org.keycloak.services.resources.admin.ClientResource クラス

org.keycloak.services.resources.admin.ClientResource 連携図

公開メンバ関数
	ClientResource (RealmModel realm, AdminPermissionEvaluator auth, ClientModel clientModel, KeycloakSession session, AdminEventBuilder adminEvent)
ProtocolMappersResource	getProtocolMappers ()
Response	update (final ClientRepresentation rep)
ClientRepresentation	getClient ()
ClientAttributeCertificateResource	getCertficateResource (@PathParam("attr") String attributePrefix)
Response	getInstallationProvider (@PathParam("providerId") String providerId)
void	deleteClient ()
CredentialRepresentation	regenerateSecret ()
ClientRepresentation	regenerateRegistrationAccessToken ()
CredentialRepresentation	getClientSecret ()
ScopeMappedResource	getScopeMappedResource ()
RoleContainerResource	getRoleContainerResource ()
List< ClientScopeRepresentation >	getDefaultClientScopes ()
void	addDefaultClientScope (@PathParam("clientScopeId") String clientScopeId)
void	removeDefaultClientScope (@PathParam("clientScopeId") String clientScopeId)
List< ClientScopeRepresentation >	getOptionalClientScopes ()
void	addOptionalClientScope (@PathParam("clientScopeId") String clientScopeId)
void	removeOptionalClientScope (@PathParam("clientScopeId") String clientScopeId)
ClientScopeEvaluateResource	clientScopeEvaluateResource ()
UserRepresentation	getServiceAccountUser ()
GlobalRequestResult	pushRevocation ()
Map< String, Long >	getApplicationSessionCount ()
List< UserSessionRepresentation >	getUserSessions (@QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults)
Map< String, Long >	getOfflineSessionCount ()
List< UserSessionRepresentation >	getOfflineUserSessions (@QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults)
void	registerNode (Map< String, String > formParams)
void	unregisterNode (final @PathParam("node") String node)
GlobalRequestResult	testNodesAvailable ()
AuthorizationService	authorization ()
ManagementPermissionReference	getManagementPermissions ()
ManagementPermissionReference	setManagementPermissionsEnabled (ManagementPermissionReference ref)

静的公開メンバ関数
static ManagementPermissionReference	toMgmtRef (ClientModel client, AdminPermissionManagement permissions)

限定公開メンバ関数
KeycloakApplication	getKeycloakApplication ()

限定公開変数類
RealmModel	realm
ClientModel	client
KeycloakSession	session
KeycloakApplication	keycloak
ClientConnection	clientConnection

静的限定公開変数類
static final Logger	logger = Logger.getLogger(ClientResource.class)

非公開メンバ関数
List< ClientScopeRepresentation >	getDefaultClientScopes (boolean defaultScope)
void	addDefaultClientScope (String clientScopeId, boolean defaultScope)
void	updateClientFromRep (ClientRepresentation rep, ClientModel client, KeycloakSession session) throws ModelDuplicateException
void	updateAuthorizationSettings (ClientRepresentation rep)

非公開変数類
AdminPermissionEvaluator	auth
AdminEventBuilder	adminEvent

詳解

Base resource class for managing one particular client of a realm.

Clients

著者

Bill Burke

バージョン

Revision

1

構築子と解体子

ClientResource()

org.keycloak.services.resources.admin.ClientResource.ClientResource ( RealmModel  realm, AdminPermissionEvaluator  auth, ClientModel  clientModel, KeycloakSession  session, AdminEventBuilder  adminEvent  )

inline

                                                                                                                                                           {
        this.realm = realm;
        this.auth = auth;
        this.client = clientModel;
        this.session = session;
        this.adminEvent = adminEvent.resource(ResourceType.CLIENT);
    }

