org.keycloak.services.managers.ClientManager 連携図

クラス
class	InstallationAdapterConfig

公開メンバ関数
	ClientManager (RealmManager realmManager)

	ClientManager ()

boolean	removeClient (RealmModel realm, ClientModel client)

Set< String >	validateRegisteredNodes (ClientModel client)

void	enableServiceAccount (ClientModel client)

void	clientIdChanged (ClientModel client, String newClientId)

InstallationAdapterConfig	toInstallationRepresentation (RealmModel realmModel, ClientModel clientModel, URI baseUri)

String	toJBossSubsystemConfig (RealmModel realmModel, ClientModel clientModel, URI baseUri)

静的公開メンバ関数
static ClientModel	createClient (KeycloakSession session, RealmModel realm, ClientRepresentation rep, boolean addDefaultRoles)

限定公開変数類
RealmManager	realmManager

非公開メンバ関数
boolean	showClientCredentialsAdapterConfig (ClientModel client)

Map< String, Object >	getClientCredentialsAdapterConfig (ClientModel client)

静的非公開変数類
static final Logger	logger = Logger.getLogger(ClientManager.class)

詳解

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ ClientManager() [1/2]

org.keycloak.services.managers.ClientManager.ClientManager ( RealmManager realmManager )

inline

                                                     {
         this.realmManager = realmManager;
     }

◆ ClientManager() [2/2]

org.keycloak.services.managers.ClientManager.ClientManager ( )

inline

65 {

66 }

関数詳解

◆ clientIdChanged()

void org.keycloak.services.managers.ClientManager.clientIdChanged	(	ClientModel	client,
		String	newClientId
	)

inline

                                                                         {
         logger.debugf("Updating clientId from '%s' to '%s'", client.getClientId(), newClientId);
 
         UserModel serviceAccountUser = realmManager.getSession().users().getServiceAccount(client);
         if (serviceAccountUser != null) {
             String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + newClientId;
             serviceAccountUser.setUsername(username);
             serviceAccountUser.setEmail(username + "@placeholder.org");
         }
     }

◆ createClient()

static ClientModel org.keycloak.services.managers.ClientManager.createClient	(	KeycloakSession	session,
		RealmModel	realm,
		ClientRepresentation	rep,
		boolean	addDefaultRoles
	)

inlinestatic

Should not be called from an import. This really expects that the client is created from the admin console.

引数

session
realm
rep
addDefaultRoles

戻り値

                                                                                                                                          {
         ClientModel client = RepresentationToModel.createClient(session, realm, rep, addDefaultRoles);
 
         if (rep.getProtocol() != null) {
             LoginProtocolFactory providerFactory = (LoginProtocolFactory) session.getKeycloakSessionFactory().getProviderFactory(LoginProtocol.class, rep.getProtocol());
             providerFactory.setupClientDefaults(rep, client);
         }
 
 
         // remove default mappers if there is a template
         if (rep.getProtocolMappers() == null && rep.getClientTemplate() != null) {
             Set<ProtocolMapperModel> mappers = client.getProtocolMappers();
             for (ProtocolMapperModel mapper : mappers) client.removeProtocolMapper(mapper);
         }
         return client;
 
     }

◆ enableServiceAccount()

void org.keycloak.services.managers.ClientManager.enableServiceAccount ( ClientModel client )

inline

                                                          {
         client.setServiceAccountsEnabled(true);
 
         // Add dedicated user for this service account
         if (realmManager.getSession().users().getServiceAccount(client) == null) {
             String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId();
             logger.debugf("Creating service account user '%s'", username);
 
             // Don't use federation for service account user
             UserModel user = realmManager.getSession().userLocalStorage().addUser(client.getRealm(), username);
             user.setEnabled(true);
             user.setEmail(username + "@placeholder.org");
             user.setServiceAccountClientLink(client.getId());
         }
 
         // Add protocol mappers to retrieve clientId in access token
         if (client.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER) == null) {
             logger.debugf("Creating service account protocol mapper '%s' for client '%s'", ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER, client.getClientId());
             ProtocolMapperModel protocolMapper = UserSessionNoteMapper.createClaimMapper(ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER,
                     ServiceAccountConstants.CLIENT_ID,
                     ServiceAccountConstants.CLIENT_ID, "String",
                     true, true);
             client.addProtocolMapper(protocolMapper);
         }
 
