org.keycloak.services.resources.admin.RoleMapperResource 連携図

公開メンバ関数
	RoleMapperResource (RealmModel realm, AdminPermissionEvaluator auth, RoleMapperModel roleMapper, AdminEventBuilder adminEvent, AdminPermissionEvaluator.RequirePermissionCheck manageCheck, AdminPermissionEvaluator.RequirePermissionCheck viewCheck)

MappingsRepresentation	getRoleMappings ()

List< RoleRepresentation >	getRealmRoleMappings ()

List< RoleRepresentation >	getCompositeRealmRoleMappings ()

List< RoleRepresentation >	getAvailableRealmRoleMappings ()

void	addRealmRoleMappings (List< RoleRepresentation > roles)

void	deleteRealmRoleMappings (List< RoleRepresentation > roles)

ClientRoleMappingsResource	getUserClientRoleMappingsResource (@PathParam("client") String client)

限定公開変数類
RealmModel	realm

AdminPermissionEvaluator.RequirePermissionCheck	managePermission

AdminPermissionEvaluator.RequirePermissionCheck	viewPermission

ClientConnection	clientConnection

KeycloakSession	session

HttpHeaders	headers

静的限定公開変数類
static final Logger	logger = Logger.getLogger(RoleMapperResource.class)

非公開メンバ関数
boolean	canMapRole (RoleModel roleModel)

非公開変数類
RoleMapperModel	roleMapper

AdminEventBuilder	adminEvent

AdminPermissionEvaluator	auth

詳解

Base resource for managing users

Role Mapper

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ RoleMapperResource()

org.keycloak.services.resources.admin.RoleMapperResource.RoleMapperResource	(	RealmModel	realm,
		AdminPermissionEvaluator	auth,
		RoleMapperModel	roleMapper,
		AdminEventBuilder	adminEvent,
		AdminPermissionEvaluator.RequirePermissionCheck	manageCheck,
		AdminPermissionEvaluator.RequirePermissionCheck	viewCheck
	)

inline

                                                                                          {
         this.auth = auth;
         this.realm = realm;
         this.adminEvent = adminEvent.resource(ResourceType.REALM_ROLE_MAPPING);
         this.roleMapper = roleMapper;
         this.managePermission = manageCheck;
         this.viewPermission = viewCheck;
 
     }

関数詳解

◆ addRealmRoleMappings()

void org.keycloak.services.resources.admin.RoleMapperResource.addRealmRoleMappings ( List< RoleRepresentation > roles )

inline

Add realm-level role mappings to the user

引数

roles Roles to add

                                                                      {
         managePermission.require();
 
         logger.debugv("** addRealmRoleMappings: {0}", roles);
 
         for (RoleRepresentation role : roles) {
             RoleModel roleModel = realm.getRole(role.getName());
             if (roleModel == null || !roleModel.getId().equals(role.getId())) {
                 throw new NotFoundException("Role not found");
             }
             auth.roles().requireMapRole(roleModel);
             roleMapper.grantRole(roleModel);
         }
 
         adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(roles).success();
     }

◆ canMapRole()

boolean org.keycloak.services.resources.admin.RoleMapperResource.canMapRole ( RoleModel roleModel )

inlineprivate

                                                     {
         return auth.roles().canMapRole(roleModel);
     }

◆ deleteRealmRoleMappings()

void org.keycloak.services.resources.admin.RoleMapperResource.deleteRealmRoleMappings ( List< RoleRepresentation > roles )

inline

Delete realm-level role mappings

引数

roles

                                                                         {
         managePermission.require();
 
         logger.debug("deleteRealmRoleMappings");
         if (roles == null) {
             Set<RoleModel> roleModels = roleMapper.getRealmRoleMappings();
             roles = new LinkedList<>();
 
             for (RoleModel roleModel : roleModels) {
                 auth.roles().requireMapRole(roleModel);
                 roleMapper.deleteRoleMapping(roleModel);
                 roles.add(ModelToRepresentation.toRepresentation(roleModel));
             }
 
         } else {
             for (RoleRepresentation role : roles) {
                 RoleModel roleModel = realm.getRole(role.getName());
                 if (roleModel == null || !roleModel.getId().equals(role.getId())) {
                     throw new NotFoundException("Role not found");
                 }
                 auth.roles().requireMapRole(roleModel);
                 try {
                     roleMapper.deleteRoleMapping(roleModel);
                 } catch (ModelException me) {
                     Properties messages = AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale());
                     throw new ErrorResponseException(me.getMessage(), MessageFormat.format(messages.getProperty(me.getMessage(), me.getMessage()), me.getParameters()),
                             Response.Status.BAD_REQUEST);
                 }
             }
 
         }
 
         adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
 
     }

◆ getAvailableRealmRoleMappings()

List<RoleRepresentation> org.keycloak.services.resources.admin.RoleMapperResource.getAvailableRealmRoleMappings ( )

inline

Get realm-level roles that can be mapped

戻り値

                                                                     {
         viewPermission.require();
 
         Set<RoleModel> available = realm.getRoles();
         Set<RoleModel> set = available.stream().filter(r ->
             canMapRole(r)
         ).collect(Collectors.toSet());
         return ClientRoleMappingsResource.getAvailableRoles(roleMapper, set);
     }

◆ getCompositeRealmRoleMappings()

List<RoleRepresentation> org.keycloak.services.resources.admin.RoleMapperResource.getCompositeRealmRoleMappings ( )

inline

Get effective realm-level role mappings

This will recurse all composite roles to get the result.

