org.keycloak.authorization.policy.evaluation.DecisionResultCollector クラス

org.keycloak.authorization.policy.evaluation.DecisionResultCollector の継承関係図

org.keycloak.authorization.policy.evaluation.DecisionResultCollector 連携図

公開メンバ関数
void	onDecision (DefaultEvaluation evaluation)
void	onDecision (D evaluation)
void	onComplete ()
void	onComplete (ResourcePermission permission)
default void	onError (Throwable cause)

限定公開メンバ関数
void	onComplete (Result result)
void	onComplete (Collection< Result > permissions)
boolean	isGranted (Result.PolicyResult policyResult)

限定公開変数類
final Map< ResourcePermission, Result >	results = new LinkedHashMap<>()

詳解

著者

Pedro Igor

関数詳解

isGranted()

boolean org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.isGranted ( Result.PolicyResult  policyResult )

inlineprotectedinherited

                                                                  {
        Policy policy = policyResult.getPolicy();
        DecisionStrategy decisionStrategy = policy.getDecisionStrategy();

        switch (decisionStrategy) {
            case AFFIRMATIVE:
                for (Result.PolicyResult decision : policyResult.getAssociatedPolicies()) {
                    if (Effect.PERMIT.equals(decision.getEffect())) {
                        return true;
                    }
                }
                return false;
            case CONSENSUS:
                int grantCount = 0;
                int denyCount = policy.getAssociatedPolicies().size();

                for (Result.PolicyResult decision : policyResult.getAssociatedPolicies()) {
                    if (decision.getEffect().equals(Effect.PERMIT)) {
                        grantCount++;
                        denyCount--;
                    }
                }

                return grantCount > denyCount;
            default:
                // defaults to UNANIMOUS
                for (Result.PolicyResult decision : policyResult.getAssociatedPolicies()) {
                    if (Effect.DENY.equals(decision.getEffect())) {
                        return false;
                    }
                }
                return true;
        }
    }

onComplete() [1/4]

void org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.onComplete ( )

inlineinherited

org.keycloak.authorization.Decision< D extends Evaluation >を実装しています。

                             {
        onComplete(results.values());
    }

onComplete() [2/4]

void org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.onComplete ( ResourcePermission  permission )

inlineinherited

org.keycloak.authorization.Decision< D extends Evaluation >を実装しています。

                                                          {
        Result result = results.get(permission);

        if (result != null) {
            onComplete(result);
        }
    }

onComplete() [3/4]

void org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.onComplete ( Result  result )

inlineprotectedinherited

                                             {

    }

onComplete() [4/4]

void org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.onComplete ( Collection< Result >  permissions )

inlineprotectedinherited

                                                              {

    }

onDecision() [1/2]

void org.keycloak.authorization.Decision< D extends Evaluation >.onDecision ( D  evaluation )

inherited

onDecision() [2/2]

void org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.onDecision ( DefaultEvaluation  evaluation )

inlineinherited

                                                         {
        Policy parentPolicy = evaluation.getParentPolicy();
        ResourcePermission permission = evaluation.getPermission();

        if (parentPolicy != null) {
            if (parentPolicy.equals(evaluation.getPolicy())) {
                results.computeIfAbsent(permission, permission1 -> {
                    for (Result result : results.values()) {
                        Result.PolicyResult policyResult = result.getPolicy(parentPolicy);

                        if (policyResult != null) {
                            Result newResult = new Result(permission1, evaluation);
                            Result.PolicyResult newPolicyResult = newResult.policy(parentPolicy);

                            for (Result.PolicyResult associatePolicy : policyResult.getAssociatedPolicies()) {
                                newPolicyResult.policy(associatePolicy.getPolicy(), associatePolicy.getEffect());
                            }

                            Map<String, Set<String>> claims = result.getPermission().getClaims();

                            if (!claims.isEmpty()) {
                                permission1.addClaims(claims);
                            }

                            return newResult;
                        }
                    }

                    return null;
                }).policy(parentPolicy);
            } else {
                results.computeIfAbsent(permission, p -> new Result(p, evaluation)).policy(parentPolicy).policy(evaluation.getPolicy(), evaluation.getEffect());
            }
        } else {
            results.computeIfAbsent(permission, p -> new Result(p, evaluation)).setStatus(evaluation.getEffect());
        }
    }

onError()

default void org.keycloak.authorization.Decision< D extends Evaluation >.onError ( Throwable  cause )

inlineinherited

org.keycloak.authorization.policy.evaluation.DecisionPermissionCollectorで実装されています。

                                          {
        throw new RuntimeException("Not implemented.", cause);
    }

メンバ詳解

results

final Map<ResourcePermission, Result> org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.results = new LinkedHashMap<>()

protectedinherited

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionResultCollector.java