keycloak-service
クラス | 公開メンバ関数 | 限定公開メンバ関数 | 静的限定公開変数類 | 全メンバ一覧
org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider クラス
org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider の継承関係図
Inheritance graph
org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider 連携図
Collaboration graph

クラス

class  UmaPermissionRepresentation
 

公開メンバ関数

 RPTIntrospectionProvider (KeycloakSession session)
 
Response introspect (String token)
 
void close ()
 

限定公開メンバ関数

AccessToken verifyAccessToken (String token) throws OAuthErrorException, IOException
 

静的限定公開変数類

static final Logger LOGGER = Logger.getLogger(RPTIntrospectionProvider.class)
 

詳解

Introspects token accordingly with UMA Bearer Token Profile.

著者
Pedro Igor

構築子と解体子

◆ RPTIntrospectionProvider()

org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.RPTIntrospectionProvider ( KeycloakSession  session)
inline
47  {
48  super(session);
49  }
org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.session
final KeycloakSession session
Definition: AccessTokenIntrospectionProvider.java:41

関数詳解

◆ close()

void org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.close ( )
inline
99  {
100 
101  }

◆ introspect()

Response org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.introspect ( String  token)
inline
52  {
53  LOGGER.debug("Introspecting requesting party token");
54  try {
55  AccessToken accessToken = verifyAccessToken(token);
56 
57  ObjectNode tokenMetadata;
58 
59  if (accessToken != null) {
60  AccessToken metadata = new AccessToken();
61 
62  metadata.id(accessToken.getId());
63  metadata.setAcr(accessToken.getAcr());
64  metadata.type(accessToken.getType());
65  metadata.expiration(accessToken.getExpiration());
66  metadata.issuedAt(accessToken.getIssuedAt());
67  metadata.audience(accessToken.getAudience());
68  metadata.notBefore(accessToken.getNotBefore());
69  metadata.setRealmAccess(null);
70  metadata.setResourceAccess(null);
71 
72  tokenMetadata = JsonSerialization.createObjectNode(metadata);
73  Authorization authorization = accessToken.getAuthorization();
74 
75  if (authorization != null) {
76  Collection permissions;
77 
78  if (authorization.getPermissions() != null) {
79  permissions = authorization.getPermissions().stream().map(UmaPermissionRepresentation::new).collect(Collectors.toSet());
80  } else {
81  permissions = Collections.emptyList();
82  }
83 
84  tokenMetadata.putPOJO("permissions", permissions);
85  }
86  } else {
87  tokenMetadata = JsonSerialization.createObjectNode();
88  }
89 
90  tokenMetadata.put("active", accessToken != null);
91 
92  return Response.ok(JsonSerialization.writeValueAsBytes(tokenMetadata)).type(MediaType.APPLICATION_JSON_TYPE).build();
93  } catch (Exception e) {
94  throw new RuntimeException("Error creating token introspection response.", e);
95  }
96  }
org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.verifyAccessToken
AccessToken verifyAccessToken(String token)
Definition: AccessTokenIntrospectionProvider.java:72
org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.LOGGER
static final Logger LOGGER
Definition: RPTIntrospectionProvider.java:45

◆ verifyAccessToken()

AccessToken org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.verifyAccessToken ( String  token) throws OAuthErrorException, IOException
inlineprotectedinherited
72  {
73  AccessToken accessToken;
74 
75  try {
76  TokenVerifier<AccessToken> verifier = TokenVerifier.create(token, AccessToken.class)
77  .realmUrl(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
78 
79  SignatureVerifierContext verifierContext = session.getProvider(SignatureProvider.class, verifier.getHeader().getAlgorithm().name()).verifier(verifier.getHeader().getKeyId());
80  verifier.verifierContext(verifierContext);
81 
82  accessToken = verifier.verify().getToken();
83  } catch (VerificationException e) {
84  return null;
85  }
86 
87  RealmModel realm = this.session.getContext().getRealm();
88 
89  return tokenManager.checkTokenValidForIntrospection(session, realm, accessToken) ? accessToken : null;
90  }
org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.realm
final RealmModel realm
Definition: AccessTokenIntrospectionProvider.java:43
org.keycloak.protocol.oidc.TokenManager.checkTokenValidForIntrospection
boolean checkTokenValidForIntrospection(KeycloakSession session, RealmModel realm, AccessToken token)
Definition: TokenManager.java:215
org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.session
final KeycloakSession session
Definition: AccessTokenIntrospectionProvider.java:41
org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider.tokenManager
final TokenManager tokenManager
Definition: AccessTokenIntrospectionProvider.java:42

メンバ詳解

◆ LOGGER

final Logger org.keycloak.authorization.protection.introspect.RPTIntrospectionProvider.LOGGER = Logger.getLogger(RPTIntrospectionProvider.class)
staticprotected
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時00分08秒作成 - keycloak-service / 構成:   doxygen 1.8.13