関数詳解

addDefaultClientScope() [1/2]

void org.keycloak.services.resources.admin.ClientResource.addDefaultClientScope ( @PathParam("clientScopeId") String  clientScopeId )

inline

                                                                                        {
        addDefaultClientScope(clientScopeId,true);
    }

addDefaultClientScope() [2/2]

void org.keycloak.services.resources.admin.ClientResource.addDefaultClientScope ( String  clientScopeId, boolean  defaultScope  )

inlineprivate

                                                                                   {
        auth.clients().requireManage(client);

        ClientScopeModel clientScope = realm.getClientScopeById(clientScopeId);
        if (clientScope == null) {
            throw new org.jboss.resteasy.spi.NotFoundException("Client scope not found");
        }
        client.addClientScope(clientScope, defaultScope);

        adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLIENT).resourcePath(session.getContext().getUri()).success();
    }

addOptionalClientScope()

void org.keycloak.services.resources.admin.ClientResource.addOptionalClientScope ( @PathParam("clientScopeId") String  clientScopeId )

inline

                                                                                         {
        addDefaultClientScope(clientScopeId, false);
    }

authorization()

AuthorizationService org.keycloak.services.resources.admin.ClientResource.authorization ( )

inline

                                                {
        AuthorizationService resource = new AuthorizationService(this.session, this.client, this.auth, adminEvent);

        ResteasyProviderFactory.getInstance().injectProperties(resource);

        return resource;
    }

clientScopeEvaluateResource()

ClientScopeEvaluateResource org.keycloak.services.resources.admin.ClientResource.clientScopeEvaluateResource ( )

inline

                                                                     {
        return new ClientScopeEvaluateResource(session, session.getContext().getUri(), realm, auth, client, clientConnection);
    }

deleteClient()

void org.keycloak.services.resources.admin.ClientResource.deleteClient ( )

inline

Delete the client

                               {
        auth.clients().requireManage(client);

        if (client == null) {
            throw new NotFoundException("Could not find client");
        }

        new ClientManager(new RealmManager(session)).removeClient(realm, client);
        adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
    }

getApplicationSessionCount()

Map<String, Long> org.keycloak.services.resources.admin.ClientResource.getApplicationSessionCount ( )

inline

Get application session count

Returns a number of user sessions associated with this client

{ "count": number }

戻り値

                                                          {
        auth.clients().requireView(client);

        Map<String, Long> map = new HashMap<>();
        map.put("count", session.sessions().getActiveUserSessions(client.getRealm(), client));
        return map;
    }

getCertficateResource()

ClientAttributeCertificateResource org.keycloak.services.resources.admin.ClientResource.getCertficateResource ( @PathParam("attr") String  attributePrefix )

inline

Get representation of certificate resource

引数

attributePrefix

戻り値

                                                                                                               {
        return new ClientAttributeCertificateResource(realm, auth, client, session, attributePrefix, adminEvent);
    }

getClient()

ClientRepresentation org.keycloak.services.resources.admin.ClientResource.getClient ( )

inline

Get representation of the client

戻り値

                                            {
        auth.clients().requireView(client);

        ClientRepresentation representation = ModelToRepresentation.toRepresentation(client, session);

        representation.setAccess(auth.clients().getAccess(client));

        return representation;
    }

getClientSecret()

CredentialRepresentation org.keycloak.services.resources.admin.ClientResource.getClientSecret ( )

inline

Get the client secret

戻り値

                                                      {
        auth.clients().requireView(client);

        logger.debug("getClientSecret");
        UserCredentialModel model = UserCredentialModel.secret(client.getSecret());
        if (model == null) throw new NotFoundException("Client does not have a secret");
        return ModelToRepresentation.toRepresentation(model);
    }

getDefaultClientScopes() [1/2]

List<ClientScopeRepresentation> org.keycloak.services.resources.admin.ClientResource.getDefaultClientScopes ( )

inline

Get default client scopes. Only name and ids are returned.

