMapper(IdentityProviderMapperModel model);
173
    void removeIdentityProviderMapper(IdentityProviderMapperModel mapping);
174
    void updateIdentityProviderMapper(IdentityProviderMapperModel mapping);
175
    IdentityProviderMapperModel getIdentityProviderMapperById(String id);
176
    IdentityProviderMapperModel getIdentityProviderMapperByName(String brokerAlias, String name);
177
    
178
    // Authentication flows
179
    Stream<AuthenticationFlowModel> getAuthenticationFlowsStream();
180
    AuthenticationFlowModel getFlowByAlias(String alias);
181
    AuthenticationFlowModel addAuthenticationFlow(AuthenticationFlowModel model);
182
    AuthenticationFlowModel getAuthenticationFlowById(String id);
183
    void removeAuthenticationFlow(AuthenticationFlowModel model);
184
    void updateAuthenticationFlow(AuthenticationFlowModel model);
185
    
186
    Stream<AuthenticationExecutionModel> getAuthenticationExecutionsStream(String flowId);
187
    AuthenticationExecutionModel getAuthenticationExecutionById(String id);
188
    AuthenticationExecutionModel getAuthenticationExecutionByFlowId(String flowId);
189
    AuthenticationExecutionModel addAuthenticatorExecution(AuthenticationExecutionModel model);
190
    void updateAuthenticatorExecution(AuthenticationExecutionModel model);
191
    void removeAuthenticatorExecution(AuthenticationExecutionModel model);
192
    
193
    Stream<AuthenticatorConfigModel> getAuthenticatorConfigsStream();
194
    AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model);
195
    void updateAuthenticatorConfig(AuthenticatorConfigModel model);
196
    void removeAuthenticatorConfig(AuthenticatorConfigModel model);
197
    AuthenticatorConfigModel getAuthenticatorConfigById(String id);
198
    AuthenticatorConfigModel getAuthenticatorConfigByAlias(String alias);
199
    
200
    // Required actions
201
    Stream<RequiredActionProviderModel> getRequiredActionProvidersStream();
202
    RequiredActionProviderModel addRequiredActionProvider(RequiredActionProviderModel model);
203
    void updateRequiredActionProvider(RequiredActionProviderModel model);
204
    void removeRequiredActionProvider(RequiredActionProviderModel model);
205
    RequiredActionProviderModel getRequiredActionProviderById(String id);
206
    RequiredActionProviderModel getRequiredActionProviderByAlias(String alias);
207
    
208
    // Component management
209
    String getId();
210
    void addComponent(ComponentModel component);
211
    void updateComponent(ComponentModel component);
212
    void removeComponent(ComponentModel component);
213
    void removeComponents(String parentId);
214
    Stream<ComponentModel> getComponentsStream(String parentId, String providerType);
215
    Stream<ComponentModel> getComponentsStream(String parentId);
216
    Stream<ComponentModel> getComponentsStream();
217
    ComponentModel getComponent(String id);
218
    
219
    // Client scopes
220
    Stream<ClientScopeModel> getClientScopesStream();
221
    ClientScopeModel addClientScope(String name);
222
    ClientScopeModel addClientScope(String id, String name);
223
    boolean removeClientScope(String id);
224
    ClientScopeModel getClientScopeById(String id);
225
    
226
    void addDefaultClientScope(ClientScopeModel clientScope, boolean defaultScope);
227
    void removeDefaultClientScope(ClientScopeModel clientScope);
228
    Stream<ClientScopeModel> getDefaultClientScopesStream(boolean defaultScope);
229
    
230
    // Attributes
231
    void setSingleAttribute(String name, String value);
232
    void setAttribute(String name, List<String> values);
233
    void removeAttribute(String name);
234
    String getFirstAttribute(String name);
235
    Stream<String> getAttributeStream(String name);
236
    Map<String, List<String>> getAttributes();
237
    
238
    // Localization
239
    boolean isInternationalizationEnabled();
240
    void setInternationalizationEnabled(boolean enabled);
241
    Set<String> getSupportedLocales();
242
    void setSupportedLocales(Set<String> locales);
243
    String getDefaultLocale();
244
    void setDefaultLocale(String locale);
245
    
