org.keycloak.authorization.protection.ProtectionService クラス

org.keycloak.authorization.protection.ProtectionService 連携図

公開メンバ関数
	ProtectionService (AuthorizationProvider authorization)
Object	resource ()
Object	permission ()
Object	ticket ()
Object	policy ()

限定公開変数類
ClientConnection	clientConnection

非公開メンバ関数
AdminEventBuilder	createAdminEventBuilder (KeycloakIdentity identity, ResourceServer resourceServer)
KeycloakIdentity	createIdentity (boolean checkProtectionScope)
ResourceServer	getResourceServer (KeycloakIdentity identity)

非公開変数類
KeycloakSession	session
final AuthorizationProvider	authorization

詳解

著者

Pedro Igor

構築子と解体子

ProtectionService()

org.keycloak.authorization.protection.ProtectionService.ProtectionService ( AuthorizationProvider  authorization )

inline

                                                                  {
        this.authorization = authorization;
    }

関数詳解

createAdminEventBuilder()

AdminEventBuilder org.keycloak.authorization.protection.ProtectionService.createAdminEventBuilder ( KeycloakIdentity  identity, ResourceServer  resourceServer  )

inlineprivate

                                                                                                                {
        RealmModel realm = authorization.getRealm();
        ClientModel client = realm.getClientById(resourceServer.getId());
        KeycloakSession keycloakSession = authorization.getKeycloakSession();
        UserModel serviceAccount = keycloakSession.users().getServiceAccount(client);
        AdminEventBuilder adminEvent = new AdminEventBuilder(realm, new AdminAuth(realm, identity.getAccessToken(), serviceAccount, client), keycloakSession, clientConnection);
        return adminEvent.realm(realm).authClient(client).authUser(serviceAccount);
    }

createIdentity()

KeycloakIdentity org.keycloak.authorization.protection.ProtectionService.createIdentity ( boolean  checkProtectionScope )

inlineprivate

                                                                          {
        KeycloakIdentity identity = new KeycloakIdentity(this.authorization.getKeycloakSession());
        ResourceServer resourceServer = getResourceServer(identity);
        KeycloakSession keycloakSession = authorization.getKeycloakSession();
        RealmModel realm = keycloakSession.getContext().getRealm();
        ClientModel client = realm.getClientById(resourceServer.getId());

        if (checkProtectionScope) {
            if (!identity.hasClientRole(client.getClientId(), "uma_protection")) {
                throw new ErrorResponseException(OAuthErrorException.INVALID_SCOPE, "Requires uma_protection scope.", Status.FORBIDDEN);
            }
        }

        return identity;
    }

getResourceServer()

ResourceServer org.keycloak.authorization.protection.ProtectionService.getResourceServer ( KeycloakIdentity  identity )

inlineprivate

                                                                        {
        String clientId = identity.getAccessToken().getIssuedFor();
        RealmModel realm = authorization.getKeycloakSession().getContext().getRealm();
        ClientModel clientModel = realm.getClientByClientId(clientId);

        if (clientModel == null) {
            clientModel = realm.getClientById(clientId);

            if (clientModel == null) {
                throw new ErrorResponseException("invalid_clientId", "Client application with id [" + clientId + "] does not exist in realm [" + realm.getName() + "]", Status.BAD_REQUEST);
            }
        }

        ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());

        if (resourceServer == null) {
            throw new ErrorResponseException("invalid_clientId", "Client application [" + clientModel.getClientId() + "] is not registered as a resource server.", Status.FORBIDDEN);
        }

        return resourceServer;
    }

permission()

Object org.keycloak.authorization.protection.ProtectionService.permission ( )

inline

                               {
        KeycloakIdentity identity = createIdentity(false);

        PermissionService resource = new PermissionService(identity, getResourceServer(identity), this.authorization);

        ResteasyProviderFactory.getInstance().injectProperties(resource);

        return resource;
    }

policy()

Object org.keycloak.authorization.protection.ProtectionService.policy ( )

inline

                           {
        KeycloakIdentity identity = createIdentity(false);

        UserManagedPermissionService resource = new UserManagedPermissionService(identity, getResourceServer(identity), this.authorization, createAdminEventBuilder(identity, getResourceServer(identity)));

        ResteasyProviderFactory.getInstance().injectProperties(resource);

        return resource;
    }

resource()

Object org.keycloak.authorization.protection.ProtectionService.resource ( )

inline

                             {
        KeycloakIdentity identity = createIdentity(true);
        ResourceServer resourceServer = getResourceServer(identity);
        ResourceSetService resourceManager = new ResourceSetService(this.session, resourceServer, this.authorization, null, createAdminEventBuilder(identity, resourceServer));

        ResteasyProviderFactory.getInstance().injectProperties(resourceManager);

        ResourceService resource = new ResourceService(this.session, resourceServer, identity, resourceManager);

        ResteasyProviderFactory.getInstance().injectProperties(resource);

        return resource;
    }

ticket()

Object org.keycloak.authorization.protection.ProtectionService.ticket ( )

inline

                           {
        KeycloakIdentity identity = createIdentity(false);

        PermissionTicketService resource = new PermissionTicketService(identity, getResourceServer(identity), this.authorization);

        ResteasyProviderFactory.getInstance().injectProperties(resource);

        return resource;
    }

メンバ詳解

authorization

final AuthorizationProvider org.keycloak.authorization.protection.ProtectionService.authorization

private

clientConnection

ClientConnection org.keycloak.authorization.protection.ProtectionService.clientConnection

protected

session

KeycloakSession org.keycloak.authorization.protection.ProtectionService.session

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java