org.keycloak.authorization.admin.ScopeService クラス

org.keycloak.authorization.admin.ScopeService 連携図

公開メンバ関数
	ScopeService (KeycloakSession session, ResourceServer resourceServer, AuthorizationProvider authorization, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)
Response	create (ScopeRepresentation scope)
Response	update (@PathParam("id") String id, ScopeRepresentation scope)
Response	delete (@PathParam("id") String id)
Response	findById (@PathParam("id") String id)
Response	getResources (@PathParam("id") String id)
Response	getPermissions (@PathParam("id") String id)
Response	find (@QueryParam("name") String name)
Response	findAll (@QueryParam("scopeId") String id, @QueryParam("name") String name, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResult)

非公開メンバ関数
void	audit (ScopeRepresentation resource, OperationType operation)
void	audit (ScopeRepresentation resource, String id, OperationType operation)

非公開変数類
final AuthorizationProvider	authorization
final AdminPermissionEvaluator	auth
final AdminEventBuilder	adminEvent
KeycloakSession	session
ResourceServer	resourceServer

詳解

著者

Pedro Igor

構築子と解体子

ScopeService()

org.keycloak.authorization.admin.ScopeService.ScopeService ( KeycloakSession  session, ResourceServer  resourceServer, AuthorizationProvider  authorization, AdminPermissionEvaluator  auth, AdminEventBuilder  adminEvent  )

inline

                                                                                                                                                                                  {
        this.session = session;
        this.resourceServer = resourceServer;
        this.authorization = authorization;
        this.auth = auth;
        this.adminEvent = adminEvent.resource(ResourceType.AUTHORIZATION_SCOPE);
    }

関数詳解

audit() [1/2]

void org.keycloak.authorization.admin.ScopeService.audit ( ScopeRepresentation  resource, OperationType  operation  )

inlineprivate

                                                                              {
        audit(resource, null, operation);
    }

audit() [2/2]

void org.keycloak.authorization.admin.ScopeService.audit ( ScopeRepresentation  resource, String  id, OperationType  operation  )

inlineprivate

                                                                                         {
        if (authorization.getRealm().isAdminEventsEnabled()) {
            if (id != null) {
                adminEvent.operation(operation).resourcePath(session.getContext().getUri(), id).representation(resource).success();
            } else {
                adminEvent.operation(operation).resourcePath(session.getContext().getUri()).representation(resource).success();
            }
        }
    }

create()

Response org.keycloak.authorization.admin.ScopeService.create ( ScopeRepresentation  scope )

inline

                                                      {
            this.auth.realm().requireManageAuthorization();
        Scope model = toModel(scope, this.resourceServer, authorization);

        scope.setId(model.getId());

        audit(scope, scope.getId(), OperationType.CREATE);

        return Response.status(Status.CREATED).entity(scope).build();
    }

delete()

Response org.keycloak.authorization.admin.ScopeService.delete ( @PathParam("id") String  id )

inline

                                                       {
        this.auth.realm().requireManageAuthorization();
        StoreFactory storeFactory = authorization.getStoreFactory();
        List<Resource> resources = storeFactory.getResourceStore().findByScope(Arrays.asList(id), resourceServer.getId());

        if (!resources.isEmpty()) {
            return ErrorResponse.error("Scopes can not be removed while associated with resources.", Status.BAD_REQUEST);
        }

        Scope scope = storeFactory.getScopeStore().findById(id, resourceServer.getId());

        if (scope == null) {
            return Response.status(Status.NOT_FOUND).build();
        }

        PolicyStore policyStore = storeFactory.getPolicyStore();
        List<Policy> policies = policyStore.findByScopeIds(Arrays.asList(scope.getId()), resourceServer.getId());

        for (Policy policyModel : policies) {
            if (policyModel.getScopes().size() == 1) {
                policyStore.delete(policyModel.getId());
            } else {
                policyModel.removeScope(scope);
            }
        }

        storeFactory.getScopeStore().delete(id);

        if (authorization.getRealm().isAdminEventsEnabled()) {
            audit(toRepresentation(scope), OperationType.DELETE);
        }

        return Response.noContent().build();
    }

find()

