org.keycloak.servlet.ServletOAuthClient の継承関係図

org.keycloak.servlet.ServletOAuthClient 連携図

クラス
class	ServletFacade

公開メンバ関数
void	stop ()

void	redirectRelative (String relativePath, HttpServletRequest request, HttpServletResponse response) throws IOException

void	redirect (String redirectUri, HttpServletRequest request, HttpServletResponse response) throws IOException

AccessTokenResponse	getBearerToken (HttpServletRequest request) throws IOException, ServerRequest.HttpFailure

AccessTokenResponse	refreshToken (HttpServletRequest request, String refreshToken) throws IOException, ServerRequest.HttpFailure

KeycloakDeployment	getDeployment ()

void	setDeployment (KeycloakDeployment deployment)

String	getClientId ()

void	setClientId (String clientId)

Map< String, Object >	getCredentials ()

void	setCredentials (Map< String, Object > credentials)

String	getAuthUrl ()

void	setAuthUrl (String authUrl)

String	getTokenUrl ()

void	setTokenUrl (String tokenUrl)

boolean	isPublicClient ()

void	setPublicClient (boolean publicClient)

RelativeUrlsUsed	getRelativeUrlsUsed ()

void	setRelativeUrlsUsed (RelativeUrlsUsed relativeUrlsUsed)

boolean	isSecure ()

String	getScope ()

void	setScope (String scope)

String	getStateCookieName ()

void	setStateCookieName (String stateCookieName)

String	getStateCookiePath ()

void	setStateCookiePath (String stateCookiePath)

void	setSecure (boolean secure)

静的公開メンバ関数
static String	generateSecret ()

static String	generateSecret (int bytes)

static IDToken	extractIdToken (String idToken)

限定公開メンバ関数
String	getCookieValue (String name, HttpServletRequest request)

String	getCode (HttpServletRequest request)

String	getStateCode ()

String	stripOauthParametersFromRedirect (String uri)

限定公開変数類
String	clientId

Map< String, Object >	credentials

String	authUrl

String	tokenUrl

RelativeUrlsUsed	relativeUrlsUsed

String	scope

String	stateCookieName = OAUTH_TOKEN_REQUEST_STATE

String	stateCookiePath

boolean	isSecure

boolean	publicClient

非公開メンバ関数
void	setCodeVerifier ()

void	setCodeChallenge ()

AccessTokenResponse	resolveBearerToken (HttpServletRequest request, String redirectUri, String code) throws IOException, ServerRequest.HttpFailure

KeycloakDeployment	resolveDeployment (KeycloakDeployment baseDeployment, HttpServletRequest request)

非公開変数類
String	codeVerifier

String	codeChallenge

String	codeChallengeMethod = OAuth2Constants.PKCE_METHOD_S256

静的非公開変数類
static Logger	logger = Logger.getLogger(ServletOAuthClient.class)

詳解

著者: Bill Burke

バージョン

Revision: 1

関数詳解

◆ extractIdToken()

static IDToken org.keycloak.servlet.ServletOAuthClient.extractIdToken ( String idToken )

inlinestatic

                                                          {
         if (idToken == null) return null;
         try {
             JWSInput input = new JWSInput(idToken);
             return input.readJsonContent(IDToken.class);
         } catch (JWSInputException e) {
             throw new RuntimeException(e);
         }
     }

◆ generateSecret() [1/2]

static String org.keycloak.servlet.ServletOAuthClient.generateSecret ( )

inlinestatic

                                           {
         return generateSecret(32);
     }

◆ generateSecret() [2/2]

static String org.keycloak.servlet.ServletOAuthClient.generateSecret ( int bytes )

inlinestatic

                                                    {
         byte[] buf = new byte[bytes];
         new SecureRandom().nextBytes(buf);
         return Base64Url.encode(buf);
     }

◆ getAuthUrl()

String org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.getAuthUrl ( )

inlineinherited

                                {
         throw new IllegalStateException("Illegal to call this method. Use KeycloakDeployment to resolve correct deployment for this request");
     }

◆ getBearerToken()

AccessTokenResponse org.keycloak.servlet.ServletOAuthClient.getBearerToken ( HttpServletRequest request ) throws IOException, ServerRequest.HttpFailure

inline

Obtain the code parameter from the url after being redirected back from the auth-server. Then do an authenticated request back to the auth-server to turn the access code into an access token.

