org.keycloak.services.managers.ResourceAdminManager 連携図

公開メンバ関数
	ResourceAdminManager (KeycloakSession session)

void	logoutUser (URI requestUri, RealmModel realm, UserModel user, KeycloakSession keycloakSession)

boolean	logoutClientSession (URI requestUri, RealmModel realm, ClientModel resource, AuthenticatedClientSessionModel clientSession)

GlobalRequestResult	logoutAll (URI requestUri, RealmModel realm)

GlobalRequestResult	logoutClient (URI requestUri, RealmModel realm, ClientModel resource)

GlobalRequestResult	pushRealmRevocationPolicy (URI requestUri, RealmModel realm)

GlobalRequestResult	pushClientRevocationPolicy (URI requestUri, RealmModel realm, ClientModel client)

GlobalRequestResult	testNodesAvailability (URI requestUri, RealmModel realm, ClientModel client)

静的公開メンバ関数
static String	resolveUri (URI requestUri, String rootUrl, String uri)

static String	getManagementUrl (URI requestUri, ClientModel client)

限定公開メンバ関数
void	logoutUserSessions (URI requestUri, RealmModel realm, List< UserSessionModel > userSessions)

boolean	logoutClientSessions (URI requestUri, RealmModel realm, ClientModel resource, List< AuthenticatedClientSessionModel > clientSessions)

GlobalRequestResult	logoutClient (URI requestUri, RealmModel realm, ClientModel resource, int notBefore)

boolean	sendLogoutRequest (RealmModel realm, ClientModel resource, List< String > adapterSessionIds, List< String > userSessions, int notBefore, String managementUrl)

GlobalRequestResult	pushRevocationPolicy (URI requestUri, RealmModel realm, ClientModel resource, int notBefore)

boolean	sendPushRevocationPolicyRequest (RealmModel realm, ClientModel resource, int notBefore, String managementUrl)

boolean	sendTestNodeAvailabilityRequest (RealmModel realm, ClientModel client, String managementUrl)

非公開メンバ関数
List< String >	getAllManagementUrls (URI requestUri, ClientModel client)

void	putClientSessions (MultivaluedHashMap< String, AuthenticatedClientSessionModel > clientSessions, UserSessionModel userSession)

非公開変数類
KeycloakSession	session

静的非公開変数類
static final Logger	logger = Logger.getLogger(ResourceAdminManager.class)

static final String	CLIENT_SESSION_HOST_PROPERTY = "${application.session.host}"

詳解

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ ResourceAdminManager()

org.keycloak.services.managers.ResourceAdminManager.ResourceAdminManager ( KeycloakSession session )

inline

                                                          {
         this.session = session;
     }

関数詳解

◆ getAllManagementUrls()

List<String> org.keycloak.services.managers.ResourceAdminManager.getAllManagementUrls	(	URI	requestUri,
		ClientModel	client
	)

inlineprivate

                                                                                   {
         String baseMgmtUrl = getManagementUrl(requestUri, client);
         if (baseMgmtUrl == null) {
             return Collections.emptyList();
         }
 
         Set<String> registeredNodesHosts = new ClientManager().validateRegisteredNodes(client);
 
         // No-cluster setup
         if (registeredNodesHosts.isEmpty()) {
             return Arrays.asList(baseMgmtUrl);
         }
 
         List<String> result = new LinkedList<String>();
         KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(baseMgmtUrl);
         for (String nodeHost : registeredNodesHosts) {
             String currentNodeUri = uriBuilder.clone().host(nodeHost).build().toString();
             result.add(currentNodeUri);
         }
 
         return result;
     }

◆ getManagementUrl()

static String org.keycloak.services.managers.ResourceAdminManager.getManagementUrl	(	URI	requestUri,
		ClientModel	client
	)

inlinestatic

                                                                               {
         String mgmtUrl = client.getManagementUrl();
         if (mgmtUrl == null || mgmtUrl.equals("")) {
             return null;
         }
 
         String absoluteURI = ResolveRelative.resolveRelativeUri(requestUri, client.getRootUrl(), mgmtUrl);
 
         // this is for resolving URI like "http://${jboss.host.name}:8080/..." in order to send request to same machine and avoid request to LB in cluster environment
         return StringPropertyReplacer.replaceProperties(absoluteURI);
     }

◆ logoutAll()

GlobalRequestResult org.keycloak.services.managers.ResourceAdminManager.logoutAll	(	URI	requestUri,
		RealmModel	realm
	)

inline

                                                                            {
         realm.setNotBefore(Time.currentTime());
         List<ClientModel> resources = realm.getClients();
         logger.debugv("logging out {0} resources ", resources.size());
 
