keycloak
公開メンバ関数 | 限定公開変数類 | 非公開メンバ関数 | 非公開変数類 | 全メンバ一覧
org.keycloak.authorization.protection.ProtectionService クラス
org.keycloak.authorization.protection.ProtectionService 連携図
Collaboration graph

公開メンバ関数

 ProtectionService (AuthorizationProvider authorization)
 
Object resource ()
 
Object permission ()
 
Object ticket ()
 
Object policy ()
 

限定公開変数類

ClientConnection clientConnection
 

非公開メンバ関数

AdminEventBuilder createAdminEventBuilder (KeycloakIdentity identity, ResourceServer resourceServer)
 
KeycloakIdentity createIdentity (boolean checkProtectionScope)
 
ResourceServer getResourceServer (KeycloakIdentity identity)
 

非公開変数類

KeycloakSession session
 
final AuthorizationProvider authorization
 

詳解

著者
Pedro Igor

構築子と解体子

◆ ProtectionService()

org.keycloak.authorization.protection.ProtectionService.ProtectionService ( AuthorizationProvider  authorization)
inline
55  {
56  this.authorization = authorization;
57  }
org.keycloak.authorization.protection.ProtectionService.authorization
final AuthorizationProvider authorization
Definition: ProtectionService.java:50

関数詳解

◆ createAdminEventBuilder()

AdminEventBuilder org.keycloak.authorization.protection.ProtectionService.createAdminEventBuilder ( KeycloakIdentity  identity,
ResourceServer  resourceServer 
)
inlineprivate
74  {
75  RealmModel realm = authorization.getRealm();
76  ClientModel client = realm.getClientById(resourceServer.getId());
77  KeycloakSession keycloakSession = authorization.getKeycloakSession();
78  UserModel serviceAccount = keycloakSession.users().getServiceAccount(client);
79  AdminEventBuilder adminEvent = new AdminEventBuilder(realm, new AdminAuth(realm, identity.getAccessToken(), serviceAccount, client), keycloakSession, clientConnection);
80  return adminEvent.realm(realm).authClient(client).authUser(serviceAccount);
81  }
org.keycloak.authorization.protection.ProtectionService.clientConnection
ClientConnection clientConnection
Definition: ProtectionService.java:53
org.keycloak.authorization.AuthorizationProvider.getRealm
RealmModel getRealm()
Definition: AuthorizationProvider.java:169
org.keycloak.models.RealmModel.getClientById
ClientModel getClientById(String id)
org.keycloak.authorization.AuthorizationProvider.getKeycloakSession
KeycloakSession getKeycloakSession()
Definition: AuthorizationProvider.java:165
org.keycloak.authorization.protection.ProtectionService.authorization
final AuthorizationProvider authorization
Definition: ProtectionService.java:50
org.keycloak.models.UserProvider.getServiceAccount
UserModel getServiceAccount(ClientModel client)

◆ createIdentity()

KeycloakIdentity org.keycloak.authorization.protection.ProtectionService.createIdentity ( boolean  checkProtectionScope)
inlineprivate
116  {
117  KeycloakIdentity identity = new KeycloakIdentity(this.authorization.getKeycloakSession());
118  ResourceServer resourceServer = getResourceServer(identity);
119  KeycloakSession keycloakSession = authorization.getKeycloakSession();
120  RealmModel realm = keycloakSession.getContext().getRealm();
121  ClientModel client = realm.getClientById(resourceServer.getId());
122 
123  if (checkProtectionScope) {
124  if (!identity.hasClientRole(client.getClientId(), "uma_protection")) {
125  throw new ErrorResponseException(OAuthErrorException.INVALID_SCOPE, "Requires uma_protection scope.", Status.FORBIDDEN);
126  }
127  }
128 
129  return identity;
130  }
org.keycloak.authorization.protection.ProtectionService.getResourceServer
ResourceServer getResourceServer(KeycloakIdentity identity)
Definition: ProtectionService.java:132
org.keycloak.models.RealmModel.getClientById
ClientModel getClientById(String id)
org.keycloak.authorization.AuthorizationProvider.getKeycloakSession
KeycloakSession getKeycloakSession()
Definition: AuthorizationProvider.java:165
org.keycloak.authorization.protection.ProtectionService.authorization
final AuthorizationProvider authorization
Definition: ProtectionService.java:50

◆ getResourceServer()

ResourceServer org.keycloak.authorization.protection.ProtectionService.getResourceServer ( KeycloakIdentity  identity)
inlineprivate
132  {
133  String clientId = identity.getAccessToken().getIssuedFor();
134  RealmModel realm = authorization.getKeycloakSession().getContext().getRealm();
135  ClientModel clientModel = realm.getClientByClientId(clientId);
136 
137  if (clientModel == null) {
138  clientModel = realm.getClientById(clientId);
139 
140  if (clientModel == null) {
141  throw new ErrorResponseException("invalid_clientId", "Client application with id [" + clientId + "] does not exist in realm [" + realm.getName() + "]", Status.BAD_REQUEST);
142  }
143  }
144 
145  ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
146 
147  if (resourceServer == null) {
148  throw new ErrorResponseException("invalid_clientId", "Client application [" + clientModel.getClientId() + "] is not registered as a resource server.", Status.FORBIDDEN);
149  }
150 
151  return resourceServer;
152  }
org.keycloak.models.RealmModel.getClientByClientId
ClientModel getClientByClientId(String clientId)
org.keycloak.authorization.AuthorizationProvider.getStoreFactory
StoreFactory getStoreFactory()
Definition: AuthorizationProvider.java:109
org.keycloak.authorization.AuthorizationProvider.getKeycloakSession
KeycloakSession getKeycloakSession()
Definition: AuthorizationProvider.java:165
org.keycloak.authorization.protection.ProtectionService.authorization
final AuthorizationProvider authorization
Definition: ProtectionService.java:50