Response org.keycloak.authorization.admin.ScopeService.find ( @QueryParam("name") String  name )

inline

                                                          {
        this.auth.realm().requireViewAuthorization();
        StoreFactory storeFactory = authorization.getStoreFactory();

        if (name == null) {
            return Response.status(Status.BAD_REQUEST).build();
        }

        Scope model = storeFactory.getScopeStore().findByName(name, this.resourceServer.getId());

        if (model == null) {
            return Response.status(Status.OK).build();
        }

        return Response.ok(toRepresentation(model)).build();
    }

findAll()

Response org.keycloak.authorization.admin.ScopeService.findAll ( @QueryParam("scopeId") String  id, @QueryParam("name") String  name, @QueryParam("first") Integer  firstResult, @QueryParam("max") Integer  maxResult  )

inline

                                                                  {
        this.auth.realm().requireViewAuthorization();

        Map<String, String[]> search = new HashMap<>();

        if (id != null && !"".equals(id.trim())) {
            search.put("id", new String[] {id});
        }

        if (name != null && !"".equals(name.trim())) {
            search.put("name", new String[] {name});
        }

        return Response.ok(
                this.authorization.getStoreFactory().getScopeStore().findByResourceServer(search, this.resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
                        .map(scope -> toRepresentation(scope))
                        .collect(Collectors.toList()))
                .build();
    }

findById()

Response org.keycloak.authorization.admin.ScopeService.findById ( @PathParam("id") String  id )

inline

                                                         {
        this.auth.realm().requireViewAuthorization();
        Scope model = this.authorization.getStoreFactory().getScopeStore().findById(id, resourceServer.getId());

        if (model == null) {
            return Response.status(Status.NOT_FOUND).build();
        }

        return Response.ok(toRepresentation(model)).build();
    }

getPermissions()

Response org.keycloak.authorization.admin.ScopeService.getPermissions ( @PathParam("id") String  id )

inline

                                                               {
        this.auth.realm().requireViewAuthorization();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        Scope model = storeFactory.getScopeStore().findById(id, resourceServer.getId());

        if (model == null) {
            return Response.status(Status.NOT_FOUND).build();
        }

        PolicyStore policyStore = storeFactory.getPolicyStore();

        return Response.ok(policyStore.findByScopeIds(Arrays.asList(model.getId()), resourceServer.getId()).stream().map(policy -> {
            PolicyRepresentation representation = new PolicyRepresentation();

            representation.setId(policy.getId());
            representation.setName(policy.getName());
            representation.setType(policy.getType());

            return representation;
        }).collect(Collectors.toList())).build();
    }

getResources()

Response org.keycloak.authorization.admin.ScopeService.getResources ( @PathParam("id") String  id )

inline

                                                             {
        this.auth.realm().requireViewAuthorization();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        Scope model = storeFactory.getScopeStore().findById(id, resourceServer.getId());

        if (model == null) {
            return Response.status(Status.NOT_FOUND).build();
        }

        return Response.ok(storeFactory.getResourceStore().findByScope(Arrays.asList(model.getId()), resourceServer.getId()).stream().map(resource -> {
            ResourceRepresentation representation = new ResourceRepresentation();

            representation.setId(resource.getId());
            representation.setName(resource.getName());

            return representation;
        }).collect(Collectors.toList())).build();
    }

update()

Response org.keycloak.authorization.admin.ScopeService.update ( @PathParam("id") String  id, ScopeRepresentation  scope  )

inline

                                                                                  {
            this.auth.realm().requireManageAuthorization();
        scope.setId(id);
        StoreFactory storeFactory = authorization.getStoreFactory();
        Scope model = storeFactory.getScopeStore().findById(scope.getId(), resourceServer.getId());

        if (model == null) {
            return Response.status(Status.NOT_FOUND).build();
        }

        toModel(scope, resourceServer, authorization);

        audit(scope, OperationType.UPDATE);

        return Response.noContent().build();
    }

メンバ詳解

adminEvent

final AdminEventBuilder org.keycloak.authorization.admin.ScopeService.adminEvent

private

auth

final AdminPermissionEvaluator org.keycloak.authorization.admin.ScopeService.auth

private

authorization

final AuthorizationProvider org.keycloak.authorization.admin.ScopeService.authorization

private

resourceServer

ResourceServer org.keycloak.authorization.admin.ScopeService.resourceServer

private

session

KeycloakSession org.keycloak.authorization.admin.ScopeService.session

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java