org.keycloak.authorization.policy.evaluation.DefaultPolicyEvaluator クラス

org.keycloak.authorization.policy.evaluation.DefaultPolicyEvaluator の継承関係図

org.keycloak.authorization.policy.evaluation.DefaultPolicyEvaluator 連携図

公開メンバ関数
void	evaluate (ResourcePermission permission, AuthorizationProvider authorizationProvider, EvaluationContext executionContext, Decision decision, Map< Policy, Map< Object, Decision.Effect >> decisionCache)

非公開メンバ関数
Consumer< Policy >	createPolicyEvaluator (ResourcePermission permission, AuthorizationProvider authorizationProvider, EvaluationContext executionContext, Decision decision, AtomicBoolean verified, Map< Policy, Map< Object, Decision.Effect >> decisionCache)

詳解

著者

Pedro Igor

関数詳解

createPolicyEvaluator()

Consumer<Policy> org.keycloak.authorization.policy.evaluation.DefaultPolicyEvaluator.createPolicyEvaluator ( ResourcePermission  permission, AuthorizationProvider  authorizationProvider, EvaluationContext  executionContext, Decision  decision, AtomicBoolean  verified, Map< Policy, Map< Object, Decision.Effect >>  decisionCache  )

inlineprivate

                                                                                                                                                                                                                                                                       {
        return parentPolicy -> {
            PolicyProvider policyProvider = authorizationProvider.getProvider(parentPolicy.getType());

            if (policyProvider == null) {
                throw new RuntimeException("Unknown parentPolicy provider for type [" + parentPolicy.getType() + "].");
            }

            policyProvider.evaluate(new DefaultEvaluation(permission, executionContext, parentPolicy, decision, authorizationProvider, decisionCache));

            verified.compareAndSet(false, true);
        };
    }

evaluate()

void org.keycloak.authorization.policy.evaluation.DefaultPolicyEvaluator.evaluate ( ResourcePermission  permission, AuthorizationProvider  authorizationProvider, EvaluationContext  executionContext, Decision  decision, Map< Policy, Map< Object, Decision.Effect >>  decisionCache  )

inline

org.keycloak.authorization.policy.evaluation.PolicyEvaluatorを実装しています。

                                                                                                                                                                                                                     {
        StoreFactory storeFactory = authorizationProvider.getStoreFactory();
        PolicyStore policyStore = storeFactory.getPolicyStore();
        ResourceStore resourceStore = storeFactory.getResourceStore();

        ResourceServer resourceServer = permission.getResourceServer();
        PolicyEnforcementMode enforcementMode = resourceServer.getPolicyEnforcementMode();

        if (PolicyEnforcementMode.DISABLED.equals(enforcementMode)) {
            DefaultEvaluation evaluation = new DefaultEvaluation(permission, executionContext, decision, authorizationProvider);

            evaluation.grant();

            decision.onComplete(permission);
            return;
        }

        AtomicBoolean verified = new AtomicBoolean();
        Consumer<Policy> policyConsumer = createPolicyEvaluator(permission, authorizationProvider, executionContext, decision, verified, decisionCache);
        Resource resource = permission.getResource();

        if (resource != null) {
            policyStore.findByResource(resource.getId(), resourceServer.getId(), policyConsumer);

            if (resource.getType() != null) {
                policyStore.findByResourceType(resource.getType(), resourceServer.getId(), policyConsumer);

                if (!resource.getOwner().equals(resourceServer.getId())) {
                    for (Resource typedResource : resourceStore.findByType(resource.getType(), resourceServer.getId())) {
                        policyStore.findByResource(typedResource.getId(), resourceServer.getId(), policyConsumer);
                    }
                }
            }
        }

        List<Scope> scopes = permission.getScopes();

        if (!scopes.isEmpty()) {
            policyStore.findByScopeIds(scopes.stream().map(Scope::getId).collect(Collectors.toList()), null, resourceServer.getId(), policyConsumer);
        }

        if (verified.get()) {
            decision.onComplete(permission);
            return;
        }

        if (PolicyEnforcementMode.PERMISSIVE.equals(enforcementMode)) {
            DefaultEvaluation evaluation = new DefaultEvaluation(permission, executionContext, decision, authorizationProvider);
            evaluation.grant();
            decision.onComplete(permission);
        }
    }

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java