org.keycloak.services.resources.admin.RoleContainerResource クラス

org.keycloak.services.resources.admin.RoleContainerResource の継承関係図

org.keycloak.services.resources.admin.RoleContainerResource 連携図

公開メンバ関数
	RoleContainerResource (KeycloakSession session, UriInfo uriInfo, RealmModel realm, AdminPermissionEvaluator auth, RoleContainerModel roleContainer, AdminEventBuilder adminEvent)
List< RoleRepresentation >	getRoles ()
Response	createRole (final RoleRepresentation rep)
RoleRepresentation	getRole (final @PathParam("role-name") String roleName)
void	deleteRole (final @PathParam("role-name") String roleName)
Response	updateRole (final @PathParam("role-name") String roleName, final RoleRepresentation rep)
void	addComposites (final @PathParam("role-name") String roleName, List< RoleRepresentation > roles)
Set< RoleRepresentation >	getRoleComposites (final @PathParam("role-name") String roleName)
Set< RoleRepresentation >	getRealmRoleComposites (final @PathParam("role-name") String roleName)
Set< RoleRepresentation >	getClientRoleComposites (final @PathParam("role-name") String roleName, final @PathParam("client") String client)
void	deleteComposites (final @PathParam("role-name") String roleName, List< RoleRepresentation > roles)
ManagementPermissionReference	getManagementPermissions (final @PathParam("role-name") String roleName)
ManagementPermissionReference	setManagementPermissionsEnabled (final @PathParam("role-name") String roleName, ManagementPermissionReference ref)
List< UserRepresentation >	getUsersInRole (final @PathParam("role-name") String roleName, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults)

限定公開メンバ関数
RoleRepresentation	getRole (RoleModel roleModel)
void	deleteRole (RoleModel role)
void	updateRole (RoleRepresentation rep, RoleModel role)
void	addComposites (AdminPermissionEvaluator auth, AdminEventBuilder adminEvent, UriInfo uriInfo, List< RoleRepresentation > roles, RoleModel role)
Set< RoleRepresentation >	getRoleComposites (RoleModel role)
Set< RoleRepresentation >	getRealmRoleComposites (RoleModel role)
Set< RoleRepresentation >	getClientRoleComposites (ClientModel app, RoleModel role)
void	deleteComposites (AdminEventBuilder adminEvent, UriInfo uriInfo, List< RoleRepresentation > roles, RoleModel role)

限定公開変数類
AdminPermissionEvaluator	auth
RoleContainerModel	roleContainer

非公開変数類
final RealmModel	realm
AdminEventBuilder	adminEvent
UriInfo	uriInfo
KeycloakSession	session

詳解

Roles

著者

Bill Burke

バージョン

Revision

1

構築子と解体子

RoleContainerResource()

org.keycloak.services.resources.admin.RoleContainerResource.RoleContainerResource ( KeycloakSession  session, UriInfo  uriInfo, RealmModel  realm, AdminPermissionEvaluator  auth, RoleContainerModel  roleContainer, AdminEventBuilder  adminEvent  )

inline

                                                                                                                                {
        super(realm);
        this.uriInfo = uriInfo;
        this.realm = realm;
        this.auth = auth;
        this.roleContainer = roleContainer;
        this.adminEvent = adminEvent;
        this.session = session;
    }

関数詳解

addComposites() [1/2]

void org.keycloak.services.resources.admin.RoleResource.addComposites ( AdminPermissionEvaluator  auth, AdminEventBuilder  adminEvent, UriInfo  uriInfo, List< RoleRepresentation >  roles, RoleModel  role  )

inlineprotectedinherited

                                                                                                                                                               {
        for (RoleRepresentation rep : roles) {
            RoleModel composite = realm.getRoleById(rep.getId());
            if (composite == null) {
                throw new NotFoundException("Could not find composite role");
            }
            auth.roles().requireMapComposite(composite);
            role.addCompositeRole(composite);
        }

