org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate の継承関係図

org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate 連携図

公開メンバ関数
	LDAPGroupMappingsUserDelegate (RealmModel realm, UserModel user, LDAPObject ldapUser)

boolean	hasRole (RoleModel role)

Set< GroupModel >	getGroups ()

void	joinGroup (GroupModel group)

void	leaveGroup (GroupModel group)

boolean	isMemberOf (GroupModel group)

限定公開メンバ関数
Set< GroupModel >	getLDAPGroupMappingsConverted ()

非公開変数類
final RealmModel	realm

final LDAPObject	ldapUser

Set< GroupModel >	cachedLDAPGroupMappings

詳解

構築子と解体子

◆ LDAPGroupMappingsUserDelegate()

org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate.LDAPGroupMappingsUserDelegate	(	RealmModel	realm,
		UserModel	user,
		LDAPObject	ldapUser
	)

inline

                                                                                                     {
             super(user);
             this.realm = realm;
             this.ldapUser = ldapUser;
         }

関数詳解

◆ getGroups()

Set<GroupModel> org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate.getGroups ( )

inline

                                            {
             Set<GroupModel> ldapGroupMappings = getLDAPGroupMappingsConverted();
             if (config.getMode() == LDAPGroupMapperMode.LDAP_ONLY) {
                 // Use just group mappings from LDAP
                 return ldapGroupMappings;
             } else {
                 // Merge mappings from both DB and LDAP
                 Set<GroupModel> modelGroupMappings = super.getGroups();
                 ldapGroupMappings.addAll(modelGroupMappings);
                 return ldapGroupMappings;
             }
         }

◆ getLDAPGroupMappingsConverted()

Set<GroupModel> org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate.getLDAPGroupMappingsConverted ( )

inlineprotected

                                                                   {
             if (cachedLDAPGroupMappings != null) {
                 return new HashSet<>(cachedLDAPGroupMappings);
             }
 
             List<LDAPObject> ldapGroups = getLDAPGroupMappings(ldapUser);
 
             Set<GroupModel> result = new HashSet<>();
             for (LDAPObject ldapGroup : ldapGroups) {
                 GroupModel kcGroup = findKcGroupOrSyncFromLDAP(realm, ldapGroup, this);
                 if (kcGroup != null) {
                     result.add(kcGroup);
                 }
             }
 
             cachedLDAPGroupMappings = new HashSet<>(result);
 
             return result;
         }

◆ hasRole()

boolean org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate.hasRole ( RoleModel role )

inline

                                                {
             return super.hasRole(role) || RoleUtils.hasRoleFromGroup(getGroups(), role, true);
         }

◆ isMemberOf()

boolean org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate.isMemberOf ( GroupModel group )

inline

                                                     {
             Set<GroupModel> ldapGroupMappings = getGroups();
             return ldapGroupMappings.contains(group);
         }

◆ joinGroup()

void org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate.joinGroup ( GroupModel group )

inline

                                                 {
             if (config.getMode() == LDAPGroupMapperMode.LDAP_ONLY) {
                 // We need to create new role mappings in LDAP
                 cachedLDAPGroupMappings = null;
                 addGroupMappingInLDAP(realm, group, ldapUser);
             } else {
                 super.joinGroup(group);
             }
         }

◆ leaveGroup()

void org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate.leaveGroup ( GroupModel group )

inline

                                                  {
             LDAPQuery ldapQuery = createGroupQuery(true);
             LDAPQueryConditionsBuilder conditionsBuilder = new LDAPQueryConditionsBuilder();
             Condition roleNameCondition = conditionsBuilder.equal(config.getGroupNameLdapAttribute(), group.getName());
 
             String membershipUserLdapAttrName = getMembershipUserLdapAttribute();
             String membershipUserAttr = LDAPUtils.getMemberValueOfChildObject(ldapUser, config.getMembershipTypeLdapAttribute(), membershipUserLdapAttrName);
             Condition membershipCondition = conditionsBuilder.equal(config.getMembershipLdapAttribute(), membershipUserAttr);
 
             ldapQuery.addWhereCondition(roleNameCondition).addWhereCondition(membershipCondition);
             LDAPObject ldapGroup = ldapQuery.getFirstResult();
 
             if (ldapGroup == null) {
                 // Group mapping doesn't exist in LDAP. For LDAP_ONLY mode, we don't need to do anything. For READ_ONLY, delete it in local DB.
                 if (config.getMode() == LDAPGroupMapperMode.READ_ONLY) {
                     super.leaveGroup(group);
                 }
             } else {
                 // Group mappings exists in LDAP. For LDAP_ONLY mode, we can just delete it in LDAP. For READ_ONLY we can't delete it -> throw error
                 if (config.getMode() == LDAPGroupMapperMode.READ_ONLY) {
                     throw new ModelException("Not possible to delete LDAP group mappings as mapper mode is READ_ONLY");
                 } else {
                     // Delete ldap role mappings
                     cachedLDAPGroupMappings = null;
                     deleteGroupMappingInLDAP(ldapUser, ldapGroup);
                 }
             }
         }

メンバ詳解

◆ cachedLDAPGroupMappings

Set<GroupModel> org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate.cachedLDAPGroupMappings

private

◆ ldapUser

final LDAPObject org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate.ldapUser

private

◆ realm

final RealmModel org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.LDAPGroupMappingsUserDelegate.realm

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/federation/src/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java

公開メンバ関数

限定公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ LDAPGroupMappingsUserDelegate()

関数詳解

◆ getGroups()

◆ getLDAPGroupMappingsConverted()

◆ hasRole()

◆ isMemberOf()

◆ joinGroup()

◆ leaveGroup()

メンバ詳解

◆ cachedLDAPGroupMappings

◆ ldapUser

◆ realm