org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper の継承関係図

org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper 連携図

公開メンバ関数
List< ProviderConfigProperty >	getConfigProperties ()

String	getId ()

String	getDisplayType ()

String	getDisplayCategory ()

String	getHelpText ()

boolean	isSupported ()

void	validateConfig (KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel client, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException

String	getProtocol ()

void	close ()

final ProtocolMapper	create (KeycloakSession session)

void	init (Config.Scope config)

void	postInit (KeycloakSessionFactory factory)

AccessToken	transformUserInfoToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

AccessToken	transformAccessToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

IDToken	transformIDToken (IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

AccessToken	transformAccessToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

IDToken	transformIDToken (IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

AccessToken	transformUserInfoToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

静的公開メンバ関数
static ProtocolMapperModel	create (String name, String userAttribute, String tokenClaimName, String claimType, boolean accessToken, boolean idToken, String script, boolean multiValued)

静的公開変数類
static final String	PROVIDER_ID = "oidc-script-based-protocol-mapper"

static final String	TOKEN_MAPPER_CATEGORY = "Token mapper"

限定公開メンバ関数
void	setClaim (IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession)

void	setClaim (IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession)

静的関数
	[static initializer]

静的非公開変数類
static final Logger	LOGGER = Logger.getLogger(ScriptBasedOIDCProtocolMapper.class)

static final String	SCRIPT = "script"

static final List< ProviderConfigProperty >	configProperties

詳解

OIDC org.keycloak.protocol.ProtocolMapper that uses a provided JavaScript fragment to compute the token claim value.

著者: Thomas Darimont

関数詳解

◆ [static initializer]()

org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.[static initializer] ( )

inlinestaticpackage

◆ close()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.close ( )

inlineinherited

                         {
 
     }

◆ create() [1/2]

final ProtocolMapper org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.create ( KeycloakSession session )

inlineinherited

                                                                 {
         throw new RuntimeException("UNSUPPORTED METHOD");
     }

◆ create() [2/2]

static ProtocolMapperModel org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.create	(	String	name,
		String	userAttribute,
		String	tokenClaimName,
		String	claimType,
		boolean	accessToken,
		boolean	idToken,
		String	script,
		boolean	multiValued
	)

inlinestatic

                                                                                                                      {
     ProtocolMapperModel mapper = OIDCAttributeMapperHelper.createClaimMapper(name, userAttribute,
       tokenClaimName, claimType,
       accessToken, idToken,
       PROVIDER_ID);
 
     mapper.getConfig().put(SCRIPT, script);
     mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, String.valueOf(multiValued));
 
     return mapper;
   }

◆ getConfigProperties()

List<ProviderConfigProperty> org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.getConfigProperties ( )

inline

                                                             {
     return configProperties;
   }

◆ getDisplayCategory()

String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.getDisplayCategory ( )

inline

                                      {
     return TOKEN_MAPPER_CATEGORY;
   }

◆ getDisplayType()

String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.getDisplayType ( )

inline

                                  {
     return "Script Mapper";
   }

◆ getHelpText()

String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.getHelpText ( )

inline

                               {
     return "Evaluates a JavaScript function to produce a token claim based on context information.";
   }

◆ getId()

String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.getId ( )

inline

                         {
     return PROVIDER_ID;
   }

◆ getProtocol()

String org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.getProtocol ( )

inlineinherited

                                 {
         return OIDCLoginProtocol.LOGIN_PROTOCOL;
     }

◆ init()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.init ( Config.Scope config )

inlineinherited

55 {

56 }

◆ isSupported()

boolean org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.isSupported ( )

inline

                                {
     return Profile.isFeatureEnabled(Profile.Feature.SCRIPTS);
   }

◆ postInit()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.postInit ( KeycloakSessionFactory factory )

inlineinherited

                                                          {
 
     }

◆ setClaim() [1/2]

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		UserSessionModel	userSession
	)

inlineprotectedinherited

Intended to be overridden in ProtocolMapper implementations to add claims to an token.

引数

token
mappingModel
userSession

非推奨:: override setClaim(IDToken, ProtocolMapperModel, UserSessionModel, KeycloakSession) instead.

