org.keycloak.protocol.docker.DockerAuthV2Protocol の継承関係図

org.keycloak.protocol.docker.DockerAuthV2Protocol 連携図

公開メンバ関数
	DockerAuthV2Protocol ()

	DockerAuthV2Protocol (final KeycloakSession session, final RealmModel realm, final UriInfo uriInfo, final HttpHeaders headers, final EventBuilder event)

LoginProtocol	setSession (final KeycloakSession session)

LoginProtocol	setRealm (final RealmModel realm)

LoginProtocol	setUriInfo (final UriInfo uriInfo)

LoginProtocol	setHttpHeaders (final HttpHeaders headers)

LoginProtocol	setEventBuilder (final EventBuilder event)

Response	authenticated (final UserSessionModel userSession, final ClientSessionContext clientSessionCtx)

Response	sendError (final AuthenticationSessionModel clientSession, final LoginProtocol.Error error)

void	backchannelLogout (final UserSessionModel userSession, final AuthenticatedClientSessionModel clientSession)

Response	frontchannelLogout (final UserSessionModel userSession, final AuthenticatedClientSessionModel clientSession)

Response	finishLogout (final UserSessionModel userSession)

boolean	requireReauthentication (final UserSessionModel userSession, final AuthenticationSessionModel clientSession)

void	close ()

静的公開変数類
static final String	LOGIN_PROTOCOL = "docker-v2"

static final String	ACCOUNT_PARAM = "account"

static final String	SERVICE_PARAM = "service"

static final String	SCOPE_PARAM = "scope"

static final String	ISSUER = "docker.iss"

static final String	ISO_8601_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'"

静的限定公開変数類
static final Logger	logger = Logger.getLogger(DockerEndpoint.class)

非公開メンバ関数
Response	errorResponse (final UserSessionModel userSession, final String methodName)

非公開変数類
KeycloakSession	session

RealmModel	realm

UriInfo	uriInfo

HttpHeaders	headers

EventBuilder	event

詳解

構築子と解体子

◆ DockerAuthV2Protocol() [1/2]

org.keycloak.protocol.docker.DockerAuthV2Protocol.DockerAuthV2Protocol ( )

inline

51 {

52 }

◆ DockerAuthV2Protocol() [2/2]

org.keycloak.protocol.docker.DockerAuthV2Protocol.DockerAuthV2Protocol	(	final KeycloakSession	session,
		final RealmModel	realm,
		final UriInfo	uriInfo,
		final HttpHeaders	headers,
		final EventBuilder	event
	)

inline

                                                                                                                                                                    {
         this.session = session;
         this.realm = realm;
         this.uriInfo = uriInfo;
         this.headers = headers;
         this.event = event;
     }

関数詳解

◆ authenticated()

Response org.keycloak.protocol.docker.DockerAuthV2Protocol.authenticated	(	final UserSessionModel	userSession,
		final ClientSessionContext	clientSessionCtx
	)

inline

                                                                                                                    {
         // First, create a base response token with realm + user values populated
         final AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession();
         final ClientModel client = clientSession.getClient();
 
         DockerResponseToken responseToken = new DockerResponseToken()
                 .id(KeycloakModelUtils.generateId())
                 .type(TokenUtil.TOKEN_TYPE_BEARER)
                 .issuer(clientSession.getNote(DockerAuthV2Protocol.ISSUER))
                 .subject(userSession.getUser().getUsername())
                 .issuedNow()
                 .audience(client.getClientId())
                 .issuedFor(client.getClientId());
 
         // since realm access token is given in seconds
         final int accessTokenLifespan = realm.getAccessTokenLifespan();
         responseToken.notBefore(responseToken.getIssuedAt())
                 .expiration(responseToken.getIssuedAt() + accessTokenLifespan);
 
