org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint の継承関係図

org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint 連携図

公開メンバ関数
	OpenShiftTokenReviewEndpoint (KeycloakSession session)

void	setEvent (EventBuilder event)

Response	tokenReview (OpenShiftTokenReviewRequestRepresentation reviewRequest) throws Exception

Response	tokenReview (@PathParam("client_id") String clientId, OpenShiftTokenReviewRequestRepresentation reviewRequest) throws Exception

default void	close ()

非公開メンバ関数
void	checkSsl ()

void	checkRealm ()

void	authorizeClient ()

void	error (int statusCode, String error, String description)

非公開変数類
KeycloakSession	session

TokenManager	tokenManager

EventBuilder	event

詳解

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ OpenShiftTokenReviewEndpoint()

org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint.OpenShiftTokenReviewEndpoint ( KeycloakSession session )

inline

                                                                  {
         this.session = session;
         this.tokenManager = new TokenManager();
     }

関数詳解

◆ authorizeClient()

void org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint.authorizeClient ( )

inlineprivate

                                    {
         try {
             ClientModel client = AuthorizeClientUtil.authorizeClient(session, event).getClient();
             event.client(client);
 
             if (client == null || client.isPublicClient()) {
                 error(401, Errors.INVALID_CLIENT, "Public client is not permitted to invoke token review endpoint");
             }
 
         } catch (ErrorResponseException ere) {
             error(401, Errors.INVALID_CLIENT_CREDENTIALS, ere.getErrorDescription());
         } catch (Exception e) {
             error(401, Errors.INVALID_CLIENT_CREDENTIALS, null);
         }
     }

◆ checkRealm()

void org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint.checkRealm ( )

inlineprivate

                               {
         if (!session.getContext().getRealm().isEnabled()) {
             error(401, Errors.REALM_DISABLED,null);
         }
     }

◆ checkSsl()

void org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint.checkSsl ( )

inlineprivate

                             {
         if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && session.getContext().getRealm().getSslRequired().isRequired(session.getContext().getConnection())) {
             error(401, Errors.SSL_REQUIRED, null);
         }
     }

◆ close()

default void org.keycloak.protocol.oidc.ext.OIDCExtProvider.close ( )

inlineinherited

11 {

12 }

◆ error()

void org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint.error	(	int	statusCode,
		String	error,
		String	description
	)

inlineprivate

                                                                          {
         OpenShiftTokenReviewResponseRepresentation rep = new OpenShiftTokenReviewResponseRepresentation();
         rep.getStatus().setAuthenticated(false);
 
         Response response = Response.status(statusCode).entity(rep).type(MediaType.APPLICATION_JSON_TYPE).build();
 
         event.error(error);
         event.detail(Details.REASON, description);
 
         throw new ErrorResponseException(response);
     }

◆ setEvent()

void org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint.setEvent ( EventBuilder event )

inline

org.keycloak.protocol.oidc.ext.OIDCExtProviderを実装しています。

                                              {
         this.event = event;
     }

◆ tokenReview() [1/2]

Response org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint.tokenReview ( OpenShiftTokenReviewRequestRepresentation reviewRequest ) throws Exception

inline

                                                                                                           {
         return tokenReview(null, reviewRequest);
     }

◆ tokenReview() [2/2]

Response org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint.tokenReview	(	@PathParam("client_id") String	clientId,
		OpenShiftTokenReviewRequestRepresentation	reviewRequest
	)		throws Exception

inline

                                                                                                                                                    {
         event.event(EventType.INTROSPECT_TOKEN);
 
         if (clientId != null) {
             session.setAttribute("client_id", clientId);
         }
 
         checkSsl();
         checkRealm();
         authorizeClient();
 
         RealmModel realm = session.getContext().getRealm();
 
         AccessToken token = null;
         try {
             TokenVerifier<AccessToken> verifier = TokenVerifier.create(reviewRequest.getSpec().getToken(), AccessToken.class)
                     .realmUrl(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
 
             SignatureVerifierContext verifierContext = session.getProvider(SignatureProvider.class, verifier.getHeader().getAlgorithm().name()).verifier(verifier.getHeader().getKeyId());
             verifier.verifierContext(verifierContext);
 
             verifier.verify();
             token = verifier.getToken();
         } catch (VerificationException e) {
             error(401, Errors.INVALID_TOKEN, "Token verification failure");
         }
 
         if (!tokenManager.checkTokenValidForIntrospection(session, realm, token)) {
             error(401, Errors.INVALID_TOKEN, "Token verification failure");
         }
 
         OpenShiftTokenReviewResponseRepresentation response = new OpenShiftTokenReviewResponseRepresentation();
         response.getStatus().setAuthenticated(true);
         response.getStatus().setUser(new OpenShiftTokenReviewResponseRepresentation.User());
 
         OpenShiftTokenReviewResponseRepresentation.User userRep = response.getStatus().getUser();
         userRep.setUid(token.getSubject());
         userRep.setUsername(token.getPreferredUsername());
 
         if (token.getScope() != null && !token.getScope().isEmpty()) {
             OpenShiftTokenReviewResponseRepresentation.Extra extra = new OpenShiftTokenReviewResponseRepresentation.Extra();
             extra.setScopes(token.getScope().split(" "));
             userRep.setExtra(extra);
         }
 
         if (token.getOtherClaims() != null && token.getOtherClaims().get("groups") != null) {
             List<String> groups = (List<String>) token.getOtherClaims().get("groups");
             userRep.setGroups(groups);
         }
 
         event.success();
         return Response.ok(response, MediaType.APPLICATION_JSON).build();
     }

メンバ詳解

◆ event

EventBuilder org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint.event

private

◆ session

KeycloakSession org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint.session

private

◆ tokenManager

TokenManager org.keycloak.protocol.openshift.OpenShiftTokenReviewEndpoint.tokenManager

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/openshift/OpenShiftTokenReviewEndpoint.java

公開メンバ関数

非公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ OpenShiftTokenReviewEndpoint()

関数詳解

◆ authorizeClient()

◆ checkRealm()

◆ checkSsl()

◆ close()

◆ error()

◆ setEvent()

◆ tokenReview() [1/2]

◆ tokenReview() [2/2]

メンバ詳解

◆ event

◆ session

◆ tokenManager