org.keycloak.services.resources.admin.ClientScopesResource クラス

org.keycloak.services.resources.admin.ClientScopesResource 連携図

公開メンバ関数
	ClientScopesResource (RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)
List< ClientScopeRepresentation >	getClientScopes ()
Response	createClientScope (ClientScopeRepresentation rep)
Response	generateAudienceClientScope (final @QueryParam("clientId") String clientId)
ClientScopeResource	getClientScope (final @PathParam("id") String id)

限定公開変数類
RealmModel	realm
KeycloakSession	session

静的限定公開変数類
static final Logger	logger = Logger.getLogger(ClientScopesResource.class)

非公開変数類
AdminPermissionEvaluator	auth
AdminEventBuilder	adminEvent

詳解

Base resource class for managing a realm's client scopes.

Client Scopes

著者

Bill Burke

バージョン

Revision

1

構築子と解体子

ClientScopesResource()

org.keycloak.services.resources.admin.ClientScopesResource.ClientScopesResource ( RealmModel  realm, AdminPermissionEvaluator  auth, AdminEventBuilder  adminEvent  )

inline

                                                                                                               {
        this.realm = realm;
        this.auth = auth;
        this.adminEvent = adminEvent.resource(ResourceType.CLIENT_SCOPE);
    }

関数詳解

createClientScope()

Response org.keycloak.services.resources.admin.ClientScopesResource.createClientScope ( ClientScopeRepresentation  rep )

inline

Create a new client scope

Client Scope's name must be unique!

引数

rep

戻り値

                                                                     {
        auth.clients().requireManageClientScopes();

        try {
            ClientScopeModel clientModel = RepresentationToModel.createClientScope(session, realm, rep);

            adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();

            return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
        } catch (ModelDuplicateException e) {
            return ErrorResponse.exists("Client Scope " + rep.getName() + " already exists");
        }
    }

generateAudienceClientScope()

Response org.keycloak.services.resources.admin.ClientScopesResource.generateAudienceClientScope ( final @QueryParam("clientId") String  clientId )

inline

Generate new client scope for specified service client. The "Frontend" clients, who will use this client scope, will be able to send their access token to authenticate against specified service client

引数

clientId

Client ID of service client (typically bearer-only client)

戻り値

                                                                                               {
        auth.clients().requireManageClientScopes();

        logger.debugf("Generating audience scope for service client: " + clientId);

        String clientScopeName = clientId;
        try {
            ClientModel serviceClient = realm.getClientByClientId(clientId);
            if (serviceClient == null) {
                logger.warnf("Referenced service client '%s' doesn't exists", clientId);
                return ErrorResponse.exists("Referenced service client doesn't exists");
            }

            ClientScopeModel clientScopeModel = realm.addClientScope(clientScopeName);
            clientScopeModel.setDescription("Client scope useful for frontend clients, which want to call service " + clientId);
            clientScopeModel.setProtocol(serviceClient.getProtocol()==null ? OIDCLoginProtocol.LOGIN_PROTOCOL : serviceClient.getProtocol());
            clientScopeModel.setDisplayOnConsentScreen(true);

            String consentText = serviceClient.getName() != null ? serviceClient.getName() : serviceClient.getClientId();
            consentText = consentText.substring(0, 1).toUpperCase() + consentText.substring(1);
            clientScopeModel.setConsentScreenText(consentText);

            // Add audience protocol mapper
            ProtocolMapperModel audienceMapper = AudienceProtocolMapper.createClaimMapper("Audience for " + clientId, clientId, null,true, false);
            clientScopeModel.addProtocolMapper(audienceMapper);

            // Add scope to client roles
            for (RoleModel role : serviceClient.getRoles()) {
                clientScopeModel.addScopeMapping(role);
            }

            adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).success();

            return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientScopeModel.getId()).build()).build();
        } catch (ModelDuplicateException e) {
            return ErrorResponse.exists("Client Scope " + clientScopeName + " already exists");
        }
    }

getClientScope()

ClientScopeResource org.keycloak.services.resources.admin.ClientScopesResource.getClientScope ( final @PathParam("id") String  id )

inline

Base path for managing a specific client scope.

引数

id	id of client scope (not name)

戻り値

                                                                                {
        auth.clients().requireListClientScopes();
        ClientScopeModel clientModel = realm.getClientScopeById(id);
        if (clientModel == null) {
            throw new NotFoundException("Could not find client scope");
        }
        ClientScopeResource clientResource = new ClientScopeResource(realm, auth, clientModel, session, adminEvent);
        ResteasyProviderFactory.getInstance().injectProperties(clientResource);
        return clientResource;
    }

getClientScopes()

List<ClientScopeRepresentation> org.keycloak.services.resources.admin.ClientScopesResource.getClientScopes ( )

inline

Get client scopes belonging to the realm

Returns a list of client scopes belonging to the realm

                                                             {
        auth.clients().requireListClientScopes();

        List<ClientScopeRepresentation> rep = new ArrayList<>();
        List<ClientScopeModel> clientModels = realm.getClientScopes();

        boolean viewable = auth.clients().canViewClientScopes();
        for (ClientScopeModel clientModel : clientModels) {
            if (viewable) rep.add(ModelToRepresentation.toRepresentation(clientModel));
            else {
                ClientScopeRepresentation tempRep = new ClientScopeRepresentation();
                tempRep.setName(clientModel.getName());
                tempRep.setId(clientModel.getId());
                tempRep.setProtocol(clientModel.getProtocol());
            }
        }
        return rep;
    }

メンバ詳解

adminEvent

AdminEventBuilder org.keycloak.services.resources.admin.ClientScopesResource.adminEvent

private

auth

AdminPermissionEvaluator org.keycloak.services.resources.admin.ClientScopesResource.auth

private

logger

final Logger org.keycloak.services.resources.admin.ClientScopesResource.logger = Logger.getLogger(ClientScopesResource.class)

staticprotected

realm

RealmModel org.keycloak.services.resources.admin.ClientScopesResource.realm

protected

session

KeycloakSession org.keycloak.services.resources.admin.ClientScopesResource.session

protected

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/oidc-service/src/main/java/org/keycloak/services/resources/admin/ClientScopesResource.java