keycloak-oidc-service
クラス | 公開メンバ関数 | 限定公開メンバ関数 | 静的限定公開変数類 | 全メンバ一覧
org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider クラス
org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider の継承関係図
Inheritance graph
org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider 連携図
Collaboration graph

クラス

class  UmaPermissionRepresentation
 

公開メンバ関数

 RPTIntrospectionProvider (KeycloakSession session)
 
Response introspect (String token)
 
void close ()
 

限定公開メンバ関数

AccessToken verifyAccessToken (String token) throws OAuthErrorException, IOException
 

静的限定公開変数類

static final Logger LOGGER = Logger.getLogger(RPTIntrospectionProvider.class)
 

詳解

Introspects token accordingly with UMA Bearer Token Profile.

著者
Pedro Igor

構築子と解体子

◆ RPTIntrospectionProvider()

org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.RPTIntrospectionProvider ( KeycloakSession  session)
inline
47  {
48  super(session);
49  }
org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.session
final KeycloakSession session
Definition: AccessTokenIntrospectionProvider.java:41

関数詳解

◆ close()

void org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.close ( )
inline

org.keycloak.provider.Providerを実装しています。

99  {
100 
101  }

◆ introspect()

Response org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.introspect ( String  token)
inline

org.keycloak.protocol.oidc.TokenIntrospectionProviderを実装しています。

52  {
53  LOGGER.debug("Introspecting requesting party token");
54  try {
55  AccessToken accessToken = verifyAccessToken(token);
56 
57  ObjectNode tokenMetadata;
58 
59  if (accessToken != null) {
60  AccessToken metadata = new AccessToken();
61 
62  metadata.id(accessToken.getId());
63  metadata.setAcr(accessToken.getAcr());
64  metadata.type(accessToken.getType());
65  metadata.expiration(accessToken.getExpiration());
66  metadata.issuedAt(accessToken.getIssuedAt());
67  metadata.audience(accessToken.getAudience());
68  metadata.notBefore(accessToken.getNotBefore());
69  metadata.setRealmAccess(null);
70  metadata.setResourceAccess(null);
71 
72  tokenMetadata = JsonSerialization.createObjectNode(metadata);
73  Authorization authorization = accessToken.getAuthorization();
74 
75  if (authorization != null) {
76  Collection permissions;
77 
78  if (authorization.getPermissions() != null) {
79  permissions = authorization.getPermissions().stream().map(UmaPermissionRepresentation::new).collect(Collectors.toSet());
80  } else {
81  permissions = Collections.emptyList();
82  }
83 
84  tokenMetadata.putPOJO("permissions", permissions);
85  }
86  } else {
87  tokenMetadata = JsonSerialization.createObjectNode();
88  }
89 
90  tokenMetadata.put("active", accessToken != null);
91 
92  return Response.ok(JsonSerialization.writeValueAsBytes(tokenMetadata)).type(MediaType.APPLICATION_JSON_TYPE).build();
93  } catch (Exception e) {
94  throw new RuntimeException("Error creating token introspection response.", e);
95  }
96  }
org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.LOGGER
static final Logger LOGGER
Definition: RPTIntrospectionProvider.java:45
org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.verifyAccessToken
AccessToken verifyAccessToken(String token)
Definition: AccessTokenIntrospectionProvider.java:72

◆ verifyAccessToken()

AccessToken org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.verifyAccessToken ( String  token) throws OAuthErrorException, IOException
inlineprotectedinherited
72  {
73  AccessToken accessToken;
74 
75  try {
76  TokenVerifier<AccessToken> verifier = TokenVerifier.create(token, AccessToken.class)
77  .realmUrl(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
78 
79  SignatureVerifierContext verifierContext = session.getProvider(SignatureProvider.class, verifier.getHeader().getAlgorithm().name()).verifier(verifier.getHeader().getKeyId());
80  verifier.verifierContext(verifierContext);
81 
82  accessToken = verifier.verify().getToken();
83  } catch (VerificationException e) {
84  return null;
85  }
86 
87  RealmModel realm = this.session.getContext().getRealm();
88 
89  return tokenManager.checkTokenValidForIntrospection(session, realm, accessToken) ? accessToken : null;
90  }
org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.realm
final RealmModel realm
Definition: AccessTokenIntrospectionProvider.java:43
org.keycloak.models.KeycloakUriInfo.getBaseUri
URI getBaseUri()
Definition: KeycloakUriInfo.java:79
org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.tokenManager
final TokenManager tokenManager
Definition: AccessTokenIntrospectionProvider.java:42
org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.session
final KeycloakSession session
Definition: AccessTokenIntrospectionProvider.java:41
org.keycloak.models.KeycloakSession.getProvider
< T extends Provider > T getProvider(Class< T > clazz)

メンバ詳解

◆ LOGGER

final Logger org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.LOGGER = Logger.getLogger(RPTIntrospectionProvider.class)
staticprotected
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時17分21秒作成 - keycloak-oidc-service / 構成:   doxygen 1.8.13