246
    // Events configuration  
247
    Set<String> getEventsListeners();
248
    void setEventsListeners(Set<String> listeners);
249
    boolean isEventsEnabled();
250
    void setEventsEnabled(boolean enabled);
251
    long getEventsExpiration();
252
    void setEventsExpiration(long expiration);
253
    Set<String> getEnabledEventTypes();
254
    void setEnabledEventTypes(Set<String> enabledEventTypes);
255
    boolean isAdminEventsEnabled();
256
    void setAdminEventsEnabled(boolean enabled);
257
    boolean isAdminEventsDetailsEnabled();
258
    void setAdminEventsDetailsEnabled(boolean enabled);
259
    
260
    // Master realm admin client
261
    ClientModel getMasterAdminClient();
262
    void setMasterAdminClient(ClientModel client);
263
    
264
    // Login theme
265
    String getLoginTheme();
266
    void setLoginTheme(String name);
267
    String getAccountTheme();
268
    void setAccountTheme(String name);
269
    String getAdminTheme();
270
    void setAdminTheme(String name);
271
    String getEmailTheme();
272
    void setEmailTheme(String name);
273
    
274
    // Password policy
275
    PasswordPolicy getPasswordPolicy();
276
    void setPasswordPolicy(PasswordPolicy policy);
277
    
278
    // OAuth2 Device Flow
279
    OAuth2DeviceConfig getOAuth2DeviceConfig();
280
    
281
    // CIBA Config
282
    CibaConfig getCibaPolicy();
283
    
284
    // PAR Config  
285
    ParConfig getParPolicy();
286
    
287
    // Default signature algorithm
288
    String getDefaultSignatureAlgorithm();
289
    void setDefaultSignatureAlgorithm(String defaultSignatureAlgorithm);
290
    
291
    // Browser flow
292
    AuthenticationFlowModel getBrowserFlow();
293
    void setBrowserFlow(AuthenticationFlowModel flow);
294
    
295
    // Registration flow
296
    AuthenticationFlowModel getRegistrationFlow();
297
    void setRegistrationFlow(AuthenticationFlowModel flow);
298
    
299
    // Direct grant flow
300
    AuthenticationFlowModel getDirectGrantFlow();
301
    void setDirectGrantFlow(AuthenticationFlowModel flow);
302
    
303
    // Reset credentials flow
304
    AuthenticationFlowModel getResetCredentialsFlow();
305
    void setResetCredentialsFlow(AuthenticationFlowModel flow);
306
    
307
    // Client authentication flow
308
    AuthenticationFlowModel getClientAuthenticationFlow();
309
    void setClientAuthenticationFlow(AuthenticationFlowModel flow);
310
    
311
    // Docker authentication flow
312
    AuthenticationFlowModel getDockerAuthenticationFlow();
313
    void setDockerAuthenticationFlow(AuthenticationFlowModel flow);
314
}
315
```
316

317
## User Model
318

319
### UserModel
320

321
Represents a user in Keycloak.
322

323
```java { .api }
324
public interface UserModel extends RoleMapperModel {
325
    // Standard user attributes
326
    String USERNAME = "username";
327
    String FIRST_NAME = "firstName";
328
    String LAST_NAME = "lastName";
329
    String EMAIL = "email";
330
    String EMAIL_VERIFIED = "emailVerified";
331
    String LOCALE = "locale";
332
    String ENABLED = "enabled";
333
    String DISABLED_REASON = "disabledReason";
334
    
335
    // Query parameters
336
    String IDP_ALIAS = "keycloak.session.realm.users.query.idp_alias";
337
    String IDP_USER_ID = "keycloak.session.realm.users.query.idp_user_id";
338
    String INCLUDE_SERVICE_ACCOUNT = "keycloak.session.realm.users.query.include_service_account";
339
    String GROUPS = "keycloak.session.realm.users.query.groups";
340
    String SEARCH = "keycloak.session.realm.users.query.search";
341
    String EXACT = "keycloak.session.realm.users.query.exact";
342

343
    Comparator<UserModel> COMPARE_BY_USERNAME = Comparator.comparing(UserModel::getUsername, String.CASE_INSENSITIVE_ORDER);
344

345
    // Basic user properties
346
    String getId();
347
    String getUsername();
348
    void setUsername(String username);
349
    
350
    Long getCreatedTimestamp();
351
    void setCreatedTimestamp(Long timestamp);
352
    
353
    boolean isEnabled();
354
    void setEnabled(boolean enabled);
355
    
356
    // Name properties
357
    String getFirstName();
358
    void setFirstName(String firstName);
359
    String getLastName();
360
    void setLastName(String lastName);
361
    
