keycloak-service
公開メンバ関数 | 静的公開メンバ関数 | 限定公開変数類 | 全メンバ一覧
org.keycloak.services.resources.admin.ScopeMappedResource クラス
org.keycloak.services.resources.admin.ScopeMappedResource 連携図
Collaboration graph

公開メンバ関数

 ScopeMappedResource (RealmModel realm, AdminPermissionEvaluator auth, ScopeContainerModel scopeContainer, KeycloakSession session, AdminEventBuilder adminEvent, AdminPermissionEvaluator.RequirePermissionCheck managePermission, AdminPermissionEvaluator.RequirePermissionCheck viewPermission)
 
MappingsRepresentation getScopeMappings ()
 
List< RoleRepresentation > getRealmScopeMappings ()
 
List< RoleRepresentation > getAvailableRealmScopeMappings ()
 
List< RoleRepresentation > getCompositeRealmScopeMappings ()
 
void addRealmScopeMappings (List< RoleRepresentation > roles)
 
void deleteRealmScopeMappings (List< RoleRepresentation > roles)
 
ScopeMappedClientResource getClientByIdScopeMappings (@PathParam("client") String client)
 

静的公開メンバ関数

static List< RoleRepresentation > getAvailable (AdminPermissionEvaluator auth, ScopeContainerModel client, Set< RoleModel > roles)
 
static List< RoleRepresentation > getComposite (ScopeContainerModel client, Set< RoleModel > roles)
 

限定公開変数類

RealmModel realm
 
AdminPermissionEvaluator auth
 
AdminPermissionEvaluator.RequirePermissionCheck managePermission
 
AdminPermissionEvaluator.RequirePermissionCheck viewPermission
 
ScopeContainerModel scopeContainer
 
KeycloakSession session
 
AdminEventBuilder adminEvent
 

詳解

Base class for managing the scope mappings of a specific client.

Scope Mappings

著者
Bill Burke
バージョン
Revision
1

構築子と解体子

◆ ScopeMappedResource()

org.keycloak.services.resources.admin.ScopeMappedResource.ScopeMappedResource ( RealmModel  realm,
AdminPermissionEvaluator  auth,
ScopeContainerModel  scopeContainer,
KeycloakSession  session,
AdminEventBuilder  adminEvent,
AdminPermissionEvaluator.RequirePermissionCheck  managePermission,
AdminPermissionEvaluator.RequirePermissionCheck  viewPermission 
)
inline
71  {
72  this.realm = realm;
73  this.auth = auth;
74  this.scopeContainer = scopeContainer;
75  this.session = session;
76  this.adminEvent = adminEvent.resource(ResourceType.REALM_SCOPE_MAPPING);
77  this.managePermission = managePermission;
78  this.viewPermission = viewPermission;
79  }
org.keycloak.services.resources.admin.ScopeMappedResource.session
KeycloakSession session
Definition: ScopeMappedResource.java:65
org.keycloak.services.resources.admin.AdminEventBuilder.resource
AdminEventBuilder resource(ResourceType resourceType)
Definition: AdminEventBuilder.java:118
org.keycloak.services.resources.admin.ScopeMappedResource.auth
AdminPermissionEvaluator auth
Definition: ScopeMappedResource.java:60
org.keycloak.services.resources.admin.ScopeMappedResource.viewPermission
AdminPermissionEvaluator.RequirePermissionCheck viewPermission
Definition: ScopeMappedResource.java:62
org.keycloak.services.resources.admin.ScopeMappedResource.managePermission
AdminPermissionEvaluator.RequirePermissionCheck managePermission
Definition: ScopeMappedResource.java:61
org.keycloak.services.resources.admin.ScopeMappedResource.adminEvent
AdminEventBuilder adminEvent
Definition: ScopeMappedResource.java:66
org.keycloak.services.resources.admin.ScopeMappedResource.realm
RealmModel realm
Definition: ScopeMappedResource.java:59
org.keycloak.services.resources.admin.ScopeMappedResource.scopeContainer
ScopeContainerModel scopeContainer
Definition: ScopeMappedResource.java:64

関数詳解

◆ addRealmScopeMappings()

void org.keycloak.services.resources.admin.ScopeMappedResource.addRealmScopeMappings ( List< RoleRepresentation >  roles)
inline