引数

request

戻り値

例外

IOException
org.keycloak.adapters.ServerRequest.HttpFailure

                                                                                                                         {
         String error = request.getParameter(OAuth2Constants.ERROR);
         if (error != null) throw new IOException("OAuth error: " + error);
         String redirectUri = request.getRequestURL().append("?").append(request.getQueryString()).toString();
         String stateCookie = getCookieValue(stateCookieName, request);
         if (stateCookie == null) throw new IOException("state cookie not set");
         // we can call get parameter as this should be a redirect
         String state = request.getParameter(OAuth2Constants.STATE);
         String code = request.getParameter(OAuth2Constants.CODE);
 
         if (state == null) throw new IOException("state parameter was null");
         if (!state.equals(stateCookie)) {
             throw new IOException("state parameter invalid");
         }
         if (code == null) throw new IOException("code parameter was null");
         return resolveBearerToken(request, redirectUri, code);
     }

◆ getClientId()

String org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.getClientId ( )

inlineinherited

                                 {
         return deployment.getResourceName();
     }

◆ getCode()

String org.keycloak.servlet.ServletOAuthClient.getCode ( HttpServletRequest request )

inlineprotected

                                                          {
         String query = request.getQueryString();
         if (query == null) return null;
         String[] params = query.split("&");
         for (String param : params) {
             int eq = param.indexOf('=');
             if (eq == -1) continue;
             String name = param.substring(0, eq);
             if (!name.equals(OAuth2Constants.CODE)) continue;
             return param.substring(eq + 1);
         }
         return null;
     }

◆ getCookieValue()

String org.keycloak.servlet.ServletOAuthClient.getCookieValue	(	String	name,
		HttpServletRequest	request
	)

inlineprotected

                                                                              {
         if (request.getCookies() == null) return null;
 
         for (Cookie cookie : request.getCookies()) {
             if (cookie.getName().equals(name)) return cookie.getValue();
         }
         return null;
     }

◆ getCredentials()

Map<String, Object> org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.getCredentials ( )

inlineinherited

                                                 {
         return deployment.getResourceCredentials();
     }

◆ getDeployment()

KeycloakDeployment org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.getDeployment ( )

inlineinherited

                                               {
         return deployment;
     }

◆ getRelativeUrlsUsed()

RelativeUrlsUsed org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.getRelativeUrlsUsed ( )

inlineinherited

                                                   {
         return deployment.getRelativeUrls();
     }

◆ getScope()

String org.keycloak.AbstractOAuthClient.getScope ( )

inlineinherited

                              {
         return scope;
     }

◆ getStateCode()

String org.keycloak.AbstractOAuthClient.getStateCode ( )

inlineprotectedinherited

                                     {
         return counter.getAndIncrement() + "/" + UUID.randomUUID().toString();
     }

◆ getStateCookieName()

String org.keycloak.AbstractOAuthClient.getStateCookieName ( )

inlineinherited

                                        {
         return stateCookieName;
     }

◆ getStateCookiePath()

String org.keycloak.AbstractOAuthClient.getStateCookiePath ( )

inlineinherited

                                        {
         return stateCookiePath;
     }

◆ getTokenUrl()

String org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.getTokenUrl ( )

inlineinherited

                                 {
         throw new IllegalStateException("Illegal to call this method. Use KeycloakDeployment to resolve correct deployment for this request");
     }

