org.keycloak.protocol.oidc.mappers.AbstractUserRoleMappingMapper の継承関係図

org.keycloak.protocol.oidc.mappers.AbstractUserRoleMappingMapper 連携図

公開メンバ関数
String	getProtocol ()

void	close ()

final ProtocolMapper	create (KeycloakSession session)

void	init (Config.Scope config)

void	postInit (KeycloakSessionFactory factory)

AccessToken	transformUserInfoToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

AccessToken	transformAccessToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

IDToken	transformIDToken (IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

AccessToken	transformAccessToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

IDToken	transformIDToken (IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

AccessToken	transformUserInfoToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

静的公開メンバ関数
static Stream< RoleModel >	getAllUserRolesStream (UserModel user)

静的公開変数類
static final String	TOKEN_MAPPER_CATEGORY = "Token mapper"

限定公開メンバ関数
void	setClaim (IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession)

void	setClaim (IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession)

静的限定公開メンバ関数
static void	setClaim (IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, Predicate< RoleModel > restriction, String prefix)

静的非公開メンバ関数
static Stream< GroupModel >	groupAndItsParentsStream (GroupModel group)

詳解

Base class for mapping of user role mappings to an ID and Access Token claim.

著者: Thomas Darimont

関数詳解

◆ close()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.close ( )

inlineinherited

                         {
 
     }

◆ create()

final ProtocolMapper org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.create ( KeycloakSession session )

inlineinherited

                                                                 {
         throw new RuntimeException("UNSUPPORTED METHOD");
     }

◆ getAllUserRolesStream()

static Stream<RoleModel> org.keycloak.protocol.oidc.mappers.AbstractUserRoleMappingMapper.getAllUserRolesStream ( UserModel user )

inlinestatic

Returns a stream with roles that come from:

Direct assignment of the role to the user
Direct assignment of the role to any group of the user or any of its parent group
Composite roles are expanded recursively, the composite role itself is also contained in the returned stream

引数

user	User to enumerate the roles for

戻り値

                                                                           {
         return Stream.concat(
           user.getRoleMappings().stream(),
           user.getGroups().stream()
             .flatMap(g -> groupAndItsParentsStream(g))
             .flatMap(g -> g.getRoleMappings().stream()))
           .flatMap(RoleUtils::expandCompositeRolesStream);
     }

◆ getProtocol()

String org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.getProtocol ( )

inlineinherited

                                 {
         return OIDCLoginProtocol.LOGIN_PROTOCOL;
     }

◆ groupAndItsParentsStream()

static Stream<GroupModel> org.keycloak.protocol.oidc.mappers.AbstractUserRoleMappingMapper.groupAndItsParentsStream ( GroupModel group )

inlinestaticprivate

Returns stream of the given group and its parents (recursively).

引数

group

戻り値

                                                                                  {
         Stream.Builder<GroupModel> sb = Stream.builder();
         while (group != null) {
             sb.add(group);
             group = group.getParent();
         }
         return sb.build();
     }

◆ init()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.init ( Config.Scope config )

inlineinherited

55 {

56 }

◆ postInit()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.postInit ( KeycloakSessionFactory factory )

inlineinherited

                                                          {
 
     }

◆ setClaim() [1/3]

static void org.keycloak.protocol.oidc.mappers.AbstractUserRoleMappingMapper.setClaim	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		UserSessionModel	userSession,
		Predicate< RoleModel >	restriction,
		String	prefix
	)

inlinestaticprotected

Retrieves all roles of the current user based on direct roles set to the user, its groups and their parent groups. Then it recursively expands all composite roles, and restricts according to the given predicate

restriction

. If the current client sessions is restricted (i.e. no client found in active user session has full scope allowed), the final list of roles is also restricted by the client scope. Finally, the list is mapped to the token into a claim.

