org.keycloak.authorization.client.AuthzClient クラス

org.keycloak.authorization.client.AuthzClient 連携図

公開メンバ関数
ProtectionResource	protection ()
ProtectionResource	protection (final String accessToken)
ProtectionResource	protection (String userName, String password)
AuthorizationResource	authorization ()
AuthorizationResource	authorization (final String accessToken)
AuthorizationResource	authorization (final String userName, final String password)
AccessTokenResponse	obtainAccessToken ()
AccessTokenResponse	obtainAccessToken (String userName, String password)
ServerConfiguration	getServerConfiguration ()
Configuration	getConfiguration ()

静的公開メンバ関数
static AuthzClient	create () throws RuntimeException
static AuthzClient	create (Configuration configuration)
static AuthzClient	create (Configuration configuration, ClientAuthenticator authenticator)

非公開メンバ関数
	AuthzClient (Configuration configuration, ClientAuthenticator authenticator)
TokenCallable	createPatSupplier (String userName, String password)
TokenCallable	createPatSupplier ()
TokenCallable	createRefreshableAccessTokenSupplier (final String userName, final String password)

非公開変数類
final Http	http
TokenCallable	patSupplier
final ServerConfiguration	serverConfiguration
final Configuration	configuration

詳解

This is class serves as an entry point for clients looking for access to Keycloak Authorization Services.

When creating a new instances make sure you have a Keycloak Server running at the location specified in the client configuration. The client tries to obtain server configuration by invoking the UMA Discovery Endpoint, usually available from the server at http(s)://{server}:{port}/auth/realms/{realm}/.well-known/uma-configuration.

著者

Pedro Igor

構築子と解体子

AuthzClient()

org.keycloak.authorization.client.AuthzClient.AuthzClient ( Configuration  configuration, ClientAuthenticator  authenticator  )

inlineprivate

                                                                                        {
        if (configuration == null) {
            throw new IllegalArgumentException("Client configuration can not be null.");
        }

        String configurationUrl = configuration.getAuthServerUrl();

        if (configurationUrl == null) {
            throw new IllegalArgumentException("Configuration URL can not be null.");
        }

        configurationUrl += "/realms/" + configuration.getRealm() + "/.well-known/uma2-configuration";

        this.configuration = configuration;

        this.http = new Http(configuration, authenticator != null ? authenticator : configuration.getClientAuthenticator());

        try {
            this.serverConfiguration = this.http.<ServerConfiguration>get(configurationUrl)
                    .response().json(ServerConfiguration.class)
                    .execute();
        } catch (Exception e) {
            throw new RuntimeException("Could not obtain configuration from server [" + configurationUrl + "].", e);
        }

        this.http.setServerConfiguration(this.serverConfiguration);
    }

関数詳解

authorization() [1/3]

AuthorizationResource org.keycloak.authorization.client.AuthzClient.authorization ( )

inline

Creates a AuthorizationResource instance which can be used to obtain permissions from the server.

戻り値

a AuthorizationResource

                                                 {
        return new AuthorizationResource(configuration, serverConfiguration, this.http, null);
    }

authorization() [2/3]

AuthorizationResource org.keycloak.authorization.client.AuthzClient.authorization ( final String  accessToken )

inline

Creates a AuthorizationResource instance which can be used to obtain permissions from the server.

引数

accessToken

the Access Token that will be used as a bearer to access the token endpoint

戻り値

a AuthorizationResource

                                                                         {
        return new AuthorizationResource(configuration, serverConfiguration, this.http, new TokenCallable(http, configuration, serverConfiguration) {
            @Override
            public String call() {
                return accessToken;
            }

            @Override
            protected boolean isRetry() {
                return false;
            }
        });
    }

authorization() [3/3]

AuthorizationResource org.keycloak.authorization.client.AuthzClient.authorization ( final String  userName, final String  password  )

inline

Creates a AuthorizationResource instance which can be used to obtain permissions from the server.

引数

userName	an ID Token or Access Token representing an identity and/or access context
password

戻り値

a AuthorizationResource

                                                                                             {
        return new AuthorizationResource(configuration, serverConfiguration, this.http, createRefreshableAccessTokenSupplier(userName, password));
    }

create() [1/3]

static AuthzClient org.keycloak.authorization.client.AuthzClient.create ( ) throws RuntimeException

inlinestatic

Creates a new instance.

This method expects a keycloak.json in the classpath, otherwise an exception will be thrown.

戻り値

a new instance

例外

RuntimeException

in case there is no keycloak.json file in the classpath or the file could not be parsed

                                                               {
        InputStream configStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("keycloak.json");

        if (configStream == null) {
            throw new RuntimeException("Could not find any keycloak.json file in classpath.");
        }

        try {
            return create(JsonSerialization.readValue(configStream, Configuration.class));
        } catch (IOException e) {
            throw new RuntimeException("Could not parse configuration.", e);
        }
    }

create() [2/3]

static AuthzClient org.keycloak.authorization.client.AuthzClient.create ( Configuration  configuration )

inlinestatic

Creates a new instance.

