org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions の継承関係図

org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions 連携図

公開メンバ関数
	IdentityProviderPermissions (KeycloakSession session, RealmModel realm, AuthorizationProvider authz, MgmtPermissions root)

boolean	isPermissionsEnabled (IdentityProviderModel idp)

void	setPermissionsEnabled (IdentityProviderModel idp, boolean enable)

Resource	resource (IdentityProviderModel idp)

Map< String, String >	getPermissions (IdentityProviderModel idp)

boolean	canExchangeTo (ClientModel authorizedClient, IdentityProviderModel to)

Policy	exchangeToPermission (IdentityProviderModel idp)

限定公開変数類
final KeycloakSession	session

final RealmModel	realm

final AuthorizationProvider	authz

final MgmtPermissions	root

非公開メンバ関数
String	getResourceName (IdentityProviderModel idp)

String	getExchangeToPermissionName (IdentityProviderModel idp)

void	initialize (IdentityProviderModel idp)

void	deletePolicy (String name, ResourceServer server)

void	deletePermissions (IdentityProviderModel idp)

Scope	exchangeToScope (ResourceServer server)

静的非公開変数類
static final Logger	logger = Logger.getLogger(IdentityProviderPermissions.class)

詳解

Manages default policies for identity providers.

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ IdentityProviderPermissions()

org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.IdentityProviderPermissions	(	KeycloakSession	session,
		RealmModel	realm,
		AuthorizationProvider	authz,
		MgmtPermissions	root
	)

inline

                                                                                                                                      {
         this.session = session;
         this.realm = realm;
         this.authz = authz;
         this.root = root;
     }

関数詳解

◆ canExchangeTo()

boolean org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.canExchangeTo	(	ClientModel	authorizedClient,
		IdentityProviderModel	to
	)

inline

org.keycloak.services.resources.admin.permissions.IdentityProviderPermissionManagementを実装しています。

                                                                                          {
 
         if (!authorizedClient.equals(to)) {
             ResourceServer server = root.initializeRealmResourceServer();
             if (server == null) {
                 logger.debug("No resource server set up for target idp");
                 return false;
             }
 
             Resource resource =  authz.getStoreFactory().getResourceStore().findByName(getResourceName(to), server.getId());
             if (resource == null) {
                 logger.debug("No resource object set up for target idp");
                 return false;
             }
 
             Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(to), server.getId());
             if (policy == null) {
                 logger.debug("No permission object set up for target idp");
                 return false;
             }
 
             Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
             // if no policies attached to permission then just do default behavior
             if (associatedPolicies == null || associatedPolicies.isEmpty()) {
                 logger.debug("No policies set up for permission on target idp");
                 return false;
             }
 
             Scope scope = exchangeToScope(server);
             if (scope == null) {
                 logger.debug(TOKEN_EXCHANGE + " not initialized");
                 return false;
             }
             ClientModelIdentity identity = new ClientModelIdentity(session, authorizedClient);
             EvaluationContext context = new DefaultEvaluationContext(identity, session) {
                 @Override
                 public Map<String, Collection<String>> getBaseAttributes() {
                     Map<String, Collection<String>> attributes = super.getBaseAttributes();
                     attributes.put("kc.client.id", Arrays.asList(authorizedClient.getClientId()));
                     return attributes;
                 }
 
             };
             return root.evaluatePermission(resource, scope, server, context);
         }
         return true;
     }

◆ deletePermissions()

void org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.deletePermissions ( IdentityProviderModel idp )

inlineprivate

                                                               {
         ResourceServer server = root.initializeRealmResourceServer();
         if (server == null) return;
         deletePolicy(getExchangeToPermissionName(idp), server);
         Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(idp), server.getId());;
         if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
     }

◆ deletePolicy()

void org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.deletePolicy	(	String	name,
		ResourceServer	server
	)

inlineprivate

                                                                   {
         Policy policy = authz.getStoreFactory().getPolicyStore().findByName(name, server.getId());
         if (policy != null) {
             authz.getStoreFactory().getPolicyStore().delete(policy.getId());
         }
 
     }

◆ exchangeToPermission()

Policy org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.exchangeToPermission ( IdentityProviderModel idp )

inline

org.keycloak.services.resources.admin.permissions.IdentityProviderPermissionManagementを実装しています。

