org.keycloak.services.resources.admin.permissions.ClientPermissions の継承関係図

org.keycloak.services.resources.admin.permissions.ClientPermissions 連携図

公開メンバ関数
	ClientPermissions (KeycloakSession session, RealmModel realm, AuthorizationProvider authz, MgmtPermissions root)

boolean	isPermissionsEnabled (ClientModel client)

void	setPermissionsEnabled (ClientModel client, boolean enable)

boolean	canList ()

void	requireList ()

boolean	canListClientScopes ()

void	requireListClientScopes ()

boolean	canManageClientsDefault ()

boolean	canViewClientDefault ()

boolean	canManage ()

void	requireManage ()

boolean	canView ()

void	requireView ()

Resource	resource (ClientModel client)

Map< String, String >	getPermissions (ClientModel client)

boolean	canExchangeTo (ClientModel authorizedClient, ClientModel to)

boolean	canManage (ClientModel client)

boolean	canConfigure (ClientModel client)

void	requireConfigure (ClientModel client)

void	requireManage (ClientModel client)

boolean	canView (ClientModel client)

void	requireView (ClientModel client)

boolean	canViewClientScopes ()

boolean	canManageClientScopes ()

void	requireManageClientScopes ()

void	requireViewClientScopes ()

boolean	canManage (ClientScopeModel clientScope)

void	requireManage (ClientScopeModel clientScope)

boolean	canView (ClientScopeModel clientScope)

void	requireView (ClientScopeModel clientScope)

boolean	canMapRoles (ClientModel client)

Policy	exchangeToPermission (ClientModel client)

Policy	mapRolesPermission (ClientModel client)

Policy	mapRolesClientScopePermission (ClientModel client)

Policy	mapRolesCompositePermission (ClientModel client)

Policy	managePermission (ClientModel client)

Policy	configurePermission (ClientModel client)

Policy	viewPermission (ClientModel client)

ResourceServer	resourceServer (ClientModel client)

boolean	canMapCompositeRoles (ClientModel client)

boolean	canMapClientScopeRoles (ClientModel client)

Map< String, Boolean >	getAccess (ClientModel client)

静的公開変数類
static final String	MAP_ROLES_SCOPE = "map-roles"

static final String	MAP_ROLES_CLIENT_SCOPE = "map-roles-client-scope"

static final String	MAP_ROLES_COMPOSITE_SCOPE = "map-roles-composite"

static final String	CONFIGURE_SCOPE = "configure"

限定公開変数類
final KeycloakSession	session

final RealmModel	realm

final AuthorizationProvider	authz

final MgmtPermissions	root

非公開メンバ関数
String	getResourceName (ClientModel client)

String	getManagePermissionName (ClientModel client)

String	getConfigurePermissionName (ClientModel client)

String	getViewPermissionName (ClientModel client)

String	getMapRolesPermissionName (ClientModel client)

String	getMapRolesClientScopePermissionName (ClientModel client)

String	getMapRolesCompositePermissionName (ClientModel client)

String	getExchangeToPermissionName (ClientModel client)

void	initialize (ClientModel client)

void	deletePolicy (String name, ResourceServer server)

void	deletePermissions (ClientModel client)

Scope	manageScope (ResourceServer server)

Scope	exchangeToScope (ResourceServer server)

Scope	configureScope (ResourceServer server)

Scope	viewScope (ResourceServer server)

Scope	mapRolesScope (ResourceServer server)

boolean	hasView (ClientModel client)

静的非公開変数類
static final Logger	logger = Logger.getLogger(ClientPermissions.class)

詳解

Manages default policies for all users.

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ ClientPermissions()

org.keycloak.services.resources.admin.permissions.ClientPermissions.ClientPermissions	(	KeycloakSession	session,
		RealmModel	realm,
		AuthorizationProvider	authz,
		MgmtPermissions	root
	)

inline

                                                                                                                            {
         this.session = session;
         this.realm = realm;
         this.authz = authz;
         this.root = root;
     }

関数詳解

◆ canConfigure()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canConfigure ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                     {
         if (canManage(client)) return true;
         if (!root.isAdminSameRealm()) {
             return false;
         }
 
         ResourceServer server = resourceServer(client);
         if (server == null) return false;
 
         Resource resource =  authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
         if (resource == null) return false;
 
         Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getConfigurePermissionName(client), server.getId());
         if (policy == null) {
             return false;
         }
 
         Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
         // if no policies attached to permission then just do default behavior
         if (associatedPolicies == null || associatedPolicies.isEmpty()) {
             return false;
         }
 
         Scope scope = configureScope(server);
         return root.evaluatePermission(resource, scope, server);
     }

◆ canExchangeTo()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canExchangeTo	(	ClientModel	authorizedClient,
		ClientModel	to
	)

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionManagementを実装しています。

                                                                                {
 
         if (!authorizedClient.equals(to)) {
             ResourceServer server = resourceServer(to);
             if (server == null) {
                 logger.debug("No resource server set up for target client");
                 return false;
             }
 
             Resource resource =  authz.getStoreFactory().getResourceStore().findByName(getResourceName(to), server.getId());
             if (resource == null) {
                 logger.debug("No resource object set up for target client");
                 return false;
             }
 
             Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(to), server.getId());
             if (policy == null) {
                 logger.debug("No permission object set up for target client");
                 return false;
             }
 
             Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
             // if no policies attached to permission then just do default behavior
             if (associatedPolicies == null || associatedPolicies.isEmpty()) {
                 logger.debug("No policies set up for permission on target client");
                 return false;
             }
 
             Scope scope = exchangeToScope(server);
             if (scope == null) {
                 logger.debug(TOKEN_EXCHANGE + " not initialized");
                 return false;
             }
             ClientModelIdentity identity = new ClientModelIdentity(session, authorizedClient);
             EvaluationContext context = new DefaultEvaluationContext(identity, session) {
                 @Override
                 public Map<String, Collection<String>> getBaseAttributes() {
                     Map<String, Collection<String>> attributes = super.getBaseAttributes();
                     attributes.put("kc.client.id", Arrays.asList(authorizedClient.getClientId()));
                     return attributes;
                 }
 
             };
             return root.evaluatePermission(resource, scope, server, context);
         }
         return true;
     }

◆ canList()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canList ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                              {
         return root.hasAnyAdminRole();
     }

◆ canListClientScopes()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canListClientScopes ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                          {
         return root.hasAnyAdminRole();
     }

◆ canManage() [1/3]

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canManage ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                {
         return canManageClientsDefault();
     }

◆ canManage() [2/3]

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canManage ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                  {
         if (canManageClientsDefault()) return true;
         if (!root.isAdminSameRealm()) {
             return false;
         }
 
         ResourceServer server = resourceServer(client);
         if (server == null) return false;
 
         Resource resource =  authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
         if (resource == null) return false;
 
         Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getManagePermissionName(client), server.getId());
         if (policy == null) {
             return false;
         }
 
         Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
         // if no policies attached to permission then just do default behavior
         if (associatedPolicies == null || associatedPolicies.isEmpty()) {
             return false;
         }
 
         Scope scope = manageScope(server);
         return root.evaluatePermission(resource, scope, server);
     }

◆ canManage() [3/3]

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canManage ( ClientScopeModel clientScope )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                            {
         return canManageClientsDefault();
     }

◆ canManageClientScopes()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canManageClientScopes ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                            {
         return canManageClientsDefault();
     }

◆ canManageClientsDefault()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canManageClientsDefault ( )

inline

                                              {
         return root.hasOneAdminRole(AdminRoles.MANAGE_CLIENTS);
     }

◆ canMapClientScopeRoles()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canMapClientScopeRoles ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                               {
         ResourceServer server = resourceServer(client);
         if (server == null) return false;
 
         Resource resource =  authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
         if (resource == null) return false;
 
         Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapRolesClientScopePermissionName(client), server.getId());
         if (policy == null) {
             return false;
         }
 
         Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
         // if no policies attached to permission then just do default behavior
         if (associatedPolicies == null || associatedPolicies.isEmpty()) {
             return false;
         }
 
         Scope scope = authz.getStoreFactory().getScopeStore().findByName(MAP_ROLES_CLIENT_SCOPE, server.getId());
         return root.evaluatePermission(resource, scope, server);
     }

◆ canMapCompositeRoles()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canMapCompositeRoles ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                             {
         ResourceServer server = resourceServer(client);
         if (server == null) return false;
 
         Resource resource =  authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
         if (resource == null) return false;
 
         Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapRolesCompositePermissionName(client), server.getId());
         if (policy == null) {
             return false;
         }
 
         Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
         // if no policies attached to permission then just do default behavior
         if (associatedPolicies == null || associatedPolicies.isEmpty()) {
             return false;
         }
 
