org.keycloak.protocol.saml.mappers.ScriptBasedMapper クラス

org.keycloak.protocol.saml.mappers.ScriptBasedMapper の継承関係図

org.keycloak.protocol.saml.mappers.ScriptBasedMapper 連携図

公開メンバ関数
List< ProviderConfigProperty >	getConfigProperties ()
String	getId ()
String	getDisplayType ()
String	getDisplayCategory ()
String	getHelpText ()
void	transformAttributeStatement (AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
void	validateConfig (KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel client, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException
String	getProtocol ()
void	close ()
final ProtocolMapper	create (KeycloakSession session)
void	init (Config.Scope config)
void	postInit (KeycloakSessionFactory factory)

静的公開メンバ関数
static ProtocolMapperModel	create (String name, String samlAttributeName, String nameFormat, String friendlyName, String script, boolean singleAttribute)

静的公開変数類
static final String	PROVIDER_ID = "saml-javascript-mapper"

静的関数
	[static initializer]

静的非公開変数類
static final List< ProviderConfigProperty >	configProperties = new ArrayList<>()
static final String	SINGLE_VALUE_ATTRIBUTE = "single"
static final Logger	LOGGER = Logger.getLogger(ScriptBasedMapper.class)

詳解

This class provides a mapper that uses javascript to attach a value to an attribute for SAML tokens. The mapper can handle both a result that is a single value, or multiple values (an array or a list for example). For the latter case, it can return the result as a single attribute with multiple values, or as multiple attributes However, in all cases, the returned values must be castable to String values.

著者

Alistair Doswald

関数詳解

[static initializer]()

org.keycloak.protocol.saml.mappers.ScriptBasedMapper.[static initializer] ( )

inlinestaticpackage

close()

void org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper.close ( )

inlineinherited

                        {

    }

create() [1/2]

final ProtocolMapper org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper.create ( KeycloakSession  session )

inlineinherited

                                                                {
        throw new RuntimeException("UNSUPPORTED METHOD");
    }

create() [2/2]

static ProtocolMapperModel org.keycloak.protocol.saml.mappers.ScriptBasedMapper.create ( String  name, String  samlAttributeName, String  nameFormat, String  friendlyName, String  script, boolean  singleAttribute  )

inlinestatic

Creates an protocol mapper model for the this script based mapper. This mapper model is meant to be used for testing, as normally such objects are created in a different manner through the keycloak GUI.

引数

name	The name of the mapper (this has no functional use)
samlAttributeName	The name of the attribute in the SAML attribute
nameFormat	can be "basic", "URI reference" or "unspecified"
friendlyName	a display name, only useful for the keycloak GUI
script	the javascript to be executed by the mapper
singleAttribute	If true, all groups will be stored under one attribute with multiple attribute values

戻り値

a Protocol Mapper for a group mapping

                                                                                                                                                                    {
        ProtocolMapperModel mapper =  AttributeStatementHelper.createAttributeMapper(name, null, samlAttributeName, nameFormat, friendlyName,
                PROVIDER_ID);
        Map<String, String> config = mapper.getConfig();
        config.put(ProviderConfigProperty.SCRIPT_TYPE, script);
        config.put(SINGLE_VALUE_ATTRIBUTE, Boolean.toString(singleAttribute));
        return mapper;
    }

getConfigProperties()

List<ProviderConfigProperty> org.keycloak.protocol.saml.mappers.ScriptBasedMapper.getConfigProperties ( )

inline

                                                              {
        return configProperties;
    }

getDisplayCategory()

String org.keycloak.protocol.saml.mappers.ScriptBasedMapper.getDisplayCategory ( )

inline

                                       {
        return AttributeStatementHelper.ATTRIBUTE_STATEMENT_CATEGORY;
    }

getDisplayType()

String org.keycloak.protocol.saml.mappers.ScriptBasedMapper.getDisplayType ( )

inline

                                   {
        return "Javascript Mapper";
    }

getHelpText()

String org.keycloak.protocol.saml.mappers.ScriptBasedMapper.getHelpText ( )

inline

                                {
        return "Evaluates a JavaScript function to produce an attribute value based on context information.";
    }

getId()

String org.keycloak.protocol.saml.mappers.ScriptBasedMapper.getId ( )

inline

                          {
        return PROVIDER_ID;
    }

getProtocol()

