org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate クラス

org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate の継承関係図

org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate 連携図

公開メンバ関数
	LDAPRoleMappingsUserDelegate (RealmModel realm, UserModel user, LDAPObject ldapUser)
Set< RoleModel >	getRealmRoleMappings ()
Set< RoleModel >	getClientRoleMappings (ClientModel client)
boolean	hasRole (RoleModel role)
void	grantRole (RoleModel role)
Set< RoleModel >	getRoleMappings ()
void	deleteRoleMapping (RoleModel role)

限定公開メンバ関数
Set< RoleModel >	getLDAPRoleMappingsConverted ()

非公開変数類
final RealmModel	realm
final LDAPObject	ldapUser
final RoleContainerModel	roleContainer
Set< RoleModel >	cachedLDAPRoleMappings

詳解

構築子と解体子

LDAPRoleMappingsUserDelegate()

org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.LDAPRoleMappingsUserDelegate ( RealmModel  realm, UserModel  user, LDAPObject  ldapUser  )

inline

                                                                                                   {
            super(user);
            this.realm = realm;
            this.ldapUser = ldapUser;
            this.roleContainer = getTargetRoleContainer(realm);
        }

関数詳解

deleteRoleMapping()

void org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.deleteRoleMapping ( RoleModel  role )

inline

                                                      {
            if (role.getContainer().equals(roleContainer)) {

                LDAPQuery ldapQuery = createRoleQuery(true);
                LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
                Condition roleNameCondition = conditionsBuilder.equal(config.getRoleNameLdapAttribute(), role.getName());

                String membershipUserAttrName = getMembershipUserLdapAttribute();
                String membershipUserAttr = LDAPUtils.getMemberValueOfChildObject(ldapUser, config.getMembershipTypeLdapAttribute(), membershipUserAttrName);

                Condition membershipCondition = conditionsBuilder.equal(config.getMembershipLdapAttribute(), membershipUserAttr);

                ldapQuery.addWhereCondition(roleNameCondition).addWhereCondition(membershipCondition);
                LDAPObject ldapRole = ldapQuery.getFirstResult();

                if (ldapRole == null) {
                    // Role mapping doesn't exist in LDAP. For LDAP_ONLY mode, we don't need to do anything. For READ_ONLY, delete it in local DB.
                    if (config.getMode() == LDAPGroupMapperMode.READ_ONLY) {
                        super.deleteRoleMapping(role);
                    }
                } else {
                    // Role mappings exists in LDAP. For LDAP_ONLY mode, we can just delete it in LDAP. For READ_ONLY we can't delete it -> throw error
                    if (config.getMode() == LDAPGroupMapperMode.READ_ONLY) {
                        throw new ModelException("Not possible to delete LDAP role mappings as mapper mode is READ_ONLY");
                    } else {
                        // Delete ldap role mappings
                        cachedLDAPRoleMappings = null;
                        deleteRoleMappingInLDAP(ldapUser, ldapRole);
                    }
                }
            } else {
                super.deleteRoleMapping(role);
            }
        }

getClientRoleMappings()

Set<RoleModel> org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.getClientRoleMappings ( ClientModel  client )

inline

                                                                        {
            if (roleContainer.equals(client)) {
                Set<RoleModel> ldapRoleMappings = getLDAPRoleMappingsConverted();

                if (config.getMode() == LDAPGroupMapperMode.LDAP_ONLY) {
                    // Use just role mappings from LDAP
                    return ldapRoleMappings;
                } else {
                    // Merge mappings from both DB and LDAP
                    Set<RoleModel> modelRoleMappings = super.getClientRoleMappings(client);
                    ldapRoleMappings.addAll(modelRoleMappings);
                    return ldapRoleMappings;
                }
            } else {
                return super.getClientRoleMappings(client);
            }
        }

getLDAPRoleMappingsConverted()

Set<RoleModel> org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.getLDAPRoleMappingsConverted ( )

inlineprotected

                                                                {
            if (cachedLDAPRoleMappings != null) {
                return new HashSet<>(cachedLDAPRoleMappings);
            }

            List<LDAPObject> ldapRoles = getLDAPRoleMappings(ldapUser);

            Set<RoleModel> roles = new HashSet<>();
            String roleNameLdapAttr = config.getRoleNameLdapAttribute();
            for (LDAPObject role : ldapRoles) {
                String roleName = role.getAttributeAsString(roleNameLdapAttr);
                RoleModel modelRole = roleContainer.getRole(roleName);
                if (modelRole == null) {
                    // Add role to local DB
                    modelRole = roleContainer.addRole(roleName);
                }
                roles.add(modelRole);
            }

            cachedLDAPRoleMappings = new HashSet<>(roles);

            return roles;
        }

getRealmRoleMappings()

Set<RoleModel> org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.getRealmRoleMappings ( )

inline

                                                     {
            if (roleContainer.equals(realm)) {
                Set<RoleModel> ldapRoleMappings = getLDAPRoleMappingsConverted();

                if (config.getMode() == LDAPGroupMapperMode.LDAP_ONLY) {
                    // Use just role mappings from LDAP
                    return ldapRoleMappings;
                } else {
                    // Merge mappings from both DB and LDAP
                    Set<RoleModel> modelRoleMappings = super.getRealmRoleMappings();
                    ldapRoleMappings.addAll(modelRoleMappings);
                    return ldapRoleMappings;
                }
            } else {
                return super.getRealmRoleMappings();
            }
        }

getRoleMappings()

Set<RoleModel> org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.getRoleMappings ( )

inline

                                                {
            Set<RoleModel> modelRoleMappings = super.getRoleMappings();

            Set<RoleModel> ldapRoleMappings = getLDAPRoleMappingsConverted();

            if (config.getMode() == LDAPGroupMapperMode.LDAP_ONLY) {
                // For LDAP-only we want to retrieve role mappings of target container just from LDAP
                Set<RoleModel> modelRolesCopy = new HashSet<>(modelRoleMappings);
                for (RoleModel role : modelRolesCopy) {
                    if (role.getContainer().equals(roleContainer)) {
                        modelRoleMappings.remove(role);
                    }
                }
            }

            modelRoleMappings.addAll(ldapRoleMappings);
            return modelRoleMappings;
        }

grantRole()

void org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.grantRole ( RoleModel  role )

inline

                                              {
            if (config.getMode() == LDAPGroupMapperMode.LDAP_ONLY) {

                if (role.getContainer().equals(roleContainer)) {

                    // We need to create new role mappings in LDAP
                    cachedLDAPRoleMappings = null;
                    addRoleMappingInLDAP(role.getName(), ldapUser);
                } else {
                    super.grantRole(role);
                }
            } else {
                super.grantRole(role);
            }
        }

hasRole()

boolean org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.hasRole ( RoleModel  role )

inline

                                               {
            Set<RoleModel> roles = getRoleMappings();
            return RoleUtils.hasRole(roles, role)
              || RoleUtils.hasRoleFromGroup(getGroups(), role, true);
        }

メンバ詳解

cachedLDAPRoleMappings

Set<RoleModel> org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.cachedLDAPRoleMappings

private

ldapUser

final LDAPObject org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.ldapUser

private

realm

final RealmModel org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.realm

private

roleContainer

final RoleContainerModel org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate.roleContainer

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/federation/src/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/role/RoleLDAPStorageMapper.java