org.keycloak.adapters.RefreshableKeycloakSecurityContext の継承関係図

org.keycloak.adapters.RefreshableKeycloakSecurityContext 連携図

公開メンバ関数
	RefreshableKeycloakSecurityContext ()

	RefreshableKeycloakSecurityContext (KeycloakDeployment deployment, AdapterTokenStore tokenStore, String tokenString, AccessToken token, String idTokenString, IDToken idToken, String refreshToken)

AccessToken	getToken ()

String	getTokenString ()

String	getRefreshToken ()

void	logout (KeycloakDeployment deployment)

boolean	isActive ()

boolean	isTokenTimeToLiveSufficient (AccessToken token)

KeycloakDeployment	getDeployment ()

void	setCurrentRequestInfo (KeycloakDeployment deployment, AdapterTokenStore tokenStore)

boolean	refreshExpiredToken (boolean checkActive)

void	setAuthorizationContext (AuthorizationContext authorizationContext)

AuthorizationContext	getAuthorizationContext ()

IDToken	getIdToken ()

String	getIdTokenString ()

String	getRealm ()

限定公開変数類
transient KeycloakDeployment	deployment

transient AdapterTokenStore	tokenStore

String	refreshToken

String	tokenString

String	idTokenString

transient AccessToken	token

transient IDToken	idToken

transient AuthorizationContext	authorizationContext

静的限定公開変数類
static Logger	log = Logger.getLogger(RefreshableKeycloakSecurityContext.class)

関数
private< T > T	parseToken (String encoded, Class< T > clazz) throws IOException

詳解

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ RefreshableKeycloakSecurityContext() [1/2]

org.keycloak.adapters.RefreshableKeycloakSecurityContext.RefreshableKeycloakSecurityContext ( )

inline

44 {

45 }

◆ RefreshableKeycloakSecurityContext() [2/2]

org.keycloak.adapters.RefreshableKeycloakSecurityContext.RefreshableKeycloakSecurityContext	(	KeycloakDeployment	deployment,
		AdapterTokenStore	tokenStore,
		String	tokenString,
		AccessToken	token,
		String	idTokenString,
		IDToken	idToken,
		String	refreshToken
	)

inline

                                                                                                                                                                                                               {
         super(tokenString, token, idTokenString, idToken);
         this.deployment = deployment;
         this.tokenStore = tokenStore;
         this.refreshToken = refreshToken;
     }

関数詳解

◆ getAuthorizationContext()

AuthorizationContext org.keycloak.KeycloakSecurityContext.getAuthorizationContext ( )

inlineinherited

                                                           {
         return authorizationContext;
     }

◆ getDeployment()

KeycloakDeployment org.keycloak.adapters.RefreshableKeycloakSecurityContext.getDeployment ( )

inline

                                               {
         return deployment;
     }

◆ getIdToken()

IDToken org.keycloak.KeycloakSecurityContext.getIdToken ( )

inlineinherited

                                 {
         return idToken;
     }

◆ getIdTokenString()

String org.keycloak.KeycloakSecurityContext.getIdTokenString ( )

inlineinherited

                                      {
         return idTokenString;
     }

◆ getRealm()

String org.keycloak.KeycloakSecurityContext.getRealm ( )

inlineinherited

                              {
         // Assumption that issuer contains realm name
         return token.getIssuer().substring(token.getIssuer().lastIndexOf('/') + 1);
     }

◆ getRefreshToken()

String org.keycloak.adapters.RefreshableKeycloakSecurityContext.getRefreshToken ( )

inline

                                     {
         return refreshToken;
     }

◆ getToken()

AccessToken org.keycloak.adapters.RefreshableKeycloakSecurityContext.getToken ( )

inline

                                   {
         refreshExpiredToken(true);
         return super.getToken();
     }

◆ getTokenString()

String org.keycloak.adapters.RefreshableKeycloakSecurityContext.getTokenString ( )

inline

                                    {
         refreshExpiredToken(true);
         return super.getTokenString();
     }

◆ isActive()

boolean org.keycloak.adapters.RefreshableKeycloakSecurityContext.isActive ( )

inline

                               {
         return token != null && this.token.isActive() && deployment!=null && this.token.getIssuedAt() > deployment.getNotBefore();
     }

◆ isTokenTimeToLiveSufficient()

boolean org.keycloak.adapters.RefreshableKeycloakSecurityContext.isTokenTimeToLiveSufficient ( AccessToken token )

inline

                                                                   {
         return token != null && (token.getExpiration() - this.deployment.getTokenMinimumTimeToLive()) > Time.currentTime();
     }

◆ logout()

void org.keycloak.adapters.RefreshableKeycloakSecurityContext.logout ( KeycloakDeployment deployment )

inline

                                                       {
         try {
             ServerRequest.invokeLogout(deployment, refreshToken);
         } catch (Exception e) {
             log.error("failed to invoke remote logout", e);
         }
     }

◆ parseToken()

private<T> T org.keycloak.KeycloakSecurityContext.parseToken	(	String	encoded,
		Class< T >	clazz
	)		throws IOException

inlinepackageinherited

                                                                                 {
         if (encoded == null)
             return null;
 
         String[] parts = encoded.split("\\.");
         if (parts.length < 2 || parts.length > 3) throw new IllegalArgumentException("Parsing error");
 
         byte[] bytes = Base64Url.decode(parts[1]);
         return JsonSerialization.readValue(bytes, clazz);
     }

◆ refreshExpiredToken()

boolean org.keycloak.adapters.RefreshableKeycloakSecurityContext.refreshExpiredToken ( boolean checkActive )

inline

引数

checkActive if true, then we won't send refresh request if current accessToken is still active.

