org.keycloak.migration.migrators.MigrateTo4_0_0 クラス

org.keycloak.migration.migrators.MigrateTo4_0_0 の継承関係図

org.keycloak.migration.migrators.MigrateTo4_0_0 連携図

公開メンバ関数
ModelVersion	getVersion ()
void	migrate (KeycloakSession session)
void	migrateImport (KeycloakSession session, RealmModel realm, RealmRepresentation rep, boolean skipUserDependent)

静的公開変数類
static final ModelVersion	VERSION = new ModelVersion("4.0.0")

限定公開メンバ関数
void	migrateRealm (KeycloakSession session, RealmModel realm, boolean json)

静的非公開変数類
static final Logger	LOG = Logger.getLogger(MigrateTo4_0_0.class)

詳解

著者

Marek Posolda

関数詳解

getVersion()

ModelVersion org.keycloak.migration.migrators.MigrateTo4_0_0.getVersion ( )

inline

org.keycloak.migration.migrators.Migrationを実装しています。

                                     {
        return VERSION;
    }

migrate()

void org.keycloak.migration.migrators.MigrateTo4_0_0.migrate ( KeycloakSession  session )

inline

org.keycloak.migration.migrators.Migrationを実装しています。

                                                 {
        session.realms().getRealms().stream().forEach(
                r -> {
                    migrateRealm(session, r, false);
                }
        );
    }

migrateImport()

void org.keycloak.migration.migrators.MigrateTo4_0_0.migrateImport ( KeycloakSession  session, RealmModel  realm, RealmRepresentation  rep, boolean  skipUserDependent  )

inline

org.keycloak.migration.migrators.Migrationを実装しています。

                                                                                                                             {
        migrateRealm(session, realm, true);
    }

migrateRealm()

void org.keycloak.migration.migrators.MigrateTo4_0_0.migrateRealm ( KeycloakSession  session, RealmModel  realm, boolean  json  )

inlineprotected

                                                                                         {
        // Upgrade names of clientScopes to not contain space
        for (ClientScopeModel clientScope : realm.getClientScopes()) {
            if (clientScope.getName().contains(" ")) {
                LOG.debugf("Replacing spaces with underscores in the name of client scope '%s' of realm '%s'", clientScope.getName(), realm.getName());
                String replacedName = clientScope.getName().replaceAll(" ", "_");
                clientScope.setName(replacedName);
            }
        }

        if (!json) {
            // Add default client scopes. But don't add them to existing clients. For JSON, they were already added
            LOG.debugf("Adding defaultClientScopes for realm '%s'", realm.getName());
            DefaultClientScopes.createDefaultClientScopes(session, realm, false);
        }

        // Upgrade configuration of "allowed-client-templates" client registration policy
        for (ComponentModel component : realm.getComponents(realm.getId(), "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy")) {
            if ("allowed-client-templates".equals(component.getProviderId())) {
                List<String> configVal = component.getConfig().remove("allowed-client-templates");
                if (configVal != null) {
                    component.getConfig().put("allowed-client-scopes", configVal);
                }
                component.put("allow-default-scopes", true);

                realm.updateComponent(component);
            }
        }


        // If client has scope for offline_access role (either directly or through fullScopeAllowed), then add offline_access client
        // scope as optional scope to the client. If it's indirectly (no fullScopeAllowed), then remove role from the scoped roles
        RoleModel offlineAccessRole = realm.getRole(OAuth2Constants.OFFLINE_ACCESS);
        ClientScopeModel offlineAccessScope = null;
        if (offlineAccessRole == null) {
            LOG.infof("Role 'offline_access' not available in realm '%s'. Skip migration of offline_access client scope.", realm.getName());
        } else {
            offlineAccessScope = KeycloakModelUtils.getClientScopeByName(realm, OAuth2Constants.OFFLINE_ACCESS);
            if (offlineAccessScope == null) {
                LOG.infof("Client scope 'offline_access' not available in realm '%s'. Skip migration of offline_access client scope.", realm.getName());
            } else {
                for (ClientModel client : realm.getClients()) {
                    if ("openid-connect".equals(client.getProtocol())
                            && !client.isBearerOnly()
                            && client.hasScope(offlineAccessRole)
                            && !client.getClientScopes(false, true).containsKey(OAuth2Constants.OFFLINE_ACCESS)) {
                        LOG.debugf("Adding client scope 'offline_access' as optional scope to client '%s' in realm '%s'.", client.getClientId(), realm.getName());
                        client.addClientScope(offlineAccessScope, false);

                        if (!client.isFullScopeAllowed()) {
                            LOG.debugf("Removing role scope mapping for role 'offline_access' from client '%s' in realm '%s'.", client.getClientId(), realm.getName());
                            client.deleteScopeMapping(offlineAccessRole);
                        }
                    }
                }
            }
        }


        // Clients with consentRequired, which don't have any client scopes will be added itself to require consent, so that consent screen is shown when users authenticate
        for (ClientModel client : realm.getClients()) {
            if (client.isConsentRequired() && client.getClientScopes(true, true).isEmpty()) {
                LOG.debugf("Adding client '%s' of realm '%s' to display itself on consent screen", client.getClientId(), realm.getName());
                client.setDisplayOnConsentScreen(true);
                String consentText = client.getName()==null ? client.getClientId() : client.getName();
                client.setConsentScreenText(consentText);
            }
        }
    }

メンバ詳解

LOG

final Logger org.keycloak.migration.migrators.MigrateTo4_0_0.LOG = Logger.getLogger(MigrateTo4_0_0.class)

staticprivate

VERSION

final ModelVersion org.keycloak.migration.migrators.MigrateTo4_0_0.VERSION = new ModelVersion("4.0.0")

static

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/oidc-service/src/main/java/org/keycloak/migration/migrators/MigrateTo4_0_0.java