keycloak-oidc-service
クラス | 公開メンバ関数 | 静的限定公開変数類 | 非公開メンバ関数 | 非公開変数類 | 全メンバ一覧
org.keycloak.services.resources.admin.ClientScopeEvaluateResource クラス
org.keycloak.services.resources.admin.ClientScopeEvaluateResource 連携図
Collaboration graph

クラス

class  ProtocolMapperEvaluationRepresentation
 

公開メンバ関数

 ClientScopeEvaluateResource (KeycloakSession session, UriInfo uriInfo, RealmModel realm, AdminPermissionEvaluator auth, ClientModel client, ClientConnection clientConnection)
 
ClientScopeEvaluateScopeMappingsResource scopeMappings (@QueryParam("scope") String scopeParam, @PathParam("roleContainerId") String roleContainerId)
 
List< ProtocolMapperEvaluationRepresentationgetGrantedProtocolMappers (@QueryParam("scope") String scopeParam)
 
AccessToken generateExampleAccessToken (@QueryParam("scope") String scopeParam, @QueryParam("userId") String userId)
 

静的限定公開変数類

static final Logger logger = Logger.getLogger(ClientScopeEvaluateResource.class)
 

非公開メンバ関数

AccessToken generateToken (UserModel user, String scopeParam)
 

非公開変数類

final RealmModel realm
 
final ClientModel client
 
final AdminPermissionEvaluator auth
 
final UriInfo uriInfo
 
final KeycloakSession session
 
final ClientConnection clientConnection
 

詳解

著者
Marek Posolda

構築子と解体子

◆ ClientScopeEvaluateResource()

org.keycloak.services.resources.admin.ClientScopeEvaluateResource.ClientScopeEvaluateResource ( KeycloakSession  session,
UriInfo  uriInfo,
RealmModel  realm,
AdminPermissionEvaluator  auth,
ClientModel  client,
ClientConnection  clientConnection 
)
inline
74  {
75  this.uriInfo = uriInfo;
76  this.realm = realm;
77  this.client = client;
78  this.auth = auth;
79  this.session = session;
80  this.clientConnection = clientConnection;
81  }
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.uriInfo
final UriInfo uriInfo
Definition: ClientScopeEvaluateResource.java:69
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.clientConnection
final ClientConnection clientConnection
Definition: ClientScopeEvaluateResource.java:71
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.session
final KeycloakSession session
Definition: ClientScopeEvaluateResource.java:70
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.realm
final RealmModel realm
Definition: ClientScopeEvaluateResource.java:65
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.auth
final AdminPermissionEvaluator auth
Definition: ClientScopeEvaluateResource.java:67
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.client
final ClientModel client
Definition: ClientScopeEvaluateResource.java:66

関数詳解

◆ generateExampleAccessToken()

AccessToken org.keycloak.services.resources.admin.ClientScopeEvaluateResource.generateExampleAccessToken ( @QueryParam("scope") String  scopeParam,
@QueryParam("userId") String  userId 
)
inline

Create JSON with payload of example access token

戻り値
164  {
165  auth.clients().requireView(client);
166 
167  if (userId == null) {
168  throw new NotFoundException("No userId provided");
169  }
170 
171  UserModel user = session.users().getUserById(userId, realm);
172  if (user == null) {
173  throw new NotFoundException("No user found");
174  }
175 
176  logger.debugf("generateExampleAccessToken invoked. User: %s, Scope param: %s", user.getUsername(), scopeParam);
177 
178  AccessToken token = generateToken(user, scopeParam);
179  return token;
180  }
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.session
final KeycloakSession session
Definition: ClientScopeEvaluateResource.java:70
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.realm
final RealmModel realm
Definition: ClientScopeEvaluateResource.java:65
org.keycloak.storage.user.UserLookupProvider.getUserById
UserModel getUserById(String id, RealmModel realm)
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.logger
static final Logger logger
Definition: ClientScopeEvaluateResource.java:63
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.auth
final AdminPermissionEvaluator auth
Definition: ClientScopeEvaluateResource.java:67
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.generateToken
AccessToken generateToken(UserModel user, String scopeParam)
Definition: ClientScopeEvaluateResource.java:183
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.client
final ClientModel client
Definition: ClientScopeEvaluateResource.java:66

◆ generateToken()

AccessToken org.keycloak.services.resources.admin.ClientScopeEvaluateResource.generateToken ( UserModel  user,
String  scopeParam 
)
inlineprivate
183  {
184  AuthenticationSessionModel authSession = null;
185  UserSessionModel userSession = null;
186  AuthenticationSessionManager authSessionManager = new AuthenticationSessionManager(session);
187 
188  try {
189  RootAuthenticationSessionModel rootAuthSession = authSessionManager.createAuthenticationSession(realm, false);
190  authSession = rootAuthSession.createAuthenticationSession(client);
191 
192  authSession.setAuthenticatedUser(user);
193  authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
194  authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
195  authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scopeParam);
196 
197  userSession = session.sessions().createUserSession(authSession.getParentSession().getId(), realm, user, user.getUsername(),
198  clientConnection.getRemoteAddr(), "example-auth", false, null, null);
199 
200  AuthenticationManager.setClientScopesInSession(authSession);
201  ClientSessionContext clientSessionCtx = TokenManager.attachAuthenticationSession(session, userSession, authSession);
202 
203  TokenManager tokenManager = new TokenManager();
204 
205  TokenManager.AccessTokenResponseBuilder responseBuilder = tokenManager.responseBuilder(realm, client, null, session, userSession, clientSessionCtx)
206  .generateAccessToken();
207 
208  return responseBuilder.getAccessToken();
209 
210  } finally {
211  if (authSession != null) {
212  authSessionManager.removeAuthenticationSession(realm, authSession, false);
213  }
214  if (userSession != null) {
215  session.sessions().removeUserSession(realm, userSession);
216  }
217  }
218  }
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.uriInfo
final UriInfo uriInfo
Definition: ClientScopeEvaluateResource.java:69
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.clientConnection
final ClientConnection clientConnection
Definition: ClientScopeEvaluateResource.java:71
org.keycloak.models.KeycloakSession.sessions
UserSessionProvider sessions()
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.session
final KeycloakSession session
Definition: ClientScopeEvaluateResource.java:70
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.realm
final RealmModel realm
Definition: ClientScopeEvaluateResource.java:65
org.keycloak.models.UserSessionProvider.removeUserSession
void removeUserSession(RealmModel realm, UserSessionModel session)
org.keycloak.models.UserSessionProvider.createUserSession
UserSessionModel createUserSession(RealmModel realm, UserModel user, String loginUsername, String ipAddress, String authMethod, boolean rememberMe, String brokerSessionId, String brokerUserId)
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.client
final ClientModel client
Definition: ClientScopeEvaluateResource.java:66

