keycloak-oidc-service
公開メンバ関数 | 非公開メンバ関数 | 非公開変数類 | 全メンバ一覧
org.keycloak.authorization.admin.ScopeService クラス
org.keycloak.authorization.admin.ScopeService 連携図
Collaboration graph

公開メンバ関数

 ScopeService (KeycloakSession session, ResourceServer resourceServer, AuthorizationProvider authorization, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)
 
Response create (ScopeRepresentation scope)
 
Response update (@PathParam("id") String id, ScopeRepresentation scope)
 
Response delete (@PathParam("id") String id)
 
Response findById (@PathParam("id") String id)
 
Response getResources (@PathParam("id") String id)
 
Response getPermissions (@PathParam("id") String id)
 
Response find (@QueryParam("name") String name)
 
Response findAll (@QueryParam("scopeId") String id, @QueryParam("name") String name, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResult)
 

非公開メンバ関数

void audit (ScopeRepresentation resource, OperationType operation)
 
void audit (ScopeRepresentation resource, String id, OperationType operation)
 

非公開変数類

final AuthorizationProvider authorization
 
final AdminPermissionEvaluator auth
 
final AdminEventBuilder adminEvent
 
KeycloakSession session
 
ResourceServer resourceServer
 

詳解

著者
Pedro Igor

構築子と解体子

◆ ScopeService()

org.keycloak.authorization.admin.ScopeService.ScopeService ( KeycloakSession  session,
ResourceServer  resourceServer,
AuthorizationProvider  authorization,
AdminPermissionEvaluator  auth,
AdminEventBuilder  adminEvent 
)
inline
74  {
75  this.session = session;
76  this.resourceServer = resourceServer;
77  this.authorization = authorization;
78  this.auth = auth;
79  this.adminEvent = adminEvent.resource(ResourceType.AUTHORIZATION_SCOPE);
80  }
org.keycloak.authorization.admin.ScopeService.auth
final AdminPermissionEvaluator auth
Definition: ScopeService.java:69
org.keycloak.authorization.admin.ScopeService.authorization
final AuthorizationProvider authorization
Definition: ScopeService.java:68
org.keycloak.authorization.admin.ScopeService.session
KeycloakSession session
Definition: ScopeService.java:71
org.keycloak.authorization.admin.ScopeService.adminEvent
final AdminEventBuilder adminEvent
Definition: ScopeService.java:70
org.keycloak.services.resources.admin.AdminEventBuilder.resource
AdminEventBuilder resource(ResourceType resourceType)
Definition: AdminEventBuilder.java:118
org.keycloak.authorization.admin.ScopeService.resourceServer
ResourceServer resourceServer
Definition: ScopeService.java:72

関数詳解

◆ audit() [1/2]

void org.keycloak.authorization.admin.ScopeService.audit ( ScopeRepresentation  resource,
OperationType  operation 
)
inlineprivate
266  {
267  audit(resource, null, operation);
268  }
org.keycloak.authorization.admin.ScopeService.audit
void audit(ScopeRepresentation resource, OperationType operation)
Definition: ScopeService.java:266

◆ audit() [2/2]

void org.keycloak.authorization.admin.ScopeService.audit ( ScopeRepresentation  resource,
String  id,
OperationType  operation 
)
inlineprivate
270  {
271  if (authorization.getRealm().isAdminEventsEnabled()) {
272  if (id != null) {
273  adminEvent.operation(operation).resourcePath(session.getContext().getUri(), id).representation(resource).success();
274  } else {
275  adminEvent.operation(operation).resourcePath(session.getContext().getUri()).representation(resource).success();
276  }
277  }
278  }
org.keycloak.authorization.admin.ScopeService.authorization
final AuthorizationProvider authorization
Definition: ScopeService.java:68
org.keycloak.authorization.AuthorizationProvider.getRealm
RealmModel getRealm()
Definition: AuthorizationProvider.java:169
org.keycloak.authorization.admin.ScopeService.session
KeycloakSession session
Definition: ScopeService.java:71
org.keycloak.services.resources.admin.AdminEventBuilder.resourcePath
AdminEventBuilder resourcePath(String... pathElements)
Definition: AdminEventBuilder.java:171
org.keycloak.authorization.admin.ScopeService.adminEvent
final AdminEventBuilder adminEvent
Definition: ScopeService.java:70
org.keycloak.services.resources.admin.AdminEventBuilder.operation
AdminEventBuilder operation(OperationType operationType)
Definition: AdminEventBuilder.java:113
org.keycloak.services.resources.admin.AdminEventBuilder.success
void success()
Definition: AdminEventBuilder.java:226

