keycloak
公開メンバ関数 | 非公開メンバ関数 | 非公開変数類 | 全メンバ一覧
org.keycloak.authorization.policy.evaluation.DefaultEvaluation クラス
org.keycloak.authorization.policy.evaluation.DefaultEvaluation の継承関係図
Inheritance graph
org.keycloak.authorization.policy.evaluation.DefaultEvaluation 連携図
Collaboration graph

公開メンバ関数

 DefaultEvaluation (ResourcePermission permission, EvaluationContext executionContext, Policy parentPolicy, Decision decision, AuthorizationProvider authorizationProvider, Map< Policy, Map< Object, Decision.Effect >> decisionCache)
 
 DefaultEvaluation (ResourcePermission permission, EvaluationContext executionContext, Decision decision, AuthorizationProvider authorizationProvider)
 
 DefaultEvaluation (ResourcePermission permission, EvaluationContext executionContext, Policy parentPolicy, Policy policy, Decision decision, AuthorizationProvider authorizationProvider, Map< Policy, Map< Object, Decision.Effect >> decisionCache)
 
ResourcePermission getPermission ()
 
EvaluationContext getContext ()
 
void grant ()
 
void deny ()
 
Policy getPolicy ()
 
Realm getRealm ()
 
AuthorizationProvider getAuthorizationProvider ()
 
Policy getParentPolicy ()
 
Effect getEffect ()
 
Map< Policy, Map< Object, Effect > > getDecisionCache ()
 
void denyIfNoEffect ()
 
void setPolicy (Policy policy)
 
void setEffect (Effect effect)
 

非公開メンバ関数

Realm createRealm ()
 

非公開変数類

final ResourcePermission permission
 
final EvaluationContext executionContext
 
final Decision decision
 
Policy policy
 
final Policy parentPolicy
 
final AuthorizationProvider authorizationProvider
 
Map< Policy, Map< Object, Effect > > decisionCache
 
final Realm realm
 
Effect effect
 

詳解

著者
Pedro Igor

構築子と解体子

◆ DefaultEvaluation() [1/3]

org.keycloak.authorization.policy.evaluation.DefaultEvaluation.DefaultEvaluation ( ResourcePermission  permission,
EvaluationContext  executionContext,
Policy  parentPolicy,
Decision  decision,
AuthorizationProvider  authorizationProvider,
Map< Policy, Map< Object, Decision.Effect >>  decisionCache 
)
inline
60  {
61  this(permission, executionContext, parentPolicy, null, decision, authorizationProvider, decisionCache);
62  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.decision
final Decision decision
Definition: DefaultEvaluation.java:52
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.decisionCache
Map< Policy, Map< Object, Effect > > decisionCache
Definition: DefaultEvaluation.java:56
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.permission
final ResourcePermission permission
Definition: DefaultEvaluation.java:50
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.authorizationProvider
final AuthorizationProvider authorizationProvider
Definition: DefaultEvaluation.java:55
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.executionContext
final EvaluationContext executionContext
Definition: DefaultEvaluation.java:51
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.parentPolicy
final Policy parentPolicy
Definition: DefaultEvaluation.java:54

◆ DefaultEvaluation() [2/3]

org.keycloak.authorization.policy.evaluation.DefaultEvaluation.DefaultEvaluation ( ResourcePermission  permission,
EvaluationContext  executionContext,
Decision  decision,
AuthorizationProvider  authorizationProvider 
)
inline
64  {
65  this(permission, executionContext, null, null, decision, authorizationProvider, Collections.emptyMap());
66  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.decision
final Decision decision
Definition: DefaultEvaluation.java:52
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.permission
final ResourcePermission permission
Definition: DefaultEvaluation.java:50
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.authorizationProvider
final AuthorizationProvider authorizationProvider
Definition: DefaultEvaluation.java:55
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.executionContext
final EvaluationContext executionContext
Definition: DefaultEvaluation.java:51

