org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper の継承関係図

org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper 連携図

クラス
class	LDAPRoleMappingsUserDelegate

公開メンバ関数
	RoleLDAPStorageMapper (ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RoleLDAPStorageMapperFactory factory)

LDAPQuery	createLDAPGroupQuery ()

CommonLDAPGroupMapperConfig	getConfig ()

void	onImportUserFromLDAP (LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)

void	onRegisterUserToLDAP (LDAPObject ldapUser, UserModel localUser, RealmModel realm)

SynchronizationResult	syncDataFromFederationProviderToKeycloak (RealmModel realm)

SynchronizationResult	syncDataFromKeycloakToFederationProvider (RealmModel realm)

LDAPQuery	createRoleQuery (boolean includeMemberAttribute)

LDAPObject	createLDAPRole (String roleName)

void	addRoleMappingInLDAP (String roleName, LDAPObject ldapUser)

void	deleteRoleMappingInLDAP (LDAPObject ldapUser, LDAPObject ldapRole)

LDAPObject	loadLDAPRoleByName (String roleName)

UserModel	proxy (LDAPObject ldapUser, UserModel delegate, RealmModel realm)

void	beforeLDAPQuery (LDAPQuery query)

List< UserModel >	getGroupMembers (RealmModel realm, GroupModel group, int firstResult, int maxResults)

boolean	onAuthenticationFailure (LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm)

LDAPStorageProvider	getLdapProvider ()

void	close ()

静的公開メンバ関数
static boolean	parseBooleanParameter (ComponentModel mapperModel, String paramName)

限定公開メンバ関数
RoleContainerModel	getTargetRoleContainer (RealmModel realm)

List< LDAPObject >	getLDAPRoleMappings (LDAPObject ldapUser)

String	getMembershipUserLdapAttribute ()

限定公開変数類
final KeycloakSession	session

final ComponentModel	mapperModel

final LDAPStorageProvider	ldapProvider

非公開変数類
final RoleMapperConfig	config

final RoleLDAPStorageMapperFactory	factory

静的非公開変数類
static final Logger	logger = Logger.getLogger(RoleLDAPStorageMapper.class)

詳解

Map realm roles or roles of particular client to LDAP groups

著者: Marek Posolda

構築子と解体子

◆ RoleLDAPStorageMapper()

org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.RoleLDAPStorageMapper	(	ComponentModel	mapperModel,
		LDAPStorageProvider	ldapProvider,
		RoleLDAPStorageMapperFactory	factory
	)

inline

                                                                                                                                      {
         super(mapperModel, ldapProvider);
         this.config = new RoleMapperConfig(mapperModel);
         this.factory = factory;
     }

関数詳解

◆ addRoleMappingInLDAP()

void org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.addRoleMappingInLDAP	(	String	roleName,
		LDAPObject	ldapUser
	)

inline

                                                                            {
         LDAPObject ldapRole = loadLDAPRoleByName(roleName);
         if (ldapRole == null) {
             ldapRole = createLDAPRole(roleName);
         }
 
         String membershipUserAttrName = getMembershipUserLdapAttribute();
 
         LDAPUtils.addMember(ldapProvider, config.getMembershipTypeLdapAttribute(), config.getMembershipLdapAttribute(), membershipUserAttrName, ldapRole, ldapUser, true);
     }

◆ beforeLDAPQuery()

void org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.beforeLDAPQuery ( LDAPQuery query )

inline

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                  {
         String strategyKey = config.getUserRolesRetrieveStrategy();
         UserRolesRetrieveStrategy strategy = factory.getUserRolesRetrieveStrategy(strategyKey);
         strategy.beforeUserLDAPQuery(this, query);
     }

◆ close()

void org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.close ( )

inlineinherited

org.keycloak.provider.Providerを実装しています。

                         {
 
     }

◆ createLDAPGroupQuery()

LDAPQuery org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.createLDAPGroupQuery ( )

inline

org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapperを実装しています。

                                             {
         return createRoleQuery(false);
     }

◆ createLDAPRole()