         GlobalRequestResult finalResult = new GlobalRequestResult();
         for (ClientModel resource : resources) {
             GlobalRequestResult currentResult = logoutClient(requestUri, realm, resource, realm.getNotBefore());
             finalResult.addAll(currentResult);
         }
         return finalResult;
     }

◆ logoutClient() [1/2]

GlobalRequestResult org.keycloak.services.managers.ResourceAdminManager.logoutClient	(	URI	requestUri,
		RealmModel	realm,
		ClientModel	resource
	)

inline

                                                                                                     {
         resource.setNotBefore(Time.currentTime());
         return logoutClient(requestUri, realm, resource, resource.getNotBefore());
     }

◆ logoutClient() [2/2]

GlobalRequestResult org.keycloak.services.managers.ResourceAdminManager.logoutClient	(	URI	requestUri,
		RealmModel	realm,
		ClientModel	resource,
		int	notBefore
	)

inlineprotected

                                                                                                                       {
         List<String> mgmtUrls = getAllManagementUrls(requestUri, resource);
         if (mgmtUrls.isEmpty()) {
             logger.debug("No management URL or no registered cluster nodes for the client " + resource.getClientId());
             return new GlobalRequestResult();
         }
 
         if (logger.isDebugEnabled()) logger.debug("Send logoutClient for URLs: " + mgmtUrls);
 
         // Propagate this to all hosts
         GlobalRequestResult result = new GlobalRequestResult();
         for (String mgmtUrl : mgmtUrls) {
             if (sendLogoutRequest(realm, resource, null, null, notBefore, mgmtUrl)) {
                 result.addSuccessRequest(mgmtUrl);
             } else {
                 result.addFailedRequest(mgmtUrl);
             }
         }
         return result;
     }

◆ logoutClientSession()

boolean org.keycloak.services.managers.ResourceAdminManager.logoutClientSession	(	URI	requestUri,
		RealmModel	realm,
		ClientModel	resource,
		AuthenticatedClientSessionModel	clientSession
	)

inline

                                                                                                                                               {
         return logoutClientSessions(requestUri, realm, resource, Arrays.asList(clientSession));
     }

◆ logoutClientSessions()

boolean org.keycloak.services.managers.ResourceAdminManager.logoutClientSessions	(	URI	requestUri,
		RealmModel	realm,
		ClientModel	resource,
		List< AuthenticatedClientSessionModel >	clientSessions
	)

inlineprotected

                                                                                                                                                          {
         String managementUrl = getManagementUrl(requestUri, resource);
         if (managementUrl != null) {
 
             // Key is host, value is list of http sessions for this host
             MultivaluedHashMap<String, String> adapterSessionIds = null;
             List<String> userSessions = new LinkedList<>();
             if (clientSessions != null && clientSessions.size() > 0) {
                 adapterSessionIds = new MultivaluedHashMap<String, String>();
                 for (AuthenticatedClientSessionModel clientSession : clientSessions) {
                     String adapterSessionId = clientSession.getNote(AdapterConstants.CLIENT_SESSION_STATE);
                     if (adapterSessionId != null) {
                         String host = clientSession.getNote(AdapterConstants.CLIENT_SESSION_HOST);
                         adapterSessionIds.add(host, adapterSessionId);
                     }
                     if (clientSession.getUserSession() != null) userSessions.add(clientSession.getUserSession().getId());
                 }
             }
 
             if (adapterSessionIds == null || adapterSessionIds.isEmpty()) {
                 logger.debugv("Can't logout {0}: no logged adapter sessions", resource.getClientId());
                 return false;
             }
 
             if (managementUrl.contains(CLIENT_SESSION_HOST_PROPERTY)) {
                 boolean allPassed = true;
                 // Send logout separately to each host (needed for single-sign-out in cluster for non-distributable apps - KEYCLOAK-748)
                 for (Map.Entry<String, List<String>> entry : adapterSessionIds.entrySet()) {
                     String host = entry.getKey();
                     List<String> sessionIds = entry.getValue();
                     String currentHostMgmtUrl = managementUrl.replace(CLIENT_SESSION_HOST_PROPERTY, host);
                     allPassed = sendLogoutRequest(realm, resource, sessionIds, userSessions, 0, currentHostMgmtUrl) && allPassed;
                 }
 
                 return allPassed;
             } else {
                 // Send single logout request
                 List<String> allSessionIds = new ArrayList<String>();
                 for (List<String> currentIds : adapterSessionIds.values()) {
                     allSessionIds.addAll(currentIds);
                 }
 
                 return sendLogoutRequest(realm, resource, allSessionIds, userSessions, 0, managementUrl);
             }
         } else {
             logger.debugv("Can't logout {0}: no management url", resource.getClientId());
             return false;
         }
     }