        if (role.isClientRole()) {
            adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            adminEvent.resource(ResourceType.REALM_ROLE);
        }

        adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
    }

addComposites() [2/2]

void org.keycloak.services.resources.admin.RoleContainerResource.addComposites ( final @PathParam("role-name") String  roleName, List< RoleRepresentation >  roles  )

inline

Add a composite to the role

引数

roleName	role's name (not id!)
roles

                                                                                                             {
        auth.roles().requireManage(roleContainer);
        RoleModel role = roleContainer.getRole(roleName);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        addComposites(auth, adminEvent, uriInfo, roles, role);
    }

createRole()

Response org.keycloak.services.resources.admin.RoleContainerResource.createRole ( final RoleRepresentation  rep )

inline

Create a new role for the realm or client

引数

rep

戻り値

                                                             {
        auth.roles().requireManage(roleContainer);

        if (rep.getName() == null) {
            throw new BadRequestException();
        }

        try {
            RoleModel role = roleContainer.addRole(rep.getName());
            role.setDescription(rep.getDescription());

            rep.setId(role.getId());

            if (role.isClientRole()) {
                adminEvent.resource(ResourceType.CLIENT_ROLE);
            } else {
                adminEvent.resource(ResourceType.REALM_ROLE);
            }

            adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, role.getName()).representation(rep).success();

            return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build();
        } catch (ModelDuplicateException e) {
            return ErrorResponse.exists("Role with name " + rep.getName() + " already exists");
        }
    }

deleteComposites() [1/2]

void org.keycloak.services.resources.admin.RoleResource.deleteComposites ( AdminEventBuilder  adminEvent, UriInfo  uriInfo, List< RoleRepresentation >  roles, RoleModel  role  )

inlineprotectedinherited

                                                                                                                                   {
        for (RoleRepresentation rep : roles) {
            RoleModel composite = realm.getRoleById(rep.getId());
            if (composite == null) {
                throw new NotFoundException("Could not find composite role");
            }
            role.removeCompositeRole(composite);
        }

        if (role.isClientRole()) {
            adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            adminEvent.resource(ResourceType.REALM_ROLE);
        }

        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
    }

deleteComposites() [2/2]

void org.keycloak.services.resources.admin.RoleContainerResource.deleteComposites ( final @PathParam("role-name") String  roleName, List< RoleRepresentation >  roles  )

inline

Remove roles from the role's composite

引数

roleName	role's name (not id!)
roles	roles to remove

                                                                   {

        auth.roles().requireManage(roleContainer);
        RoleModel role = roleContainer.getRole(roleName);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        deleteComposites(adminEvent, uriInfo, roles, role);
    }

deleteRole() [1/2]

void org.keycloak.services.resources.admin.RoleResource.deleteRole ( RoleModel  role )

inlineprotectedinherited

                                              {
        if (!role.getContainer().removeRole(role)) {
            throw new NotFoundException("Role not found");
        }
    }

deleteRole() [2/2]

void org.keycloak.services.resources.admin.RoleContainerResource.deleteRole ( final @PathParam("role-name") String  roleName )

inline

Delete a role by name

引数

roleName

role's name (not id!)

                                                                          {
        auth.roles().requireManage(roleContainer);
        RoleModel role = roleContainer.getRole(roleName);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        deleteRole(role);

        if (role.isClientRole()) {
            adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            adminEvent.resource(ResourceType.REALM_ROLE);
        }

        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();

    }

getClientRoleComposites() [1/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleResource.getClientRoleComposites ( ClientModel  app, RoleModel  role  )

inlineprotectedinherited

                                                                                               {
        if (!role.isComposite() || role.getComposites().size() == 0) return Collections.emptySet();