LDAPObject org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.createLDAPRole ( String roleName )

inline

                                                       {
         LDAPObject ldapRole = LDAPUtils.createLDAPGroup(ldapProvider, roleName, config.getRoleNameLdapAttribute(), config.getRoleObjectClasses(ldapProvider),
                 config.getRolesDn(), Collections.<String, Set<String>>emptyMap());
 
         logger.debugf("Creating role [%s] to LDAP with DN [%s]", roleName, ldapRole.getDn().toString());
         return ldapRole;
     }

◆ createRoleQuery()

LDAPQuery org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.createRoleQuery ( boolean includeMemberAttribute )

inline

                                                                      {
         LDAPQuery ldapQuery = new LDAPQuery(ldapProvider);
 
         // For now, use same search scope, which is configured "globally" and used for user's search.
         ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
 
         String rolesDn = config.getRolesDn();
         ldapQuery.setSearchDn(rolesDn);
 
         Collection<String> roleObjectClasses = config.getRoleObjectClasses(ldapProvider);
         ldapQuery.addObjectClasses(roleObjectClasses);
 
         String rolesRdnAttr = config.getRoleNameLdapAttribute();
 
         String customFilter = config.getCustomLdapFilter();
         if (customFilter != null && customFilter.trim().length() > 0) {
             Condition customFilterCondition = new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customFilter);
             ldapQuery.addWhereCondition(customFilterCondition);
         }
 
         ldapQuery.addReturningLdapAttribute(rolesRdnAttr);
 
         // Performance improvement
         if (includeMemberAttribute) {
             String membershipAttr = config.getMembershipLdapAttribute();
             ldapQuery.addReturningLdapAttribute(membershipAttr);
         }
 
         return ldapQuery;
     }

◆ deleteRoleMappingInLDAP()

void org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.deleteRoleMappingInLDAP	(	LDAPObject	ldapUser,
		LDAPObject	ldapRole
	)

inline

                                                                                   {
         String membershipUserAttrName = getMembershipUserLdapAttribute();
         LDAPUtils.deleteMember(ldapProvider, config.getMembershipTypeLdapAttribute(), config.getMembershipLdapAttribute(), membershipUserAttrName, ldapRole, ldapUser);
     }

◆ getConfig()

CommonLDAPGroupMapperConfig org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.getConfig ( )

inline

org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapperを実装しています。

                                                    {
         return config;
     }

◆ getGroupMembers()

List<UserModel> org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.getGroupMembers	(	RealmModel	realm,
		GroupModel	group,
		int	firstResult,
		int	maxResults
	)

inlineinherited

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                                                 {
         return Collections.emptyList();
     }

◆ getLdapProvider()

LDAPStorageProvider org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.getLdapProvider ( )

inlineinherited

                                                  {
         return ldapProvider;
     }

◆ getLDAPRoleMappings()

List<LDAPObject> org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.getLDAPRoleMappings ( LDAPObject ldapUser )

inlineprotected

                                                                         {
         String strategyKey = config.getUserRolesRetrieveStrategy();
         UserRolesRetrieveStrategy strategy = factory.getUserRolesRetrieveStrategy(strategyKey);
 
         LDAPConfig ldapConfig = ldapProvider.getLdapIdentityStore().getConfig();
         return strategy.getLDAPRoleMappings(this, ldapUser, ldapConfig);
     }

◆ getMembershipUserLdapAttribute()

String org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.getMembershipUserLdapAttribute ( )

inlineprotected

                                                       {
         LDAPConfig ldapConfig = ldapProvider.getLdapIdentityStore().getConfig();
         return config.getMembershipUserLdapAttribute(ldapConfig);
     }

◆ getTargetRoleContainer()

RoleContainerModel org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.getTargetRoleContainer ( RealmModel realm )

inlineprotected

                                                                           {
         boolean realmRolesMapping = config.isRealmRolesMapping();
         if (realmRolesMapping) {
             return realm;
         } else {
             String clientId = config.getClientId();
             if (clientId == null) {
                 throw new ModelException("Using client roles mapping is requested, but parameter client.id not found!");
             }
             ClientModel client = realm.getClientByClientId(clientId);
             if (client == null) {
                 throw new ModelException("Can't found requested client with clientId: " + clientId);
             }
             return client;
         }
     }