Add a set of realm-level roles to the client's scope

引数
roles
222  {
223  managePermission.require();
224 
225  if (scopeContainer == null) {
226  throw new NotFoundException("Could not find client");
227  }
228 
229  for (RoleRepresentation role : roles) {
230  RoleModel roleModel = realm.getRoleById(role.getId());
231  if (roleModel == null) {
232  throw new NotFoundException("Role not found");
233  }
234  scopeContainer.addScopeMapping(roleModel);
235  }
236 
237  adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(roles).success();
238  }
org.keycloak.services.resources.admin.ScopeMappedResource.session
KeycloakSession session
Definition: ScopeMappedResource.java:65
org.keycloak.services.resources.admin.AdminEventBuilder.operation
AdminEventBuilder operation(OperationType operationType)
Definition: AdminEventBuilder.java:113
org.keycloak.services.resources.admin.ScopeMappedResource.managePermission
AdminPermissionEvaluator.RequirePermissionCheck managePermission
Definition: ScopeMappedResource.java:61
org.keycloak.services.resources.admin.AdminEventBuilder.success
void success()
Definition: AdminEventBuilder.java:226
org.keycloak.services.resources.admin.ScopeMappedResource.adminEvent
AdminEventBuilder adminEvent
Definition: ScopeMappedResource.java:66
org.keycloak.services.resources.admin.AdminEventBuilder.resourcePath
AdminEventBuilder resourcePath(String... pathElements)
Definition: AdminEventBuilder.java:171
org.keycloak.services.resources.admin.ScopeMappedResource.realm
RealmModel realm
Definition: ScopeMappedResource.java:59
org.keycloak.services.resources.admin.ScopeMappedResource.scopeContainer
ScopeContainerModel scopeContainer
Definition: ScopeMappedResource.java:64

◆ deleteRealmScopeMappings()

void org.keycloak.services.resources.admin.ScopeMappedResource.deleteRealmScopeMappings ( List< RoleRepresentation >  roles)
inline

Remove a set of realm-level roles from the client's scope

引数
roles
248  {
249  managePermission.require();
250 
251  if (scopeContainer == null) {
252  throw new NotFoundException("Could not find client");
253  }
254 
255  if (roles == null) {
256  Set<RoleModel> roleModels = scopeContainer.getRealmScopeMappings();
257  roles = new LinkedList<>();
258 
259  for (RoleModel roleModel : roleModels) {
260  scopeContainer.deleteScopeMapping(roleModel);
261  roles.add(ModelToRepresentation.toRepresentation(roleModel));
262  }
263 
264  } else {
265  for (RoleRepresentation role : roles) {
266  RoleModel roleModel = realm.getRoleById(role.getId());
267  if (roleModel == null) {
268  throw new NotFoundException("Client not found");
269  }
270  scopeContainer.deleteScopeMapping(roleModel);
271  }
272  }
273 
274  adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
275 
276  }
org.keycloak.services.resources.admin.ScopeMappedResource.session
KeycloakSession session
Definition: ScopeMappedResource.java:65
org.keycloak.services.resources.admin.AdminEventBuilder.operation
AdminEventBuilder operation(OperationType operationType)
Definition: AdminEventBuilder.java:113
org.keycloak.services.resources.admin.ScopeMappedResource.managePermission
AdminPermissionEvaluator.RequirePermissionCheck managePermission
Definition: ScopeMappedResource.java:61
org.keycloak.services.resources.admin.AdminEventBuilder.success
void success()
Definition: AdminEventBuilder.java:226
org.keycloak.services.resources.admin.ScopeMappedResource.adminEvent
AdminEventBuilder adminEvent
Definition: ScopeMappedResource.java:66
org.keycloak.services.resources.admin.AdminEventBuilder.resourcePath
AdminEventBuilder resourcePath(String... pathElements)
Definition: AdminEventBuilder.java:171
org.keycloak.services.resources.admin.ScopeMappedResource.realm
RealmModel realm
Definition: ScopeMappedResource.java:59
org.keycloak.services.resources.admin.ScopeMappedResource.scopeContainer
ScopeContainerModel scopeContainer
Definition: ScopeMappedResource.java:64

◆ getAvailable()

static List<RoleRepresentation> org.keycloak.services.resources.admin.ScopeMappedResource.getAvailable ( AdminPermissionEvaluator  auth,
ScopeContainerModel  client,
Set< RoleModel >  roles 
)
inlinestatic
172  {
173  List<RoleRepresentation> available = new ArrayList<RoleRepresentation>();
174  for (RoleModel roleModel : roles) {
175  if (client.hasScope(roleModel)) continue;
176  if (!auth.roles().canMapClientScope(roleModel)) continue;
177  available.add(ModelToRepresentation.toRepresentation(roleModel));
178  }
179  return available;
180  }
org.keycloak.services.resources.admin.ScopeMappedResource.auth
AdminPermissionEvaluator auth
Definition: ScopeMappedResource.java:60

◆ getAvailableRealmScopeMappings()