戻り値

                                                                    {
        return getDefaultClientScopes(true);
    }

getDefaultClientScopes() [2/2]

List<ClientScopeRepresentation> org.keycloak.services.resources.admin.ClientResource.getDefaultClientScopes ( boolean  defaultScope )

inlineprivate

                                                                                         {
        auth.clients().requireView(client);

        List<ClientScopeRepresentation> defaults = new LinkedList<>();
        for (ClientScopeModel clientScope : client.getClientScopes(defaultScope, true).values()) {
            ClientScopeRepresentation rep = new ClientScopeRepresentation();
            rep.setId(clientScope.getId());
            rep.setName(clientScope.getName());
            defaults.add(rep);
        }
        return defaults;
    }

getInstallationProvider()

Response org.keycloak.services.resources.admin.ClientResource.getInstallationProvider ( @PathParam("providerId") String  providerId )

inline

                                                                                        {
        auth.clients().requireView(client);

        ClientInstallationProvider provider = session.getProvider(ClientInstallationProvider.class, providerId);
        if (provider == null) throw new NotFoundException("Unknown Provider");
        return provider.generateInstallation(session, realm, client, keycloak.getBaseUri(session.getContext().getUri()));
    }

getKeycloakApplication()

KeycloakApplication org.keycloak.services.resources.admin.ClientResource.getKeycloakApplication ( )

inlineprotected

                                                           {
        return keycloak;
    }

getManagementPermissions()

ManagementPermissionReference org.keycloak.services.resources.admin.ClientResource.getManagementPermissions ( )

inline

Return object stating whether client Authorization permissions have been initialized or not and a reference

戻り値

                                                                    {
        auth.roles().requireView(client);

        AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
        if (!permissions.clients().isPermissionsEnabled(client)) {
            return new ManagementPermissionReference();
        }
        return toMgmtRef(client, permissions);
    }

getOfflineSessionCount()

Map<String, Long> org.keycloak.services.resources.admin.ClientResource.getOfflineSessionCount ( )

inline

Get application offline session count

Returns a number of offline user sessions associated with this client

{ "count": number }

戻り値

                                                      {
        auth.clients().requireView(client);

        Map<String, Long> map = new HashMap<>();
        map.put("count", session.sessions().getOfflineSessionsCount(client.getRealm(), client));
        return map;
    }

getOfflineUserSessions()

List<UserSessionRepresentation> org.keycloak.services.resources.admin.ClientResource.getOfflineUserSessions ( @QueryParam("first") Integer  firstResult, @QueryParam("max") Integer  maxResults  )

inline

Get offline sessions for client

Returns a list of offline user sessions associated with this client

引数

firstResult	Paging offset
maxResults	Maximum results size (defaults to 100)

戻り値

                                                                                                                                                   {
        auth.clients().requireView(client);

        firstResult = firstResult != null ? firstResult : -1;
        maxResults = maxResults != null ? maxResults : Constants.DEFAULT_MAX_RESULTS;
        List<UserSessionRepresentation> sessions = new ArrayList<UserSessionRepresentation>();
        List<UserSessionModel> userSessions = session.sessions().getOfflineUserSessions(client.getRealm(), client, firstResult, maxResults);
        for (UserSessionModel userSession : userSessions) {
            UserSessionRepresentation rep = ModelToRepresentation.toRepresentation(userSession);

            // Update lastSessionRefresh with the timestamp from clientSession
            for (Map.Entry<String, AuthenticatedClientSessionModel> csEntry : userSession.getAuthenticatedClientSessions().entrySet()) {
                String clientUuid = csEntry.getKey();
                AuthenticatedClientSessionModel clientSession = csEntry.getValue();

                if (client.getId().equals(clientUuid)) {
                    rep.setLastAccess(Time.toMillis(clientSession.getTimestamp()));
                    break;
                }
            }

            sessions.add(rep);
        }
        return sessions;
    }

getOptionalClientScopes()

List<ClientScopeRepresentation> org.keycloak.services.resources.admin.ClientResource.getOptionalClientScopes ( )

inline

Get optional client scopes. Only name and ids are returned.