◆ loadLDAPRoleByName()

LDAPObject org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.loadLDAPRoleByName ( String roleName )

inline

                                                           {
         LDAPQuery ldapQuery = createRoleQuery(true);
         Condition roleNameCondition = new LDAPQueryConditionsBuilder().equal(config.getRoleNameLdapAttribute(), roleName);
         ldapQuery.addWhereCondition(roleNameCondition);
         return ldapQuery.getFirstResult();
     }

◆ onAuthenticationFailure()

boolean org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.onAuthenticationFailure	(	LDAPObject	ldapUser,
		UserModel	user,
		AuthenticationException	ldapException,
		RealmModel	realm
	)

inlineinherited

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                                                                          {
         return false;
     }

◆ onImportUserFromLDAP()

void org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.onImportUserFromLDAP	(	LDAPObject	ldapUser,
		UserModel	user,
		RealmModel	realm,
		boolean	isCreate
	)

inline

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                                               {
         LDAPGroupMapperMode mode = config.getMode();
 
         // For now, import LDAP role mappings just during create
         if (mode == LDAPGroupMapperMode.IMPORT && isCreate) {
 
             List<LDAPObject> ldapRoles = getLDAPRoleMappings(ldapUser);
 
             // Import role mappings from LDAP into Keycloak DB
             String roleNameAttr = config.getRoleNameLdapAttribute();
             for (LDAPObject ldapRole : ldapRoles) {
                 String roleName = ldapRole.getAttributeAsString(roleNameAttr);
 
                 RoleContainerModel roleContainer = getTargetRoleContainer(realm);
                 RoleModel role = roleContainer.getRole(roleName);
 
                 if (role == null) {
                     role = roleContainer.addRole(roleName);
                 }
 
                 logger.debugf("Granting role [%s] to user [%s] during import from LDAP", roleName, user.getUsername());
                 user.grantRole(role);
             }
         }
     }

◆ onRegisterUserToLDAP()

void org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.onRegisterUserToLDAP	(	LDAPObject	ldapUser,
		UserModel	localUser,
		RealmModel	realm
	)

inline

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

108 {

109 }

◆ parseBooleanParameter()

static boolean org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.parseBooleanParameter	(	ComponentModel	mapperModel,
		String	paramName
	)

inlinestaticinherited

                                                                                               {
         String paramm = mapperModel.getConfig().getFirst(paramName);
         return Boolean.parseBoolean(paramm);
     }

◆ proxy()

UserModel org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.proxy	(	LDAPObject	ldapUser,
		UserModel	delegate,
		RealmModel	realm
	)

inline

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                       {
         final LDAPGroupMapperMode mode = config.getMode();
 
         // For IMPORT mode, all operations are performed against local DB
         if (mode == LDAPGroupMapperMode.IMPORT) {
             return delegate;
         } else {
             return new LDAPRoleMappingsUserDelegate(realm, delegate, ldapUser);
         }
     }

◆ syncDataFromFederationProviderToKeycloak()

SynchronizationResult org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.syncDataFromFederationProviderToKeycloak ( RealmModel realm )

inline

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                             {
         SynchronizationResult syncResult = new SynchronizationResult() {
 
             @Override
             public String getStatus() {
                 return String.format("%d imported roles, %d roles already exists in Keycloak", getAdded(), getUpdated());
             }
 
         };
 
         logger.debugf("Syncing roles from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
 
         // Send LDAP query to load all roles
         LDAPQuery ldapRoleQuery = createRoleQuery(false);
         List<LDAPObject> ldapRoles = LDAPUtils.loadAllLDAPObjects(ldapRoleQuery, ldapProvider);
 