        Set<RoleRepresentation> composites = new HashSet<RoleRepresentation>(role.getComposites().size());
        for (RoleModel composite : role.getComposites()) {
            if (composite.getContainer().equals(app))
                composites.add(ModelToRepresentation.toRepresentation(composite));
        }
        return composites;
    }

getClientRoleComposites() [2/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleContainerResource.getClientRoleComposites ( final @PathParam("role-name") String  roleName, final @PathParam("client") String  client  )

inline

An app-level roles for the specified app for the role's composite

引数

roleName	role's name (not id!)
client

戻り値

                                                                                                          {
        auth.roles().requireView(roleContainer);
        RoleModel role = roleContainer.getRole(roleName);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        ClientModel clientModel = realm.getClientById(client);
        if (client == null) {
            throw new NotFoundException("Could not find client");

        }
        return getClientRoleComposites(clientModel, role);
    }

getManagementPermissions()

ManagementPermissionReference org.keycloak.services.resources.admin.RoleContainerResource.getManagementPermissions ( final @PathParam("role-name") String  roleName )

inline

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

引数

roleName

戻り値

                                                                                                                 {
        auth.roles().requireView(roleContainer);
        RoleModel role = roleContainer.getRole(roleName);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }

        AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
        if (!permissions.roles().isPermissionsEnabled(role)) {
            return new ManagementPermissionReference();
        }
        return RoleByIdResource.toMgmtRef(role, permissions);
    }

getRealmRoleComposites() [1/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleResource.getRealmRoleComposites ( RoleModel  role )

inlineprotectedinherited

                                                                             {
        if (!role.isComposite() || role.getComposites().size() == 0) return Collections.emptySet();

        Set<RoleRepresentation> composites = new HashSet<RoleRepresentation>(role.getComposites().size());
        for (RoleModel composite : role.getComposites()) {
            if (composite.getContainer() instanceof RealmModel)
                composites.add(ModelToRepresentation.toRepresentation(composite));
        }
        return composites;
    }

getRealmRoleComposites() [2/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleContainerResource.getRealmRoleComposites ( final @PathParam("role-name") String  roleName )

inline

Get realm-level roles of the role's composite

引数

roleName

role's name (not id!)

戻り値

                                                                                                         {
        auth.roles().requireView(roleContainer);
        RoleModel role = roleContainer.getRole(roleName);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        return getRealmRoleComposites(role);
    }

getRole() [1/2]

RoleRepresentation org.keycloak.services.resources.admin.RoleResource.getRole ( RoleModel  roleModel )

inlineprotectedinherited

                                                              {
        return ModelToRepresentation.toRepresentation(roleModel);
    }

getRole() [2/2]

RoleRepresentation org.keycloak.services.resources.admin.RoleContainerResource.getRole ( final @PathParam("role-name") String  roleName )

inline

Get a role by name

引数

roleName

role's name (not id!)

戻り値

                                                                                     {
        auth.roles().requireView(roleContainer);

        RoleModel roleModel = roleContainer.getRole(roleName);
        if (roleModel == null) {
            throw new NotFoundException("Could not find role");
        }

        return getRole(roleModel);
    }

getRoleComposites() [1/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleResource.getRoleComposites ( RoleModel  role )

inlineprotectedinherited

                                                                        {
        if (!role.isComposite() || role.getComposites().size() == 0) return Collections.emptySet();

        Set<RoleRepresentation> composites = new HashSet<RoleRepresentation>(role.getComposites().size());
        for (RoleModel composite : role.getComposites()) {
            composites.add(ModelToRepresentation.toRepresentation(composite));
        }
        return composites;
    }

getRoleComposites() [2/2]

Set<RoleRepresentation> org.keycloak.services.resources.admin.RoleContainerResource.getRoleComposites ( final @PathParam("role-name") String  roleName )

inline

Get composites of the role

引数

roleName

role's name (not id!)