戻り値

                                                                     {
         viewPermission.require();
 
         Set<RoleModel> roles = realm.getRoles();
         List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>();
         for (RoleModel roleModel : roles) {
             if (roleMapper.hasRole(roleModel)) {
                realmMappingsRep.add(ModelToRepresentation.toRepresentation(roleModel));
             }
         }
         return realmMappingsRep;
     }

◆ getRealmRoleMappings()

List<RoleRepresentation> org.keycloak.services.resources.admin.RoleMapperResource.getRealmRoleMappings ( )

inline

Get realm-level role mappings

戻り値

                                                            {
         viewPermission.require();
 
         Set<RoleModel> realmMappings = roleMapper.getRealmRoleMappings();
         List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>();
         for (RoleModel roleModel : realmMappings) {
             realmMappingsRep.add(ModelToRepresentation.toRepresentation(roleModel));
         }
         return realmMappingsRep;
     }

◆ getRoleMappings()

MappingsRepresentation org.keycloak.services.resources.admin.RoleMapperResource.getRoleMappings ( )

inline

Get role mappings

戻り値

                                                     {
         viewPermission.require();
 
         MappingsRepresentation all = new MappingsRepresentation();
         Set<RoleModel> realmMappings = roleMapper.getRealmRoleMappings();
         RealmManager manager = new RealmManager(session);
         if (realmMappings.size() > 0) {
             List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
             for (RoleModel roleModel : realmMappings) {
                 realmRep.add(ModelToRepresentation.toRepresentation(roleModel));
             }
             all.setRealmMappings(realmRep);
         }
 
         List<ClientModel> clients = realm.getClients();
         if (clients.size() > 0) {
             Map<String, ClientMappingsRepresentation> appMappings = new HashMap<String, ClientMappingsRepresentation>();
             for (ClientModel client : clients) {
                 Set<RoleModel> roleMappings = roleMapper.getClientRoleMappings(client);
                 if (roleMappings.size() > 0) {
                     ClientMappingsRepresentation mappings = new ClientMappingsRepresentation();
                     mappings.setId(client.getId());
                     mappings.setClient(client.getClientId());
                     List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
                     mappings.setMappings(roles);
                     for (RoleModel role : roleMappings) {
                         roles.add(ModelToRepresentation.toRepresentation(role));
                     }
                     appMappings.put(client.getClientId(), mappings);
                     all.setClientMappings(appMappings);
                 }
             }
         }
         return all;
     }

◆ getUserClientRoleMappingsResource()

ClientRoleMappingsResource org.keycloak.services.resources.admin.RoleMapperResource.getUserClientRoleMappingsResource ( @PathParam("client") String client )

inline

                                                                                                             {
         ClientModel clientModel = realm.getClientById(client);
         if (clientModel == null) {
             throw new NotFoundException("Client not found");
         }
         ClientRoleMappingsResource resource = new ClientRoleMappingsResource(session.getContext().getUri(), session, realm, auth, roleMapper,
                 clientModel, adminEvent,
                 managePermission, viewPermission);
         return resource;
 
     }

メンバ詳解

◆ adminEvent

AdminEventBuilder org.keycloak.services.resources.admin.RoleMapperResource.adminEvent

private

◆ auth

AdminPermissionEvaluator org.keycloak.services.resources.admin.RoleMapperResource.auth

private

◆ clientConnection

ClientConnection org.keycloak.services.resources.admin.RoleMapperResource.clientConnection

protected

◆ headers

HttpHeaders org.keycloak.services.resources.admin.RoleMapperResource.headers

protected

◆ logger

final Logger org.keycloak.services.resources.admin.RoleMapperResource.logger = Logger.getLogger(RoleMapperResource.class)

staticprotected

◆ managePermission

AdminPermissionEvaluator.RequirePermissionCheck org.keycloak.services.resources.admin.RoleMapperResource.managePermission

protected

◆ realm

RealmModel org.keycloak.services.resources.admin.RoleMapperResource.realm

protected

◆ roleMapper

RoleMapperModel org.keycloak.services.resources.admin.RoleMapperResource.roleMapper

private

◆ session

KeycloakSession org.keycloak.services.resources.admin.RoleMapperResource.session

protected

◆ viewPermission

AdminPermissionEvaluator.RequirePermissionCheck org.keycloak.services.resources.admin.RoleMapperResource.viewPermission

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java

公開メンバ関数

限定公開変数類

静的限定公開変数類

非公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ RoleMapperResource()

関数詳解

◆ addRealmRoleMappings()

◆ canMapRole()

◆ deleteRealmRoleMappings()

◆ getAvailableRealmRoleMappings()

◆ getCompositeRealmRoleMappings()

◆ getRealmRoleMappings()

◆ getRoleMappings()

◆ getUserClientRoleMappingsResource()

メンバ詳解

◆ adminEvent

◆ auth

◆ clientConnection

◆ headers

◆ logger

◆ managePermission

◆ realm

◆ roleMapper

◆ session

◆ viewPermission