         RoleContainerModel roleContainer = getTargetRoleContainer(realm);
         String rolesRdnAttr = config.getRoleNameLdapAttribute();
         for (LDAPObject ldapRole : ldapRoles) {
             String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
 
             if (roleContainer.getRole(roleName) == null) {
                 logger.debugf("Syncing role [%s] from LDAP to keycloak DB", roleName);
                 roleContainer.addRole(roleName);
                 syncResult.increaseAdded();
             } else {
                 syncResult.increaseUpdated();
             }
         }
 
         return syncResult;
     }

◆ syncDataFromKeycloakToFederationProvider()

SynchronizationResult org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.syncDataFromKeycloakToFederationProvider ( RealmModel realm )

inline

org.keycloak.storage.ldap.mappers.LDAPStorageMapperを実装しています。

                                                                                             {
         SynchronizationResult syncResult = new SynchronizationResult() {
 
             @Override
             public String getStatus() {
                 return String.format("%d roles imported to LDAP, %d roles already existed in LDAP", getAdded(), getUpdated());
             }
 
         };
 
         if (config.getMode() != LDAPGroupMapperMode.LDAP_ONLY) {
             logger.warnf("Ignored sync for federation mapper '%s' as it's mode is '%s'", mapperModel.getName(), config.getMode().toString());
             return syncResult;
         }
 
         logger.debugf("Syncing roles from Keycloak into LDAP. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
 
         // Send LDAP query to see which roles exists there
         LDAPQuery ldapQuery = createRoleQuery(false);
         List<LDAPObject> ldapRoles = LDAPUtils.loadAllLDAPObjects(ldapQuery, ldapProvider);
 
         Set<String> ldapRoleNames = new HashSet<>();
         String rolesRdnAttr = config.getRoleNameLdapAttribute();
         for (LDAPObject ldapRole : ldapRoles) {
             String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
             ldapRoleNames.add(roleName);
         }
 
 
         RoleContainerModel roleContainer = getTargetRoleContainer(realm);
         Set<RoleModel> keycloakRoles = roleContainer.getRoles();
 
         for (RoleModel keycloakRole : keycloakRoles) {
             String roleName = keycloakRole.getName();
             if (ldapRoleNames.contains(roleName)) {
                 syncResult.increaseUpdated();
             } else {
                 logger.debugf("Syncing role [%s] from Keycloak to LDAP", roleName);
                 createLDAPRole(roleName);
                 syncResult.increaseAdded();
             }
         }
 
         return syncResult;
     }

メンバ詳解

◆ config

final RoleMapperConfig org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.config

private

◆ factory

final RoleLDAPStorageMapperFactory org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.factory

private

◆ ldapProvider

final LDAPStorageProvider org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.ldapProvider

protectedinherited

◆ logger

final Logger org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.logger = Logger.getLogger(RoleLDAPStorageMapper.class)

staticprivate

◆ mapperModel

final ComponentModel org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.mapperModel

protectedinherited

◆ session

final KeycloakSession org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper.session

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/storage/ldap/mappers/membership/role/RoleLDAPStorageMapper.java

クラス

公開メンバ関数

静的公開メンバ関数

限定公開メンバ関数

限定公開変数類

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ RoleLDAPStorageMapper()

関数詳解

◆ addRoleMappingInLDAP()

◆ beforeLDAPQuery()

◆ close()

◆ createLDAPGroupQuery()

◆ createLDAPRole()

◆ createRoleQuery()

◆ deleteRoleMappingInLDAP()

◆ getConfig()

◆ getGroupMembers()

◆ getLdapProvider()

◆ getLDAPRoleMappings()

◆ getMembershipUserLdapAttribute()

◆ getTargetRoleContainer()

◆ loadLDAPRoleByName()

◆ onAuthenticationFailure()

◆ onImportUserFromLDAP()

◆ onRegisterUserToLDAP()

◆ parseBooleanParameter()

◆ proxy()

◆ syncDataFromFederationProviderToKeycloak()

◆ syncDataFromKeycloakToFederationProvider()

メンバ詳解

◆ config

◆ factory

◆ ldapProvider

◆ logger

◆ mapperModel

◆ session