org.keycloak.jaxrs.OsgiJaxrsBearerTokenFilterImpl の継承関係図

org.keycloak.jaxrs.OsgiJaxrsBearerTokenFilterImpl 連携図

公開メンバ関数
BundleContext	getBundleContext ()

void	setBundleContext (BundleContext bundleContext)

void	setKeycloakConfigFile (String configFile)

String	getKeycloakConfigFile ()

String	getKeycloakConfigResolverClass ()

void	setKeycloakConfigResolverClass (String keycloakConfigResolverClass)

void	filter (ContainerRequestContext request) throws IOException

限定公開メンバ関数
boolean	isInitialized ()

Class<? extends KeycloakConfigResolver >	loadResolverClass ()

InputStream	loadKeycloakConfigFile ()

void	attemptStart ()

void	start ()

boolean	handlePreauth (JaxrsHttpFacade facade)

void	bearerAuthentication (JaxrsHttpFacade facade, ContainerRequestContext request, KeycloakDeployment resolvedDeployment)

void	propagateSecurityContext (JaxrsHttpFacade facade, ContainerRequestContext request, KeycloakDeployment resolvedDeployment, BearerTokenRequestAuthenticator bearer)

boolean	verifySslFailed (JaxrsHttpFacade facade, KeycloakDeployment deployment)

SecurityContext	getRequestSecurityContext (ContainerRequestContext request)

void	handleAuthActions (JaxrsHttpFacade facade, KeycloakDeployment deployment)

限定公開変数類
volatile boolean	started

AdapterDeploymentContext	deploymentContext

NodesRegistrationManagement	nodesRegistrationManagement

UserSessionManagement	userSessionManagement = new EmptyUserSessionManagement()

非公開変数類
BundleContext	bundleContext

静的非公開変数類
static final Logger	log = Logger.getLogger("" + JaxrsBearerTokenFilterImpl.class)

詳解

Variant of JaxrsBearerTokenFilter, which can be used to properly use resources from current osgi bundle

著者: Marek Posolda

関数詳解

◆ attemptStart()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.attemptStart ( )

inlineprotectedinherited

                                   {
         if (started) {
             throw new IllegalStateException("Filter already started. Make sure to specify just keycloakConfigResolver or keycloakConfigFile but not both");
         }
 
         if (isInitialized()) {
             start();
         } else {
             log.fine("Not yet initialized");
         }
     }

◆ bearerAuthentication()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.bearerAuthentication	(	JaxrsHttpFacade	facade,
		ContainerRequestContext	request,
		KeycloakDeployment	resolvedDeployment
	)

inlineprotectedinherited

                                                                                                                                         {
         BearerTokenRequestAuthenticator authenticator = new BearerTokenRequestAuthenticator(resolvedDeployment);
         AuthOutcome outcome = authenticator.authenticate(facade);
         
         if (outcome == AuthOutcome.NOT_ATTEMPTED && resolvedDeployment.isEnableBasicAuth()) {
             authenticator = new BasicAuthRequestAuthenticator(resolvedDeployment);
             outcome = authenticator.authenticate(facade);
         }
         
         if (outcome == AuthOutcome.FAILED || outcome == AuthOutcome.NOT_ATTEMPTED) {
             AuthChallenge challenge = authenticator.getChallenge();
             log.fine("Authentication outcome: " + outcome);
             boolean challengeSent = challenge.challenge(facade);
             if (!challengeSent) {
                 // Use some default status code
                 facade.getResponse().setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
             }
 
             // Send response now (if not already sent)
             if (!facade.isResponseFinished()) {
                 facade.getResponse().end();
             }
             return;
         } else {
             if (verifySslFailed(facade, resolvedDeployment)) {
                 return;
             }
         }
 
         propagateSecurityContext(facade, request, resolvedDeployment, authenticator);
         handleAuthActions(facade, resolvedDeployment);
     }

◆ filter()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.filter ( ContainerRequestContext request ) throws IOException

inlineinherited

                                                                            {
         SecurityContext securityContext = getRequestSecurityContext(request);
         JaxrsHttpFacade facade = new JaxrsHttpFacade(request, securityContext);
         if (handlePreauth(facade)) {
             return;
         }
 
         KeycloakDeployment resolvedDeployment = deploymentContext.resolveDeployment(facade);
 
         nodesRegistrationManagement.tryRegister(resolvedDeployment);
 
         bearerAuthentication(facade, request, resolvedDeployment);
     }

◆ getBundleContext()

BundleContext org.keycloak.jaxrs.OsgiJaxrsBearerTokenFilterImpl.getBundleContext ( )

inline

                                             {
         return bundleContext;
     }

◆ getKeycloakConfigFile()