105 {

106 }

◆ setClaim() [2/2]

void org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.setClaim	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		UserSessionModel	userSession,
		KeycloakSession	keycloakSession
	)

inlineprotected

                                                                                                                                           {
 
     UserModel user = userSession.getUser();
     String scriptSource = mappingModel.getConfig().get(SCRIPT);
     RealmModel realm = userSession.getRealm();
 
     ScriptingProvider scripting = keycloakSession.getProvider(ScriptingProvider.class);
     ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, "token-mapper-script_" + mappingModel.getName(), scriptSource, null);
 
     EvaluatableScriptAdapter script = scripting.prepareEvaluatableScript(scriptModel);
 
     Object claimValue;
     try {
       claimValue = script.eval((bindings) -> {
         bindings.put("user", user);
         bindings.put("realm", realm);
         bindings.put("token", token);
         bindings.put("userSession", userSession);
         bindings.put("keycloakSession", keycloakSession);
       });
     } catch (Exception ex) {
       LOGGER.error("Error during execution of ProtocolMapper script", ex);
       claimValue = null;
     }
 
     OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claimValue);
   }

◆ transformAccessToken() [1/2]

AccessToken org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper.transformAccessToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inherited

org.keycloak.protocol.oidc.mappers.RoleNameMapper, org.keycloak.protocol.oidc.mappers.HardcodedRole, org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapperで実装されています。

◆ transformAccessToken() [2/2]

AccessToken org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformAccessToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inlineinherited

                                                                                                                          {
 
         if (!OIDCAttributeMapperHelper.includeInAccessToken(mappingModel)){
             return token;
         }
 
         setClaim(token, mappingModel, userSession, session);
         return token;
     }

◆ transformIDToken() [1/2]

IDToken org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper.transformIDToken	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inherited

org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapperで実装されています。

◆ transformIDToken() [2/2]

IDToken org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformIDToken	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inlineinherited

                                                                                                                  {
 
         if (!OIDCAttributeMapperHelper.includeInIDToken(mappingModel)){
             return token;
         }
 
         setClaim(token, mappingModel, userSession, session);
         return token;
     }

◆ transformUserInfoToken() [1/2]

AccessToken org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper.transformUserInfoToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inherited

org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapperで実装されています。

◆ transformUserInfoToken() [2/2]

AccessToken org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformUserInfoToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inlineinherited

                                                                                                                            {
 
         if (!OIDCAttributeMapperHelper.includeInUserInfo(mappingModel)) {
             return token;
         }
 
         setClaim(token, mappingModel, userSession, session);
         return token;
     }

◆ validateConfig()

void org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.validateConfig	(	KeycloakSession	session,
		RealmModel	realm,
		ProtocolMapperContainerModel	client,
		ProtocolMapperModel	mapperModel
	)		throws ProtocolMapperConfigException

inline

                                                                                                                                                                                    {
 
     String scriptCode = mapperModel.getConfig().get(SCRIPT);
     if (scriptCode == null) {
       return;
     }
 
     ScriptingProvider scripting = session.getProvider(ScriptingProvider.class);
     ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, mapperModel.getName() + "-script", scriptCode, "");
 
     try {
       scripting.prepareEvaluatableScript(scriptModel);
     } catch (ScriptCompilationException  ex) {
       throw new ProtocolMapperConfigException("error", "{0}", ex.getMessage());
     }
   }

メンバ詳解

◆ configProperties

final List<ProviderConfigProperty> org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.configProperties

staticprivate

◆ LOGGER

final Logger org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.LOGGER = Logger.getLogger(ScriptBasedOIDCProtocolMapper.class)

staticprivate

◆ PROVIDER_ID

final String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.PROVIDER_ID = "oidc-script-based-protocol-mapper"

static

◆ SCRIPT

final String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.SCRIPT = "script"

staticprivate

◆ TOKEN_MAPPER_CATEGORY

final String org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.TOKEN_MAPPER_CATEGORY = "Token mapper"

staticinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/oidc/mappers/ScriptBasedOIDCProtocolMapper.java

公開メンバ関数

静的公開メンバ関数

静的公開変数類

限定公開メンバ関数

静的関数

静的非公開変数類

詳解

関数詳解

◆ [static initializer]()

◆ close()

◆ create() [1/2]

◆ create() [2/2]

◆ getConfigProperties()

◆ getDisplayCategory()

◆ getDisplayType()

◆ getHelpText()

◆ getId()

◆ getProtocol()

◆ init()

◆ isSupported()

◆ postInit()

◆ setClaim() [1/2]

◆ setClaim() [2/2]

◆ transformAccessToken() [1/2]

◆ transformAccessToken() [2/2]

◆ transformIDToken() [1/2]

◆ transformIDToken() [2/2]

◆ transformUserInfoToken() [1/2]

◆ transformUserInfoToken() [2/2]

◆ validateConfig()

メンバ詳解

◆ configProperties

◆ LOGGER

◆ PROVIDER_ID

◆ SCRIPT

◆ TOKEN_MAPPER_CATEGORY