◆ DefaultEvaluation() [3/3]

org.keycloak.authorization.policy.evaluation.DefaultEvaluation.DefaultEvaluation ( ResourcePermission  permission,
EvaluationContext  executionContext,
Policy  parentPolicy,
Policy  policy,
Decision  decision,
AuthorizationProvider  authorizationProvider,
Map< Policy, Map< Object, Decision.Effect >>  decisionCache 
)
inline
68  {
69  this.permission = permission;
70  this.executionContext = executionContext;
71  this.parentPolicy = parentPolicy;
72  this.policy = policy;
73  this.decision = decision;
74  this.authorizationProvider = authorizationProvider;
75  this.decisionCache = decisionCache;
76  this.realm = createRealm();
77  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.decision
final Decision decision
Definition: DefaultEvaluation.java:52
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.decisionCache
Map< Policy, Map< Object, Effect > > decisionCache
Definition: DefaultEvaluation.java:56
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.permission
final ResourcePermission permission
Definition: DefaultEvaluation.java:50
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.realm
final Realm realm
Definition: DefaultEvaluation.java:57
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.createRealm
Realm createRealm()
Definition: DefaultEvaluation.java:148
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.authorizationProvider
final AuthorizationProvider authorizationProvider
Definition: DefaultEvaluation.java:55
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.executionContext
final EvaluationContext executionContext
Definition: DefaultEvaluation.java:51
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.parentPolicy
final Policy parentPolicy
Definition: DefaultEvaluation.java:54
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.policy
Policy policy
Definition: DefaultEvaluation.java:53

関数詳解

◆ createRealm()

Realm org.keycloak.authorization.policy.evaluation.DefaultEvaluation.createRealm ( )
inlineprivate
148  {
149  return new Realm() {
150 
151  @Override
152  public boolean isUserInGroup(String id, String groupId, boolean checkParent) {
153  KeycloakSession session = authorizationProvider.getKeycloakSession();
154  UserModel user = getUser(id, session);
155 
156  if (Objects.isNull(user)) {
157  return false;
158  }
159 
160  RealmModel realm = session.getContext().getRealm();
161  GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupId);
162 
163  if (Objects.isNull(group)) {
164  return false;
165  }
166 
167  if (checkParent) {
168  return RoleUtils.isMember(user.getGroups(), group);
169  }
170 
171  return user.isMemberOf(group);
172  }
173 
174  private UserModel getUser(String id, KeycloakSession session) {
175  RealmModel realm = session.getContext().getRealm();
176  UserModel user = session.users().getUserById(id, realm);
177 
178  if (Objects.isNull(user)) {
179  user = session.users().getUserByUsername(id, realm);
180 
181  if (Objects.isNull(user)) {
182  user = session.users().getUserByEmail(id, realm);
183  }
184  }
185 
186  return user;
187  }
188 
189  @Override
190  public boolean isUserInRealmRole(String id, String roleName) {
191  KeycloakSession session = authorizationProvider.getKeycloakSession();
192  UserModel user = getUser(id, session);
193 
194  if (Objects.isNull(user)) {
195  return false;
196  }
197 
198  Set<RoleModel> roleMappings = user.getRoleMappings().stream()
199  .filter(role -> !role.isClientRole())
200  .collect(Collectors.toSet());
201 
202  return RoleUtils.hasRole(roleMappings, session.getContext().getRealm().getRole(roleName));
203  }
204 
205  @Override
206  public boolean isUserInClientRole(String id, String clientId, String roleName) {
207  KeycloakSession session = authorizationProvider.getKeycloakSession();
208  RealmModel realm = session.getContext().getRealm();
209  UserModel user = getUser(id, session);
210 
211  if (Objects.isNull(user)) {
212  return false;
213  }
214 
215  Set<RoleModel> roleMappings = user.getRoleMappings().stream()
216  .filter(role -> role.isClientRole() && ClientModel.class.cast(role.getContainer()).getClientId().equals(clientId))
217  .collect(Collectors.toSet());
218 
219  if (roleMappings.isEmpty()) {
220  return false;
221  }
222 
223  RoleModel role = realm.getClientById(ClientModel.class.cast(roleMappings.iterator().next().getContainer()).getId()).getRole(roleName);
224 
225  if (Objects.isNull(role)) {
226  return false;
227  }
228 
229  return RoleUtils.hasRole(roleMappings, role);
230  }
231 
232  @Override
233  public boolean isGroupInRole(String id, String role) {
234  KeycloakSession session = authorizationProvider.getKeycloakSession();
235  RealmModel realm = session.getContext().getRealm();
236  GroupModel group = KeycloakModelUtils.findGroupByPath(realm, id);
237 
238  return RoleUtils.hasRoleFromGroup(group, realm.getRole(role), false);
239  }
240 
241  @Override
242  public List<String> getUserRealmRoles(String id) {
243  return getUser(id, authorizationProvider.getKeycloakSession()).getRoleMappings().stream()
244  .filter(role -> !role.isClientRole())
245  .map(RoleModel::getName)
246  .collect(Collectors.toList());
247  }
248 
249  @Override
250  public List<String> getUserClientRoles(String id, String clientId) {
251  return getUser(id, authorizationProvider.getKeycloakSession()).getRoleMappings().stream()
252  .filter(role -> role.isClientRole())
253  .map(RoleModel::getName)
254  .collect(Collectors.toList());
255  }
256 
257  @Override
258  public List<String> getUserGroups(String id) {
259  return getUser(id, authorizationProvider.getKeycloakSession()).getGroups().stream()
260  .map(ModelToRepresentation::buildGroupPath)
261  .collect(Collectors.toList());
262  }
263 
264  @Override
265  public Map<String, List<String>> getUserAttributes(String id) {
266  Map<String, List<String>> attributes = getUser(id, authorizationProvider.getKeycloakSession()).getAttributes();
267  return attributes;
268  }
269  };
270  }
org.keycloak.models.utils.ModelToRepresentation.buildGroupPath
static void buildGroupPath(StringBuilder sb, GroupModel group)
Definition: ModelToRepresentation.java:53
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.realm
final Realm realm
Definition: DefaultEvaluation.java:57
org.keycloak.authorization.AuthorizationProvider.getKeycloakSession
KeycloakSession getKeycloakSession()
Definition: AuthorizationProvider.java:165
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.authorizationProvider
final AuthorizationProvider authorizationProvider
Definition: DefaultEvaluation.java:55