◆ permission()

Object org.keycloak.authorization.protection.ProtectionService.permission ( )
inline
84  {
85  KeycloakIdentity identity = createIdentity(false);
86 
87  PermissionService resource = new PermissionService(identity, getResourceServer(identity), this.authorization);
88 
89  ResteasyProviderFactory.getInstance().injectProperties(resource);
90 
91  return resource;
92  }
org.keycloak.authorization.protection.ProtectionService.resource
Object resource()
Definition: ProtectionService.java:60
org.keycloak.authorization.protection.ProtectionService.createIdentity
KeycloakIdentity createIdentity(boolean checkProtectionScope)
Definition: ProtectionService.java:116
org.keycloak.authorization.protection.ProtectionService.getResourceServer
ResourceServer getResourceServer(KeycloakIdentity identity)
Definition: ProtectionService.java:132
org.keycloak.authorization.protection.ProtectionService.authorization
final AuthorizationProvider authorization
Definition: ProtectionService.java:50

◆ policy()

Object org.keycloak.authorization.protection.ProtectionService.policy ( )
inline
106  {
107  KeycloakIdentity identity = createIdentity(false);
108 
109  UserManagedPermissionService resource = new UserManagedPermissionService(identity, getResourceServer(identity), this.authorization, createAdminEventBuilder(identity, getResourceServer(identity)));
110 
111  ResteasyProviderFactory.getInstance().injectProperties(resource);
112 
113  return resource;
114  }
org.keycloak.authorization.protection.ProtectionService.resource
Object resource()
Definition: ProtectionService.java:60
org.keycloak.authorization.protection.ProtectionService.createIdentity
KeycloakIdentity createIdentity(boolean checkProtectionScope)
Definition: ProtectionService.java:116
org.keycloak.authorization.protection.ProtectionService.createAdminEventBuilder
AdminEventBuilder createAdminEventBuilder(KeycloakIdentity identity, ResourceServer resourceServer)
Definition: ProtectionService.java:74
org.keycloak.authorization.protection.ProtectionService.getResourceServer
ResourceServer getResourceServer(KeycloakIdentity identity)
Definition: ProtectionService.java:132
org.keycloak.authorization.protection.ProtectionService.authorization
final AuthorizationProvider authorization
Definition: ProtectionService.java:50

◆ resource()

Object org.keycloak.authorization.protection.ProtectionService.resource ( )
inline
60  {
61  KeycloakIdentity identity = createIdentity(true);
62  ResourceServer resourceServer = getResourceServer(identity);
63  ResourceSetService resourceManager = new ResourceSetService(this.session, resourceServer, this.authorization, null, createAdminEventBuilder(identity, resourceServer));
64 
65  ResteasyProviderFactory.getInstance().injectProperties(resourceManager);
66 
67  ResourceService resource = new ResourceService(this.session, resourceServer, identity, resourceManager);
68 
69  ResteasyProviderFactory.getInstance().injectProperties(resource);
70 
71  return resource;
72  }
org.keycloak.authorization.protection.ProtectionService.resource
Object resource()
Definition: ProtectionService.java:60
org.keycloak.authorization.protection.ProtectionService.createIdentity
KeycloakIdentity createIdentity(boolean checkProtectionScope)
Definition: ProtectionService.java:116
org.keycloak.authorization.protection.ProtectionService.session
KeycloakSession session
Definition: ProtectionService.java:49
org.keycloak.authorization.protection.ProtectionService.createAdminEventBuilder
AdminEventBuilder createAdminEventBuilder(KeycloakIdentity identity, ResourceServer resourceServer)
Definition: ProtectionService.java:74
org.keycloak.authorization.protection.ProtectionService.getResourceServer
ResourceServer getResourceServer(KeycloakIdentity identity)
Definition: ProtectionService.java:132
org.keycloak.authorization.protection.ProtectionService.authorization
final AuthorizationProvider authorization
Definition: ProtectionService.java:50

◆ ticket()

Object org.keycloak.authorization.protection.ProtectionService.ticket ( )
inline
95  {
96  KeycloakIdentity identity = createIdentity(false);
97 
98  PermissionTicketService resource = new PermissionTicketService(identity, getResourceServer(identity), this.authorization);
99 
100  ResteasyProviderFactory.getInstance().injectProperties(resource);
101 
102  return resource;
103  }
org.keycloak.authorization.protection.ProtectionService.resource
Object resource()
Definition: ProtectionService.java:60
org.keycloak.authorization.protection.ProtectionService.createIdentity
KeycloakIdentity createIdentity(boolean checkProtectionScope)
Definition: ProtectionService.java:116
org.keycloak.authorization.protection.ProtectionService.getResourceServer
ResourceServer getResourceServer(KeycloakIdentity identity)
Definition: ProtectionService.java:132
org.keycloak.authorization.protection.ProtectionService.authorization
final AuthorizationProvider authorization
Definition: ProtectionService.java:50

メンバ詳解

◆ authorization

final AuthorizationProvider org.keycloak.authorization.protection.ProtectionService.authorization
private

◆ clientConnection

ClientConnection org.keycloak.authorization.protection.ProtectionService.clientConnection
protected

◆ session

KeycloakSession org.keycloak.authorization.protection.ProtectionService.session
private
このクラス詳解は次のファイルから抽出されました:
2018年10月29日(月) 00時34分20秒作成 - keycloak / 構成:   doxygen 1.8.13