戻り値: true if accessToken is active or was successfully refreshed

                                                             {
         if (checkActive) {
             if (log.isTraceEnabled()) {
                 log.trace("checking whether to refresh.");
             }
             if (isActive() && isTokenTimeToLiveSufficient(this.token)) return true;
         }
 
         if (this.deployment == null || refreshToken == null) return false; // Might be serialized in HttpSession?
 
         if (!this.getRealm().equals(this.deployment.getRealm())) {
             // this should not happen, but let's check it anyway
             return false;
         }
 
         if (log.isTraceEnabled()) {
             log.trace("Doing refresh");
         }
         AccessTokenResponse response = null;
         try {
             response = ServerRequest.invokeRefresh(deployment, refreshToken);
         } catch (IOException e) {
             log.error("Refresh token failure", e);
             return false;
         } catch (ServerRequest.HttpFailure httpFailure) {
             log.error("Refresh token failure status: " + httpFailure.getStatus() + " " + httpFailure.getError());
             return false;
         }
         if (log.isTraceEnabled()) {
             log.trace("received refresh response");
         }
         String tokenString = response.getToken();
         AccessToken token = null;
         try {
             token = AdapterRSATokenVerifier.verifyToken(tokenString, deployment);
             log.debug("Token Verification succeeded!");
         } catch (VerificationException e) {
             log.error("failed verification of token");
             return false;
         }
 
         // If the TTL is greater-or-equal to the expire time on the refreshed token, have to abort or go into an infinite refresh loop
         if (!isTokenTimeToLiveSufficient(token)) {
             log.error("failed to refresh the token with a longer time-to-live than the minimum");
             return false;
         }
 
         if (response.getNotBeforePolicy() > deployment.getNotBefore()) {
             deployment.updateNotBefore(response.getNotBeforePolicy());
         }
 
         this.token = token;
         if (response.getRefreshToken() != null) {
             if (log.isTraceEnabled()) {
                 log.trace("Setup new refresh token to the security context");
             }
             this.refreshToken = response.getRefreshToken();
         }
         this.tokenString = tokenString;
         if (tokenStore != null) {
             tokenStore.refreshCallback(this);
         }
         return true;
     }

◆ setAuthorizationContext()

void org.keycloak.adapters.RefreshableKeycloakSecurityContext.setAuthorizationContext ( AuthorizationContext authorizationContext )

inline

                                                                                    {
         this.authorizationContext = authorizationContext;
     }

◆ setCurrentRequestInfo()

void org.keycloak.adapters.RefreshableKeycloakSecurityContext.setCurrentRequestInfo	(	KeycloakDeployment	deployment,
		AdapterTokenStore	tokenStore
	)

inline

                                                                                                    {
         this.deployment = deployment;
         this.tokenStore = tokenStore;
     }

メンバ詳解

◆ authorizationContext

transient AuthorizationContext org.keycloak.KeycloakSecurityContext.authorizationContext

protectedinherited

◆ deployment

transient KeycloakDeployment org.keycloak.adapters.RefreshableKeycloakSecurityContext.deployment

protected

◆ idToken

transient IDToken org.keycloak.KeycloakSecurityContext.idToken

protectedinherited

◆ idTokenString

String org.keycloak.KeycloakSecurityContext.idTokenString

protectedinherited

◆ log

Logger org.keycloak.adapters.RefreshableKeycloakSecurityContext.log = Logger.getLogger(RefreshableKeycloakSecurityContext.class)

staticprotected

◆ refreshToken

String org.keycloak.adapters.RefreshableKeycloakSecurityContext.refreshToken

protected

◆ token

transient AccessToken org.keycloak.KeycloakSecurityContext.token

protectedinherited

◆ tokenStore

transient AdapterTokenStore org.keycloak.adapters.RefreshableKeycloakSecurityContext.tokenStore

protected

◆ tokenString

String org.keycloak.KeycloakSecurityContext.tokenString

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/keycloak/doxygen/src/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSecurityContext.java

公開メンバ関数

限定公開変数類

静的限定公開変数類

関数

詳解

構築子と解体子

◆ RefreshableKeycloakSecurityContext() [1/2]

◆ RefreshableKeycloakSecurityContext() [2/2]

関数詳解

◆ getAuthorizationContext()

◆ getDeployment()

◆ getIdToken()

◆ getIdTokenString()

◆ getRealm()

◆ getRefreshToken()

◆ getToken()

◆ getTokenString()

◆ isActive()

◆ isTokenTimeToLiveSufficient()

◆ logout()

◆ parseToken()

◆ refreshExpiredToken()

◆ setAuthorizationContext()

◆ setCurrentRequestInfo()

メンバ詳解

◆ authorizationContext

◆ deployment

◆ idToken

◆ idTokenString

◆ log

◆ refreshToken

◆ token

◆ tokenStore

◆ tokenString