keycloak
公開メンバ関数 | 限定公開変数類 | 非公開メンバ関数 | 全メンバ一覧
org.keycloak.authorization.common.KeycloakIdentity クラス
org.keycloak.authorization.common.KeycloakIdentity の継承関係図
Inheritance graph
org.keycloak.authorization.common.KeycloakIdentity 連携図
Collaboration graph

公開メンバ関数

 KeycloakIdentity (KeycloakSession keycloakSession)
 
 KeycloakIdentity (KeycloakSession keycloakSession, IDToken token)
 
 KeycloakIdentity (IDToken token, KeycloakSession keycloakSession, RealmModel realm)
 
 KeycloakIdentity (AccessToken accessToken, KeycloakSession keycloakSession)
 
String getId ()
 
Attributes getAttributes ()
 
AccessToken getAccessToken ()
 
boolean isResourceServer ()
 
default boolean hasRealmRole (String roleName)
 
default boolean hasClientRole (String clientId, String roleName)
 

限定公開変数類

final AccessToken accessToken
 
final RealmModel realm
 
final KeycloakSession keycloakSession
 
final Attributes attributes
 

非公開メンバ関数

ClientModel getTargetClient ()
 
UserModel getUserFromSessionState ()
 

詳解

著者
Pedro Igor

構築子と解体子

◆ KeycloakIdentity() [1/4]

org.keycloak.authorization.common.KeycloakIdentity.KeycloakIdentity ( KeycloakSession  keycloakSession)
inline
64  {
65  this(Tokens.getAccessToken(keycloakSession), keycloakSession);
66  }
org.keycloak.authorization.common.KeycloakIdentity.keycloakSession
final KeycloakSession keycloakSession
Definition: KeycloakIdentity.java:61

◆ KeycloakIdentity() [2/4]

org.keycloak.authorization.common.KeycloakIdentity.KeycloakIdentity ( KeycloakSession  keycloakSession,
IDToken  token 
)
inline
68  {
69  this(token, keycloakSession, keycloakSession.getContext().getRealm());
70  }
org.keycloak.authorization.common.KeycloakIdentity.keycloakSession
final KeycloakSession keycloakSession
Definition: KeycloakIdentity.java:61

◆ KeycloakIdentity() [3/4]