◆ create()

Response org.keycloak.authorization.admin.ScopeService.create ( ScopeRepresentation  scope)
inline
86  {
87  this.auth.realm().requireManageAuthorization();
88  Scope model = toModel(scope, this.resourceServer, authorization);
89 
90  scope.setId(model.getId());
91 
92  audit(scope, scope.getId(), OperationType.CREATE);
93 
94  return Response.status(Status.CREATED).entity(scope).build();
95  }
org.keycloak.authorization.admin.ScopeService.auth
final AdminPermissionEvaluator auth
Definition: ScopeService.java:69
org.keycloak.authorization.admin.ScopeService.authorization
final AuthorizationProvider authorization
Definition: ScopeService.java:68
org.keycloak.authorization.admin.ScopeService.audit
void audit(ScopeRepresentation resource, OperationType operation)
Definition: ScopeService.java:266
org.keycloak.authorization.admin.ScopeService.resourceServer
ResourceServer resourceServer
Definition: ScopeService.java:72

◆ delete()

Response org.keycloak.authorization.admin.ScopeService.delete ( @PathParam("id") String  id)
inline
120  {
121  this.auth.realm().requireManageAuthorization();
122  StoreFactory storeFactory = authorization.getStoreFactory();
123  List<Resource> resources = storeFactory.getResourceStore().findByScope(Arrays.asList(id), resourceServer.getId());
124 
125  if (!resources.isEmpty()) {
126  return ErrorResponse.error("Scopes can not be removed while associated with resources.", Status.BAD_REQUEST);
127  }
128 
129  Scope scope = storeFactory.getScopeStore().findById(id, resourceServer.getId());
130 
131  if (scope == null) {
132  return Response.status(Status.NOT_FOUND).build();
133  }
134 
135  PolicyStore policyStore = storeFactory.getPolicyStore();
136  List<Policy> policies = policyStore.findByScopeIds(Arrays.asList(scope.getId()), resourceServer.getId());
137 
138  for (Policy policyModel : policies) {
139  if (policyModel.getScopes().size() == 1) {
140  policyStore.delete(policyModel.getId());
141  } else {
142  policyModel.removeScope(scope);
143  }
144  }
145 
146  storeFactory.getScopeStore().delete(id);
147 
148  if (authorization.getRealm().isAdminEventsEnabled()) {
149  audit(toRepresentation(scope), OperationType.DELETE);
150  }
151 
152  return Response.noContent().build();
153  }
org.keycloak.authorization.admin.ScopeService.auth
final AdminPermissionEvaluator auth
Definition: ScopeService.java:69
org.keycloak.authorization.admin.ScopeService.authorization
final AuthorizationProvider authorization
Definition: ScopeService.java:68
org.keycloak.authorization.AuthorizationProvider.getRealm
RealmModel getRealm()
Definition: AuthorizationProvider.java:169
org.keycloak.authorization.AuthorizationProvider.getStoreFactory
StoreFactory getStoreFactory()
Definition: AuthorizationProvider.java:109
org.keycloak.authorization.store.ResourceStore.findByScope
List< Resource > findByScope(List< String > id, String resourceServerId)
org.keycloak.authorization.admin.ScopeService.audit
void audit(ScopeRepresentation resource, OperationType operation)
Definition: ScopeService.java:266
org.keycloak.authorization.admin.ScopeService.resourceServer
ResourceServer resourceServer
Definition: ScopeService.java:72

◆ find()