         Scope scope = authz.getStoreFactory().getScopeStore().findByName(MAP_ROLES_COMPOSITE_SCOPE, server.getId());
         return root.evaluatePermission(resource, scope, server);
     }

◆ canMapRoles()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canMapRoles ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                    {
         ResourceServer server = resourceServer(client);
         if (server == null) return false;
 
         Resource resource =  authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
         if (resource == null) return false;
 
         Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapRolesPermissionName(client), server.getId());
         if (policy == null) {
             return false;
         }
 
         Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
         // if no policies attached to permission then just do default behavior
         if (associatedPolicies == null || associatedPolicies.isEmpty()) {
             return false;
         }
 
         Scope scope = mapRolesScope(server);
         return root.evaluatePermission(resource, scope, server);
     }

◆ canView() [1/3]

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canView ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                              {
         return canManageClientsDefault() || canViewClientDefault();
     }

◆ canView() [2/3]

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canView ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                {
         return hasView(client) || canConfigure(client);
     }

◆ canView() [3/3]

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canView ( ClientScopeModel clientScope )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                          {
         return canViewClientDefault();
     }

◆ canViewClientDefault()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canViewClientDefault ( )

inline

                                           {
         return root.hasOneAdminRole(AdminRoles.MANAGE_CLIENTS, AdminRoles.VIEW_CLIENTS);
     }

◆ canViewClientScopes()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.canViewClientScopes ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                          {
         return canView();
     }

◆ configurePermission()

Policy org.keycloak.services.resources.admin.permissions.ClientPermissions.configurePermission ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionManagementを実装しています。

                                                           {
         ResourceServer server = resourceServer(client);
         if (server == null) return null;
         return authz.getStoreFactory().getPolicyStore().findByName(getConfigurePermissionName(client), server.getId());
     }

◆ configureScope()

Scope org.keycloak.services.resources.admin.permissions.ClientPermissions.configureScope ( ResourceServer server )

inlineprivate

                                                         {
         return authz.getStoreFactory().getScopeStore().findByName(CONFIGURE_SCOPE, server.getId());
     }

◆ deletePermissions()

void org.keycloak.services.resources.admin.permissions.ClientPermissions.deletePermissions ( ClientModel client )

inlineprivate

                                                        {
         ResourceServer server = resourceServer(client);
         if (server == null) return;
         deletePolicy(getManagePermissionName(client), server);
         deletePolicy(getViewPermissionName(client), server);
         deletePolicy(getMapRolesPermissionName(client), server);
         deletePolicy(getMapRolesClientScopePermissionName(client), server);
         deletePolicy(getMapRolesCompositePermissionName(client), server);
         deletePolicy(getConfigurePermissionName(client), server);
         deletePolicy(getExchangeToPermissionName(client), server);
         Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());;
         if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
     }

◆ deletePolicy()

void org.keycloak.services.resources.admin.permissions.ClientPermissions.deletePolicy	(	String	name,
		ResourceServer	server
	)

inlineprivate

                                                                   {
         Policy policy = authz.getStoreFactory().getPolicyStore().findByName(name, server.getId());
         if (policy != null) {
             authz.getStoreFactory().getPolicyStore().delete(policy.getId());
         }
 
     }

◆ exchangeToPermission()

Policy org.keycloak.services.resources.admin.permissions.ClientPermissions.exchangeToPermission ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionManagementを実装しています。

                                                            {
         ResourceServer server = resourceServer(client);
         if (server == null) return null;
         return authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(client), server.getId());
     }

◆ exchangeToScope()

Scope org.keycloak.services.resources.admin.permissions.ClientPermissions.exchangeToScope ( ResourceServer server )

inlineprivate

                                                          {
         return authz.getStoreFactory().getScopeStore().findByName(TOKEN_EXCHANGE, server.getId());
     }

◆ getAccess()

Map<String, Boolean> org.keycloak.services.resources.admin.permissions.ClientPermissions.getAccess ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                               {
         Map<String, Boolean> map = new HashMap<>();
         map.put("view", canView(client));
         map.put("manage", StorageId.isLocalStorage(client) && canManage(client));
         map.put("configure", StorageId.isLocalStorage(client) && canConfigure(client));
         return map;
     }

◆ getConfigurePermissionName()

