org.keycloak.authorization.admin.PolicyEvaluationService.EvaluationDecisionCollector の継承関係図

org.keycloak.authorization.admin.PolicyEvaluationService.EvaluationDecisionCollector 連携図

公開メンバ関数
	EvaluationDecisionCollector (AuthorizationProvider authorizationProvider, ResourceServer resourceServer, AuthorizationRequest request)

Collection< Result >	getResults ()

void	onComplete (Result result)

void	onComplete ()

void	onComplete (ResourcePermission permission)

Collection< Permission >	results ()

void	onError (Throwable cause)

void	onDecision (DefaultEvaluation evaluation)

void	onDecision (D evaluation)

限定公開メンバ関数
boolean	isGranted (Result.PolicyResult policyResult)

void	grantPermission (AuthorizationProvider authorizationProvider, List< Permission > permissions, ResourcePermission permission, Collection< Scope > grantedScopes, ResourceServer resourceServer, AuthorizationRequest request, Result result)

void	onComplete (Collection< Result > permissions)

void	onGrant (Permission permission)

限定公開変数類
final Map< ResourcePermission, Result >	results = new LinkedHashMap<>()

詳解

構築子と解体子

◆ EvaluationDecisionCollector()

org.keycloak.authorization.admin.PolicyEvaluationService.EvaluationDecisionCollector.EvaluationDecisionCollector	(	AuthorizationProvider	authorizationProvider,
		ResourceServer	resourceServer,
		AuthorizationRequest	request
	)

inline

                                                                                                                                                      {
             super(authorizationProvider, resourceServer, request);
         }

関数詳解

◆ getResults()

Collection<Result> org.keycloak.authorization.admin.PolicyEvaluationService.EvaluationDecisionCollector.getResults ( )

inline

                                                {
             return results.values();
         }

◆ grantPermission()

void org.keycloak.authorization.admin.PolicyEvaluationService.EvaluationDecisionCollector.grantPermission	(	AuthorizationProvider	authorizationProvider,
		List< Permission >	permissions,
		ResourcePermission	permission,
		Collection< Scope >	grantedScopes,
		ResourceServer	resourceServer,
		AuthorizationRequest	request,
		Result	result
	)

inlineprotected

                                                                                                                                                                                                                                                               {
             result.setStatus(Effect.PERMIT);
             result.getPermission().getScopes().retainAll(grantedScopes);
             super.grantPermission(authorizationProvider, permissions, permission, grantedScopes, resourceServer, request, result);
         }

◆ isGranted()

boolean org.keycloak.authorization.admin.PolicyEvaluationService.EvaluationDecisionCollector.isGranted ( Result.PolicyResult policyResult )

inlineprotected

                                                                       {
             if (super.isGranted(policyResult)) {
                 policyResult.setEffect(Effect.PERMIT);
                 return true;
             }
             return false;
         }

◆ onComplete() [1/4]

void org.keycloak.authorization.policy.evaluation.DecisionPermissionCollector.onComplete ( Result result )

inlineinherited

                                           {
         ResourcePermission permission = result.getPermission();
         Resource resource = permission.getResource();
         List<Scope> requestedScopes = permission.getScopes();
 
         if (Effect.PERMIT.equals(result.getEffect())) {
             grantPermission(authorizationProvider, permissions, permission, resource != null ? resource.getScopes() : requestedScopes, resourceServer, request, result);
         } else {
             Set<Scope> grantedScopes = new HashSet<>();
             Set<Scope> deniedScopes = new HashSet<>();
             List<Result.PolicyResult> userManagedPermissions = new ArrayList<>();
             boolean resourceGranted = false;
             boolean anyDeny = false;
 
             for (Result.PolicyResult policyResult : result.getResults()) {
                 Policy policy = policyResult.getPolicy();
                 Set<Scope> policyScopes = policy.getScopes();
 
                 if (isGranted(policyResult)) {
                     if (isScopePermission(policy)) {
                         for (Scope scope : requestedScopes) {
                             if (policyScopes.contains(scope)) {
                                 grantedScopes.add(scope);
                             }
                         }
                     } else if (isResourcePermission(policy)) {
                         grantedScopes.addAll(requestedScopes);
                     } else if (resource != null && resource.isOwnerManagedAccess() && "uma".equals(policy.getType())) {
                         userManagedPermissions.add(policyResult);
                     }
                     if (!resourceGranted) {
                         resourceGranted = policy.getResources().contains(resource);
                     }
                 } else {
                     if (isResourcePermission(policy)) {
                         if (!resourceGranted) {
                             deniedScopes.addAll(requestedScopes);
                         }
                     } else {
                         deniedScopes.addAll(policyScopes);
                     }
                     if (!anyDeny) {
                         anyDeny = true;
                     }
                 }
             }
 