String org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.getKeycloakConfigFile ( )

inlineinherited

                                           {
         return this.keycloakConfigFile;
     }

◆ getKeycloakConfigResolverClass()

String org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.getKeycloakConfigResolverClass ( )

inlineinherited

                                                    {
         return keycloakConfigResolverClass;
     }

◆ getRequestSecurityContext()

SecurityContext org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.getRequestSecurityContext ( ContainerRequestContext request )

inlineprotectedinherited

                                                                                          {
         return request.getSecurityContext();
     }

◆ handleAuthActions()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.handleAuthActions	(	JaxrsHttpFacade	facade,
		KeycloakDeployment	deployment
	)

inlineprotectedinherited

                                                                                             {
         AuthenticatedActionsHandler authActionsHandler = new AuthenticatedActionsHandler(deployment, facade);
         if (authActionsHandler.handledRequest()) {
             // Send response now (if not already sent)
             if (!facade.isResponseFinished()) {
                 facade.getResponse().end();
             }
         }
     }

◆ handlePreauth()

boolean org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.handlePreauth ( JaxrsHttpFacade facade )

inlineprotectedinherited

                                                             {
         PreAuthActionsHandler handler = new PreAuthActionsHandler(userSessionManagement, deploymentContext, facade);
         if (handler.handleRequest()) {
             // Send response now (if not already sent)
             if (!facade.isResponseFinished()) {
                 facade.getResponse().end();
             }
             return true;
         }
 
         return false;
     }

◆ isInitialized()

boolean org.keycloak.jaxrs.OsgiJaxrsBearerTokenFilterImpl.isInitialized ( )

inlineprotected

                                       {
         return super.isInitialized() && bundleContext != null;
     }

◆ loadKeycloakConfigFile()

InputStream org.keycloak.jaxrs.OsgiJaxrsBearerTokenFilterImpl.loadKeycloakConfigFile ( )

inlineprotected

                                                    {
         String keycloakConfigFile = getKeycloakConfigFile();
         if (keycloakConfigFile.startsWith(GenericConstants.PROTOCOL_CLASSPATH)) {
 
             // Load from classpath of current bundle
             String classPathLocation = keycloakConfigFile.replace(GenericConstants.PROTOCOL_CLASSPATH, "");
             log.fine("Loading config from classpath on location: " + classPathLocation);
 
             URL cfgUrl = bundleContext.getBundle().getResource(classPathLocation);
             if (cfgUrl == null) {
                 log.warning("Not able to find configFile from bundleContext. Fallback to current classloader");
                 return super.loadKeycloakConfigFile();
             }
 
             try {
                 return cfgUrl.openStream();
             } catch (IOException ioe) {
                 throw new RuntimeException(ioe);
             }
         } else {
             return super.loadKeycloakConfigFile();
         }
     }

◆ loadResolverClass()

Class<? extends KeycloakConfigResolver> org.keycloak.jaxrs.OsgiJaxrsBearerTokenFilterImpl.loadResolverClass ( )

inlineprotected

                                                                           {
         String resolverClass = getKeycloakConfigResolverClass();
         try {
             return (Class<? extends KeycloakConfigResolver>) bundleContext.getBundle().loadClass(resolverClass);
         } catch (ClassNotFoundException cnfe) {
             log.warning("Not able to find class from bundleContext. Fallback to current classloader");
             return super.loadResolverClass();
         }
     }

◆ propagateSecurityContext()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.propagateSecurityContext	(	JaxrsHttpFacade	facade,
		ContainerRequestContext	request,
		KeycloakDeployment	resolvedDeployment,
		BearerTokenRequestAuthenticator	bearer
	)

inlineprotectedinherited

                                                                                                                                                                                     {
         RefreshableKeycloakSecurityContext skSession = new RefreshableKeycloakSecurityContext(resolvedDeployment, null, bearer.getTokenString(), bearer.getToken(), null, null, null);
 
         // Not needed to do resteasy specifics as KeycloakSecurityContext can be always retrieved from SecurityContext by typecast SecurityContext.getUserPrincipal to KeycloakPrincipal
         // ResteasyProviderFactory.pushContext(KeycloakSecurityContext.class, skSession);
 
         facade.setSecurityContext(skSession);
         String principalName = AdapterUtils.getPrincipalName(resolvedDeployment, bearer.getToken());
         final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(principalName, skSession);
         SecurityContext anonymousSecurityContext = getRequestSecurityContext(request);
         final boolean isSecure = anonymousSecurityContext.isSecure();
         final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(skSession);
 
