org.keycloak.authorization.protection.policy.UserManagedPermissionService クラス

org.keycloak.authorization.protection.policy.UserManagedPermissionService 連携図

公開メンバ関数
	UserManagedPermissionService (KeycloakIdentity identity, ResourceServer resourceServer, AuthorizationProvider authorization, AdminEventBuilder eventBuilder)
Response	create (@PathParam("resourceId") String resourceId, UmaPermissionRepresentation representation)
Response	update (@PathParam("policyId") String policyId, String payload)
Response	delete (@PathParam("policyId") String policyId)
Response	findById (@PathParam("policyId") String policyId)
Response	find (@QueryParam("name") String name, @QueryParam("resource") String resource, @QueryParam("scope") String scope, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResult)

非公開メンバ関数
Policy	getPolicy (@PathParam("policyId") String policyId)
void	checkRequest (String resourceId, UmaPermissionRepresentation representation)
String	getAssociatedResourceId (String policyId)

非公開変数類
final ResourceServer	resourceServer
final Identity	identity
final AuthorizationProvider	authorization
final PermissionService	delegate

詳解

著者

Federico M. Facca

構築子と解体子

UserManagedPermissionService()

org.keycloak.authorization.protection.policy.UserManagedPermissionService.UserManagedPermissionService ( KeycloakIdentity  identity, ResourceServer  resourceServer, AuthorizationProvider  authorization, AdminEventBuilder  eventBuilder  )

inline

                                                                                                                                                                       {
        this.identity = identity;
        this.resourceServer = resourceServer;
        this.authorization = authorization;
        delegate = new PermissionService(resourceServer, authorization, null, eventBuilder);
        ResteasyProviderFactory.getInstance().injectProperties(delegate);
    }

関数詳解

checkRequest()

void org.keycloak.authorization.protection.policy.UserManagedPermissionService.checkRequest ( String  resourceId, UmaPermissionRepresentation  representation  )

inlineprivate

                                                                                             {
        ResourceStore resourceStore = this.authorization.getStoreFactory().getResourceStore();
        Resource resource = resourceStore.findById(resourceId, resourceServer.getId());

        if (resource == null) {
            throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Resource [" + resourceId + "] cannot be found", Response.Status.BAD_REQUEST);
        }

        if (!resource.getOwner().equals(identity.getId())) {
            throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Only resource owner can access policies for resource [" + resourceId + "]", Status.BAD_REQUEST);
        }

        if (!resource.isOwnerManagedAccess()) {
            throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Only resources with owner managed accessed can have policies", Status.BAD_REQUEST);
        }

        if (!resourceServer.isAllowRemoteResourceManagement()) {
            throw new ErrorResponseException(OAuthErrorException.REQUEST_NOT_SUPPORTED, "Remote Resource Management not enabled on resource server [" + resourceServer.getId() + "]", Status.FORBIDDEN);
        }

        if (representation != null) {
            Set<String> resourceScopes = resource.getScopes().stream().map(scope -> scope.getName()).collect(Collectors.toSet());
            Set<String> scopes = representation.getScopes();

            if (scopes == null || scopes.isEmpty()) {
                scopes = resourceScopes;
                representation.setScopes(scopes);
            }

            if (!resourceScopes.containsAll(scopes)) {
                throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Some of the scopes [" + scopes + "] are not valid for resource [" + resourceId + "]", Response.Status.BAD_REQUEST);
            }
        }
    }

create()

Response org.keycloak.authorization.protection.policy.UserManagedPermissionService.create ( @PathParam("resourceId") String  resourceId, UmaPermissionRepresentation  representation  )

inline

                                                                                                                   {
        if (representation.getId() != null) {
            throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Newly created uma policies should not have an id", Response.Status.BAD_REQUEST);
        }

        checkRequest(resourceId, representation);

        representation.addResource(resourceId);
        representation.setOwner(identity.getId());

        return findById(delegate.create(representation).getId());
    }

delete()

Response org.keycloak.authorization.protection.policy.UserManagedPermissionService.delete ( @PathParam("policyId") String  policyId )

inline

                                                                   {
        checkRequest(getAssociatedResourceId(policyId), null);
        PolicyTypeResourceService.class.cast(delegate.getResource(policyId)).delete();
        return Response.noContent().build();
    }

find()

Response org.keycloak.authorization.protection.policy.UserManagedPermissionService.find ( @QueryParam("name") String  name, @QueryParam("resource") String  resource, @QueryParam("scope") String  scope, @QueryParam("first") Integer  firstResult, @QueryParam("max") Integer  maxResult  )

inline

                                                               {
        return  delegate.findAll(null, name, "uma", resource, scope, true, identity.getId(), firstResult, maxResult);
    }

findById()

Response org.keycloak.authorization.protection.policy.UserManagedPermissionService.findById ( @PathParam("policyId") String  policyId )

inline

                                                                     {
        checkRequest(getAssociatedResourceId(policyId), null);
        return PolicyTypeResourceService.class.cast(delegate.getResource(policyId)).findById();
    }

getAssociatedResourceId()

String org.keycloak.authorization.protection.policy.UserManagedPermissionService.getAssociatedResourceId ( String  policyId )

inlineprivate

                                                            {
        return getPolicy(policyId).getResources().iterator().next().getId();
    }

getPolicy()

Policy org.keycloak.authorization.protection.policy.UserManagedPermissionService.getPolicy ( @PathParam("policyId") String  policyId )

inlineprivate

                                                                     {
        Policy existing = authorization.getStoreFactory().getPolicyStore().findById(policyId, resourceServer.getId());

        if (existing == null) {
            throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Policy with [" + policyId + "] does not exist", Status.NOT_FOUND);
        }

        return existing;
    }

update()

Response org.keycloak.authorization.protection.policy.UserManagedPermissionService.update ( @PathParam("policyId") String  policyId, String  payload  )

inline

                                                                                   {
        UmaPermissionRepresentation representation;

        try {
            representation = JsonSerialization.readValue(payload, UmaPermissionRepresentation.class);
        } catch (IOException e) {
            throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Failed to parse representation", Status.BAD_REQUEST);
        }

        checkRequest(getAssociatedResourceId(policyId), representation);

        return PolicyTypeResourceService.class.cast(delegate.getResource(policyId)).update(payload);
    }

メンバ詳解

authorization

final AuthorizationProvider org.keycloak.authorization.protection.policy.UserManagedPermissionService.authorization

private

delegate

final PermissionService org.keycloak.authorization.protection.policy.UserManagedPermissionService.delegate

private

identity

final Identity org.keycloak.authorization.protection.policy.UserManagedPermissionService.identity

private

resourceServer

final ResourceServer org.keycloak.authorization.protection.policy.UserManagedPermissionService.resourceServer

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authorization/protection/policy/UserManagedPermissionService.java