◆ isPublicClient()

boolean org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.isPublicClient ( )

inlineinherited

                                     {
         return deployment.isPublicClient();
     }

◆ isSecure()

boolean org.keycloak.AbstractOAuthClient.isSecure ( )

inlineinherited

                               {
         return isSecure;
     }

◆ redirect()

void org.keycloak.servlet.ServletOAuthClient.redirect	(	String	redirectUri,
		HttpServletRequest	request,
		HttpServletResponse	response
	)		throws IOException

inline

Start the process of obtaining an access token by redirecting the browser to the authentication server

引数

redirectUri	full URI you want auth server to redirect back to
request
response

例外

IOException

                                                                                                                           {
         String state = getStateCode();
         KeycloakDeployment resolvedDeployment = resolveDeployment(getDeployment(), request);
         String authUrl = resolvedDeployment.getAuthUrl().clone().build().toString();
         String scopeParam = TokenUtil.attachOIDCScope(scope);
 
         // https://tools.ietf.org/html/rfc7636#section-4
         if (resolvedDeployment.isPkce()) {
             setCodeVerifier();
             setCodeChallenge();
         }
 
         KeycloakUriBuilder uriBuilder =  KeycloakUriBuilder.fromUri(authUrl)
                 .queryParam(OAuth2Constants.RESPONSE_TYPE, OAuth2Constants.CODE)
                 .queryParam(OAuth2Constants.CLIENT_ID, getClientId())
                 .queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
                 .queryParam(OAuth2Constants.STATE, state)
                 .queryParam(OAuth2Constants.SCOPE, scopeParam);
 
         URI url = uriBuilder.build();
 
         String stateCookiePath = this.stateCookiePath;
         if (stateCookiePath == null) stateCookiePath = request.getContextPath();
         if (stateCookiePath.equals("")) stateCookiePath = "/";
 
         Cookie cookie = new Cookie(stateCookieName, state);
         cookie.setSecure(isSecure);
         cookie.setPath(stateCookiePath);
         response.addCookie(cookie);
         response.sendRedirect(url.toString());
     }

◆ redirectRelative()

void org.keycloak.servlet.ServletOAuthClient.redirectRelative	(	String	relativePath,
		HttpServletRequest	request,
		HttpServletResponse	response
	)		throws IOException

inline

Start the process of obtaining an access token by redirecting the browser to the authentication server

引数

relativePath	path relative to context root you want auth server to redirect back to
request
response

例外

IOException

                                                                                                                                    {
         KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(request.getRequestURL().toString())
                 .replacePath(request.getContextPath())
                 .replaceQuery(null)
                 .path(relativePath);
         String redirect = builder.toTemplate();
         redirect(redirect, request, response);
     }

◆ refreshToken()

AccessTokenResponse org.keycloak.servlet.ServletOAuthClient.refreshToken	(	HttpServletRequest	request,
		String	refreshToken
	)		throws IOException, ServerRequest.HttpFailure

inline

                                                                                                                                            {
         KeycloakDeployment resolvedDeployment = resolveDeployment(getDeployment(), request);
         return ServerRequest.invokeRefresh(resolvedDeployment, refreshToken);
     }

◆ resolveBearerToken()

AccessTokenResponse org.keycloak.servlet.ServletOAuthClient.resolveBearerToken	(	HttpServletRequest	request,
		String	redirectUri,
		String	code
	)		throws IOException, ServerRequest.HttpFailure

inlineprivate

                                                                                                                                                               {
         // Don't send sessionId in oauth clients for now
         KeycloakDeployment resolvedDeployment = resolveDeployment(getDeployment(), request);
 
         // https://tools.ietf.org/html/rfc7636#section-4
         if (codeVerifier != null) {
             logger.debugf("Before sending Token Request, codeVerifier = %s", codeVerifier);
             return ServerRequest.invokeAccessCodeToToken(resolvedDeployment, code, redirectUri, null, codeVerifier);
         } else {
             logger.debug("Before sending Token Request without codeVerifier");
             return ServerRequest.invokeAccessCodeToToken(resolvedDeployment, code, redirectUri, null);
         }
     }

