org.keycloak.services.resources.admin.ClientRoleMappingsResource 連携図

公開メンバ関数
	ClientRoleMappingsResource (UriInfo uriInfo, KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, RoleMapperModel user, ClientModel client, AdminEventBuilder adminEvent, AdminPermissionEvaluator.RequirePermissionCheck manageCheck, AdminPermissionEvaluator.RequirePermissionCheck viewCheck)

List< RoleRepresentation >	getClientRoleMappings ()

List< RoleRepresentation >	getCompositeClientRoleMappings ()

List< RoleRepresentation >	getAvailableClientRoleMappings ()

void	addClientRoleMapping (List< RoleRepresentation > roles)

void	deleteClientRoleMapping (List< RoleRepresentation > roles)

静的公開メンバ関数
static List< RoleRepresentation >	getAvailableRoles (RoleMapperModel mapper, Set< RoleModel > available)

限定公開変数類
KeycloakSession	session

RealmModel	realm

AdminPermissionEvaluator	auth

RoleMapperModel	user

ClientModel	client

AdminEventBuilder	adminEvent

AdminPermissionEvaluator.RequirePermissionCheck	managePermission

AdminPermissionEvaluator.RequirePermissionCheck	viewPermission

静的限定公開変数類
static final Logger	logger = Logger.getLogger(ClientRoleMappingsResource.class)

非公開変数類
UriInfo	uriInfo

詳解

Client Role Mappings

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ ClientRoleMappingsResource()

org.keycloak.services.resources.admin.ClientRoleMappingsResource.ClientRoleMappingsResource	(	UriInfo	uriInfo,
		KeycloakSession	session,
		RealmModel	realm,
		AdminPermissionEvaluator	auth,
		RoleMapperModel	user,
		ClientModel	client,
		AdminEventBuilder	adminEvent,
		AdminPermissionEvaluator.RequirePermissionCheck	manageCheck,
		AdminPermissionEvaluator.RequirePermissionCheck	viewCheck
	)

inline

                                                                                                                                                                {
         this.uriInfo = uriInfo;
         this.session = session;
         this.realm = realm;
         this.auth = auth;
         this.user = user;
         this.client = client;
         this.managePermission = manageCheck;
         this.viewPermission = viewCheck;
         this.adminEvent = adminEvent.resource(ResourceType.CLIENT_ROLE_MAPPING);
     }

関数詳解

◆ addClientRoleMapping()

void org.keycloak.services.resources.admin.ClientRoleMappingsResource.addClientRoleMapping ( List< RoleRepresentation > roles )

inline

Add client-level roles to the user role mapping

引数

roles

                                                                      {
         managePermission.require();
 
         for (RoleRepresentation role : roles) {
             RoleModel roleModel = client.getRole(role.getName());
             if (roleModel == null || !roleModel.getId().equals(role.getId())) {
                 throw new NotFoundException("Role not found");
             }
             auth.roles().requireMapRole(roleModel);
             user.grantRole(roleModel);
         }
         adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
 
     }

◆ deleteClientRoleMapping()

void org.keycloak.services.resources.admin.ClientRoleMappingsResource.deleteClientRoleMapping ( List< RoleRepresentation > roles )

inline

Delete client-level roles from user role mapping

引数

roles

                                                                         {
         managePermission.require();
 
         if (roles == null) {
             Set<RoleModel> roleModels = user.getClientRoleMappings(client);
             roles = new LinkedList<>();
 
             for (RoleModel roleModel : roleModels) {
                 if (roleModel.getContainer() instanceof ClientModel) {
                     ClientModel client = (ClientModel) roleModel.getContainer();
                     if (!client.getId().equals(this.client.getId())) continue;
                 }
                 auth.roles().requireMapRole(roleModel);
                 user.deleteRoleMapping(roleModel);
                 roles.add(ModelToRepresentation.toRepresentation(roleModel));
             }
 
         } else {
             for (RoleRepresentation role : roles) {
                 RoleModel roleModel = client.getRole(role.getName());
                 if (roleModel == null || !roleModel.getId().equals(role.getId())) {
                     throw new NotFoundException("Role not found");
                 }
 
                 auth.roles().requireMapRole(roleModel);
                 try {
                     user.deleteRoleMapping(roleModel);
                 } catch (ModelException me) {
                     Properties messages = AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale());
                     throw new ErrorResponseException(me.getMessage(), MessageFormat.format(messages.getProperty(me.getMessage(), me.getMessage()), me.getParameters()),
                             Response.Status.BAD_REQUEST);
                 }
             }
         }
 
         adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
     }

◆ getAvailableClientRoleMappings()