String org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper.getProtocol ( )

inlineinherited

                                {
        return SamlProtocol.LOGIN_PROTOCOL;
    }

init()

void org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper.init ( Config.Scope  config )

inlineinherited

                                          {
    }

postInit()

void org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper.postInit ( KeycloakSessionFactory  factory )

inlineinherited

                                                         {

    }

transformAttributeStatement()

void org.keycloak.protocol.saml.mappers.ScriptBasedMapper.transformAttributeStatement ( AttributeStatementType  attributeStatement, ProtocolMapperModel  mappingModel, KeycloakSession  session, UserSessionModel  userSession, AuthenticatedClientSessionModel  clientSession  )

inline

This method attaches one or many attributes to the passed attribute statement. To obtain the attribute values, it executes the mapper's script and returns attaches the returned value to the attribute. If the returned attribute is an Array or is iterable, the mapper will either return multiple attributes, or an attribute with multiple values. The variant chosen depends on the configuration of the mapper

引数

attributeStatement	The attribute statements to be added to a token
mappingModel	The mapping model reflects the values that are actually input in the GUI
session	The current session
userSession	The current user session
clientSession	The current client session

org.keycloak.protocol.saml.mappers.SAMLAttributeStatementMapperを実装しています。

                                                                                           {
        UserModel user = userSession.getUser();
        String scriptSource = mappingModel.getConfig().get(ProviderConfigProperty.SCRIPT_TYPE);
        RealmModel realm = userSession.getRealm();

        String single = mappingModel.getConfig().get(SINGLE_VALUE_ATTRIBUTE);
        boolean singleAttribute = Boolean.parseBoolean(single);

        ScriptingProvider scripting = session.getProvider(ScriptingProvider.class);
        ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, "attribute-mapper-script_" + mappingModel.getName(), scriptSource, null);

        EvaluatableScriptAdapter script = scripting.prepareEvaluatableScript(scriptModel);
        Object attributeValue;
        try {
            attributeValue = script.eval((bindings) -> {
                bindings.put("user", user);
                bindings.put("realm", realm);
                bindings.put("clientSession", clientSession);
                bindings.put("userSession", userSession);
                bindings.put("keycloakSession", session);
            });
            //If the result is a an array or is iterable, get all values
            if (attributeValue.getClass().isArray()){
                attributeValue = Arrays.asList((Object[])attributeValue);
            }
            if (attributeValue instanceof Iterable) {
                if (singleAttribute) {
                    AttributeType singleAttributeType = AttributeStatementHelper.createAttributeType(mappingModel);
                    attributeStatement.addAttribute(new AttributeStatementType.ASTChoiceType(singleAttributeType));
                    for (Object value : (Iterable)attributeValue) {
                        singleAttributeType.addAttributeValue(value);
                    }
                } else {
                    for (Object value : (Iterable)attributeValue) {
                        AttributeStatementHelper.addAttribute(attributeStatement, mappingModel, value.toString());
                    }
                }
            } else {
                // single value case
                AttributeStatementHelper.addAttribute(attributeStatement, mappingModel, attributeValue.toString());
            }
        } catch (Exception ex) {
            LOGGER.error("Error during execution of ProtocolMapper script", ex);
            AttributeStatementHelper.addAttribute(attributeStatement, mappingModel, null);
        }
    }

validateConfig()

void org.keycloak.protocol.saml.mappers.ScriptBasedMapper.validateConfig ( KeycloakSession  session, RealmModel  realm, ProtocolMapperContainerModel  client, ProtocolMapperModel  mapperModel  ) throws ProtocolMapperConfigException

inline

                                                                                                                                                                                     {

        String scriptCode = mapperModel.getConfig().get(ProviderConfigProperty.SCRIPT_TYPE);
        if (scriptCode == null) {
            return;
        }

        ScriptingProvider scripting = session.getProvider(ScriptingProvider.class);
        ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, mapperModel.getName() + "-script", scriptCode, "");

        try {
            scripting.prepareEvaluatableScript(scriptModel);
        } catch (ScriptCompilationException ex) {
            throw new ProtocolMapperConfigException("error", "{0}", ex.getMessage());
        }
    }

メンバ詳解

configProperties

final List<ProviderConfigProperty> org.keycloak.protocol.saml.mappers.ScriptBasedMapper.configProperties = new ArrayList<>()

staticprivate

LOGGER

final Logger org.keycloak.protocol.saml.mappers.ScriptBasedMapper.LOGGER = Logger.getLogger(ScriptBasedMapper.class)

staticprivate

PROVIDER_ID

final String org.keycloak.protocol.saml.mappers.ScriptBasedMapper.PROVIDER_ID = "saml-javascript-mapper"

static

SINGLE_VALUE_ATTRIBUTE

final String org.keycloak.protocol.saml.mappers.ScriptBasedMapper.SINGLE_VALUE_ATTRIBUTE = "single"

staticprivate

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/saml/mappers/ScriptBasedMapper.java