Response org.keycloak.authorization.admin.ScopeService.find ( @QueryParam("name") String  name)
inline
223  {
224  this.auth.realm().requireViewAuthorization();
225  StoreFactory storeFactory = authorization.getStoreFactory();
226 
227  if (name == null) {
228  return Response.status(Status.BAD_REQUEST).build();
229  }
230 
231  Scope model = storeFactory.getScopeStore().findByName(name, this.resourceServer.getId());
232 
233  if (model == null) {
234  return Response.status(Status.OK).build();
235  }
236 
237  return Response.ok(toRepresentation(model)).build();
238  }
org.keycloak.authorization.admin.ScopeService.auth
final AdminPermissionEvaluator auth
Definition: ScopeService.java:69
org.keycloak.authorization.admin.ScopeService.authorization
final AuthorizationProvider authorization
Definition: ScopeService.java:68
org.keycloak.authorization.AuthorizationProvider.getStoreFactory
StoreFactory getStoreFactory()
Definition: AuthorizationProvider.java:109
org.keycloak.authorization.store.ScopeStore.findByName
Scope findByName(String name, String resourceServerId)
org.keycloak.authorization.admin.ScopeService.resourceServer
ResourceServer resourceServer
Definition: ScopeService.java:72

◆ findAll()

Response org.keycloak.authorization.admin.ScopeService.findAll ( @QueryParam("scopeId") String  id,
@QueryParam("name") String  name,
@QueryParam("first") Integer  firstResult,
@QueryParam("max") Integer  maxResult 
)
inline
246  {
247  this.auth.realm().requireViewAuthorization();
248 
249  Map<String, String[]> search = new HashMap<>();
250 
251  if (id != null && !"".equals(id.trim())) {
252  search.put("id", new String[] {id});
253  }
254 
255  if (name != null && !"".equals(name.trim())) {
256  search.put("name", new String[] {name});
257  }
258 
259  return Response.ok(
260  this.authorization.getStoreFactory().getScopeStore().findByResourceServer(search, this.resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
261  .map(scope -> toRepresentation(scope))
262  .collect(Collectors.toList()))
263  .build();
264  }
org.keycloak.authorization.admin.ScopeService.auth
final AdminPermissionEvaluator auth
Definition: ScopeService.java:69
org.keycloak.authorization.admin.ScopeService.authorization
final AuthorizationProvider authorization
Definition: ScopeService.java:68
org.keycloak.authorization.AuthorizationProvider.getStoreFactory
StoreFactory getStoreFactory()
Definition: AuthorizationProvider.java:109
org.keycloak.authorization.store.ScopeStore.findByResourceServer
List< Scope > findByResourceServer(String id)
org.keycloak.authorization.admin.ScopeService.resourceServer
ResourceServer resourceServer
Definition: ScopeService.java:72

◆ findById()

Response org.keycloak.authorization.admin.ScopeService.findById ( @PathParam("id") String  id)
inline
159  {
160  this.auth.realm().requireViewAuthorization();
161  Scope model = this.authorization.getStoreFactory().getScopeStore().findById(id, resourceServer.getId());
162 
163  if (model == null) {
164  return Response.status(Status.NOT_FOUND).build();
165  }
166 
167  return Response.ok(toRepresentation(model)).build();
168  }
org.keycloak.authorization.admin.ScopeService.auth
final AdminPermissionEvaluator auth
Definition: ScopeService.java:69
org.keycloak.authorization.admin.ScopeService.authorization
final AuthorizationProvider authorization
Definition: ScopeService.java:68
org.keycloak.authorization.AuthorizationProvider.getStoreFactory
StoreFactory getStoreFactory()
Definition: AuthorizationProvider.java:109
org.keycloak.authorization.store.ScopeStore.findById
Scope findById(String id, String resourceServerId)
org.keycloak.authorization.admin.ScopeService.resourceServer
ResourceServer resourceServer
Definition: ScopeService.java:72

◆ getPermissions()

Response org.keycloak.authorization.admin.ScopeService.getPermissions ( @PathParam("id") String  id)
inline
197  {
198  this.auth.realm().requireViewAuthorization();
199  StoreFactory storeFactory = this.authorization.getStoreFactory();
200  Scope model = storeFactory.getScopeStore().findById(id, resourceServer.getId());
201 
202  if (model == null) {
203  return Response.status(Status.NOT_FOUND).build();
204  }
205 
206  PolicyStore policyStore = storeFactory.getPolicyStore();
207 
208  return Response.ok(policyStore.findByScopeIds(Arrays.asList(model.getId()), resourceServer.getId()).stream().map(policy -> {
209  PolicyRepresentation representation = new PolicyRepresentation();
210 
211  representation.setId(policy.getId());
212  representation.setName(policy.getName());
213  representation.setType(policy.getType());
214 
215  return representation;
216  }).collect(Collectors.toList())).build();
217  }
org.keycloak.authorization.admin.ScopeService.auth
final AdminPermissionEvaluator auth
Definition: ScopeService.java:69
org.keycloak.authorization.admin.ScopeService.authorization
final AuthorizationProvider authorization
Definition: ScopeService.java:68
org.keycloak.authorization.AuthorizationProvider.getStoreFactory
StoreFactory getStoreFactory()
Definition: AuthorizationProvider.java:109
org.keycloak.authorization.store.ScopeStore.findById
Scope findById(String id, String resourceServerId)
org.keycloak.authorization.admin.ScopeService.resourceServer
ResourceServer resourceServer
Definition: ScopeService.java:72

