org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider クラス

org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider の継承関係図

org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider 連携図

クラス
class	UmaPermissionRepresentation

公開メンバ関数
	RPTIntrospectionProvider (KeycloakSession session)
Response	introspect (String token)
void	close ()

限定公開メンバ関数
AccessToken	verifyAccessToken (String token) throws OAuthErrorException, IOException

静的限定公開変数類
static final Logger	LOGGER = Logger.getLogger(RPTIntrospectionProvider.class)

詳解

Introspects token accordingly with UMA Bearer Token Profile.

著者

Pedro Igor

構築子と解体子

RPTIntrospectionProvider()

org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.RPTIntrospectionProvider ( KeycloakSession  session )

inline

                                                             {
        super(session);
    }

関数詳解

close()

void org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.close ( )

inline

org.keycloak.provider.Providerを実装しています。

                        {

    }

introspect()

Response org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.introspect ( String  token )

inline

org.keycloak.protocol.oidc.TokenIntrospectionProviderを実装しています。

                                             {
        LOGGER.debug("Introspecting requesting party token");
        try {
            AccessToken accessToken = verifyAccessToken(token);

            ObjectNode tokenMetadata;

            if (accessToken != null) {
                AccessToken metadata = new AccessToken();

                metadata.id(accessToken.getId());
                metadata.setAcr(accessToken.getAcr());
                metadata.type(accessToken.getType());
                metadata.expiration(accessToken.getExpiration());
                metadata.issuedAt(accessToken.getIssuedAt());
                metadata.audience(accessToken.getAudience());
                metadata.notBefore(accessToken.getNotBefore());
                metadata.setRealmAccess(null);
                metadata.setResourceAccess(null);

                tokenMetadata = JsonSerialization.createObjectNode(metadata);
                Authorization authorization = accessToken.getAuthorization();

                if (authorization != null) {
                    Collection permissions;

                    if (authorization.getPermissions() != null) {
                        permissions = authorization.getPermissions().stream().map(UmaPermissionRepresentation::new).collect(Collectors.toSet());
                    } else {
                        permissions = Collections.emptyList();
                    }

                    tokenMetadata.putPOJO("permissions", permissions);
                }
            } else {
                tokenMetadata = JsonSerialization.createObjectNode();
            }

            tokenMetadata.put("active", accessToken != null);

            return Response.ok(JsonSerialization.writeValueAsBytes(tokenMetadata)).type(MediaType.APPLICATION_JSON_TYPE).build();
        } catch (Exception e) {
            throw new RuntimeException("Error creating token introspection response.", e);
        }
    }

verifyAccessToken()

AccessToken org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.verifyAccessToken ( String  token ) throws OAuthErrorException, IOException

inlineprotectedinherited

                                                                                                  {
        AccessToken accessToken;

        try {
            TokenVerifier<AccessToken> verifier = TokenVerifier.create(token, AccessToken.class)
                    .realmUrl(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));

            SignatureVerifierContext verifierContext = session.getProvider(SignatureProvider.class, verifier.getHeader().getAlgorithm().name()).verifier(verifier.getHeader().getKeyId());
            verifier.verifierContext(verifierContext);

            accessToken = verifier.verify().getToken();
        } catch (VerificationException e) {
            return null;
        }

        RealmModel realm = this.session.getContext().getRealm();

        return tokenManager.checkTokenValidForIntrospection(session, realm, accessToken) ? accessToken : null;
    }

メンバ詳解

LOGGER

final Logger org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.LOGGER = Logger.getLogger(RPTIntrospectionProvider.class)

staticprotected

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/authorization/protection/introspect/RPTIntrospectionProvider.java