String org.keycloak.services.resources.admin.permissions.ClientPermissions.getConfigurePermissionName ( ClientModel client )

inlineprivate

                                                                   {
         return "configure.permission.client." + client.getId();
     }

◆ getExchangeToPermissionName()

String org.keycloak.services.resources.admin.permissions.ClientPermissions.getExchangeToPermissionName ( ClientModel client )

inlineprivate

                                                                    {
         return TOKEN_EXCHANGE + ".permission.client." + client.getId();
     }

◆ getManagePermissionName()

String org.keycloak.services.resources.admin.permissions.ClientPermissions.getManagePermissionName ( ClientModel client )

inlineprivate

                                                                {
         return "manage.permission.client." + client.getId();
     }

◆ getMapRolesClientScopePermissionName()

String org.keycloak.services.resources.admin.permissions.ClientPermissions.getMapRolesClientScopePermissionName ( ClientModel client )

inlineprivate

                                                                             {
         return MAP_ROLES_CLIENT_SCOPE + ".permission.client." + client.getId();
     }

◆ getMapRolesCompositePermissionName()

String org.keycloak.services.resources.admin.permissions.ClientPermissions.getMapRolesCompositePermissionName ( ClientModel client )

inlineprivate

                                                                           {
         return MAP_ROLES_COMPOSITE_SCOPE + ".permission.client." + client.getId();
     }

◆ getMapRolesPermissionName()

String org.keycloak.services.resources.admin.permissions.ClientPermissions.getMapRolesPermissionName ( ClientModel client )

inlineprivate

                                                                  {
         return MAP_ROLES_SCOPE + ".permission.client." + client.getId();
     }

◆ getPermissions()

Map<String, String> org.keycloak.services.resources.admin.permissions.ClientPermissions.getPermissions ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionManagementを実装しています。

                                                                   {
         initialize(client);
         Map<String, String> scopes = new LinkedHashMap<>();
         scopes.put(AdminPermissionManagement.VIEW_SCOPE, viewPermission(client).getId());
         scopes.put(AdminPermissionManagement.MANAGE_SCOPE, managePermission(client).getId());
         scopes.put(CONFIGURE_SCOPE, configurePermission(client).getId());
         scopes.put(MAP_ROLES_SCOPE,  mapRolesPermission(client).getId());
         scopes.put(MAP_ROLES_CLIENT_SCOPE, mapRolesClientScopePermission(client).getId());
         scopes.put(MAP_ROLES_COMPOSITE_SCOPE, mapRolesCompositePermission(client).getId());
         scopes.put(TOKEN_EXCHANGE, exchangeToPermission(client).getId());
         return scopes;
     }

◆ getResourceName()

String org.keycloak.services.resources.admin.permissions.ClientPermissions.getResourceName ( ClientModel client )

inlineprivate

                                                        {
         return "client.resource." + client.getId();
     }

◆ getViewPermissionName()

String org.keycloak.services.resources.admin.permissions.ClientPermissions.getViewPermissionName ( ClientModel client )

inlineprivate

                                                              {
         return "view.permission.client." + client.getId();
     }

◆ hasView()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.hasView ( ClientModel client )

inlineprivate

                                                 {
         if (canView()) return true;
         if (!root.isAdminSameRealm()) {
             return false;
         }
 
         ResourceServer server = resourceServer(client);
         if (server == null) return false;
 
         Resource resource =  authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
         if (resource == null) return false;
 
         Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getViewPermissionName(client), server.getId());
         if (policy == null) {
             return false;
         }
 
         Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
         // if no policies attached to permission then just do default behavior
         if (associatedPolicies == null || associatedPolicies.isEmpty()) {
             return false;
         }
 
         Scope scope = viewScope(server);
         return root.evaluatePermission(resource, scope, server);
     }

◆ initialize()

void org.keycloak.services.resources.admin.permissions.ClientPermissions.initialize ( ClientModel client )

inlineprivate

                                                  {
         ResourceServer server = root.findOrCreateResourceServer(client);
         Scope manageScope = manageScope(server);
         if (manageScope == null) {
             manageScope = authz.getStoreFactory().getScopeStore().create(AdminPermissionManagement.MANAGE_SCOPE, server);
         }
         Scope viewScope = viewScope(server);
         if (viewScope == null) {
             viewScope = authz.getStoreFactory().getScopeStore().create(AdminPermissionManagement.VIEW_SCOPE, server);
         }
         Scope mapRoleScope = mapRolesScope(server);
         if (mapRoleScope == null) {
             mapRoleScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLES_SCOPE, server);
         }
         Scope mapRoleClientScope = root.initializeScope(MAP_ROLES_CLIENT_SCOPE, server);
         Scope mapRoleCompositeScope = root.initializeScope(MAP_ROLES_COMPOSITE_SCOPE, server);
         Scope configureScope = root.initializeScope(CONFIGURE_SCOPE, server);
         Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
 