             // remove any scope denied from the list of granted scopes
             grantedScopes.removeAll(deniedScopes);
 
             if (userManagedPermissions.isEmpty()) {
                 if (!resourceGranted && (grantedScopes.isEmpty() && !requestedScopes.isEmpty())) {
                     return;
                 }
             } else {
                 for (Result.PolicyResult userManagedPermission : userManagedPermissions) {
                     grantedScopes.addAll(userManagedPermission.getPolicy().getScopes());
                 }
 
                 if (grantedScopes.isEmpty() && !resource.getScopes().isEmpty()) {
                     return;
                 }
 
                 anyDeny = false;
             }
 
             if (anyDeny && grantedScopes.isEmpty()) {
                 return;
             }
 
             grantPermission(authorizationProvider, permissions, permission, grantedScopes, resourceServer, request, result);
         }
     }

◆ onComplete() [2/4]

void org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.onComplete ( )

inlineinherited

org.keycloak.authorization.Decision< D extends Evaluation >を実装しています。

                              {
         onComplete(results.values());
     }

◆ onComplete() [3/4]

void org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.onComplete ( ResourcePermission permission )

inlineinherited

org.keycloak.authorization.Decision< D extends Evaluation >を実装しています。

                                                           {
         Result result = results.get(permission);
 
         if (result != null) {
             onComplete(result);
         }
     }

◆ onComplete() [4/4]

void org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.onComplete ( Collection< Result > permissions )

inlineprotectedinherited

                                                               {
 
     }

◆ onDecision() [1/2]

void org.keycloak.authorization.Decision< D extends Evaluation >.onDecision ( D evaluation )

inherited

◆ onDecision() [2/2]

void org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.onDecision ( DefaultEvaluation evaluation )

inlineinherited

                                                          {
         Policy parentPolicy = evaluation.getParentPolicy();
         ResourcePermission permission = evaluation.getPermission();
 
         if (parentPolicy != null) {
             if (parentPolicy.equals(evaluation.getPolicy())) {
                 results.computeIfAbsent(permission, permission1 -> {
                     for (Result result : results.values()) {
                         Result.PolicyResult policyResult = result.getPolicy(parentPolicy);
 
                         if (policyResult != null) {
                             Result newResult = new Result(permission1, evaluation);
                             Result.PolicyResult newPolicyResult = newResult.policy(parentPolicy);
 
                             for (Result.PolicyResult associatePolicy : policyResult.getAssociatedPolicies()) {
                                 newPolicyResult.policy(associatePolicy.getPolicy(), associatePolicy.getEffect());
                             }
 
                             Map<String, Set<String>> claims = result.getPermission().getClaims();
 
                             if (!claims.isEmpty()) {
                                 permission1.addClaims(claims);
                             }
 
                             return newResult;
                         }
                     }
 
                     return null;
                 }).policy(parentPolicy);
             } else {
                 results.computeIfAbsent(permission, p -> new Result(p, evaluation)).policy(parentPolicy).policy(evaluation.getPolicy(), evaluation.getEffect());
             }
         } else {
             results.computeIfAbsent(permission, p -> new Result(p, evaluation)).setStatus(evaluation.getEffect());
         }
     }

◆ onError()

void org.keycloak.authorization.policy.evaluation.DecisionPermissionCollector.onError ( Throwable cause )

inlineinherited

org.keycloak.authorization.Decision< D extends Evaluation >を実装しています。

                                          {
         throw new RuntimeException("Failed to evaluate permissions", cause);
     }

◆ onGrant()

void org.keycloak.authorization.policy.evaluation.DecisionPermissionCollector.onGrant ( Permission permission )

inlineprotectedinherited

                                                   {
 
     }

◆ results()

Collection<Permission> org.keycloak.authorization.policy.evaluation.DecisionPermissionCollector.results ( )

inlineinherited

                                             {
         return permissions;
     }

メンバ詳解

◆ results

final Map<ResourcePermission, Result> org.keycloak.authorization.policy.evaluation.AbstractDecisionCollector.results = new LinkedHashMap<>()

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java

公開メンバ関数

限定公開メンバ関数

限定公開変数類

詳解

構築子と解体子

◆ EvaluationDecisionCollector()

関数詳解

◆ getResults()

◆ grantPermission()

◆ isGranted()

◆ onComplete() [1/4]

◆ onComplete() [2/4]

◆ onComplete() [3/4]

◆ onComplete() [4/4]

◆ onDecision() [1/2]

◆ onDecision() [2/2]

◆ onError()

◆ onGrant()

◆ results()

メンバ詳解

◆ results