◆ resolveDeployment()

KeycloakDeployment org.keycloak.servlet.ServletOAuthClient.resolveDeployment	(	KeycloakDeployment	baseDeployment,
		HttpServletRequest	request
	)

inlineprivate

                                                                                                                 {
         ServletFacade facade = new ServletFacade(request);
         return new AdapterDeploymentContext(baseDeployment).resolveDeployment(facade);
     }

◆ setAuthUrl()

void org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.setAuthUrl ( String authUrl )

inlineinherited

                                            {
         throw new IllegalStateException("Illegal to call this method");
     }

◆ setClientId()

void org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.setClientId ( String clientId )

inlineinherited

                                              {
         deployment.setResourceName(clientId);
     }

◆ setCodeChallenge()

void org.keycloak.servlet.ServletOAuthClient.setCodeChallenge ( )

inlineprivate

                                     {
         try {
             if (codeChallengeMethod.equals(OAuth2Constants.PKCE_METHOD_S256)) {
                 MessageDigest md = MessageDigest.getInstance("SHA-256");
                 md.update(codeVerifier.getBytes());
                 StringBuilder sb = new StringBuilder();
                 for (byte b : md.digest()) {
                     String hex = String.format("%02x", b);
                     sb.append(hex);
                 }
                 codeChallenge = Base64Url.encode(sb.toString().getBytes());
             } else {
                 codeChallenge = Base64Url.encode(codeVerifier.getBytes());
             }
             logger.debugf("Encode codeChallenge = %s, codeChallengeMethod = %s", codeChallenge, codeChallengeMethod);
         } catch (Exception e) {
             logger.info("PKCE client side unknown hash algorithm");
             codeChallenge = Base64Url.encode(codeVerifier.getBytes());
         }
     }

◆ setCodeVerifier()

void org.keycloak.servlet.ServletOAuthClient.setCodeVerifier ( )

inlineprivate

                                    {
         codeVerifier = generateSecret();
         logger.debugf("Generated codeVerifier = %s", codeVerifier);
         return;
     }

◆ setCredentials()

void org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.setCredentials ( Map< String, Object > credentials )

inlineinherited

                                                                 {
         deployment.setResourceCredentials(credentials);
     }

◆ setDeployment()

void org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.setDeployment ( KeycloakDeployment deployment )

inlineinherited

                                                              {
         this.deployment = deployment;
     }

◆ setPublicClient()

void org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.setPublicClient ( boolean publicClient )

inlineinherited

                                                       {
         deployment.setPublicClient(publicClient);
     }

◆ setRelativeUrlsUsed()

void org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.setRelativeUrlsUsed ( RelativeUrlsUsed relativeUrlsUsed )

inlineinherited

                                                                        {
         throw new IllegalStateException("Illegal to call this method");
     }

◆ setScope()

void org.keycloak.AbstractOAuthClient.setScope ( String scope )

inlineinherited

                                        {
         this.scope = scope;
     }

◆ setSecure()

void org.keycloak.AbstractOAuthClient.setSecure ( boolean secure )

inlineinherited

                                           {
         isSecure = secure;
     }

◆ setStateCookieName()

void org.keycloak.AbstractOAuthClient.setStateCookieName ( String stateCookieName )

inlineinherited

                                                            {
         this.stateCookieName = stateCookieName;
     }

◆ setStateCookiePath()

void org.keycloak.AbstractOAuthClient.setStateCookiePath ( String stateCookiePath )

inlineinherited

                                                            {
         this.stateCookiePath = stateCookiePath;
     }

◆ setTokenUrl()

void org.keycloak.servlet.KeycloakDeploymentDelegateOAuthClient.setTokenUrl ( String tokenUrl )

inlineinherited

                                              {
         throw new IllegalStateException("Illegal to call this method");
     }