引数

configuration

the client configuration

戻り値

a new instance

                                                                  {
        return new AuthzClient(configuration, configuration.getClientAuthenticator());
    }

create() [3/3]

static AuthzClient org.keycloak.authorization.client.AuthzClient.create ( Configuration  configuration, ClientAuthenticator  authenticator  )

inlinestatic

Creates a new instance.

引数

configuration	the client configuration
authenticator	the client authenticator

戻り値

a new instance

                                                                                                     {
        return new AuthzClient(configuration, authenticator);
    }

createPatSupplier() [1/2]

TokenCallable org.keycloak.authorization.client.AuthzClient.createPatSupplier ( String  userName, String  password  )

inlineprivate

                                                                              {
        if (patSupplier == null) {
            patSupplier = createRefreshableAccessTokenSupplier(userName, password);
        }
        return patSupplier;
    }

createPatSupplier() [2/2]

TokenCallable org.keycloak.authorization.client.AuthzClient.createPatSupplier ( )

inlineprivate

                                              {
        return createPatSupplier(null, null);
    }

createRefreshableAccessTokenSupplier()

TokenCallable org.keycloak.authorization.client.AuthzClient.createRefreshableAccessTokenSupplier ( final String  userName, final String  password  )

inlineprivate

                                                                                                             {
        return new TokenCallable(userName, password, http, configuration, serverConfiguration);
    }

getConfiguration()

Configuration org.keycloak.authorization.client.AuthzClient.getConfiguration ( )

inline

Obtains the client configuration

戻り値

the Configuration

                                            {
        return this.configuration;
    }

getServerConfiguration()

ServerConfiguration org.keycloak.authorization.client.AuthzClient.getServerConfiguration ( )

inline

Returns the configuration obtained from the server at the UMA Discovery Endpoint.

戻り値

the ServerConfiguration

                                                        {
        return this.serverConfiguration;
    }

obtainAccessToken() [1/2]

AccessTokenResponse org.keycloak.authorization.client.AuthzClient.obtainAccessToken ( )

inline

Obtains an access token using the client credentials.

戻り値

an AccessTokenResponse

                                                   {
        return this.http.<AccessTokenResponse>post(this.serverConfiguration.getTokenEndpoint())
                .authentication()
                    .client()
                .response()
                    .json(AccessTokenResponse.class)
                .execute();
    }

obtainAccessToken() [2/2]

AccessTokenResponse org.keycloak.authorization.client.AuthzClient.obtainAccessToken ( String  userName, String  password  )

inline

Obtains an access token using the resource owner credentials.

戻り値

an AccessTokenResponse

                                                                                   {
        return this.http.<AccessTokenResponse>post(this.serverConfiguration.getTokenEndpoint())
                .authentication()
                    .oauth2ResourceOwnerPassword(userName, password)
                .response()
                    .json(AccessTokenResponse.class)
                .execute();
    }

protection() [1/3]

ProtectionResource org.keycloak.authorization.client.AuthzClient.protection ( )

inline

Creates a ProtectionResource instance which can be used to access the Protection API.

When using this method, the PAT (the access token with the uma_protection scope) is obtained for the client itself, using any of the supported credential types (client/secret, jwt, etc).

戻り値

a ProtectionResource

                                           {
        return new ProtectionResource(this.http, this.serverConfiguration, configuration, createPatSupplier());
    }

protection() [2/3]

ProtectionResource org.keycloak.authorization.client.AuthzClient.protection ( final String  accessToken )

inline

Creates a ProtectionResource instance which can be used to access the Protection API.

引数

accessToken

the PAT (the access token with the uma_protection scope)

戻り値

a ProtectionResource

                                                                   {
        return new ProtectionResource(this.http, this.serverConfiguration, configuration, new TokenCallable(http, configuration, serverConfiguration) {
            @Override
            public String call() {
                return accessToken;
            }

            @Override
            protected boolean isRetry() {
                return false;
            }
        });
    }

protection() [3/3]

ProtectionResource org.keycloak.authorization.client.AuthzClient.protection ( String  userName, String  password  )

inline

Creates a ProtectionResource instance which can be used to access the Protection API.

When using this method, the PAT (the access token with the uma_protection scope) is obtained for a given user.

戻り値

a ProtectionResource

                                                                           {
        return new ProtectionResource(this.http, this.serverConfiguration, configuration, createPatSupplier(userName, password));
    }

メンバ詳解

configuration

final Configuration org.keycloak.authorization.client.AuthzClient.configuration

private

http

final Http org.keycloak.authorization.client.AuthzClient.http

private

patSupplier

TokenCallable org.keycloak.authorization.client.AuthzClient.patSupplier

private

serverConfiguration

final ServerConfiguration org.keycloak.authorization.client.AuthzClient.serverConfiguration

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/keycloak/doxygen/src/authz/client/src/main/java/org/keycloak/authorization/client/AuthzClient.java