◆ deny()

void org.keycloak.authorization.policy.evaluation.DefaultEvaluation.deny ( )
inline

org.keycloak.authorization.policy.evaluation.Evaluationを実装しています。

101  {
102  if (policy != null && Logic.NEGATIVE.equals(policy.getLogic())) {
103  this.effect = Effect.PERMIT;
104  } else {
105  this.effect = Effect.DENY;
106  }
107 
108  this.decision.onDecision(this);
109  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.decision
final Decision decision
Definition: DefaultEvaluation.java:52
org.keycloak.authorization.Decision.Effect.DENY
DENY
Definition: Decision.java:31
org.keycloak.authorization.Decision.Effect.PERMIT
PERMIT
Definition: Decision.java:30
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.effect
Effect effect
Definition: DefaultEvaluation.java:58
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.policy
Policy policy
Definition: DefaultEvaluation.java:53

◆ denyIfNoEffect()

void org.keycloak.authorization.policy.evaluation.DefaultEvaluation.denyIfNoEffect ( )
inline

org.keycloak.authorization.policy.evaluation.Evaluationを実装しています。

142  {
143  if (this.effect == null) {
144  deny();
145  }
146  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.deny
void deny()
Definition: DefaultEvaluation.java:101
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.effect
Effect effect
Definition: DefaultEvaluation.java:58

◆ getAuthorizationProvider()

AuthorizationProvider org.keycloak.authorization.policy.evaluation.DefaultEvaluation.getAuthorizationProvider ( )
inline

org.keycloak.authorization.policy.evaluation.Evaluationを実装しています。

125  {
126  return authorizationProvider;
127  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.authorizationProvider
final AuthorizationProvider authorizationProvider
Definition: DefaultEvaluation.java:55

◆ getContext()

EvaluationContext org.keycloak.authorization.policy.evaluation.DefaultEvaluation.getContext ( )
inline

org.keycloak.authorization.policy.evaluation.Evaluationを実装しています。

85  {
86  return this.executionContext;
87  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.executionContext
final EvaluationContext executionContext
Definition: DefaultEvaluation.java:51

◆ getDecisionCache()

Map<Policy, Map<Object, Effect> > org.keycloak.authorization.policy.evaluation.DefaultEvaluation.getDecisionCache ( )
inline
137  {
138  return decisionCache;
139  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.decisionCache
Map< Policy, Map< Object, Effect > > decisionCache
Definition: DefaultEvaluation.java:56

◆ getEffect()

Effect org.keycloak.authorization.policy.evaluation.DefaultEvaluation.getEffect ( )
inline
133  {
134  return effect;
135  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.effect
Effect effect
Definition: DefaultEvaluation.java:58

◆ getParentPolicy()