戻り値

                                                                                                    {
        auth.roles().requireView(roleContainer);
        RoleModel role = roleContainer.getRole(roleName);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        return getRoleComposites(role);
    }

getRoles()

List<RoleRepresentation> org.keycloak.services.resources.admin.RoleContainerResource.getRoles ( )

inline

Get all roles for the realm or client

戻り値

                                               {
        auth.roles().requireList(roleContainer);

        Set<RoleModel> roleModels = roleContainer.getRoles();
        List<RoleRepresentation> roles = new ArrayList<RoleRepresentation>();
        for (RoleModel roleModel : roleModels) {
            roles.add(ModelToRepresentation.toRepresentation(roleModel));
        }
        return roles;
    }

getUsersInRole()

List<UserRepresentation> org.keycloak.services.resources.admin.RoleContainerResource.getUsersInRole ( final @PathParam("role-name") String  roleName, @QueryParam("first") Integer  firstResult, @QueryParam("max") Integer  maxResults  )

inline

Return List of Users that have the specified role name

引数

roleName
firstResult
maxResults

戻り値

initialized manage permissions reference

                                                                                           {
        
        auth.roles().requireView(roleContainer);
        firstResult = firstResult != null ? firstResult : 0;
        maxResults = maxResults != null ? maxResults : Constants.DEFAULT_MAX_RESULTS;
        
        RoleModel role = roleContainer.getRole(roleName);
        List<UserRepresentation> results = new ArrayList<UserRepresentation>();
        List<UserModel> userModels = session.users().getRoleMembers(realm, role, firstResult, maxResults);

        for (UserModel user : userModels) {
            results.add(ModelToRepresentation.toRepresentation(session, realm, user));
        }
        return results; 
        
    }    

setManagementPermissionsEnabled()

ManagementPermissionReference org.keycloak.services.resources.admin.RoleContainerResource.setManagementPermissionsEnabled ( final @PathParam("role-name") String  roleName, ManagementPermissionReference  ref  )

inline

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

引数

roleName

戻り値

initialized manage permissions reference

                                                                                                                                                           {
        auth.roles().requireManage(roleContainer);
        RoleModel role = roleContainer.getRole(roleName);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }

        AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
        permissions.roles().setPermissionsEnabled(role, ref.isEnabled());
        if (ref.isEnabled()) {
            return RoleByIdResource.toMgmtRef(role, permissions);
        } else {
            return new ManagementPermissionReference();
        }
    }

updateRole() [1/2]

void org.keycloak.services.resources.admin.RoleResource.updateRole ( RoleRepresentation  rep, RoleModel  role  )

inlineprotectedinherited

                                                                      {
        role.setName(rep.getName());
        role.setDescription(rep.getDescription());
    }

updateRole() [2/2]

Response org.keycloak.services.resources.admin.RoleContainerResource.updateRole ( final @PathParam("role-name") String  roleName, final RoleRepresentation  rep  )

inline

Update a role by name

引数

roleName	role's name (not id!)
rep

戻り値

                                                                                                            {
        auth.roles().requireManage(roleContainer);
        RoleModel role = roleContainer.getRole(roleName);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        try {
            updateRole(rep, role);

            if (role.isClientRole()) {
                adminEvent.resource(ResourceType.CLIENT_ROLE);
            } else {
                adminEvent.resource(ResourceType.REALM_ROLE);
            }

            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();

            return Response.noContent().build();
        } catch (ModelDuplicateException e) {
            return ErrorResponse.exists("Role with name " + rep.getName() + " already exists");
        }
    }

メンバ詳解

adminEvent

AdminEventBuilder org.keycloak.services.resources.admin.RoleContainerResource.adminEvent

private

auth

AdminPermissionEvaluator org.keycloak.services.resources.admin.RoleContainerResource.auth

protected

realm

final RealmModel org.keycloak.services.resources.admin.RoleContainerResource.realm

private

roleContainer

RoleContainerModel org.keycloak.services.resources.admin.RoleContainerResource.roleContainer

protected

session

KeycloakSession org.keycloak.services.resources.admin.RoleContainerResource.session

private

uriInfo

UriInfo org.keycloak.services.resources.admin.RoleContainerResource.uriInfo

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java