org.keycloak.authorization.common.KeycloakIdentity.KeycloakIdentity ( IDToken  token,
KeycloakSession  keycloakSession,
RealmModel  realm 
)
inline
72  {
73  if (token == null) {
74  throw new ErrorResponseException("invalid_bearer_token", "Could not obtain bearer access_token from request.", Status.FORBIDDEN);
75  }
76  if (keycloakSession == null) {
77  throw new ErrorResponseException("no_keycloak_session", "No keycloak session", Status.FORBIDDEN);
78  }
79  if (realm == null) {
80  throw new ErrorResponseException("no_keycloak_session", "No realm set", Status.FORBIDDEN);
81  }
82  this.keycloakSession = keycloakSession;
83  this.realm = realm;
84 
85  Map<String, Collection<String>> attributes = new HashMap<>();
86 
87  try {
88  ObjectNode objectNode = JsonSerialization.createObjectNode(token);
89  Iterator<String> iterator = objectNode.fieldNames();
90 
91  while (iterator.hasNext()) {
92  String fieldName = iterator.next();
93  JsonNode fieldValue = objectNode.get(fieldName);
94  List<String> values = new ArrayList<>();
95 
96  if (fieldValue.isArray()) {
97  Iterator<JsonNode> valueIterator = fieldValue.iterator();
98 
99  while (valueIterator.hasNext()) {
100  values.add(valueIterator.next().asText());
101  }
102  } else {
103  String value = fieldValue.asText();
104 
105  if (StringUtil.isNullOrEmpty(value)) {
106  continue;
107  }
108 
109  values.add(value);
110  }
111 
112  if (!values.isEmpty()) {
113  attributes.put(fieldName, values);
114  }
115  }
116 
117  if (token instanceof AccessToken) {
118  this.accessToken = AccessToken.class.cast(token);
119  } else {
120  UserSessionProvider sessions = keycloakSession.sessions();
121  UserSessionModel userSession = sessions.getUserSession(realm, token.getSessionState());
122 
123  if (userSession == null) {
124  userSession = sessions.getOfflineUserSession(realm, token.getSessionState());
125  }
126 
127  ClientModel client = realm.getClientByClientId(token.getIssuedFor());
128  AuthenticatedClientSessionModel clientSessionModel = userSession.getAuthenticatedClientSessions().get(client.getId());
129 
130  ClientSessionContext clientSessionCtx = DefaultClientSessionContext.fromClientSessionScopeParameter(clientSessionModel);
131  this.accessToken = new TokenManager().createClientAccessToken(keycloakSession, realm, client, userSession.getUser(), userSession, clientSessionCtx);
132  }
133 
134  AccessToken.Access realmAccess = this.accessToken.getRealmAccess();
135 
136  if (realmAccess != null) {
137  attributes.put("kc.realm.roles", realmAccess.getRoles());
138  }
139 
140  Map<String, AccessToken.Access> resourceAccess = this.accessToken.getResourceAccess();
141 
142  if (resourceAccess != null) {
143  resourceAccess.forEach((clientId, access) -> attributes.put("kc.client." + clientId + ".roles", access.getRoles()));
144  }
145  } catch (Exception e) {
146  throw new RuntimeException("Error while reading attributes from security token.", e);
147  }
148 
149  this.attributes = Attributes.from(attributes);
150  }
org.keycloak.authorization.common.KeycloakIdentity.realm
final RealmModel realm
Definition: KeycloakIdentity.java:60
org.keycloak.models.RealmModel.getClientByClientId
ClientModel getClientByClientId(String clientId)
org.keycloak.authorization.common.KeycloakIdentity.accessToken
final AccessToken accessToken
Definition: KeycloakIdentity.java:59
org.keycloak.authorization.common.KeycloakIdentity.attributes
final Attributes attributes
Definition: KeycloakIdentity.java:62
org.keycloak.authorization.common.KeycloakIdentity.keycloakSession
final KeycloakSession keycloakSession
Definition: KeycloakIdentity.java:61
org.keycloak.models.UserSessionProvider.getUserSession
UserSessionModel getUserSession(RealmModel realm, String id)
org.keycloak.representations.AccessToken.Access.Access
Access()
Definition: AccessToken.java:43
org.keycloak.representations.AccessToken.getRealmAccess
Access getRealmAccess()
Definition: AccessToken.java:230
org.keycloak.models.KeycloakSession.sessions
UserSessionProvider sessions()
org.keycloak.representations.AccessToken.getResourceAccess
Map< String, Access > getResourceAccess()
Definition: AccessToken.java:137

◆ KeycloakIdentity() [4/4]

org.keycloak.authorization.common.KeycloakIdentity.KeycloakIdentity ( AccessToken  accessToken,
KeycloakSession  keycloakSession 
)
inline
152  {
153  if (accessToken == null) {
154  throw new ErrorResponseException("invalid_bearer_token", "Could not obtain bearer access_token from request.", Status.FORBIDDEN);
155  }
156  if (keycloakSession == null) {
157  throw new ErrorResponseException("no_keycloak_session", "No keycloak session", Status.FORBIDDEN);
158  }
159  this.accessToken = accessToken;
160  this.keycloakSession = keycloakSession;
161  this.realm = keycloakSession.getContext().getRealm();
162 
163  Map<String, Collection<String>> attributes = new HashMap<>();
164 
165  try {
166  ObjectNode objectNode = JsonSerialization.createObjectNode(this.accessToken);
167  Iterator<String> iterator = objectNode.fieldNames();
168 
169  while (iterator.hasNext()) {
170  String fieldName = iterator.next();
171  JsonNode fieldValue = objectNode.get(fieldName);
172  List<String> values = new ArrayList<>();
173 
174  if (fieldValue.isArray()) {
175  Iterator<JsonNode> valueIterator = fieldValue.iterator();
176 
177  while (valueIterator.hasNext()) {
178  values.add(valueIterator.next().asText());
179  }
180  } else {
181  String value = fieldValue.asText();
182 
183  if (StringUtil.isNullOrEmpty(value)) {
184  continue;
185  }
186 
187  values.add(value);
188  }
189 
190  if (!values.isEmpty()) {
191  attributes.put(fieldName, values);
192  }
193  }
194 
195  AccessToken.Access realmAccess = accessToken.getRealmAccess();
196 
197  if (realmAccess != null) {
198  attributes.put("kc.realm.roles", realmAccess.getRoles());
199  }
200 
201  Map<String, AccessToken.Access> resourceAccess = accessToken.getResourceAccess();
202 
203  if (resourceAccess != null) {
204  resourceAccess.forEach((clientId, access) -> attributes.put("kc.client." + clientId + ".roles", access.getRoles()));
205  }
206  } catch (Exception e) {
207  throw new RuntimeException("Error while reading attributes from security token.", e);
208  }
209 
210  this.attributes = Attributes.from(attributes);
211  }
org.keycloak.authorization.common.KeycloakIdentity.realm
final RealmModel realm
Definition: KeycloakIdentity.java:60
org.keycloak.authorization.common.KeycloakIdentity.accessToken
final AccessToken accessToken
Definition: KeycloakIdentity.java:59
org.keycloak.authorization.common.KeycloakIdentity.attributes
final Attributes attributes
Definition: KeycloakIdentity.java:62
org.keycloak.authorization.common.KeycloakIdentity.keycloakSession
final KeycloakSession keycloakSession
Definition: KeycloakIdentity.java:61
org.keycloak.representations.AccessToken.Access.Access
Access()
Definition: AccessToken.java:43
org.keycloak.representations.AccessToken.getRealmAccess
Access getRealmAccess()
Definition: AccessToken.java:230
org.keycloak.representations.AccessToken.getResourceAccess
Map< String, Access > getResourceAccess()
Definition: AccessToken.java:137