         String resourceName = getResourceName(client);
         Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
         if (resource == null) {
             resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
             resource.setType("Client");
             Set<Scope> scopeset = new HashSet<>();
             scopeset.add(configureScope);
             scopeset.add(manageScope);
             scopeset.add(viewScope);
             scopeset.add(mapRoleScope);
             scopeset.add(mapRoleClientScope);
             scopeset.add(mapRoleCompositeScope);
             scopeset.add(exchangeToScope);
             resource.updateScopes(scopeset);
         }
         String managePermissionName = getManagePermissionName(client);
         Policy managePermission = authz.getStoreFactory().getPolicyStore().findByName(managePermissionName, server.getId());
         if (managePermission == null) {
             Helper.addEmptyScopePermission(authz, server, managePermissionName, resource, manageScope);
         }
         String configurePermissionName = getConfigurePermissionName(client);
         Policy configurePermission = authz.getStoreFactory().getPolicyStore().findByName(configurePermissionName, server.getId());
         if (configurePermission == null) {
             Helper.addEmptyScopePermission(authz, server, configurePermissionName, resource, configureScope);
         }
         String viewPermissionName = getViewPermissionName(client);
         Policy viewPermission = authz.getStoreFactory().getPolicyStore().findByName(viewPermissionName, server.getId());
         if (viewPermission == null) {
             Helper.addEmptyScopePermission(authz, server, viewPermissionName, resource, viewScope);
         }
         String mapRolePermissionName = getMapRolesPermissionName(client);
         Policy mapRolePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRolePermissionName, server.getId());
         if (mapRolePermission == null) {
             Helper.addEmptyScopePermission(authz, server, mapRolePermissionName, resource, mapRoleScope);
         }
         String mapRoleClientScopePermissionName = getMapRolesClientScopePermissionName(client);
         Policy mapRoleClientScopePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRoleClientScopePermissionName, server.getId());
         if (mapRoleClientScopePermission == null) {
             Helper.addEmptyScopePermission(authz, server, mapRoleClientScopePermissionName, resource, mapRoleClientScope);
         }
         String mapRoleCompositePermissionName = getMapRolesCompositePermissionName(client);
         Policy mapRoleCompositePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRoleCompositePermissionName, server.getId());
         if (mapRoleCompositePermission == null) {
             Helper.addEmptyScopePermission(authz, server, mapRoleCompositePermissionName, resource, mapRoleCompositeScope);
         }
         String exchangeToPermissionName = getExchangeToPermissionName(client);
         Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeToPermissionName, server.getId());
         if (exchangeToPermission == null) {
             Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
         }
     }

◆ isPermissionsEnabled()

boolean org.keycloak.services.resources.admin.permissions.ClientPermissions.isPermissionsEnabled ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                             {
         ResourceServer server = resourceServer(client);
         if (server == null) return false;
 
         return authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId()) != null;
     }

◆ managePermission()

Policy org.keycloak.services.resources.admin.permissions.ClientPermissions.managePermission ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionManagementを実装しています。

                                                        {
         ResourceServer server = resourceServer(client);
         if (server == null) return null;
         return authz.getStoreFactory().getPolicyStore().findByName(getManagePermissionName(client), server.getId());
     }

◆ manageScope()

Scope org.keycloak.services.resources.admin.permissions.ClientPermissions.manageScope ( ResourceServer server )

inlineprivate

                                                      {
         return authz.getStoreFactory().getScopeStore().findByName(AdminPermissionManagement.MANAGE_SCOPE, server.getId());
     }

◆ mapRolesClientScopePermission()

Policy org.keycloak.services.resources.admin.permissions.ClientPermissions.mapRolesClientScopePermission ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionManagementを実装しています。

                                                                     {
         ResourceServer server = resourceServer(client);
         if (server == null) return null;
         return authz.getStoreFactory().getPolicyStore().findByName(getMapRolesClientScopePermissionName(client), server.getId());
     }

◆ mapRolesCompositePermission()

