org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl の継承関係図

org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl 連携図

クラス
class	EmptyUserSessionManagement

公開メンバ関数
void	setKeycloakConfigFile (String configFile)

String	getKeycloakConfigFile ()

String	getKeycloakConfigResolverClass ()

void	setKeycloakConfigResolverClass (String keycloakConfigResolverClass)

void	filter (ContainerRequestContext request) throws IOException

限定公開メンバ関数
void	attemptStart ()

boolean	isInitialized ()

void	start ()

Class<? extends KeycloakConfigResolver >	loadResolverClass ()

InputStream	loadKeycloakConfigFile ()

boolean	handlePreauth (JaxrsHttpFacade facade)

void	bearerAuthentication (JaxrsHttpFacade facade, ContainerRequestContext request, KeycloakDeployment resolvedDeployment)

void	propagateSecurityContext (JaxrsHttpFacade facade, ContainerRequestContext request, KeycloakDeployment resolvedDeployment, BearerTokenRequestAuthenticator bearer)

boolean	verifySslFailed (JaxrsHttpFacade facade, KeycloakDeployment deployment)

SecurityContext	getRequestSecurityContext (ContainerRequestContext request)

void	handleAuthActions (JaxrsHttpFacade facade, KeycloakDeployment deployment)

限定公開変数類
volatile boolean	started

AdapterDeploymentContext	deploymentContext

NodesRegistrationManagement	nodesRegistrationManagement

UserSessionManagement	userSessionManagement = new EmptyUserSessionManagement()

非公開変数類
String	keycloakConfigFile

String	keycloakConfigResolverClass

静的非公開変数類
static final Logger	log = Logger.getLogger("" + JaxrsBearerTokenFilterImpl.class)

詳解

著者: Bill Burke

バージョン

Revision: 1

関数詳解

◆ attemptStart()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.attemptStart ( )

inlineprotected

                                   {
         if (started) {
             throw new IllegalStateException("Filter already started. Make sure to specify just keycloakConfigResolver or keycloakConfigFile but not both");
         }
 
         if (isInitialized()) {
             start();
         } else {
             log.fine("Not yet initialized");
         }
     }

◆ bearerAuthentication()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.bearerAuthentication	(	JaxrsHttpFacade	facade,
		ContainerRequestContext	request,
		KeycloakDeployment	resolvedDeployment
	)

inlineprotected

                                                                                                                                         {
         BearerTokenRequestAuthenticator authenticator = new BearerTokenRequestAuthenticator(resolvedDeployment);
         AuthOutcome outcome = authenticator.authenticate(facade);
         
         if (outcome == AuthOutcome.NOT_ATTEMPTED && resolvedDeployment.isEnableBasicAuth()) {
             authenticator = new BasicAuthRequestAuthenticator(resolvedDeployment);
             outcome = authenticator.authenticate(facade);
         }
         
         if (outcome == AuthOutcome.FAILED || outcome == AuthOutcome.NOT_ATTEMPTED) {
             AuthChallenge challenge = authenticator.getChallenge();
             log.fine("Authentication outcome: " + outcome);
             boolean challengeSent = challenge.challenge(facade);
             if (!challengeSent) {
                 // Use some default status code
                 facade.getResponse().setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
             }
 
             // Send response now (if not already sent)
             if (!facade.isResponseFinished()) {
                 facade.getResponse().end();
             }
             return;
         } else {
             if (verifySslFailed(facade, resolvedDeployment)) {
                 return;
             }
         }
 
         propagateSecurityContext(facade, request, resolvedDeployment, authenticator);
         handleAuthActions(facade, resolvedDeployment);
     }

◆ filter()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.filter ( ContainerRequestContext request ) throws IOException

inline

                                                                            {
         SecurityContext securityContext = getRequestSecurityContext(request);
         JaxrsHttpFacade facade = new JaxrsHttpFacade(request, securityContext);
         if (handlePreauth(facade)) {
             return;
         }
 
         KeycloakDeployment resolvedDeployment = deploymentContext.resolveDeployment(facade);
 
         nodesRegistrationManagement.tryRegister(resolvedDeployment);
 
         bearerAuthentication(facade, request, resolvedDeployment);
     }

◆ getKeycloakConfigFile()

String org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.getKeycloakConfigFile ( )

inline

                                           {
         return this.keycloakConfigFile;
     }

◆ getKeycloakConfigResolverClass()

