org.keycloak.services.resources.admin.RoleByIdResource クラス

org.keycloak.services.resources.admin.RoleByIdResource の継承関係図

org.keycloak.services.resources.admin.RoleByIdResource 連携図

公開メンバ関数
	RoleByIdResource (RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)
RoleRepresentation	getRole (final @PathParam("role-id") String id)
void	deleteRole (final @PathParam("role-id") String id)
void	updateRole (final @PathParam("role-id") String id, final RoleRepresentation rep)
void	addComposites (final @PathParam("role-id") String id, List< RoleRepresentation > roles)
Set< RoleRepresentation >	getRoleComposites (final @PathParam("role-id") String id)
Set< RoleRepresentation >	getRealmRoleComposites (final @PathParam("role-id") String id)
Set< RoleRepresentation >	getClientRoleComposites (final @PathParam("role-id") String id, final @PathParam("client") String client)
void	deleteComposites (final @PathParam("role-id") String id, List< RoleRepresentation > roles)
ManagementPermissionReference	getManagementPermissions (final @PathParam("role-id") String id)
ManagementPermissionReference	setManagementPermissionsEnabled (final @PathParam("role-id") String id, ManagementPermissionReference ref)

静的公開メンバ関数
static ManagementPermissionReference	toMgmtRef (RoleModel role, AdminPermissionManagement permissions)

限定公開メンバ関数
RoleModel	getRoleModel (String id)
RoleRepresentation	getRole (RoleModel roleModel)
void	deleteRole (RoleModel role)
void	updateRole (RoleRepresentation rep, RoleModel role)
void	addComposites (AdminPermissionEvaluator auth, AdminEventBuilder adminEvent, UriInfo uriInfo, List< RoleRepresentation > roles, RoleModel role)
Set< RoleRepresentation >	getRoleComposites (RoleModel role)
Set< RoleRepresentation >	getRealmRoleComposites (RoleModel role)
Set< RoleRepresentation >	getClientRoleComposites (ClientModel app, RoleModel role)
void	deleteComposites (AdminEventBuilder adminEvent, UriInfo uriInfo, List< RoleRepresentation > roles, RoleModel role)

静的限定公開変数類
static final Logger	logger = Logger.getLogger(RoleByIdResource.class)

非公開変数類
final RealmModel	realm
AdminPermissionEvaluator	auth
AdminEventBuilder	adminEvent
KeycloakSession	session

詳解

Sometimes its easier to just interact with roles by their ID instead of container/role-name

Roles (by ID)

著者

Bill Burke

バージョン

Revision

1

構築子と解体子

RoleByIdResource()

org.keycloak.services.resources.admin.RoleByIdResource.RoleByIdResource ( RealmModel  realm, AdminPermissionEvaluator  auth, AdminEventBuilder  adminEvent  )

inline

                                                                                                           {
        super(realm);

        this.realm = realm;
        this.auth = auth;
        this.adminEvent = adminEvent;
    }

関数詳解

addComposites() [1/2]

void org.keycloak.services.resources.admin.RoleResource.addComposites ( AdminPermissionEvaluator  auth, AdminEventBuilder  adminEvent, UriInfo  uriInfo, List< RoleRepresentation >  roles, RoleModel  role  )

inlineprotectedinherited

                                                                                                                                                               {
        for (RoleRepresentation rep : roles) {
            RoleModel composite = realm.getRoleById(rep.getId());
            if (composite == null) {
                throw new NotFoundException("Could not find composite role");
            }
            auth.roles().requireMapComposite(composite);
            role.addCompositeRole(composite);
        }

        if (role.isClientRole()) {
            adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            adminEvent.resource(ResourceType.REALM_ROLE);
        }

        adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
    }

addComposites() [2/2]

void org.keycloak.services.resources.admin.RoleByIdResource.addComposites ( final @PathParam("role-id") String  id, List< RoleRepresentation >  roles  )

inline

Make the role a composite role by associating some child roles

引数

id
roles

                                                                                                     {
        RoleModel role = getRoleModel(id);
        auth.roles().requireManage(role);
        addComposites(auth, adminEvent, session.getContext().getUri(), roles, role);
    }

deleteComposites() [1/2]

void org.keycloak.services.resources.admin.RoleResource.deleteComposites ( AdminEventBuilder  adminEvent, UriInfo  uriInfo, List< RoleRepresentation >  roles, RoleModel  role  )

inlineprotectedinherited

                                                                                                                                   {
        for (RoleRepresentation rep : roles) {
            RoleModel composite = realm.getRoleById(rep.getId());
            if (composite == null) {
                throw new NotFoundException("Could not find composite role");
            }
            role.removeCompositeRole(composite);
        }

        if (role.isClientRole()) {
            adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            adminEvent.resource(ResourceType.REALM_ROLE);
        }