362
    // Email properties
363
    String getEmail();
364
    void setEmail(String email);
365
    boolean isEmailVerified();
366
    void setEmailVerified(boolean verified);
367
    
368
    // Attributes
369
    void setSingleAttribute(String name, String value);
370
    void setAttribute(String name, List<String> values);
371
    void removeAttribute(String name);
372
    String getFirstAttribute(String name);
373
    Stream<String> getAttributeStream(String name);
374
    Map<String, List<String>> getAttributes();
375
    List<String> getAttribute(String name);
376
    
377
    // Required actions
378
    Stream<String> getRequiredActionsStream();
379
    void addRequiredAction(String action);
380
    void removeRequiredAction(String action);
381
    void addRequiredAction(RequiredAction action);
382
    void removeRequiredAction(RequiredAction action);
383
    
384
    // Federated identity
385
    Stream<FederatedIdentityModel> getFederatedIdentitiesStream();
386
    void addFederatedIdentity(FederatedIdentityModel socialLink);
387
    boolean removeFederatedIdentity(String socialProvider);
388
    FederatedIdentityModel getFederatedIdentity(String socialProvider);
389
    
390
    // Service account client
391
    String getServiceAccountClientLink();
392
    void setServiceAccountClientLink(String clientInternalId);
393
    
394
    // Credential manager
395
    SubjectCredentialManager credentialManager();
396
    
397
    // Groups
398
    Stream<GroupModel> getGroupsStream();
399
    Stream<GroupModel> getGroupsStream(String search, Integer firstResult, Integer maxResults);
400
    Long getGroupsCount();
401
    Long getGroupsCountByNameContaining(String search);
402
    void joinGroup(GroupModel group);
403
    void leaveGroup(GroupModel group);
404
    boolean isMemberOf(GroupModel group);
405
    
406
    // Consents
407
    void addConsent(UserConsentModel consent);
408
    UserConsentModel getConsentByClient(String clientInternalId);
409
    Stream<UserConsentModel> getConsentsStream();
410
    void updateConsent(UserConsentModel consent);
411
    boolean revokeConsentForClient(String clientInternalId);
412
    
413
    // User profile decorator
414
    default UserModel getDelegateForUpdate() {
415
        return this;
416
    }
417
}
418
```
419

420
## Client Model
421

422
### ClientModel
423

424
Represents an OAuth2/OIDC client.
425

426
```java { .api }
427
public interface ClientModel extends ProtocolMapperContainerModel, ScopeContainerModel, RoleContainerModel {
428
    // Client types
429
    String OAUTH = "oauth";
430
    String SAML = "saml";
431
    String OIDC = "openid-connect";
432

433
    // Basic client properties
434
    String getId();
435
    String getClientId();
436
    void setClientId(String clientId);
437
    
438
    String getName();
439
    void setName(String name);
440
    
441
    String getDescription();
442
    void setDescription(String description);
443
    
444
    boolean isEnabled();
445
    void setEnabled(boolean enabled);
446
    
447
    boolean isAlwaysDisplayInConsole();
448
    void setAlwaysDisplayInConsole(boolean alwaysDisplayInConsole);
449
    
450
    // Client authentication
451
    String getClientAuthenticatorType();
452
    void setClientAuthenticatorType(String clientAuthenticatorType);
453
    String getSecret();
454
    void setSecret(String secret);
455
    String getRegistrationToken();
456
    void setRegistrationToken(String registrationToken);
457
    
458
    // Protocol
459
    String getProtocol();
460
    void setProtocol(String protocol);
461
    
462
    // URLs
463
    String getBaseUrl();
464
    void setBaseUrl(String url);
465
    String getRootUrl();
466
    void setRootUrl(String url);
467
    String getManagementUrl();
468
    void setManagementUrl(String url);
469
    String getOrigin();
470
    void setOrigin(String origin);
471
    
472
    Set<String> getRedirectUris();
473
    void setRedirectUris(Set<String> redirectUris);
474
    void addRedirectUri(String redirectUri);
475
    void removeRedirectUri(String redirectUri);
476
    
477
    Set<String> getWebOrigins();
478
    void setWebOrigins(Set<String> webOrigins);
479
    void addWebOrigin(String webOrigin);
480
    void removeWebOrigin(String webOrigin);
481
    