Policy org.keycloak.services.resources.admin.permissions.ClientPermissions.mapRolesCompositePermission ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionManagementを実装しています。

                                                                   {
         ResourceServer server = resourceServer(client);
         if (server == null) return null;
         return authz.getStoreFactory().getPolicyStore().findByName(getMapRolesCompositePermissionName(client), server.getId());
     }

◆ mapRolesPermission()

Policy org.keycloak.services.resources.admin.permissions.ClientPermissions.mapRolesPermission ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionManagementを実装しています。

                                                          {
         ResourceServer server = resourceServer(client);
         if (server == null) return null;
         return authz.getStoreFactory().getPolicyStore().findByName(getMapRolesPermissionName(client), server.getId());
     }

◆ mapRolesScope()

Scope org.keycloak.services.resources.admin.permissions.ClientPermissions.mapRolesScope ( ResourceServer server )

inlineprivate

                                                        {
         return authz.getStoreFactory().getScopeStore().findByName(MAP_ROLES_SCOPE, server.getId());
     }

◆ requireConfigure()

void org.keycloak.services.resources.admin.permissions.ClientPermissions.requireConfigure ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                      {
         if (!canConfigure(client)) {
             throw new ForbiddenException();
         }
     }

◆ requireList()

void org.keycloak.services.resources.admin.permissions.ClientPermissions.requireList ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                               {
         if (!canList()) {
             throw new ForbiddenException();
         }
     }

◆ requireListClientScopes()

void org.keycloak.services.resources.admin.permissions.ClientPermissions.requireListClientScopes ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                           {
         if (!canListClientScopes()) {
             throw new ForbiddenException();
         }
     }

◆ requireManage() [1/3]

void org.keycloak.services.resources.admin.permissions.ClientPermissions.requireManage ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                 {
         if (!canManage()) {
             throw new ForbiddenException();
         }
     }

◆ requireManage() [2/3]

void org.keycloak.services.resources.admin.permissions.ClientPermissions.requireManage ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                   {
         if (!canManage(client)) {
             throw new ForbiddenException();
         }
     }

◆ requireManage() [3/3]

void org.keycloak.services.resources.admin.permissions.ClientPermissions.requireManage ( ClientScopeModel clientScope )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                             {
         if (!canManage(clientScope)) {
             throw new ForbiddenException();
         }
     }

◆ requireManageClientScopes()

void org.keycloak.services.resources.admin.permissions.ClientPermissions.requireManageClientScopes ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                             {
         if (!canManageClientScopes()) {
             throw new ForbiddenException();
         }
     }

◆ requireView() [1/3]

void org.keycloak.services.resources.admin.permissions.ClientPermissions.requireView ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                               {
         if (!canView()) {
             throw new ForbiddenException();
         }
     }

◆ requireView() [2/3]

void org.keycloak.services.resources.admin.permissions.ClientPermissions.requireView ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                 {
         if (!canView(client)) {
             throw new ForbiddenException();
         }
     }

◆ requireView() [3/3]

void org.keycloak.services.resources.admin.permissions.ClientPermissions.requireView ( ClientScopeModel clientScope )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                           {
         if (!canView(clientScope)) {
             throw new ForbiddenException();
         }
     }

◆ requireViewClientScopes()

void org.keycloak.services.resources.admin.permissions.ClientPermissions.requireViewClientScopes ( )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                           {
         if (!canViewClientScopes()) {
             throw new ForbiddenException();
         }
     }

◆ resource()

Resource org.keycloak.services.resources.admin.permissions.ClientPermissions.resource ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionManagementを実装しています。

                                                  {
         ResourceServer server = resourceServer(client);
         if (server == null) return null;
         Resource resource =  authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
         if (resource == null) return null;
         return resource;
     }

◆ resourceServer()

ResourceServer org.keycloak.services.resources.admin.permissions.ClientPermissions.resourceServer ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionManagementを実装しています。

                                                              {
         return root.resourceServer(client);
     }

◆ setPermissionsEnabled()

void org.keycloak.services.resources.admin.permissions.ClientPermissions.setPermissionsEnabled	(	ClientModel	client,
		boolean	enable
	)

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionEvaluatorを実装しています。

                                                                           {
         if (enable) {
             initialize(client);
         } else {
             deletePermissions(client);
         }
     }

◆ viewPermission()

Policy org.keycloak.services.resources.admin.permissions.ClientPermissions.viewPermission ( ClientModel client )

inline

org.keycloak.services.resources.admin.permissions.ClientPermissionManagementを実装しています。