◆ logoutUser()

void org.keycloak.services.managers.ResourceAdminManager.logoutUser	(	URI	requestUri,
		RealmModel	realm,
		UserModel	user,
		KeycloakSession	keycloakSession
	)

inline

                                                                                                               {
         keycloakSession.users().setNotBeforeForUser(realm, user, Time.currentTime());
 
         List<UserSessionModel> userSessions = keycloakSession.sessions().getUserSessions(realm, user);
         logoutUserSessions(requestUri, realm, userSessions);
     }

◆ logoutUserSessions()

void org.keycloak.services.managers.ResourceAdminManager.logoutUserSessions	(	URI	requestUri,
		RealmModel	realm,
		List< UserSessionModel >	userSessions
	)

inlineprotected

                                                                                                              {
         // Map from "app" to clientSessions for this app
         MultivaluedHashMap<String, AuthenticatedClientSessionModel> clientSessions = new MultivaluedHashMap<>();
         for (UserSessionModel userSession : userSessions) {
             putClientSessions(clientSessions, userSession);
         }
 
         logger.debugv("logging out {0} resources ", clientSessions.size());
         //logger.infov("logging out resources: {0}", clientSessions);
 
         for (Map.Entry<String, List<AuthenticatedClientSessionModel>> entry : clientSessions.entrySet()) {
             if (entry.getValue().size() == 0) {
                 continue;
             }
             logoutClientSessions(requestUri, realm, entry.getValue().get(0).getClient(), entry.getValue());
         }
     }

◆ pushClientRevocationPolicy()

GlobalRequestResult org.keycloak.services.managers.ResourceAdminManager.pushClientRevocationPolicy	(	URI	requestUri,
		RealmModel	realm,
		ClientModel	client
	)

inline

                                                                                                                 {
         return pushRevocationPolicy(requestUri, realm, client, client.getNotBefore());
     }

◆ pushRealmRevocationPolicy()

GlobalRequestResult org.keycloak.services.managers.ResourceAdminManager.pushRealmRevocationPolicy	(	URI	requestUri,
		RealmModel	realm
	)

inline

                                                                                            {
         GlobalRequestResult finalResult = new GlobalRequestResult();
         for (ClientModel client : realm.getClients()) {
             GlobalRequestResult currentResult = pushRevocationPolicy(requestUri, realm, client, realm.getNotBefore());
             finalResult.addAll(currentResult);
         }
         return finalResult;
     }

◆ pushRevocationPolicy()

GlobalRequestResult org.keycloak.services.managers.ResourceAdminManager.pushRevocationPolicy	(	URI	requestUri,
		RealmModel	realm,
		ClientModel	resource,
		int	notBefore
	)

inlineprotected

                                                                                                                               {
         List<String> mgmtUrls = getAllManagementUrls(requestUri, resource);
         if (mgmtUrls.isEmpty()) {
             logger.debugf("No management URL or no registered cluster nodes for the client %s", resource.getClientId());
             return new GlobalRequestResult();
         }
 
         if (logger.isDebugEnabled()) logger.debug("Sending push revocation to URLS: " + mgmtUrls);
 
         // Propagate this to all hosts
         GlobalRequestResult result = new GlobalRequestResult();
         for (String mgmtUrl : mgmtUrls) {
             if (sendPushRevocationPolicyRequest(realm, resource, notBefore, mgmtUrl)) {
                 result.addSuccessRequest(mgmtUrl);
             } else {
                 result.addFailedRequest(mgmtUrl);
             }
         }
         return result;
     }

◆ putClientSessions()

void org.keycloak.services.managers.ResourceAdminManager.putClientSessions	(	MultivaluedHashMap< String, AuthenticatedClientSessionModel >	clientSessions,
		UserSessionModel	userSession
	)

inlineprivate

                                                                                                                                              {
         for (Map.Entry<String, AuthenticatedClientSessionModel> entry : userSession.getAuthenticatedClientSessions().entrySet()) {
             clientSessions.add(entry.getKey(), entry.getValue());
         }
     }

◆ resolveUri()

static String org.keycloak.services.managers.ResourceAdminManager.resolveUri	(	URI	requestUri,
		String	rootUrl,
		String	uri
	)

inlinestatic

                                                                                 {
         String absoluteURI = ResolveRelative.resolveRelativeUri(requestUri, rootUrl, uri);
         return StringPropertyReplacer.replaceProperties(absoluteURI);
 