引数

token
mappingModel
userSession
restriction
prefix

                                                        {
         String rolePrefix = prefix == null ? "" : prefix;
         UserModel user = userSession.getUser();
 
         // get a set of all realm roles assigned to the user or its group
         Stream<RoleModel> clientUserRoles = getAllUserRolesStream(user).filter(restriction);
 
         boolean dontLimitScope = userSession.getAuthenticatedClientSessions().values().stream().anyMatch(cs -> cs.getClient().isFullScopeAllowed());
         if (! dontLimitScope) {
             Set<RoleModel> clientRoles = userSession.getAuthenticatedClientSessions().values().stream()
               .flatMap(cs -> cs.getClient().getScopeMappings().stream())
               .collect(Collectors.toSet());
 
             clientUserRoles = clientUserRoles.filter(clientRoles::contains);
         }
 
         List<String> realmRoleNames = clientUserRoles
           .map(m -> rolePrefix + m.getName())
           .collect(Collectors.toList());
 
         Object claimValue = realmRoleNames;
 
         boolean multiValued = "true".equals(mappingModel.getConfig().get(ProtocolMapperUtils.MULTIVALUED));
         if (!multiValued) {
             claimValue = realmRoleNames.toString();
         }
 
         OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claimValue);
     }

◆ setClaim() [2/3]

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		UserSessionModel	userSession
	)

inlineprotectedinherited

Intended to be overridden in ProtocolMapper implementations to add claims to an token.

引数

token
mappingModel
userSession

非推奨:: override setClaim(IDToken, ProtocolMapperModel, UserSessionModel, KeycloakSession) instead.

105 {

106 }

◆ setClaim() [3/3]

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		UserSessionModel	userSession,
		KeycloakSession	keycloakSession
	)

inlineprotectedinherited

Intended to be overridden in ProtocolMapper implementations to add claims to an token.

引数

token
mappingModel
userSession
keycloakSession

                                                                                                                                             {
         // we delegate to the old #setClaim(...) method for backwards compatibility
         setClaim(token, mappingModel, userSession);
     }

◆ transformAccessToken() [1/2]

AccessToken org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper.transformAccessToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inherited

org.keycloak.protocol.oidc.mappers.RoleNameMapper, org.keycloak.protocol.oidc.mappers.HardcodedRole, org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapperで実装されています。

◆ transformAccessToken() [2/2]

AccessToken org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformAccessToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inlineinherited

                                                                                                                          {
 
         if (!OIDCAttributeMapperHelper.includeInAccessToken(mappingModel)){
             return token;
         }
 
         setClaim(token, mappingModel, userSession, session);
         return token;
     }

◆ transformIDToken() [1/2]

IDToken org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper.transformIDToken	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inherited

org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapperで実装されています。

◆ transformIDToken() [2/2]

IDToken org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformIDToken	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inlineinherited

                                                                                                                  {
 
         if (!OIDCAttributeMapperHelper.includeInIDToken(mappingModel)){
             return token;
         }
 
         setClaim(token, mappingModel, userSession, session);
         return token;
     }

◆ transformUserInfoToken() [1/2]

AccessToken org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper.transformUserInfoToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inherited

org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapperで実装されています。

◆ transformUserInfoToken() [2/2]

AccessToken org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformUserInfoToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inlineinherited

                                                                                                                            {
 
         if (!OIDCAttributeMapperHelper.includeInUserInfo(mappingModel)) {
             return token;
         }
 
         setClaim(token, mappingModel, userSession, session);
         return token;
     }

メンバ詳解

◆ TOKEN_MAPPER_CATEGORY

final String org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.TOKEN_MAPPER_CATEGORY = "Token mapper"

staticinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/oidc/mappers/AbstractUserRoleMappingMapper.java

公開メンバ関数

静的公開メンバ関数

静的公開変数類

限定公開メンバ関数

静的限定公開メンバ関数

静的非公開メンバ関数

詳解

関数詳解

◆ close()

◆ create()

◆ getAllUserRolesStream()

◆ getProtocol()

◆ groupAndItsParentsStream()

◆ init()

◆ postInit()

◆ setClaim() [1/3]

◆ setClaim() [2/3]

◆ setClaim() [3/3]

◆ transformAccessToken() [1/2]

◆ transformAccessToken() [2/2]

◆ transformIDToken() [1/2]

◆ transformIDToken() [2/2]

◆ transformUserInfoToken() [1/2]

◆ transformUserInfoToken() [2/2]

メンバ詳解

◆ TOKEN_MAPPER_CATEGORY