Policy org.keycloak.authorization.policy.evaluation.DefaultEvaluation.getParentPolicy ( )
inline
129  {
130  return this.parentPolicy;
131  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.parentPolicy
final Policy parentPolicy
Definition: DefaultEvaluation.java:54

◆ getPermission()

ResourcePermission org.keycloak.authorization.policy.evaluation.DefaultEvaluation.getPermission ( )
inline

org.keycloak.authorization.policy.evaluation.Evaluationを実装しています。

80  {
81  return this.permission;
82  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.permission
final ResourcePermission permission
Definition: DefaultEvaluation.java:50

◆ getPolicy()

Policy org.keycloak.authorization.policy.evaluation.DefaultEvaluation.getPolicy ( )
inline

org.keycloak.authorization.policy.evaluation.Evaluationを実装しています。

112  {
113  if (policy == null) {
114  return parentPolicy;
115  }
116  return this.policy;
117  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.parentPolicy
final Policy parentPolicy
Definition: DefaultEvaluation.java:54
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.policy
Policy policy
Definition: DefaultEvaluation.java:53

◆ getRealm()

Realm org.keycloak.authorization.policy.evaluation.DefaultEvaluation.getRealm ( )
inline

org.keycloak.authorization.policy.evaluation.Evaluationを実装しています。

120  {
121  return realm;
122  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.realm
final Realm realm
Definition: DefaultEvaluation.java:57

◆ grant()

void org.keycloak.authorization.policy.evaluation.DefaultEvaluation.grant ( )
inline

org.keycloak.authorization.policy.evaluation.Evaluationを実装しています。

90  {
91  if (policy != null && Logic.NEGATIVE.equals(policy.getLogic())) {
92  this.effect = Effect.DENY;
93  } else {
94  this.effect = Effect.PERMIT;
95  }
96 
97  this.decision.onDecision(this);
98  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.decision
final Decision decision
Definition: DefaultEvaluation.java:52
org.keycloak.authorization.Decision.Effect.DENY
DENY
Definition: Decision.java:31
org.keycloak.authorization.Decision.Effect.PERMIT
PERMIT
Definition: Decision.java:30
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.effect
Effect effect
Definition: DefaultEvaluation.java:58
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.policy
Policy policy
Definition: DefaultEvaluation.java:53

◆ setEffect()

void org.keycloak.authorization.policy.evaluation.DefaultEvaluation.setEffect ( Effect  effect)
inline
277  {
278  if (Effect.PERMIT.equals(effect)) {
279  grant();
280  } else {
281  deny();
282  }
283  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.deny
void deny()
Definition: DefaultEvaluation.java:101
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.grant
void grant()
Definition: DefaultEvaluation.java:90
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.effect
Effect effect
Definition: DefaultEvaluation.java:58

◆ setPolicy()

void org.keycloak.authorization.policy.evaluation.DefaultEvaluation.setPolicy ( Policy  policy)
inline
272  {
273  this.policy = policy;
274  this.effect = null;
275  }
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.effect
Effect effect
Definition: DefaultEvaluation.java:58
org.keycloak.authorization.policy.evaluation.DefaultEvaluation.policy
Policy policy
Definition: DefaultEvaluation.java:53

メンバ詳解

◆ authorizationProvider

final AuthorizationProvider org.keycloak.authorization.policy.evaluation.DefaultEvaluation.authorizationProvider
private

◆ decision

final Decision org.keycloak.authorization.policy.evaluation.DefaultEvaluation.decision
private

◆ decisionCache

Map<Policy, Map<Object, Effect> > org.keycloak.authorization.policy.evaluation.DefaultEvaluation.decisionCache
private

◆ effect

Effect org.keycloak.authorization.policy.evaluation.DefaultEvaluation.effect
private

◆ executionContext

final EvaluationContext org.keycloak.authorization.policy.evaluation.DefaultEvaluation.executionContext
private

◆ parentPolicy

final Policy org.keycloak.authorization.policy.evaluation.DefaultEvaluation.parentPolicy
private

◆ permission

final ResourcePermission org.keycloak.authorization.policy.evaluation.DefaultEvaluation.permission
private

◆ policy

Policy org.keycloak.authorization.policy.evaluation.DefaultEvaluation.policy
private

◆ realm

final Realm org.keycloak.authorization.policy.evaluation.DefaultEvaluation.realm
private
このクラス詳解は次のファイルから抽出されました:
2018年10月29日(月) 00時34分20秒作成 - keycloak / 構成:   doxygen 1.8.13