org.keycloak.authorization.UserManagedPermissionUtil クラス

org.keycloak.authorization.UserManagedPermissionUtil 連携図

静的公開メンバ関数
static void	updatePolicy (PermissionTicket ticket, StoreFactory storeFactory)
static void	removePolicy (PermissionTicket ticket, StoreFactory storeFactory)

静的非公開メンバ関数
static Policy	createUserManagedPermission (PermissionTicket ticket, StoreFactory storeFactory)

詳解

著者

Pedro Igor

関数詳解

createUserManagedPermission()

static Policy org.keycloak.authorization.UserManagedPermissionUtil.createUserManagedPermission ( PermissionTicket  ticket, StoreFactory  storeFactory  )

inlinestaticprivate

                                                                                                          {
        PolicyStore policyStore = storeFactory.getPolicyStore();
        UserPolicyRepresentation userPolicyRep = new UserPolicyRepresentation();

        userPolicyRep.setName(KeycloakModelUtils.generateId());
        userPolicyRep.addUser(ticket.getRequester());

        Policy userPolicy = policyStore.create(userPolicyRep, ticket.getResourceServer());

        userPolicy.setOwner(ticket.getOwner());

        PolicyRepresentation policyRep = new PolicyRepresentation();

        policyRep.setName(KeycloakModelUtils.generateId());
        policyRep.setType("uma");
        policyRep.addPolicy(userPolicy.getId());

        Policy policy = policyStore.create(policyRep, ticket.getResourceServer());

        policy.setOwner(ticket.getOwner());
        policy.addResource(ticket.getResource());

        Scope scope = ticket.getScope();

        if (scope != null) {
            policy.addScope(scope);
        }

        return policy;
    }

removePolicy()

static void org.keycloak.authorization.UserManagedPermissionUtil.removePolicy ( PermissionTicket  ticket, StoreFactory  storeFactory  )

inlinestatic

                                                                                        {
        Policy policy = ticket.getPolicy();

        if (policy != null) {
            HashMap<String, String> filter = new HashMap<>();

            filter.put(PermissionTicket.OWNER, ticket.getOwner());
            filter.put(PermissionTicket.REQUESTER, ticket.getRequester());
            filter.put(PermissionTicket.RESOURCE, ticket.getResource().getId());
            filter.put(PermissionTicket.GRANTED, Boolean.TRUE.toString());

            List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(filter, ticket.getResourceServer().getId(), -1, -1);

            if (tickets.isEmpty()) {
                PolicyStore policyStore = storeFactory.getPolicyStore();

                for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
                    policyStore.delete(associatedPolicy.getId());
                }

                policyStore.delete(policy.getId());
            } else if (ticket.getScope() != null) {
                policy.removeScope(ticket.getScope());
            }
        }
    }

updatePolicy()

static void org.keycloak.authorization.UserManagedPermissionUtil.updatePolicy ( PermissionTicket  ticket, StoreFactory  storeFactory  )

inlinestatic

                                                                                        {
        Scope scope = ticket.getScope();
        Policy policy = ticket.getPolicy();

        if (policy == null) {
            HashMap<String, String> filter = new HashMap<>();

            filter.put(PermissionTicket.OWNER, ticket.getOwner());
            filter.put(PermissionTicket.REQUESTER, ticket.getRequester());
            filter.put(PermissionTicket.RESOURCE, ticket.getResource().getId());
            filter.put(PermissionTicket.POLICY_IS_NOT_NULL, Boolean.TRUE.toString());

            List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(filter, ticket.getResourceServer().getId(), -1, 1);

            if (!tickets.isEmpty()) {
                policy = tickets.iterator().next().getPolicy();
            }
        }

        if (ticket.isGranted()) {
            if (policy == null) {
                policy = createUserManagedPermission(ticket, storeFactory);
            }

            if (scope != null && !policy.getScopes().contains(scope)) {
                policy.addScope(scope);
            }

            ticket.setPolicy(policy);
        } else if (scope != null) {
            policy.removeScope(scope);
            ticket.setPolicy(null);
        }
    }

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/authorization/UserManagedPermissionUtil.java