戻り値

                                                                     {
        return getDefaultClientScopes(false);
    }

getProtocolMappers()

ProtocolMappersResource org.keycloak.services.resources.admin.ClientResource.getProtocolMappers ( )

inline

                                                        {
        AdminPermissionEvaluator.RequirePermissionCheck manageCheck = () -> auth.clients().requireManage(client);
        AdminPermissionEvaluator.RequirePermissionCheck viewCheck = () -> auth.clients().requireView(client);
        ProtocolMappersResource mappers = new ProtocolMappersResource(realm, client, auth, adminEvent, manageCheck, viewCheck);
        ResteasyProviderFactory.getInstance().injectProperties(mappers);
        return mappers;
    }

getRoleContainerResource()

RoleContainerResource org.keycloak.services.resources.admin.ClientResource.getRoleContainerResource ( )

inline

                                                            {
        return new RoleContainerResource(session, session.getContext().getUri(), realm, auth, client, adminEvent);
    }

getScopeMappedResource()

ScopeMappedResource org.keycloak.services.resources.admin.ClientResource.getScopeMappedResource ( )

inline

Base path for managing the scope mappings for the client

戻り値

                                                        {
        AdminPermissionEvaluator.RequirePermissionCheck manageCheck = () -> auth.clients().requireManage(client);
        AdminPermissionEvaluator.RequirePermissionCheck viewCheck = () -> auth.clients().requireView(client);
        return new ScopeMappedResource(realm, auth, client, session, adminEvent, manageCheck, viewCheck);
    }

getServiceAccountUser()

UserRepresentation org.keycloak.services.resources.admin.ClientResource.getServiceAccountUser ( )

inline

Get a user dedicated to the service account

戻り値

                                                      {
        auth.clients().requireView(client);

        UserModel user = session.users().getServiceAccount(client);
        if (user == null) {
            if (client.isServiceAccountsEnabled()) {
                new ClientManager(new RealmManager(session)).enableServiceAccount(client);
                user = session.users().getServiceAccount(client);
            } else {
                throw new BadRequestException("Service account not enabled for the client '" + client.getClientId() + "'");
            }
        }

        return ModelToRepresentation.toRepresentation(session, realm, user);
    }

getUserSessions()

List<UserSessionRepresentation> org.keycloak.services.resources.admin.ClientResource.getUserSessions ( @QueryParam("first") Integer  firstResult, @QueryParam("max") Integer  maxResults  )

inline

Get user sessions for client

Returns a list of user sessions associated with this client

引数

firstResult	Paging offset
maxResults	Maximum results size (defaults to 100)

戻り値

                                                                                                                                            {
        auth.clients().requireView(client);

        firstResult = firstResult != null ? firstResult : -1;
        maxResults = maxResults != null ? maxResults : Constants.DEFAULT_MAX_RESULTS;
        List<UserSessionRepresentation> sessions = new ArrayList<UserSessionRepresentation>();
        for (UserSessionModel userSession : session.sessions().getUserSessions(client.getRealm(), client, firstResult, maxResults)) {
            UserSessionRepresentation rep = ModelToRepresentation.toRepresentation(userSession);
            sessions.add(rep);
        }
        return sessions;
    }

pushRevocation()

GlobalRequestResult org.keycloak.services.resources.admin.ClientResource.pushRevocation ( )

inline

Push the client's revocation policy to its admin URL

If the client has an admin URL, push revocation policy to it.