◆ getResources()

Response org.keycloak.authorization.admin.ScopeService.getResources ( @PathParam("id") String  id)
inline
174  {
175  this.auth.realm().requireViewAuthorization();
176  StoreFactory storeFactory = this.authorization.getStoreFactory();
177  Scope model = storeFactory.getScopeStore().findById(id, resourceServer.getId());
178 
179  if (model == null) {
180  return Response.status(Status.NOT_FOUND).build();
181  }
182 
183  return Response.ok(storeFactory.getResourceStore().findByScope(Arrays.asList(model.getId()), resourceServer.getId()).stream().map(resource -> {
184  ResourceRepresentation representation = new ResourceRepresentation();
185 
186  representation.setId(resource.getId());
187  representation.setName(resource.getName());
188 
189  return representation;
190  }).collect(Collectors.toList())).build();
191  }
org.keycloak.authorization.admin.ScopeService.auth
final AdminPermissionEvaluator auth
Definition: ScopeService.java:69
org.keycloak.authorization.admin.ScopeService.authorization
final AuthorizationProvider authorization
Definition: ScopeService.java:68
org.keycloak.authorization.AuthorizationProvider.getStoreFactory
StoreFactory getStoreFactory()
Definition: AuthorizationProvider.java:109
org.keycloak.authorization.store.ScopeStore.findById
Scope findById(String id, String resourceServerId)
org.keycloak.authorization.admin.ScopeService.resourceServer
ResourceServer resourceServer
Definition: ScopeService.java:72

◆ update()

Response org.keycloak.authorization.admin.ScopeService.update ( @PathParam("id") String  id,
ScopeRepresentation  scope 
)
inline
101  {
102  this.auth.realm().requireManageAuthorization();
103  scope.setId(id);
104  StoreFactory storeFactory = authorization.getStoreFactory();
105  Scope model = storeFactory.getScopeStore().findById(scope.getId(), resourceServer.getId());
106 
107  if (model == null) {
108  return Response.status(Status.NOT_FOUND).build();
109  }
110 
111  toModel(scope, resourceServer, authorization);
112 
113  audit(scope, OperationType.UPDATE);
114 
115  return Response.noContent().build();
116  }
org.keycloak.authorization.admin.ScopeService.auth
final AdminPermissionEvaluator auth
Definition: ScopeService.java:69
org.keycloak.authorization.admin.ScopeService.authorization
final AuthorizationProvider authorization
Definition: ScopeService.java:68
org.keycloak.authorization.AuthorizationProvider.getStoreFactory
StoreFactory getStoreFactory()
Definition: AuthorizationProvider.java:109
org.keycloak.authorization.store.ScopeStore.findById
Scope findById(String id, String resourceServerId)
org.keycloak.authorization.admin.ScopeService.audit
void audit(ScopeRepresentation resource, OperationType operation)
Definition: ScopeService.java:266
org.keycloak.authorization.admin.ScopeService.resourceServer
ResourceServer resourceServer
Definition: ScopeService.java:72

メンバ詳解

◆ adminEvent

final AdminEventBuilder org.keycloak.authorization.admin.ScopeService.adminEvent
private

◆ auth

final AdminPermissionEvaluator org.keycloak.authorization.admin.ScopeService.auth
private

◆ authorization

final AuthorizationProvider org.keycloak.authorization.admin.ScopeService.authorization
private

◆ resourceServer

ResourceServer org.keycloak.authorization.admin.ScopeService.resourceServer
private

◆ session

KeycloakSession org.keycloak.authorization.admin.ScopeService.session
private
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時17分20秒作成 - keycloak-oidc-service / 構成:   doxygen 1.8.13