List<RoleRepresentation> org.keycloak.services.resources.admin.ScopeMappedResource.getAvailableRealmScopeMappings ( )
inline

Get realm-level roles that are available to attach to this client's scope

戻り値
161  {
162  viewPermission.require();
163 
164  if (scopeContainer == null) {
165  throw new NotFoundException("Could not find client");
166  }
167 
168  Set<RoleModel> roles = realm.getRoles();
169  return getAvailable(auth, scopeContainer, roles);
170  }
org.keycloak.services.resources.admin.ScopeMappedResource.getAvailable
static List< RoleRepresentation > getAvailable(AdminPermissionEvaluator auth, ScopeContainerModel client, Set< RoleModel > roles)
Definition: ScopeMappedResource.java:172
org.keycloak.services.resources.admin.ScopeMappedResource.auth
AdminPermissionEvaluator auth
Definition: ScopeMappedResource.java:60
org.keycloak.services.resources.admin.ScopeMappedResource.viewPermission
AdminPermissionEvaluator.RequirePermissionCheck viewPermission
Definition: ScopeMappedResource.java:62
org.keycloak.services.resources.admin.ScopeMappedResource.realm
RealmModel realm
Definition: ScopeMappedResource.java:59
org.keycloak.services.resources.admin.ScopeMappedResource.scopeContainer
ScopeContainerModel scopeContainer
Definition: ScopeMappedResource.java:64

◆ getClientByIdScopeMappings()

ScopeMappedClientResource org.keycloak.services.resources.admin.ScopeMappedResource.getClientByIdScopeMappings ( @PathParam("client") String  client)
inline
279  {
280  ClientModel clientModel = realm.getClientById(client);
281  if (clientModel == null) {
282  throw new NotFoundException("Could not find client");
283  }
284  return new ScopeMappedClientResource(realm, auth, this.scopeContainer, session, clientModel, adminEvent, managePermission, viewPermission);
285  }
org.keycloak.services.resources.admin.ScopeMappedResource.session
KeycloakSession session
Definition: ScopeMappedResource.java:65
org.keycloak.services.resources.admin.ScopeMappedResource.auth
AdminPermissionEvaluator auth
Definition: ScopeMappedResource.java:60
org.keycloak.services.resources.admin.ScopeMappedResource.viewPermission
AdminPermissionEvaluator.RequirePermissionCheck viewPermission
Definition: ScopeMappedResource.java:62
org.keycloak.services.resources.admin.ScopeMappedResource.managePermission
AdminPermissionEvaluator.RequirePermissionCheck managePermission
Definition: ScopeMappedResource.java:61
org.keycloak.services.resources.admin.ScopeMappedResource.adminEvent
AdminEventBuilder adminEvent
Definition: ScopeMappedResource.java:66
org.keycloak.services.resources.admin.ScopeMappedResource.realm
RealmModel realm
Definition: ScopeMappedResource.java:59
org.keycloak.services.resources.admin.ScopeMappedResource.scopeContainer
ScopeContainerModel scopeContainer
Definition: ScopeMappedResource.java:64

◆ getComposite()

static List<RoleRepresentation> org.keycloak.services.resources.admin.ScopeMappedResource.getComposite ( ScopeContainerModel  client,
Set< RoleModel >  roles 
)
inlinestatic
206  {
207  List<RoleRepresentation> composite = new ArrayList<RoleRepresentation>();
208  for (RoleModel roleModel : roles) {
209  if (client.hasScope(roleModel)) composite.add(ModelToRepresentation.toRepresentation(roleModel));
210  }
211  return composite;
212  }

◆ getCompositeRealmScopeMappings()

List<RoleRepresentation> org.keycloak.services.resources.admin.ScopeMappedResource.getCompositeRealmScopeMappings ( )
inline

Get effective realm-level roles associated with the client's scope

What this does is recurse any composite roles associated with the client's scope and adds the roles to this lists. The method is really to show a comprehensive total view of realm-level roles associated with the client.

戻り値
195  {
196  viewPermission.require();
197 
198  if (scopeContainer == null) {
199  throw new NotFoundException("Could not find client");
200  }
201 
202  Set<RoleModel> roles = realm.getRoles();
203  return getComposite(scopeContainer, roles);
204  }
org.keycloak.services.resources.admin.ScopeMappedResource.getComposite
static List< RoleRepresentation > getComposite(ScopeContainerModel client, Set< RoleModel > roles)
Definition: ScopeMappedResource.java:206
org.keycloak.services.resources.admin.ScopeMappedResource.viewPermission
AdminPermissionEvaluator.RequirePermissionCheck viewPermission
Definition: ScopeMappedResource.java:62
org.keycloak.services.resources.admin.ScopeMappedResource.realm
RealmModel realm
Definition: ScopeMappedResource.java:59
org.keycloak.services.resources.admin.ScopeMappedResource.scopeContainer
ScopeContainerModel scopeContainer
Definition: ScopeMappedResource.java:64