関数詳解

◆ getAccessToken()

AccessToken org.keycloak.authorization.common.KeycloakIdentity.getAccessToken ( )
inline
228  {
229  return this.accessToken;
230  }
org.keycloak.authorization.common.KeycloakIdentity.accessToken
final AccessToken accessToken
Definition: KeycloakIdentity.java:59

◆ getAttributes()

Attributes org.keycloak.authorization.common.KeycloakIdentity.getAttributes ( )
inline

org.keycloak.authorization.identity.Identityを実装しています。

224  {
225  return this.attributes;
226  }
org.keycloak.authorization.common.KeycloakIdentity.attributes
final Attributes attributes
Definition: KeycloakIdentity.java:62

◆ getId()

String org.keycloak.authorization.common.KeycloakIdentity.getId ( )
inline

org.keycloak.authorization.identity.Identityを実装しています。

214  {
215  if (isResourceServer()) {
216  ClientModel client = getTargetClient();
217  return client==null ? null : client.getId();
218  }
219 
220  return this.getUserFromSessionState().getId();
221  }
org.keycloak.authorization.common.KeycloakIdentity.getTargetClient
ClientModel getTargetClient()
Definition: KeycloakIdentity.java:248
org.keycloak.authorization.common.KeycloakIdentity.isResourceServer
boolean isResourceServer()
Definition: KeycloakIdentity.java:232
org.keycloak.authorization.common.KeycloakIdentity.getUserFromSessionState
UserModel getUserFromSessionState()
Definition: KeycloakIdentity.java:261

◆ getTargetClient()

ClientModel org.keycloak.authorization.common.KeycloakIdentity.getTargetClient ( )
inlineprivate
248  {
249  if (this.accessToken.getIssuedFor() != null) {
250  return realm.getClientByClientId(accessToken.getIssuedFor());
251  }
252 
253  if (this.accessToken.getAudience() != null && this.accessToken.getAudience().length > 0) {
254  String audience = this.accessToken.getAudience()[0];
255  return realm.getClientByClientId(audience);
256  }
257 
258  return null;
259  }
org.keycloak.authorization.common.KeycloakIdentity.realm
final RealmModel realm
Definition: KeycloakIdentity.java:60
org.keycloak.models.RealmModel.getClientByClientId
ClientModel getClientByClientId(String clientId)
org.keycloak.representations.JsonWebToken.getIssuedFor
String getIssuedFor()
Definition: JsonWebToken.java:210
org.keycloak.authorization.common.KeycloakIdentity.accessToken
final AccessToken accessToken
Definition: KeycloakIdentity.java:59
org.keycloak.representations.JsonWebToken.getAudience
String [] getAudience()
Definition: JsonWebToken.java:146

◆ getUserFromSessionState()