                                                {
        auth.clients().requireConfigure(client);

        adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).resource(ResourceType.CLIENT).success();
        return new ResourceAdminManager(session).pushClientRevocationPolicy(session.getContext().getUri().getRequestUri(), realm, client);

    }

regenerateRegistrationAccessToken()

ClientRepresentation org.keycloak.services.resources.admin.ClientResource.regenerateRegistrationAccessToken ( )

inline

Generate a new registration access token for the client

戻り値

                                                                    {
        auth.clients().requireManage(client);

        String token = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, realm, client, RegistrationAuth.AUTHENTICATED);

        ClientRepresentation rep = ModelToRepresentation.toRepresentation(client, session);
        rep.setRegistrationAccessToken(token);

        adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(rep).success();
        return rep;
    }

regenerateSecret()

CredentialRepresentation org.keycloak.services.resources.admin.ClientResource.regenerateSecret ( )

inline

Generate a new secret for the client

戻り値

                                                       {
        auth.clients().requireConfigure(client);

        logger.debug("regenerateSecret");
        UserCredentialModel cred = KeycloakModelUtils.generateSecret(client);
        CredentialRepresentation rep = ModelToRepresentation.toRepresentation(cred);
        adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(rep).success();
        return rep;
    }

registerNode()

void org.keycloak.services.resources.admin.ClientResource.registerNode ( Map< String, String >  formParams )

inline

Register a cluster node with the client

Manually register cluster node to this client - usually it's not needed to call this directly as adapter should handle by sending registration request to Keycloak

引数

formParams

                                                             {
        auth.clients().requireConfigure(client);

        String node = formParams.get("node");
        if (node == null) {
            throw new BadRequestException("Node not found in params");
        }
        if (logger.isDebugEnabled()) logger.debug("Register node: " + node);
        client.registerNode(node, Time.currentTime());
        adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLUSTER_NODE).resourcePath(session.getContext().getUri(), node).success();
    }

removeDefaultClientScope()

void org.keycloak.services.resources.admin.ClientResource.removeDefaultClientScope ( @PathParam("clientScopeId") String  clientScopeId )

inline

                                                                                           {
        auth.clients().requireManage(client);

        ClientScopeModel clientScope = realm.getClientScopeById(clientScopeId);
        if (clientScope == null) {
            throw new org.jboss.resteasy.spi.NotFoundException("Client scope not found");
        }
        client.removeClientScope(clientScope);

        adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLIENT).resourcePath(session.getContext().getUri()).success();
    }

removeOptionalClientScope()

void org.keycloak.services.resources.admin.ClientResource.removeOptionalClientScope ( @PathParam("clientScopeId") String  clientScopeId )

inline

                                                                                            {
        removeDefaultClientScope(clientScopeId);
    }

setManagementPermissionsEnabled()

ManagementPermissionReference org.keycloak.services.resources.admin.ClientResource.setManagementPermissionsEnabled ( ManagementPermissionReference  ref )

inline

Return object stating whether client Authorization permissions have been initialized or not and a reference

戻り値

initialized manage permissions reference

                                                                                                            {
        auth.clients().requireManage(client);
        AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
        permissions.clients().setPermissionsEnabled(client, ref.isEnabled());
        if (ref.isEnabled()) {
            return toMgmtRef(client, permissions);
        } else {
            return new ManagementPermissionReference();
        }
    }

testNodesAvailable()

GlobalRequestResult org.keycloak.services.resources.admin.ClientResource.testNodesAvailable ( )

inline

Test if registered cluster nodes are available

Tests availability by sending 'ping' request to all cluster nodes.

戻り値

                                                    {
        auth.clients().requireConfigure(client);

        logger.debug("Test availability of cluster nodes");
        GlobalRequestResult result = new ResourceAdminManager(session).testNodesAvailability(session.getContext().getUri().getRequestUri(), realm, client);
        adminEvent.operation(OperationType.ACTION).resource(ResourceType.CLUSTER_NODE).resourcePath(session.getContext().getUri()).representation(result).success();
        return result;
    }

toMgmtRef()

static ManagementPermissionReference org.keycloak.services.resources.admin.ClientResource.toMgmtRef ( ClientModel  client, AdminPermissionManagement  permissions  )

inlinestatic

                                                                                                                     {
        ManagementPermissionReference ref = new ManagementPermissionReference();
        ref.setEnabled(true);
        ref.setResource(permissions.clients().resource(client).getId());
        ref.setScopePermissions(permissions.clients().getPermissions(client));
        return ref;
    }

unregisterNode()

void org.keycloak.services.resources.admin.ClientResource.unregisterNode ( final @PathParam("node") String  node )

inline

Unregister a cluster node from the client

引数

node

                                                                     {
        auth.clients().requireConfigure(client);

        if (logger.isDebugEnabled()) logger.debug("Unregister node: " + node);