    }

◆ sendLogoutRequest()

boolean org.keycloak.services.managers.ResourceAdminManager.sendLogoutRequest	(	RealmModel	realm,
		ClientModel	resource,
		List< String >	adapterSessionIds,
		List< String >	userSessions,
		int	notBefore,
		String	managementUrl
	)

inlineprotected

                                                                                                                                                                                 {
         LogoutAction adminAction = new LogoutAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, resource.getClientId(), adapterSessionIds, notBefore, userSessions);
         String token = session.tokens().encode(adminAction);
         if (logger.isDebugEnabled()) logger.debugv("logout resource {0} url: {1} sessionIds: " + adapterSessionIds, resource.getClientId(), managementUrl);
         URI target = UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_LOGOUT).build();
         try {
             int status = session.getProvider(HttpClientProvider.class).postText(target.toString(), token);
             boolean success = status == 204 || status == 200;
             logger.debugf("logout success for %s: %s", managementUrl, success);
             return success;
         } catch (IOException e) {
             ServicesLogger.LOGGER.logoutFailed(e, resource.getClientId());
             return false;
         }
     }

◆ sendPushRevocationPolicyRequest()

boolean org.keycloak.services.managers.ResourceAdminManager.sendPushRevocationPolicyRequest	(	RealmModel	realm,
		ClientModel	resource,
		int	notBefore,
		String	managementUrl
	)

inlineprotected

                                                                                                                                    {
         String protocol = resource.getProtocol();
         if (protocol == null) {
             protocol = OIDCLoginProtocol.LOGIN_PROTOCOL;
         }
         LoginProtocol loginProtocol = (LoginProtocol) session.getProvider(LoginProtocol.class, protocol);
         return loginProtocol == null
           ? false
           : loginProtocol.sendPushRevocationPolicyRequest(realm, resource, notBefore, managementUrl);
     }

◆ sendTestNodeAvailabilityRequest()

boolean org.keycloak.services.managers.ResourceAdminManager.sendTestNodeAvailabilityRequest	(	RealmModel	realm,
		ClientModel	client,
		String	managementUrl
	)

inlineprotected

                                                                                                                   {
         TestAvailabilityAction adminAction = new TestAvailabilityAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, client.getClientId());
         String token = session.tokens().encode(adminAction);
         logger.debugv("testNodes availability resource: {0} url: {1}", client.getClientId(), managementUrl);
         URI target = UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_TEST_AVAILABLE).build();
         try {
             int status = session.getProvider(HttpClientProvider.class).postText(target.toString(), token);
             boolean success = status == 204 || status == 200;
             logger.debugf("testAvailability success for %s: %s", managementUrl, success);
             return success;
         } catch (IOException e) {
             ServicesLogger.LOGGER.availabilityTestFailed(managementUrl);
             return false;
         }
    }

◆ testNodesAvailability()

GlobalRequestResult org.keycloak.services.managers.ResourceAdminManager.testNodesAvailability	(	URI	requestUri,
		RealmModel	realm,
		ClientModel	client
	)

inline

                                                                                                            {
         List<String> mgmtUrls = getAllManagementUrls(requestUri, client);
         if (mgmtUrls.isEmpty()) {
             logger.debug("No management URL or no registered cluster nodes for the application " + client.getClientId());
             return new GlobalRequestResult();
         }
 
 
         if (logger.isDebugEnabled()) logger.debug("Sending test nodes availability: " + mgmtUrls);
 
         // Propagate this to all hosts
         GlobalRequestResult result = new GlobalRequestResult();
         for (String mgmtUrl : mgmtUrls) {
             if (sendTestNodeAvailabilityRequest(realm, client, mgmtUrl)) {
                 result.addSuccessRequest(mgmtUrl);
             } else {
                 result.addFailedRequest(mgmtUrl);
             }
         }
         return result;
     }

メンバ詳解

◆ CLIENT_SESSION_HOST_PROPERTY

final String org.keycloak.services.managers.ResourceAdminManager.CLIENT_SESSION_HOST_PROPERTY = "${application.session.host}"

staticprivate

◆ logger

final Logger org.keycloak.services.managers.ResourceAdminManager.logger = Logger.getLogger(ResourceAdminManager.class)

staticprivate

◆ session

KeycloakSession org.keycloak.services.managers.ResourceAdminManager.session

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java

公開メンバ関数

静的公開メンバ関数

限定公開メンバ関数

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ ResourceAdminManager()

関数詳解

◆ getAllManagementUrls()

◆ getManagementUrl()

◆ logoutAll()

◆ logoutClient() [1/2]

◆ logoutClient() [2/2]

◆ logoutClientSession()

◆ logoutClientSessions()

◆ logoutUser()

◆ logoutUserSessions()

◆ pushClientRevocationPolicy()

◆ pushRealmRevocationPolicy()

◆ pushRevocationPolicy()

◆ putClientSessions()

◆ resolveUri()

◆ sendLogoutRequest()

◆ sendPushRevocationPolicyRequest()

◆ sendTestNodeAvailabilityRequest()

◆ testNodesAvailability()

メンバ詳解

◆ CLIENT_SESSION_HOST_PROPERTY

◆ logger

◆ session