         // Add protocol mappers to retrieve hostname and IP address of client in access token
         if (client.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER) == null) {
             logger.debugf("Creating service account protocol mapper '%s' for client '%s'", ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER, client.getClientId());
             ProtocolMapperModel protocolMapper = UserSessionNoteMapper.createClaimMapper(ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER,
                     ServiceAccountConstants.CLIENT_HOST,
                     ServiceAccountConstants.CLIENT_HOST, "String",
                     true, true);
             client.addProtocolMapper(protocolMapper);
         }
 
         if (client.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER) == null) {
             logger.debugf("Creating service account protocol mapper '%s' for client '%s'", ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER, client.getClientId());
             ProtocolMapperModel protocolMapper = UserSessionNoteMapper.createClaimMapper(ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER,
                     ServiceAccountConstants.CLIENT_ADDRESS,
                     ServiceAccountConstants.CLIENT_ADDRESS, "String",
                     true, true);
             client.addProtocolMapper(protocolMapper);
         }
     }

◆ getClientCredentialsAdapterConfig()

Map<String, Object> org.keycloak.services.managers.ClientManager.getClientCredentialsAdapterConfig ( ClientModel client )

inlineprivate

                                                                                       {
         String clientAuthenticator = client.getClientAuthenticatorType();
         ClientAuthenticatorFactory authenticator = (ClientAuthenticatorFactory) realmManager.getSession().getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, clientAuthenticator);
         return authenticator.getAdapterConfiguration(client);
     }

◆ removeClient()

boolean org.keycloak.services.managers.ClientManager.removeClient	(	RealmModel	realm,
		ClientModel	client
	)

inline

                                                                       {
         if (realm.removeClient(client.getId())) {
             UserSessionProvider sessions = realmManager.getSession().sessions();
             if (sessions != null) {
                 sessions.onClientRemoved(realm, client);
             }
 
             UserSessionPersisterProvider sessionsPersister = realmManager.getSession().getProvider(UserSessionPersisterProvider.class);
             if (sessionsPersister != null) {
                 sessionsPersister.onClientRemoved(realm, client);
             }
 
             AuthenticationSessionProvider authSessions = realmManager.getSession().authenticationSessions();
             if (authSessions != null) {
                 authSessions.onClientRemoved(realm, client);
             }
 
             UserModel serviceAccountUser = realmManager.getSession().users().getServiceAccount(client);
             if (serviceAccountUser != null) {
                 new UserManager(realmManager.getSession()).removeUser(realm, serviceAccountUser);
             }
 
             return true;
         } else {
             return false;
         }
     }

◆ showClientCredentialsAdapterConfig()

boolean org.keycloak.services.managers.ClientManager.showClientCredentialsAdapterConfig ( ClientModel client )

inlineprivate

                                                                            {
         if (client.isPublicClient()) {
             return false;
         }
 
         if (client.isBearerOnly() && client.getNodeReRegistrationTimeout() <= 0) {
             return false;
         }
 
         return true;
     }

◆ toInstallationRepresentation()

InstallationAdapterConfig org.keycloak.services.managers.ClientManager.toInstallationRepresentation	(	RealmModel	realmModel,
		ClientModel	clientModel,
		URI	baseUri
	)

inline

                                                                                                                                {
         InstallationAdapterConfig rep = new InstallationAdapterConfig();
         rep.setAuthServerUrl(baseUri.toString());
         rep.setRealm(realmModel.getName());
         rep.setSslRequired(realmModel.getSslRequired().name().toLowerCase());
 
         if (clientModel.isPublicClient() && !clientModel.isBearerOnly()) rep.setPublicClient(true);
         if (clientModel.isBearerOnly()) rep.setBearerOnly(true);
         if (clientModel.getRoles().size() > 0) rep.setUseResourceRoleMappings(true);
 
         rep.setResource(clientModel.getClientId());
 
         if (showClientCredentialsAdapterConfig(clientModel)) {
             Map<String, Object> adapterConfig = getClientCredentialsAdapterConfig(clientModel);
             rep.setCredentials(adapterConfig);
         }
 
         return rep;
     }

◆ toJBossSubsystemConfig()