◆ getRealmScopeMappings()

List<RoleRepresentation> org.keycloak.services.resources.admin.ScopeMappedResource.getRealmScopeMappings ( )
inline

Get realm-level roles associated with the client's scope

戻り値
137  {
138  viewPermission.require();
139 
140  if (scopeContainer == null) {
141  throw new NotFoundException("Could not find client");
142  }
143 
144  Set<RoleModel> realmMappings = scopeContainer.getRealmScopeMappings();
145  List<RoleRepresentation> realmMappingsRep = new ArrayList<RoleRepresentation>();
146  for (RoleModel roleModel : realmMappings) {
147  realmMappingsRep.add(ModelToRepresentation.toRepresentation(roleModel));
148  }
149  return realmMappingsRep;
150  }
org.keycloak.services.resources.admin.ScopeMappedResource.viewPermission
AdminPermissionEvaluator.RequirePermissionCheck viewPermission
Definition: ScopeMappedResource.java:62
org.keycloak.services.resources.admin.ScopeMappedResource.scopeContainer
ScopeContainerModel scopeContainer
Definition: ScopeMappedResource.java:64

◆ getScopeMappings()

MappingsRepresentation org.keycloak.services.resources.admin.ScopeMappedResource.getScopeMappings ( )
inline

Get all scope mappings for the client

戻り値
89  {
90  viewPermission.require();
91 
92  if (scopeContainer == null) {
93  throw new NotFoundException("Could not find client");
94  }
95 
96  MappingsRepresentation all = new MappingsRepresentation();
97  Set<RoleModel> realmMappings = scopeContainer.getRealmScopeMappings();
98  if (realmMappings.size() > 0) {
99  List<RoleRepresentation> realmRep = new ArrayList<RoleRepresentation>();
100  for (RoleModel roleModel : realmMappings) {
101  realmRep.add(ModelToRepresentation.toRepresentation(roleModel));
102  }
103  all.setRealmMappings(realmRep);
104  }
105 
106  List<ClientModel> clients = realm.getClients();
107  if (clients.size() > 0) {
108  Map<String, ClientMappingsRepresentation> clientMappings = new HashMap<String, ClientMappingsRepresentation>();
109  for (ClientModel client : clients) {
110  Set<RoleModel> roleMappings = KeycloakModelUtils.getClientScopeMappings(client, this.scopeContainer); //client.getClientScopeMappings(this.client);
111  if (roleMappings.size() > 0) {
112  ClientMappingsRepresentation mappings = new ClientMappingsRepresentation();
113  mappings.setId(client.getId());
114  mappings.setClient(client.getClientId());
115  List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
116  mappings.setMappings(roles);
117  for (RoleModel role : roleMappings) {
118  roles.add(ModelToRepresentation.toRepresentation(role));
119  }
120  clientMappings.put(client.getClientId(), mappings);
121  all.setClientMappings(clientMappings);
122  }
123  }
124  }
125  return all;
126  }
org.keycloak.services.resources.admin.ScopeMappedResource.viewPermission
AdminPermissionEvaluator.RequirePermissionCheck viewPermission
Definition: ScopeMappedResource.java:62
org.keycloak.services.resources.admin.ScopeMappedResource.realm
RealmModel realm
Definition: ScopeMappedResource.java:59
org.keycloak.services.resources.admin.ScopeMappedResource.scopeContainer
ScopeContainerModel scopeContainer
Definition: ScopeMappedResource.java:64

メンバ詳解

◆ adminEvent

AdminEventBuilder org.keycloak.services.resources.admin.ScopeMappedResource.adminEvent
protected

◆ auth

AdminPermissionEvaluator org.keycloak.services.resources.admin.ScopeMappedResource.auth
protected

◆ managePermission

AdminPermissionEvaluator.RequirePermissionCheck org.keycloak.services.resources.admin.ScopeMappedResource.managePermission
protected

◆ realm

RealmModel org.keycloak.services.resources.admin.ScopeMappedResource.realm
protected

◆ scopeContainer

ScopeContainerModel org.keycloak.services.resources.admin.ScopeMappedResource.scopeContainer
protected

◆ session

KeycloakSession org.keycloak.services.resources.admin.ScopeMappedResource.session
protected

◆ viewPermission

AdminPermissionEvaluator.RequirePermissionCheck org.keycloak.services.resources.admin.ScopeMappedResource.viewPermission
protected
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時00分31秒作成 - keycloak-service / 構成:   doxygen 1.8.13