List<RoleRepresentation> org.keycloak.services.resources.admin.ClientRoleMappingsResource.getAvailableClientRoleMappings ( )

inline

Get available client-level roles that can be mapped to the user

戻り値

                                                                      {
         viewPermission.require();
 
         Set<RoleModel> available = client.getRoles();
         available = available.stream().filter(r ->
                 auth.roles().canMapRole(r)
         ).collect(Collectors.toSet());
         return getAvailableRoles(user, available);
     }

◆ getAvailableRoles()

static List<RoleRepresentation> org.keycloak.services.resources.admin.ClientRoleMappingsResource.getAvailableRoles	(	RoleMapperModel	mapper,
		Set< RoleModel >	available
	)

inlinestatic

                                                                                                                {
         Set<RoleModel> roles = new HashSet<RoleModel>();
         for (RoleModel roleModel : available) {
             if (mapper.hasRole(roleModel)) continue;
             roles.add(roleModel);
         }
 
         List<RoleRepresentation> mappings = new ArrayList<RoleRepresentation>();
         for (RoleModel roleModel : roles) {
             mappings.add(ModelToRepresentation.toRepresentation(roleModel));
         }
         return mappings;
     }

◆ getClientRoleMappings()

List<RoleRepresentation> org.keycloak.services.resources.admin.ClientRoleMappingsResource.getClientRoleMappings ( )

inline

Get client-level role mappings for the user, and the app

戻り値

                                                             {
         viewPermission.require();
 
         Set<RoleModel> mappings = user.getClientRoleMappings(client);
         List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
         for (RoleModel roleModel : mappings) {
             mapRep.add(ModelToRepresentation.toRepresentation(roleModel));
         }
         return mapRep;
     }

◆ getCompositeClientRoleMappings()

List<RoleRepresentation> org.keycloak.services.resources.admin.ClientRoleMappingsResource.getCompositeClientRoleMappings ( )

inline

Get effective client-level role mappings

This recurses any composite roles

戻り値

                                                                      {
         viewPermission.require();
 
 
         Set<RoleModel> roles = client.getRoles();
         List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
         for (RoleModel roleModel : roles) {
             if (user.hasRole(roleModel)) mapRep.add(ModelToRepresentation.toRepresentation(roleModel));
         }
         return mapRep;
     }

メンバ詳解

◆ adminEvent

AdminEventBuilder org.keycloak.services.resources.admin.ClientRoleMappingsResource.adminEvent

protected

◆ auth

AdminPermissionEvaluator org.keycloak.services.resources.admin.ClientRoleMappingsResource.auth

protected

◆ client

ClientModel org.keycloak.services.resources.admin.ClientRoleMappingsResource.client

protected

◆ logger

final Logger org.keycloak.services.resources.admin.ClientRoleMappingsResource.logger = Logger.getLogger(ClientRoleMappingsResource.class)

staticprotected

◆ managePermission

AdminPermissionEvaluator.RequirePermissionCheck org.keycloak.services.resources.admin.ClientRoleMappingsResource.managePermission

protected

◆ realm

RealmModel org.keycloak.services.resources.admin.ClientRoleMappingsResource.realm

protected

◆ session

KeycloakSession org.keycloak.services.resources.admin.ClientRoleMappingsResource.session

protected

◆ uriInfo

UriInfo org.keycloak.services.resources.admin.ClientRoleMappingsResource.uriInfo

private

◆ user

RoleMapperModel org.keycloak.services.resources.admin.ClientRoleMappingsResource.user

protected

◆ viewPermission

AdminPermissionEvaluator.RequirePermissionCheck org.keycloak.services.resources.admin.ClientRoleMappingsResource.viewPermission

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/resources/admin/ClientRoleMappingsResource.java

公開メンバ関数

静的公開メンバ関数

限定公開変数類

静的限定公開変数類

非公開変数類

詳解

構築子と解体子

◆ ClientRoleMappingsResource()

関数詳解

◆ addClientRoleMapping()

◆ deleteClientRoleMapping()

◆ getAvailableClientRoleMappings()

◆ getAvailableRoles()

◆ getClientRoleMappings()

◆ getCompositeClientRoleMappings()

メンバ詳解

◆ adminEvent

◆ auth

◆ client

◆ logger

◆ managePermission

◆ realm

◆ session

◆ uriInfo

◆ user

◆ viewPermission