482
    // Client type settings
483
    boolean isPublicClient();
484
    void setPublicClient(boolean flag);
485
    boolean isFrontchannelLogout();
486
    void setFrontchannelLogout(boolean flag);
487
    boolean isFullScopeAllowed();
488
    void setFullScopeAllowed(boolean value);
489
    boolean isBearerOnly();
490
    void setBearerOnly(boolean only);
491
    boolean isConsentRequired();
492
    void setConsentRequired(boolean consentRequired);
493
    boolean isStandardFlowEnabled();
494
    void setStandardFlowEnabled(boolean standardFlowEnabled);
495
    boolean isImplicitFlowEnabled();
496
    void setImplicitFlowEnabled(boolean implicitFlowEnabled);
497
    boolean isDirectAccessGrantsEnabled();
498
    void setDirectAccessGrantsEnabled(boolean directAccessGrantsEnabled);
499
    boolean isServiceAccountsEnabled();
500
    void setServiceAccountsEnabled(boolean serviceAccountsEnabled);
501
    
502
    // Advanced settings
503
    int getNodeReRegistrationTimeout();
504
    void setNodeReRegistrationTimeout(int timeout);
505
    int getNotBefore();
506
    void setNotBefore(int notBefore);
507
    
508
    // Attributes
509
    void setSingleAttribute(String name, String value);
510
    void setAttribute(String name, List<String> values);
511
    void removeAttribute(String name);
512
    String getFirstAttribute(String name);
513
    Stream<String> getAttributeStream(String name);
514
    Map<String, List<String>> getAttributes();
515
    
516
    // Authentication flow overrides
517
    String getAuthenticationFlowBindingOverride(String binding);
518
    Map<String, String> getAuthenticationFlowBindingOverrides();
519
    void removeAuthenticationFlowBindingOverride(String binding);
520
    void setAuthenticationFlowBindingOverride(String binding, String flowId);
521
    
522
    // Client scopes
523
    Stream<ClientScopeModel> getClientScopes(boolean defaultScope);
524
    void addClientScope(ClientScopeModel clientScope, boolean defaultScope);
525
    void addClientScopes(Set<ClientScopeModel> clientScopes, boolean defaultScope);
526
    void removeClientScope(ClientScopeModel clientScope);
527
    
528
    // Service account user
529
    UserModel getServiceAccountUser();
530
    
531
    // Client template (legacy)
532
    String getClientTemplate();
533
    void setClientTemplate(String clientTemplate);
534
    boolean useTemplateConfig();
535
    void setUseTemplateConfig(boolean useTemplateConfig);
536
    boolean useTemplateScope();
537
    void setUseTemplateScope(boolean useTemplateScope);
538
    boolean useTemplateMappers();
539
    void setUseTemplateMappers(boolean useTemplateMappers);
540
}
541
```
542

543
## Role Model
544

545
### RoleModel
546

547
Represents a role in Keycloak.
548

549
```java { .api }
550
public interface RoleModel {
551
    String getId();
552
    String getName();
553
    void setName(String name);
554
    
555
    String getDescription();
556
    void setDescription(String description);
557
    
558
    boolean isComposite();
559
    void addCompositeRole(RoleModel role);
560
    void removeCompositeRole(RoleModel role);
561
    Stream<RoleModel> getCompositesStream();
562
    Stream<RoleModel> getCompositesStream(String search, Integer first, Integer max);
563
    boolean isClientRole();
564
    String getContainerId();
565
    RoleContainerModel getContainer();
566
    boolean hasRole(RoleModel role);
567
    
568
    // Attributes
569
    void setSingleAttribute(String name, String value);
570
    void setAttribute(String name, List<String> values);
571
    void removeAttribute(String name);
572
    String getFirstAttribute(String name);
573
    Stream<String> getAttributeStream(String name);
574
    Map<String, List<String>> getAttributes();
575
}
576
```
577

578
## Group Model
579

580
### GroupModel
581

582
Represents a user group.
583

584
```java { .api }
585
public interface GroupModel extends RoleMapperModel {
586
    String getId();
587
    String getName();
588
    void setName(String name);
589
    
590
    // Parent-child relationships
591
    GroupModel getParent();
592
    String getParentId();
593
    Stream<GroupModel> getSubGroupsStream();
594
    Stream<GroupModel> getSubGroupsStream(String search, Integer firstResult, Integer maxResults);
595
    void setParent(GroupModel group);
596
    void addChild(GroupModel subGroup);
597
    void removeChild(GroupModel subGroup);
598
    