String org.keycloak.services.managers.ClientManager.toJBossSubsystemConfig	(	RealmModel	realmModel,
		ClientModel	clientModel,
		URI	baseUri
	)

inline

                                                                                                       {
         StringBuffer buffer = new StringBuffer();
         buffer.append("<secure-deployment name=\"WAR MODULE NAME.war\">\n");
         buffer.append("    <realm>").append(realmModel.getName()).append("</realm>\n");
         buffer.append("    <auth-server-url>").append(baseUri.toString()).append("</auth-server-url>\n");
         if (clientModel.isBearerOnly()){
             buffer.append("    <bearer-only>true</bearer-only>\n");
 
         } else if (clientModel.isPublicClient()) {
             buffer.append("    <public-client>true</public-client>\n");
         }
         buffer.append("    <ssl-required>").append(realmModel.getSslRequired().name()).append("</ssl-required>\n");
         buffer.append("    <resource>").append(clientModel.getClientId()).append("</resource>\n");
         String cred = clientModel.getSecret();
         if (showClientCredentialsAdapterConfig(clientModel)) {
             Map<String, Object> adapterConfig = getClientCredentialsAdapterConfig(clientModel);
             for (Map.Entry<String, Object> entry : adapterConfig.entrySet()) {
                 buffer.append("    <credential name=\"" + entry.getKey() + "\">");
 
                 Object value = entry.getValue();
                 if (value instanceof Map) {
                     buffer.append("\n");
                     Map<String, Object> asMap = (Map<String, Object>) value;
                     for (Map.Entry<String, Object> credEntry : asMap.entrySet()) {
                         buffer.append("        <" + credEntry.getKey() + ">" + credEntry.getValue().toString() + "</" + credEntry.getKey() + ">\n");
                     }
                     buffer.append("    </credential>\n");
                 } else {
                     buffer.append(value.toString()).append("</credential>\n");
                 }
             }
         }
         if (clientModel.getRoles().size() > 0) {
             buffer.append("    <use-resource-role-mappings>true</use-resource-role-mappings>\n");
         }
         buffer.append("</secure-deployment>\n");
         return buffer.toString();
     }

◆ validateRegisteredNodes()

Set<String> org.keycloak.services.managers.ClientManager.validateRegisteredNodes ( ClientModel client )

inline

                                                                    {
         Map<String, Integer> registeredNodes = client.getRegisteredNodes();
         if (registeredNodes == null || registeredNodes.isEmpty()) {
             return Collections.emptySet();
         }
 
         int currentTime = Time.currentTime();
 
         Set<String> validatedNodes = new TreeSet<String>();
         if (client.getNodeReRegistrationTimeout() > 0) {
             List<String> toRemove = new LinkedList<String>();
             for (Map.Entry<String, Integer> entry : registeredNodes.entrySet()) {
                 Integer lastReRegistration = entry.getValue();
                 if (lastReRegistration + client.getNodeReRegistrationTimeout() < currentTime) {
                     toRemove.add(entry.getKey());
                 } else {
                     validatedNodes.add(entry.getKey());
                 }
             }
 
             // Remove time-outed nodes
             for (String node : toRemove) {
                 client.unregisterNode(node);
             }
         } else {
             // Periodic node reRegistration is disabled, so allow all nodes
             validatedNodes.addAll(registeredNodes.keySet());
         }
 
         return validatedNodes;
     }

メンバ詳解

◆ logger

final Logger org.keycloak.services.managers.ClientManager.logger = Logger.getLogger(ClientManager.class)

staticprivate

◆ realmManager

RealmManager org.keycloak.services.managers.ClientManager.realmManager

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/services/managers/ClientManager.java

クラス

公開メンバ関数

静的公開メンバ関数

限定公開変数類

非公開メンバ関数

静的非公開変数類

詳解

構築子と解体子

◆ ClientManager() [1/2]

◆ ClientManager() [2/2]

関数詳解

◆ clientIdChanged()

◆ createClient()

◆ enableServiceAccount()

◆ getClientCredentialsAdapterConfig()

◆ removeClient()

◆ showClientCredentialsAdapterConfig()

◆ toInstallationRepresentation()

◆ toJBossSubsystemConfig()

◆ validateRegisteredNodes()

メンバ詳解

◆ logger

◆ realmManager