        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
    }

deleteComposites() [2/2]

void org.keycloak.services.resources.admin.RoleByIdResource.deleteComposites ( final @PathParam("role-id") String  id, List< RoleRepresentation >  roles  )

inline

Remove a set of roles from the role's composite

引数

id	Role id
roles	A set of roles to be removed

                                                                                                        {
        RoleModel role = getRoleModel(id);
        auth.roles().requireManage(role);
        deleteComposites(adminEvent, session.getContext().getUri(), roles, role);
    }

deleteRole() [1/2]

void org.keycloak.services.resources.admin.RoleResource.deleteRole ( RoleModel  role )

inlineprotectedinherited

                                              {
        if (!role.getContainer().removeRole(role)) {
            throw new NotFoundException("Role not found");
        }
    }

deleteRole() [2/2]

void org.keycloak.services.resources.admin.RoleByIdResource.deleteRole ( final @PathParam("role-id") String  id )

inline

Delete the role

引数

id	id of role

                                                                  {
        RoleModel role = getRoleModel(id);
        auth.roles().requireManage(role);
        deleteRole(role);

        if (role.isClientRole()) {
            adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            adminEvent.resource(ResourceType.REALM_ROLE);
        }

        adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
    }

getClientRoleComposites() [1/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleResource.getClientRoleComposites ( ClientModel  app, RoleModel  role  )

inlineprotectedinherited

                                                                                               {
        if (!role.isComposite() || role.getComposites().size() == 0) return Collections.emptySet();

        Set<RoleRepresentation> composites = new HashSet<RoleRepresentation>(role.getComposites().size());
        for (RoleModel composite : role.getComposites()) {
            if (composite.getContainer().equals(app))
                composites.add(ModelToRepresentation.toRepresentation(composite));
        }
        return composites;
    }

getClientRoleComposites() [2/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleByIdResource.getClientRoleComposites ( final @PathParam("role-id") String  id, final @PathParam("client") String  client  )

inline

Get client-level roles for the client that are in the role's composite

引数

id
client

戻り値

                                                                                                          {

        RoleModel role = getRoleModel(id);
        auth.roles().requireView(role);
        ClientModel clientModel = realm.getClientById(client);
        if (clientModel == null) {
            throw new NotFoundException("Could not find client");
        }
        return getClientRoleComposites(clientModel, role);
    }

getManagementPermissions()

ManagementPermissionReference org.keycloak.services.resources.admin.RoleByIdResource.getManagementPermissions ( final @PathParam("role-id") String  id )

inline

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

引数

id

戻り値

                                                                                                         {
        RoleModel role = getRoleModel(id);
        auth.roles().requireView(role);

        AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
        if (!permissions.roles().isPermissionsEnabled(role)) {
            return new ManagementPermissionReference();
        }
        return toMgmtRef(role, permissions);
    }

getRealmRoleComposites() [1/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleResource.getRealmRoleComposites ( RoleModel  role )

inlineprotectedinherited

                                                                             {
        if (!role.isComposite() || role.getComposites().size() == 0) return Collections.emptySet();

        Set<RoleRepresentation> composites = new HashSet<RoleRepresentation>(role.getComposites().size());
        for (RoleModel composite : role.getComposites()) {
            if (composite.getContainer() instanceof RealmModel)
                composites.add(ModelToRepresentation.toRepresentation(composite));
        }
        return composites;
    }

getRealmRoleComposites() [2/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleByIdResource.getRealmRoleComposites ( final @PathParam("role-id") String  id )

inline

Get realm-level roles that are in the role's composite

引数

id

戻り値

                                                                                                 {
        RoleModel role = getRoleModel(id);
        auth.roles().requireView(role);
        auth.roles().requireView(role);
        return getRealmRoleComposites(role);
    }

getRole() [1/2]