◆ getGrantedProtocolMappers()

List<ProtocolMapperEvaluationRepresentation> org.keycloak.services.resources.admin.ClientScopeEvaluateResource.getGrantedProtocolMappers ( @QueryParam("scope") String  scopeParam)
inline

Return list of all protocol mappers, which will be used when generating tokens issued for particular client. This means protocol mappers assigned to this client directly and protocol mappers assigned to all client scopes of this client.

戻り値
117  {
118  auth.clients().requireView(client);
119 
120  List<ProtocolMapperEvaluationRepresentation> protocolMappers = new LinkedList<>();
121 
122  Set<ClientScopeModel> clientScopes = TokenManager.getRequestedClientScopes(scopeParam, client);
123 
124  for (ClientScopeModel mapperContainer : clientScopes) {
125  Set<ProtocolMapperModel> currentMappers = mapperContainer.getProtocolMappers();
126  for (ProtocolMapperModel current : currentMappers) {
127  if (current.getProtocol().equals(client.getProtocol())) {
128  ProtocolMapperEvaluationRepresentation rep = new ProtocolMapperEvaluationRepresentation();
129  rep.setMapperId(current.getId());
130  rep.setMapperName(current.getName());
131  rep.setProtocolMapper(current.getProtocolMapper());
132 
133  if (mapperContainer.getId().equals(client.getId())) {
134  // Must be this client
135  rep.setContainerId(client.getId());
136  rep.setContainerName("");
137  rep.setContainerType("client");
138  } else {
139  ClientScopeModel clientScope = (ClientScopeModel) mapperContainer;
140  rep.setContainerId(clientScope.getId());
141  rep.setContainerName(clientScope.getName());
142  rep.setContainerType("client-scope");
143  }
144 
145  protocolMappers.add(rep);
146  }
147  }
148  }
149 
150  return protocolMappers;
151  }
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.auth
final AdminPermissionEvaluator auth
Definition: ClientScopeEvaluateResource.java:67
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.client
final ClientModel client
Definition: ClientScopeEvaluateResource.java:66

◆ scopeMappings()

ClientScopeEvaluateScopeMappingsResource org.keycloak.services.resources.admin.ClientScopeEvaluateResource.scopeMappings ( @QueryParam("scope") String  scopeParam,
@PathParam("roleContainerId") String  roleContainerId 
)
inline
引数
scopeParam
roleContainerIdeither realm name OR client UUID
戻り値
91  {
92  auth.clients().requireView(client);
93 
94  if (roleContainerId == null) {
95  throw new NotFoundException("No roleContainerId provided");
96  }
97 
98  RoleContainerModel roleContainer = roleContainerId.equals(realm.getName()) ? realm : realm.getClientById(roleContainerId);
99  if (roleContainer == null) {
100  throw new NotFoundException("Role Container not found");
101  }
102 
103  return new ClientScopeEvaluateScopeMappingsResource(roleContainer, auth, client, scopeParam, session);
104  }
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.session
final KeycloakSession session
Definition: ClientScopeEvaluateResource.java:70
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.realm
final RealmModel realm
Definition: ClientScopeEvaluateResource.java:65
org.keycloak.models.RealmModel.getClientById
ClientModel getClientById(String id)
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.auth
final AdminPermissionEvaluator auth
Definition: ClientScopeEvaluateResource.java:67
org.keycloak.services.resources.admin.ClientScopeEvaluateResource.client
final ClientModel client
Definition: ClientScopeEvaluateResource.java:66

メンバ詳解

◆ auth

final AdminPermissionEvaluator org.keycloak.services.resources.admin.ClientScopeEvaluateResource.auth
private

◆ client

final ClientModel org.keycloak.services.resources.admin.ClientScopeEvaluateResource.client
private

◆ clientConnection

final ClientConnection org.keycloak.services.resources.admin.ClientScopeEvaluateResource.clientConnection
private

◆ logger

final Logger org.keycloak.services.resources.admin.ClientScopeEvaluateResource.logger = Logger.getLogger(ClientScopeEvaluateResource.class)
staticprotected

◆ realm

final RealmModel org.keycloak.services.resources.admin.ClientScopeEvaluateResource.realm
private

◆ session

final KeycloakSession org.keycloak.services.resources.admin.ClientScopeEvaluateResource.session
private

◆ uriInfo

final UriInfo org.keycloak.services.resources.admin.ClientScopeEvaluateResource.uriInfo
private
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時17分54秒作成 - keycloak-oidc-service / 構成:   doxygen 1.8.13