org.keycloak.authorization.policy.provider.group.GroupPolicyProvider の継承関係図

org.keycloak.authorization.policy.provider.group.GroupPolicyProvider 連携図

公開メンバ関数
	GroupPolicyProvider (BiFunction< Policy, AuthorizationProvider, GroupPolicyRepresentation > representationFunction)

void	evaluate (Evaluation evaluation)

void	close ()

非公開変数類
final BiFunction< Policy, AuthorizationProvider, GroupPolicyRepresentation >	representationFunction

詳解

著者: Pedro Igor

構築子と解体子

◆ GroupPolicyProvider()

org.keycloak.authorization.policy.provider.group.GroupPolicyProvider.GroupPolicyProvider ( BiFunction< Policy, AuthorizationProvider, GroupPolicyRepresentation > representationFunction )

inline

                                                                                                                             {
         this.representationFunction = representationFunction;
     }

関数詳解

◆ close()

void org.keycloak.authorization.policy.provider.group.GroupPolicyProvider.close ( )

inline

org.keycloak.provider.Providerを実装しています。

                         {
 
     }

◆ evaluate()

void org.keycloak.authorization.policy.provider.group.GroupPolicyProvider.evaluate ( Evaluation evaluation )

inline

org.keycloak.authorization.policy.provider.PolicyProviderを実装しています。

                                                 {
         AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider();
         GroupPolicyRepresentation policy = representationFunction.apply(evaluation.getPolicy(), authorizationProvider);
         RealmModel realm = authorizationProvider.getRealm();
         Attributes.Entry groupsClaim = evaluation.getContext().getIdentity().getAttributes().getValue(policy.getGroupsClaim());
 
         if (groupsClaim == null || groupsClaim.isEmpty()) {
             List<String> userGroups = evaluation.getRealm().getUserGroups(evaluation.getContext().getIdentity().getId());
             groupsClaim = new Entry(policy.getGroupsClaim(), userGroups);
         }
 
         for (GroupPolicyRepresentation.GroupDefinition definition : policy.getGroups()) {
             GroupModel allowedGroup = realm.getGroupById(definition.getId());
 
             for (int i = 0; i < groupsClaim.size(); i++) {
                 String group = groupsClaim.asString(i);
 
                 if (group.indexOf('/') != -1) {
                     String allowedGroupPath = buildGroupPath(allowedGroup);
                     if (group.equals(allowedGroupPath) || (definition.isExtendChildren() && group.startsWith(allowedGroupPath))) {
                         evaluation.grant();
                         return;
                     }
                 }
 
                 // in case the group from the claim does not represent a path, we just check an exact name match
                 if (group.equals(allowedGroup.getName())) {
                     evaluation.grant();
                     return;
                 }
             }
         }
     }

メンバ詳解

◆ representationFunction

final BiFunction<Policy, AuthorizationProvider, GroupPolicyRepresentation> org.keycloak.authorization.policy.provider.group.GroupPolicyProvider.representationFunction

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/keycloak/doxygen/src/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/group/GroupPolicyProvider.java

公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ GroupPolicyProvider()

関数詳解

◆ close()

◆ evaluate()

メンバ詳解

◆ representationFunction