String org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.getKeycloakConfigResolverClass ( )

inline

                                                    {
         return keycloakConfigResolverClass;
     }

◆ getRequestSecurityContext()

SecurityContext org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.getRequestSecurityContext ( ContainerRequestContext request )

inlineprotected

                                                                                          {
         return request.getSecurityContext();
     }

◆ handleAuthActions()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.handleAuthActions	(	JaxrsHttpFacade	facade,
		KeycloakDeployment	deployment
	)

inlineprotected

                                                                                             {
         AuthenticatedActionsHandler authActionsHandler = new AuthenticatedActionsHandler(deployment, facade);
         if (authActionsHandler.handledRequest()) {
             // Send response now (if not already sent)
             if (!facade.isResponseFinished()) {
                 facade.getResponse().end();
             }
         }
     }

◆ handlePreauth()

boolean org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.handlePreauth ( JaxrsHttpFacade facade )

inlineprotected

                                                             {
         PreAuthActionsHandler handler = new PreAuthActionsHandler(userSessionManagement, deploymentContext, facade);
         if (handler.handleRequest()) {
             // Send response now (if not already sent)
             if (!facade.isResponseFinished()) {
                 facade.getResponse().end();
             }
             return true;
         }
 
         return false;
     }

◆ isInitialized()

boolean org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.isInitialized ( )

inlineprotected

                                       {
         return this.keycloakConfigFile != null || this.keycloakConfigResolverClass != null;
     }

◆ loadKeycloakConfigFile()

InputStream org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.loadKeycloakConfigFile ( )

inlineprotected

                                                    {
         if (keycloakConfigFile.startsWith(GenericConstants.PROTOCOL_CLASSPATH)) {
             String classPathLocation = keycloakConfigFile.replace(GenericConstants.PROTOCOL_CLASSPATH, "");
             log.fine("Loading config from classpath on location: " + classPathLocation);
             // Try current class classloader first
             InputStream is = getClass().getClassLoader().getResourceAsStream(classPathLocation);
             if (is == null) {
                 is = Thread.currentThread().getContextClassLoader().getResourceAsStream(classPathLocation);
             }
 
             if (is != null) {
                 return is;
             } else {
                 throw new RuntimeException("Unable to find config from classpath: " + keycloakConfigFile);
             }
         } else {
             // Fallback to file
             try {
                 log.fine("Loading config from file: " + keycloakConfigFile);
                 return new FileInputStream(keycloakConfigFile);
             } catch (FileNotFoundException fnfe) {
                 log.severe("Config not found on " + keycloakConfigFile);
                 throw new RuntimeException(fnfe);
             }
         }
     }

◆ loadResolverClass()

Class<? extends KeycloakConfigResolver> org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.loadResolverClass ( )

inlineprotected

                                                                           {
         try {
             return (Class<? extends KeycloakConfigResolver>)getClass().getClassLoader().loadClass(keycloakConfigResolverClass);
         } catch (ClassNotFoundException cnfe) {
             // Fallback to tccl
             try {
                 return (Class<? extends KeycloakConfigResolver>)Thread.currentThread().getContextClassLoader().loadClass(keycloakConfigResolverClass);
             } catch (ClassNotFoundException cnfe2) {
                 throw new RuntimeException("Unable to find resolver class: " + keycloakConfigResolverClass);
             }
         }
     }

◆ propagateSecurityContext()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.propagateSecurityContext	(	JaxrsHttpFacade	facade,
		ContainerRequestContext	request,
		KeycloakDeployment	resolvedDeployment,
		BearerTokenRequestAuthenticator	bearer
	)

inlineprotected

                                                                                                                                                                                     {
         RefreshableKeycloakSecurityContext skSession = new RefreshableKeycloakSecurityContext(resolvedDeployment, null, bearer.getTokenString(), bearer.getToken(), null, null, null);
 
         // Not needed to do resteasy specifics as KeycloakSecurityContext can be always retrieved from SecurityContext by typecast SecurityContext.getUserPrincipal to KeycloakPrincipal
         // ResteasyProviderFactory.pushContext(KeycloakSecurityContext.class, skSession);
 
         facade.setSecurityContext(skSession);
         String principalName = AdapterUtils.getPrincipalName(resolvedDeployment, bearer.getToken());
         final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(principalName, skSession);
         SecurityContext anonymousSecurityContext = getRequestSecurityContext(request);
         final boolean isSecure = anonymousSecurityContext.isSecure();
         final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(skSession);
 