         SecurityContext ctx = new SecurityContext() {
             @Override
             public Principal getUserPrincipal() {
                 return principal;
             }
 
             @Override
             public boolean isUserInRole(String role) {
                 return roles.contains(role);
             }
 
             @Override
             public boolean isSecure() {
                 return isSecure;
             }
 
             @Override
             public String getAuthenticationScheme() {
                 return "OAUTH_BEARER";
             }
         };
         request.setSecurityContext(ctx);
     }

◆ setBundleContext()

void org.keycloak.jaxrs.OsgiJaxrsBearerTokenFilterImpl.setBundleContext ( BundleContext bundleContext )

inline

                                                               {
         this.bundleContext = bundleContext;
         attemptStart();
     }

◆ setKeycloakConfigFile()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.setKeycloakConfigFile ( String configFile )

inlineinherited

                                                          {
         this.keycloakConfigFile = configFile;
         attemptStart();
     }

◆ setKeycloakConfigResolverClass()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.setKeycloakConfigResolverClass ( String keycloakConfigResolverClass )

inlineinherited

                                                                                    {
         this.keycloakConfigResolverClass = keycloakConfigResolverClass;
         attemptStart();
     }

◆ start()

void org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.start ( )

inlineprotectedinherited

                            {
         if (started) {
             throw new IllegalStateException("Filter already started. Make sure to specify just keycloakConfigResolver or keycloakConfigFile but not both");
         }
 
         if (keycloakConfigResolverClass != null) {
             Class<? extends KeycloakConfigResolver> resolverClass = loadResolverClass();
 
             try {
                 KeycloakConfigResolver resolver = resolverClass.newInstance();
                 log.info("Using " + resolver + " to resolve Keycloak configuration on a per-request basis.");
                 this.deploymentContext = new AdapterDeploymentContext(resolver);
             } catch (Exception e) {
                 throw new RuntimeException("Unable to instantiate resolver " + resolverClass);
             }
         } else {
             if (keycloakConfigFile == null) {
                 throw new IllegalArgumentException("You need to specify either keycloakConfigResolverClass or keycloakConfigFile in configuration");
             }
             InputStream is = loadKeycloakConfigFile();
             KeycloakDeployment kd = KeycloakDeploymentBuilder.build(is);
             deploymentContext = new AdapterDeploymentContext(kd);
             log.info("Keycloak is using a per-deployment configuration loaded from: " + keycloakConfigFile);
         }
 
         nodesRegistrationManagement = new NodesRegistrationManagement();
         started = true;
     }

◆ verifySslFailed()

boolean org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.verifySslFailed	(	JaxrsHttpFacade	facade,
		KeycloakDeployment	deployment
	)

inlineprotectedinherited

                                                                                              {
         if (!facade.getRequest().isSecure() && deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr())) {
             log.warning("SSL is required to authenticate, but request is not secured");
             facade.getResponse().sendError(403, "SSL required!");
             return true;
         }
         return false;
     }

メンバ詳解

◆ bundleContext

BundleContext org.keycloak.jaxrs.OsgiJaxrsBearerTokenFilterImpl.bundleContext

private

◆ deploymentContext

AdapterDeploymentContext org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.deploymentContext

protectedinherited

◆ log

final Logger org.keycloak.jaxrs.OsgiJaxrsBearerTokenFilterImpl.log = Logger.getLogger("" + JaxrsBearerTokenFilterImpl.class)

staticprivate

◆ nodesRegistrationManagement

NodesRegistrationManagement org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.nodesRegistrationManagement

protectedinherited

◆ started

volatile boolean org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.started

protectedinherited

◆ userSessionManagement

UserSessionManagement org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl.userSessionManagement = new EmptyUserSessionManagement()

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/keycloak/doxygen/src/adapters/oidc/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/OsgiJaxrsBearerTokenFilterImpl.java

公開メンバ関数

限定公開メンバ関数

限定公開変数類

非公開変数類

静的非公開変数類

詳解

関数詳解

◆ attemptStart()

◆ bearerAuthentication()

◆ filter()

◆ getBundleContext()

◆ getKeycloakConfigFile()

◆ getKeycloakConfigResolverClass()

◆ getRequestSecurityContext()

◆ handleAuthActions()

◆ handlePreauth()

◆ isInitialized()

◆ loadKeycloakConfigFile()

◆ loadResolverClass()

◆ propagateSecurityContext()

◆ setBundleContext()

◆ setKeycloakConfigFile()

◆ setKeycloakConfigResolverClass()

◆ start()

◆ verifySslFailed()

メンバ詳解

◆ bundleContext

◆ deploymentContext

◆ log

◆ nodesRegistrationManagement

◆ started

◆ userSessionManagement