UserModel org.keycloak.authorization.common.KeycloakIdentity.getUserFromSessionState ( )
inlineprivate
261  {
262  UserSessionProvider sessions = keycloakSession.sessions();
263  UserSessionModel userSession = sessions.getUserSession(realm, accessToken.getSessionState());
264 
265  if (userSession == null) {
266  userSession = sessions.getOfflineUserSession(realm, accessToken.getSessionState());
267  }
268 
269  return userSession.getUser();
270  }
org.keycloak.authorization.common.KeycloakIdentity.realm
final RealmModel realm
Definition: KeycloakIdentity.java:60
org.keycloak.representations.IDToken.getSessionState
String getSessionState()
Definition: IDToken.java:160
org.keycloak.authorization.common.KeycloakIdentity.accessToken
final AccessToken accessToken
Definition: KeycloakIdentity.java:59
org.keycloak.authorization.common.KeycloakIdentity.keycloakSession
final KeycloakSession keycloakSession
Definition: KeycloakIdentity.java:61
org.keycloak.models.UserSessionProvider.getUserSession
UserSessionModel getUserSession(RealmModel realm, String id)
org.keycloak.models.KeycloakSession.sessions
UserSessionProvider sessions()

◆ hasClientRole()

default boolean org.keycloak.authorization.identity.Identity.hasClientRole ( String  clientId,
String  roleName 
)
inlineinherited

Indicates if this identity is granted with a client role with the given roleName.

引数
clientIdthe client id
roleNamethe name of the role
戻り値
true if the identity has the given role. Otherwise, it returns false.

org.keycloak.authorization.common.ClientModelIdentity, org.keycloak.authorization.common.UserModelIdentityで実装されています。

66  {
67  return getAttributes().containsValue("kc.client." + clientId + ".roles", roleName);
68  }
org.keycloak.authorization.attribute.Attributes.containsValue
default boolean containsValue(String name, String value)
Definition: Attributes.java:67

◆ hasRealmRole()

default boolean org.keycloak.authorization.identity.Identity.hasRealmRole ( String  roleName)
inlineinherited

Indicates if this identity is granted with a realm role with the given roleName.

引数
roleNamethe name of the role
戻り値
true if the identity has the given role. Otherwise, it returns false.

org.keycloak.authorization.common.ClientModelIdentity, org.keycloak.authorization.common.UserModelIdentityで実装されています。

54  {
55  return getAttributes().containsValue("kc.realm.roles", roleName);
56  }
org.keycloak.authorization.attribute.Attributes.containsValue
default boolean containsValue(String name, String value)
Definition: Attributes.java:67

◆ isResourceServer()

boolean org.keycloak.authorization.common.KeycloakIdentity.isResourceServer ( )
inline
232  {
233  UserModel clientUser = null;
234 
235  ClientModel clientModel = getTargetClient();
236 
237  if (clientModel != null) {
238  clientUser = this.keycloakSession.users().getServiceAccount(clientModel);
239  }
240 
241  if (clientUser == null) {
242  return false;
243  }
244 
245  return this.getUserFromSessionState().getId().equals(clientUser.getId());
246  }
org.keycloak.authorization.common.KeycloakIdentity.getTargetClient
ClientModel getTargetClient()
Definition: KeycloakIdentity.java:248
org.keycloak.authorization.common.KeycloakIdentity.keycloakSession
final KeycloakSession keycloakSession
Definition: KeycloakIdentity.java:61
org.keycloak.authorization.common.KeycloakIdentity.getUserFromSessionState
UserModel getUserFromSessionState()
Definition: KeycloakIdentity.java:261
org.keycloak.models.UserProvider.getServiceAccount
UserModel getServiceAccount(ClientModel client)

メンバ詳解

◆ accessToken

final AccessToken org.keycloak.authorization.common.KeycloakIdentity.accessToken
protected

◆ attributes

final Attributes org.keycloak.authorization.common.KeycloakIdentity.attributes
protected

◆ keycloakSession

final KeycloakSession org.keycloak.authorization.common.KeycloakIdentity.keycloakSession
protected

◆ realm

final RealmModel org.keycloak.authorization.common.KeycloakIdentity.realm
protected
このクラス詳解は次のファイルから抽出されました:
2018年10月29日(月) 00時34分18秒作成 - keycloak / 構成:   doxygen 1.8.13