         SecurityContext ctx = new SecurityContext() {
             @Override
             public Principal getUserPrincipal() {
                 return principal;
             }
 
             @Override
             public boolean isUserInRole(String role) {
                 return roles.contains(role);
             }
 
             @Override
             public boolean isSecure() {
                 return isSecure;
             }
 
             @Override
             public String getAuthenticationScheme() {
                 return "OAUTH_BEARER";
             }
         };
         request.setSecurityContext(ctx);
     }

◆ setKeycloakConfigFile()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.setKeycloakConfigFile ( String configFile )

inline

                                                          {
         this.keycloakConfigFile = configFile;
         attemptStart();
     }

◆ setKeycloakConfigResolverClass()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.setKeycloakConfigResolverClass ( String keycloakConfigResolverClass )

inline

                                                                                    {
         this.keycloakConfigResolverClass = keycloakConfigResolverClass;
         attemptStart();
     }

◆ start()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.start ( )

inlineprotected

                            {
         if (started) {
             throw new IllegalStateException("Filter already started. Make sure to specify just keycloakConfigResolver or keycloakConfigFile but not both");
         }
 
         if (keycloakConfigResolverClass != null) {
             Class<? extends KeycloakConfigResolver> resolverClass = loadResolverClass();
 
             try {
                 KeycloakConfigResolver resolver = resolverClass.newInstance();
                 log.info("Using " + resolver + " to resolve Keycloak configuration on a per-request basis.");
                 this.deploymentContext = new AdapterDeploymentContext(resolver);
             } catch (Exception e) {
                 throw new RuntimeException("Unable to instantiate resolver " + resolverClass);
             }
         } else {
             if (keycloakConfigFile == null) {
                 throw new IllegalArgumentException("You need to specify either keycloakConfigResolverClass or keycloakConfigFile in configuration");
             }
             InputStream is = loadKeycloakConfigFile();
             KeycloakDeployment kd = KeycloakDeploymentBuilder.build(is);
             deploymentContext = new AdapterDeploymentContext(kd);
             log.info("Keycloak is using a per-deployment configuration loaded from: " + keycloakConfigFile);
         }
 
         nodesRegistrationManagement = new NodesRegistrationManagement();
         started = true;
     }

◆ verifySslFailed()

boolean org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.verifySslFailed	(	JaxrsHttpFacade	facade,
		KeycloakDeployment	deployment
	)

inlineprotected

                                                                                              {
         if (!facade.getRequest().isSecure() && deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr())) {
             log.warning("SSL is required to authenticate, but request is not secured");
             facade.getResponse().sendError(403, "SSL required!");
             return true;
         }
         return false;
     }

メンバ詳解

◆ deploymentContext

AdapterDeploymentContext org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.deploymentContext

protected

◆ keycloakConfigFile

String org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.keycloakConfigFile

private

◆ keycloakConfigResolverClass

String org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.keycloakConfigResolverClass

private

◆ log

final Logger org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.log = Logger.getLogger("" + JaxrsBearerTokenFilterImpl.class)

staticprivate

◆ nodesRegistrationManagement

NodesRegistrationManagement org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.nodesRegistrationManagement

protected

◆ started

volatile boolean org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.started

protected

◆ userSessionManagement

UserSessionManagement org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.userSessionManagement = new EmptyUserSessionManagement()

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/keycloak/doxygen/src/adapters/oidc/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsBearerTokenFilterImpl.java

クラス

公開メンバ関数

限定公開メンバ関数

限定公開変数類

非公開変数類

静的非公開変数類

詳解

関数詳解

◆ attemptStart()

◆ bearerAuthentication()

◆ filter()

◆ getKeycloakConfigFile()

◆ getKeycloakConfigResolverClass()

◆ getRequestSecurityContext()

◆ handleAuthActions()

◆ handlePreauth()

◆ isInitialized()

◆ loadKeycloakConfigFile()

◆ loadResolverClass()

◆ propagateSecurityContext()

◆ setKeycloakConfigFile()

◆ setKeycloakConfigResolverClass()

◆ start()

◆ verifySslFailed()

メンバ詳解

◆ deploymentContext

◆ keycloakConfigFile

◆ keycloakConfigResolverClass

◆ log

◆ nodesRegistrationManagement

◆ started

◆ userSessionManagement