                                                                   {
         ResourceServer server = root.initializeRealmResourceServer();
         if (server == null) return null;
         return authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(idp), server.getId());
     }

◆ exchangeToScope()

Scope org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.exchangeToScope ( ResourceServer server )

inlineprivate

                                                          {
         return authz.getStoreFactory().getScopeStore().findByName(TOKEN_EXCHANGE, server.getId());
     }

◆ getExchangeToPermissionName()

String org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.getExchangeToPermissionName ( IdentityProviderModel idp )

inlineprivate

                                                                           {
         return TOKEN_EXCHANGE + ".permission.idp." + idp.getInternalId();
     }

◆ getPermissions()

Map<String, String> org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.getPermissions ( IdentityProviderModel idp )

inline

org.keycloak.services.resources.admin.permissions.IdentityProviderPermissionManagementを実装しています。

                                                                          {
         initialize(idp);
         Map<String, String> scopes = new LinkedHashMap<>();
         scopes.put(TOKEN_EXCHANGE, exchangeToPermission(idp).getId());
         return scopes;
     }

◆ getResourceName()

String org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.getResourceName ( IdentityProviderModel idp )

inlineprivate

                                                               {
         return "idp.resource." + idp.getInternalId();
     }

◆ initialize()

void org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.initialize ( IdentityProviderModel idp )

inlineprivate

                                                        {
         ResourceServer server = root.initializeRealmResourceServer();
         Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
 
         String resourceName = getResourceName(idp);
         Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
         if (resource == null) {
             resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
             resource.setType("IdentityProvider");
             Set<Scope> scopeset = new HashSet<>();
             scopeset.add(exchangeToScope);
             resource.updateScopes(scopeset);
         }
         String exchangeToPermissionName = getExchangeToPermissionName(idp);
         Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeToPermissionName, server.getId());
         if (exchangeToPermission == null) {
             Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
         }
     }

◆ isPermissionsEnabled()

boolean org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.isPermissionsEnabled ( IdentityProviderModel idp )

inline

org.keycloak.services.resources.admin.permissions.IdentityProviderPermissionManagementを実装しています。

                                                                    {
         ResourceServer server = root.initializeRealmResourceServer();
         if (server == null) return false;
 
         return authz.getStoreFactory().getResourceStore().findByName(getResourceName(idp), server.getId()) != null;
     }

◆ resource()

Resource org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.resource ( IdentityProviderModel idp )

inline

org.keycloak.services.resources.admin.permissions.IdentityProviderPermissionManagementを実装しています。

                                                         {
         ResourceServer server = root.initializeRealmResourceServer();
         if (server == null) return null;
         Resource resource =  authz.getStoreFactory().getResourceStore().findByName(getResourceName(idp), server.getId());
         if (resource == null) return null;
         return resource;
     }

◆ setPermissionsEnabled()

void org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.setPermissionsEnabled	(	IdentityProviderModel	idp,
		boolean	enable
	)

inline

org.keycloak.services.resources.admin.permissions.IdentityProviderPermissionManagementを実装しています。

                                                                                  {
         if (enable) {
             initialize(idp);
         } else {
             deletePermissions(idp);
         }
     }

メンバ詳解

◆ authz

final AuthorizationProvider org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.authz

protected

◆ logger

final Logger org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.logger = Logger.getLogger(IdentityProviderPermissions.class)

staticprivate

◆ realm

final RealmModel org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.realm

protected

◆ root

final MgmtPermissions org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.root

protected

◆ session

final KeycloakSession org.keycloak.services.resources.admin.permissions.IdentityProviderPermissions.session

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/oidc-service/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java

公開メンバ関数

限定公開変数類

非公開メンバ関数

静的非公開変数類

詳解

構築子と解体子

◆ IdentityProviderPermissions()

関数詳解

◆ canExchangeTo()

◆ deletePermissions()

◆ deletePolicy()

◆ exchangeToPermission()

◆ exchangeToScope()

◆ getExchangeToPermissionName()

◆ getPermissions()

◆ getResourceName()

◆ initialize()

◆ isPermissionsEnabled()

◆ resource()

◆ setPermissionsEnabled()

メンバ詳解

◆ authz

◆ logger

◆ realm

◆ root

◆ session