599
    // Attributes
600
    void setSingleAttribute(String name, String value);
601
    void setAttribute(String name, List<String> values);
602
    void removeAttribute(String name);
603
    String getFirstAttribute(String name);
604
    Stream<String> getAttributeStream(String name);
605
    Map<String, List<String>> getAttributes();
606
}
607
```
608

609
## Usage Examples
610

611
### Working with Realms
612

613
```java
614
// Get realm by name
615
RealmModel realm = session.realms().getRealmByName("myrealm");
616

617
// Create new realm
618
RealmModel newRealm = session.realms().createRealm("newrealm");
619
newRealm.setDisplayName("My New Realm");
620
newRealm.setEnabled(true);
621
newRealm.setSslRequired(SslRequired.EXTERNAL);
622

623
// Configure realm settings
624
newRealm.setRegistrationAllowed(true);
625
newRealm.setResetPasswordAllowed(true);
626
newRealm.setLoginWithEmailAllowed(true);
627
newRealm.setSsoSessionIdleTimeout(1800); // 30 minutes
628

629
// Set attributes
630
newRealm.setSingleAttribute("customAttribute", "value");
631
```
632

633
### Working with Users
634

635
```java
636
// Get user by username
637
UserModel user = session.users().getUserByUsername(realm, "john");
638

639
// Create new user
640
UserModel newUser = session.users().addUser(realm, "jane");
641
newUser.setFirstName("Jane");
642
newUser.setLastName("Doe");
643
newUser.setEmail("jane@example.com");
644
newUser.setEnabled(true);
645

646
// Set user attributes
647
newUser.setSingleAttribute("department", "Engineering");
648
newUser.setAttribute("skills", Arrays.asList("Java", "JavaScript", "Python"));
649

650
// Add required actions
651
newUser.addRequiredAction(RequiredAction.UPDATE_PASSWORD);
652
newUser.addRequiredAction(RequiredAction.VERIFY_EMAIL);
653

654
// Group membership
655
GroupModel developers = realm.getGroupById("developers-group-id");
656
newUser.joinGroup(developers);
657
```
658

659
### Working with Clients
660

661
```java
662
// Create OIDC client
663
ClientModel client = realm.addClient("my-app");
664
client.setName("My Application");
665
client.setProtocol("openid-connect");
666
client.setClientId("my-app");
667
client.setSecret("client-secret");
668

669
// Configure client settings
670
client.setPublicClient(false);
671
client.setStandardFlowEnabled(true);
672
client.setDirectAccessGrantsEnabled(true);
673
client.setServiceAccountsEnabled(true);
674

675
// Set redirect URIs
676
client.addRedirectUri("https://myapp.com/callback");
677
client.addRedirectUri("http://localhost:8080/callback");
678

679
// Set web origins
680
client.addWebOrigin("https://myapp.com");
681
client.addWebOrigin("http://localhost:8080");
682

683
// Custom attributes
684
client.setSingleAttribute("app.version", "1.0.0");
685
```
686

687
### Working with Roles
688

689
```java
690
// Create realm role
691
RoleModel adminRole = realm.addRole("admin");
692
adminRole.setDescription("Administrator role");
693

694
// Create client role
695
ClientModel myApp = realm.getClientByClientId("my-app");
696
RoleModel appUserRole = myApp.addRole("user");
697
appUserRole.setDescription("Application user role");
698

699
// Create composite role
700
RoleModel superAdminRole = realm.addRole("super-admin");
701
superAdminRole.addCompositeRole(adminRole);
702
superAdminRole.addCompositeRole(appUserRole);
703

704
// Grant role to user
705
UserModel user = session.users().getUserByUsername(realm, "john");
706
user.grantRole(adminRole);
707
```
708

709
### Working with Groups
710

711
```java
712
// Create top-level group
713
GroupModel engineering = realm.createGroup("engineering");
714
engineering.setSingleAttribute("department", "Engineering");
715

716
// Create subgroup
717
GroupModel backend = realm.createGroup("backend-team");
718
backend.setParent(engineering);
719

720
// Add user to group
721
UserModel developer = session.users().getUserByUsername(realm, "alice");
722
developer.joinGroup(backend);
723

724
// Grant role to group
725
RoleModel developerRole = realm.addRole("developer");
726
backend.grantRole(developerRole);
727
```

Version

Tile

Files

core-models.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}docs/

core-models.mddocs/