                                                      {
         ResourceServer server = resourceServer(client);
         if (server == null) return null;
         return authz.getStoreFactory().getPolicyStore().findByName(getViewPermissionName(client), server.getId());
     }

◆ viewScope()

Scope org.keycloak.services.resources.admin.permissions.ClientPermissions.viewScope ( ResourceServer server )

inlineprivate

                                                    {
         return authz.getStoreFactory().getScopeStore().findByName(AdminPermissionManagement.VIEW_SCOPE, server.getId());
     }

メンバ詳解

◆ authz

final AuthorizationProvider org.keycloak.services.resources.admin.permissions.ClientPermissions.authz

protected

◆ CONFIGURE_SCOPE

final String org.keycloak.services.resources.admin.permissions.ClientPermissionManagement.CONFIGURE_SCOPE = "configure"

staticinherited

◆ logger

final Logger org.keycloak.services.resources.admin.permissions.ClientPermissions.logger = Logger.getLogger(ClientPermissions.class)

staticprivate

◆ MAP_ROLES_CLIENT_SCOPE

final String org.keycloak.services.resources.admin.permissions.ClientPermissionManagement.MAP_ROLES_CLIENT_SCOPE = "map-roles-client-scope"

staticinherited

◆ MAP_ROLES_COMPOSITE_SCOPE

final String org.keycloak.services.resources.admin.permissions.ClientPermissionManagement.MAP_ROLES_COMPOSITE_SCOPE = "map-roles-composite"

staticinherited

◆ MAP_ROLES_SCOPE

final String org.keycloak.services.resources.admin.permissions.ClientPermissionManagement.MAP_ROLES_SCOPE = "map-roles"

staticinherited

◆ realm

final RealmModel org.keycloak.services.resources.admin.permissions.ClientPermissions.realm

protected

◆ root

final MgmtPermissions org.keycloak.services.resources.admin.permissions.ClientPermissions.root

protected

◆ session

final KeycloakSession org.keycloak.services.resources.admin.permissions.ClientPermissions.session

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java

公開メンバ関数

静的公開変数類

限定公開変数類

非公開メンバ関数

静的非公開変数類

詳解

構築子と解体子

◆ ClientPermissions()

関数詳解

◆ canConfigure()

◆ canExchangeTo()

◆ canList()

◆ canListClientScopes()

◆ canManage() [1/3]

◆ canManage() [2/3]

◆ canManage() [3/3]

◆ canManageClientScopes()

◆ canManageClientsDefault()

◆ canMapClientScopeRoles()

◆ canMapCompositeRoles()

◆ canMapRoles()

◆ canView() [1/3]

◆ canView() [2/3]

◆ canView() [3/3]

◆ canViewClientDefault()

◆ canViewClientScopes()

◆ configurePermission()

◆ configureScope()

◆ deletePermissions()

◆ deletePolicy()

◆ exchangeToPermission()

◆ exchangeToScope()

◆ getAccess()

◆ getConfigurePermissionName()

◆ getExchangeToPermissionName()

◆ getManagePermissionName()

◆ getMapRolesClientScopePermissionName()

◆ getMapRolesCompositePermissionName()

◆ getMapRolesPermissionName()

◆ getPermissions()

◆ getResourceName()

◆ getViewPermissionName()

◆ hasView()

◆ initialize()

◆ isPermissionsEnabled()

◆ managePermission()

◆ manageScope()

◆ mapRolesClientScopePermission()

◆ mapRolesCompositePermission()

◆ mapRolesPermission()

◆ mapRolesScope()

◆ requireConfigure()

◆ requireList()

◆ requireListClientScopes()

◆ requireManage() [1/3]

◆ requireManage() [2/3]

◆ requireManage() [3/3]

◆ requireManageClientScopes()

◆ requireView() [1/3]

◆ requireView() [2/3]

◆ requireView() [3/3]

◆ requireViewClientScopes()

◆ resource()

◆ resourceServer()

◆ setPermissionsEnabled()

◆ viewPermission()

◆ viewScope()

メンバ詳解

◆ authz

◆ CONFIGURE_SCOPE

◆ logger

◆ MAP_ROLES_CLIENT_SCOPE

◆ MAP_ROLES_COMPOSITE_SCOPE

◆ MAP_ROLES_SCOPE

◆ realm

◆ root

◆ session