        Integer time = client.getRegisteredNodes().get(node);
        if (time == null) {
            throw new NotFoundException("Client does not have node ");
        }
        client.unregisterNode(node);
        adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLUSTER_NODE).resourcePath(session.getContext().getUri()).success();
    }

update()

Response org.keycloak.services.resources.admin.ClientResource.update ( final ClientRepresentation  rep )

inline

Update the client

引数

rep

戻り値

                                                           {
        auth.clients().requireConfigure(client);

        ValidationMessages validationMessages = new ValidationMessages();
        if (!ClientValidator.validate(rep, validationMessages) || !PairwiseClientValidator.validate(session, rep, validationMessages)) {
            Properties messages = AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale());
            throw new ErrorResponseException(
                    validationMessages.getStringMessages(),
                    validationMessages.getStringMessages(messages),
                    Response.Status.BAD_REQUEST
            );
        }

        try {
            updateClientFromRep(rep, client, session);
            adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
            updateAuthorizationSettings(rep);
            return Response.noContent().build();
        } catch (ModelDuplicateException e) {
            return ErrorResponse.exists("Client " + rep.getClientId() + " already exists");
        }
    }

updateAuthorizationSettings()

void org.keycloak.services.resources.admin.ClientResource.updateAuthorizationSettings ( ClientRepresentation  rep )

inlineprivate

                                                                       {
        if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
            authorization().enable(false);
        } else {
            authorization().disable();
        }
    }

updateClientFromRep()

void org.keycloak.services.resources.admin.ClientResource.updateClientFromRep ( ClientRepresentation  rep, ClientModel  client, KeycloakSession  session  ) throws ModelDuplicateException

inlineprivate

                                                                                                                                           {
        UserModel serviceAccount = this.session.users().getServiceAccount(client);
        if (TRUE.equals(rep.isServiceAccountsEnabled())) {
            if (serviceAccount == null) {
                new ClientManager(new RealmManager(session)).enableServiceAccount(client);
            }
        }
        else {
            if (serviceAccount != null) {
                new UserManager(session).removeUser(realm, serviceAccount);
            }
        }

        if (!rep.getClientId().equals(client.getClientId())) {
            new ClientManager(new RealmManager(session)).clientIdChanged(client, rep.getClientId());
        }

        if (rep.isFullScopeAllowed() != null && rep.isFullScopeAllowed() != client.isFullScopeAllowed()) {
            auth.clients().requireManage(client);
        }

        RepresentationToModel.updateClient(rep, client);
    }

メンバ詳解

adminEvent

AdminEventBuilder org.keycloak.services.resources.admin.ClientResource.adminEvent

private

auth

AdminPermissionEvaluator org.keycloak.services.resources.admin.ClientResource.auth

private

client

ClientModel org.keycloak.services.resources.admin.ClientResource.client

protected

clientConnection

ClientConnection org.keycloak.services.resources.admin.ClientResource.clientConnection

protected

keycloak

KeycloakApplication org.keycloak.services.resources.admin.ClientResource.keycloak

protected

logger

final Logger org.keycloak.services.resources.admin.ClientResource.logger = Logger.getLogger(ClientResource.class)

staticprotected

realm

RealmModel org.keycloak.services.resources.admin.ClientResource.realm

protected

session

KeycloakSession org.keycloak.services.resources.admin.ClientResource.session

protected

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/services/resources/admin/ClientResource.java