◆ stop()

void org.keycloak.servlet.ServletOAuthClient.stop ( )

inline

closes client

                        {
         getDeployment().getClient().getConnectionManager().shutdown();
     }

◆ stripOauthParametersFromRedirect()

String org.keycloak.AbstractOAuthClient.stripOauthParametersFromRedirect ( String uri )

inlineprotectedinherited

                                                                   {
         KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(uri)
                 .replaceQueryParam(OAuth2Constants.CODE, null)
                 .replaceQueryParam(OAuth2Constants.STATE, null);
         return builder.build().toString();
     }

メンバ詳解

◆ authUrl

String org.keycloak.AbstractOAuthClient.authUrl

protectedinherited

◆ clientId

String org.keycloak.AbstractOAuthClient.clientId

protectedinherited

◆ codeChallenge

String org.keycloak.servlet.ServletOAuthClient.codeChallenge

private

◆ codeChallengeMethod

String org.keycloak.servlet.ServletOAuthClient.codeChallengeMethod = OAuth2Constants.PKCE_METHOD_S256

private

◆ codeVerifier

String org.keycloak.servlet.ServletOAuthClient.codeVerifier

private

◆ credentials

Map<String, Object> org.keycloak.AbstractOAuthClient.credentials

protectedinherited

◆ isSecure

boolean org.keycloak.AbstractOAuthClient.isSecure

protectedinherited

◆ logger

Logger org.keycloak.servlet.ServletOAuthClient.logger = Logger.getLogger(ServletOAuthClient.class)

staticprivate

◆ publicClient

boolean org.keycloak.AbstractOAuthClient.publicClient

protectedinherited

◆ relativeUrlsUsed

RelativeUrlsUsed org.keycloak.AbstractOAuthClient.relativeUrlsUsed

protectedinherited

◆ scope

String org.keycloak.AbstractOAuthClient.scope

protectedinherited

◆ stateCookieName

String org.keycloak.AbstractOAuthClient.stateCookieName = OAUTH_TOKEN_REQUEST_STATE

protectedinherited

◆ stateCookiePath

String org.keycloak.AbstractOAuthClient.stateCookiePath

protectedinherited

◆ tokenUrl

String org.keycloak.AbstractOAuthClient.tokenUrl

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/keycloak/doxygen/src/adapters/oidc/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java

クラス

公開メンバ関数

静的公開メンバ関数

限定公開メンバ関数

限定公開変数類

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

関数詳解

◆ extractIdToken()

◆ generateSecret() [1/2]

◆ generateSecret() [2/2]

◆ getAuthUrl()

◆ getBearerToken()

◆ getClientId()

◆ getCode()

◆ getCookieValue()

◆ getCredentials()

◆ getDeployment()

◆ getRelativeUrlsUsed()

◆ getScope()

◆ getStateCode()

◆ getStateCookieName()

◆ getStateCookiePath()

◆ getTokenUrl()

◆ isPublicClient()

◆ isSecure()

◆ redirect()

◆ redirectRelative()

◆ refreshToken()

◆ resolveBearerToken()

◆ resolveDeployment()

◆ setAuthUrl()

◆ setClientId()

◆ setCodeChallenge()

◆ setCodeVerifier()

◆ setCredentials()

◆ setDeployment()

◆ setPublicClient()

◆ setRelativeUrlsUsed()

◆ setScope()

◆ setSecure()

◆ setStateCookieName()

◆ setStateCookiePath()

◆ setTokenUrl()

◆ stop()

◆ stripOauthParametersFromRedirect()

メンバ詳解

◆ authUrl

◆ clientId

◆ codeChallenge

◆ codeChallengeMethod

◆ codeVerifier

◆ credentials

◆ isSecure

◆ logger

◆ publicClient

◆ relativeUrlsUsed

◆ scope

◆ stateCookieName

◆ stateCookiePath

◆ tokenUrl