RoleRepresentation org.keycloak.services.resources.admin.RoleResource.getRole ( RoleModel  roleModel )

inlineprotectedinherited

                                                              {
        return ModelToRepresentation.toRepresentation(roleModel);
    }

getRole() [2/2]

RoleRepresentation org.keycloak.services.resources.admin.RoleByIdResource.getRole ( final @PathParam("role-id") String  id )

inline

Get a specific role's representation

引数

id	id of role

戻り値

                                                                             {

        RoleModel roleModel = getRoleModel(id);
        auth.roles().requireView(roleModel);
        return getRole(roleModel);
    }

getRoleComposites() [1/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleResource.getRoleComposites ( RoleModel  role )

inlineprotectedinherited

                                                                        {
        if (!role.isComposite() || role.getComposites().size() == 0) return Collections.emptySet();

        Set<RoleRepresentation> composites = new HashSet<RoleRepresentation>(role.getComposites().size());
        for (RoleModel composite : role.getComposites()) {
            composites.add(ModelToRepresentation.toRepresentation(composite));
        }
        return composites;
    }

getRoleComposites() [2/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleByIdResource.getRoleComposites ( final @PathParam("role-id") String  id )

inline

Get role's children

Returns a set of role's children provided the role is a composite.

引数

id

戻り値

                                                                                            {

        if (logger.isDebugEnabled()) logger.debug("*** getRoleComposites: '" + id + "'");
        RoleModel role = getRoleModel(id);
        auth.roles().requireView(role);
        return getRoleComposites(role);
    }

getRoleModel()

RoleModel org.keycloak.services.resources.admin.RoleByIdResource.getRoleModel ( String  id )

inlineprotected

                                                {
        RoleModel roleModel = realm.getRoleById(id);
        if (roleModel == null) {
            throw new NotFoundException("Could not find role with id");
        }
       return roleModel;
    }

setManagementPermissionsEnabled()

ManagementPermissionReference org.keycloak.services.resources.admin.RoleByIdResource.setManagementPermissionsEnabled ( final @PathParam("role-id") String  id, ManagementPermissionReference  ref  )

inline

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

引数

id

戻り値

initialized manage permissions reference

                                                                                                                                                   {
        RoleModel role = getRoleModel(id);
        auth.roles().requireManage(role);

        AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
        permissions.roles().setPermissionsEnabled(role, ref.isEnabled());
        if (ref.isEnabled()) {
            return toMgmtRef(role, permissions);
        } else {
            return new ManagementPermissionReference();
        }
    }

toMgmtRef()

static ManagementPermissionReference org.keycloak.services.resources.admin.RoleByIdResource.toMgmtRef ( RoleModel  role, AdminPermissionManagement  permissions  )

inlinestatic

                                                                                                                 {
        ManagementPermissionReference ref = new ManagementPermissionReference();
        ref.setEnabled(true);
        ref.setResource(permissions.roles().resource(role).getId());
        ref.setScopePermissions(permissions.roles().getPermissions(role));
        return ref;
    }

updateRole() [1/2]

void org.keycloak.services.resources.admin.RoleResource.updateRole ( RoleRepresentation  rep, RoleModel  role  )

inlineprotectedinherited

                                                                      {
        role.setName(rep.getName());
        role.setDescription(rep.getDescription());
    }

updateRole() [2/2]

void org.keycloak.services.resources.admin.RoleByIdResource.updateRole ( final @PathParam("role-id") String  id, final RoleRepresentation  rep  )

inline

Update the role

引数

id	id of role
rep

                                                                                                {
        RoleModel role = getRoleModel(id);
        auth.roles().requireManage(role);
        updateRole(rep, role);

        if (role.isClientRole()) {
            adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            adminEvent.resource(ResourceType.REALM_ROLE);
        }

        adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(rep).success();
    }

メンバ詳解

adminEvent

AdminEventBuilder org.keycloak.services.resources.admin.RoleByIdResource.adminEvent

private

auth

AdminPermissionEvaluator org.keycloak.services.resources.admin.RoleByIdResource.auth

private

logger

final Logger org.keycloak.services.resources.admin.RoleByIdResource.logger = Logger.getLogger(RoleByIdResource.class)

staticprotected

realm

final RealmModel org.keycloak.services.resources.admin.RoleByIdResource.realm

private

session

KeycloakSession org.keycloak.services.resources.admin.RoleByIdResource.session

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java