         // Next, allow mappers to decorate the token to add/remove scopes as appropriate
         final Set<ProtocolMapperModel> mappings = clientSessionCtx.getProtocolMappers();
         for (final ProtocolMapperModel mapping : mappings) {
             final ProtocolMapper mapper = (ProtocolMapper) session.getKeycloakSessionFactory().getProviderFactory(ProtocolMapper.class, mapping.getProtocolMapper());
             if (mapper instanceof DockerAuthV2AttributeMapper) {
                 final DockerAuthV2AttributeMapper dockerAttributeMapper = (DockerAuthV2AttributeMapper) mapper;
                 if (dockerAttributeMapper.appliesTo(responseToken)) {
                     responseToken = dockerAttributeMapper.transformDockerResponseToken(responseToken, mapping, session, userSession, clientSession);
                 }
             }
         }
 
         try {
             // Finally, construct the response to the docker client with the token + metadata
             if (event.getEvent() != null && EventType.LOGIN.equals(event.getEvent().getType())) {
                 final KeyManager.ActiveRsaKey activeKey = session.keys().getActiveRsaKey(realm);
                 final String encodedToken = new JWSBuilder()
                         .kid(new DockerKeyIdentifier(activeKey.getPublicKey()).toString())
                         .type("JWT")
                         .jsonContent(responseToken)
                         .rsa256(activeKey.getPrivateKey());
                 final String expiresInIso8601String = new SimpleDateFormat(ISO_8601_DATE_FORMAT).format(new Date(responseToken.getIssuedAt() * 1000L));
 
                 final DockerResponse responseEntity = new DockerResponse()
                         .setToken(encodedToken)
                         .setExpires_in(accessTokenLifespan)
                         .setIssued_at(expiresInIso8601String);
                 return new ResponseBuilderImpl().status(Response.Status.OK).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).entity(responseEntity).build();
             } else {
                 logger.errorv("Unable to handle request for event type {0}.  Currently only LOGIN event types are supported by docker protocol.", event.getEvent() == null ? "null" : event.getEvent().getType());
                 throw new ErrorResponseException("invalid_request", "Event type not supported", Response.Status.BAD_REQUEST);
             }
         } catch (final InstantiationException e) {
             logger.errorv("Error attempting to create Key ID for Docker JOSE header: ", e.getMessage());
             throw new ErrorResponseException("token_error", "Unable to construct JOSE header for JWT", Response.Status.INTERNAL_SERVER_ERROR);
         }
 
     }

◆ backchannelLogout()

void org.keycloak.protocol.docker.DockerAuthV2Protocol.backchannelLogout	(	final UserSessionModel	userSession,
		final AuthenticatedClientSessionModel	clientSession
	)

inline

                                                                                                                            {
         errorResponse(userSession, "backchannelLogout");
 
     }

◆ close()

void org.keycloak.protocol.docker.DockerAuthV2Protocol.close ( )

inline

                         {
         // no-op
     }

◆ errorResponse()

Response org.keycloak.protocol.docker.DockerAuthV2Protocol.errorResponse	(	final UserSessionModel	userSession,
		final String	methodName
	)

inlineprivate

                                                                                                 {
         logger.errorv("User {0} attempted to invoke unsupported method {1} on docker protocol.", userSession.getUser().getUsername(), methodName);
         throw new ErrorResponseException("invalid_request", String.format("Attempted to invoke unsupported docker method %s", methodName), Response.Status.BAD_REQUEST);
     }

◆ finishLogout()

Response org.keycloak.protocol.docker.DockerAuthV2Protocol.finishLogout ( final UserSessionModel userSession )

inline

                                                                      {
         return errorResponse(userSession, "finishLogout");
     }

◆ frontchannelLogout()

Response org.keycloak.protocol.docker.DockerAuthV2Protocol.frontchannelLogout	(	final UserSessionModel	userSession,
		final AuthenticatedClientSessionModel	clientSession
	)

inline

                                                                                                                                 {
         return errorResponse(userSession, "frontchannelLogout");
     }

◆ requireReauthentication()

boolean org.keycloak.protocol.docker.DockerAuthV2Protocol.requireReauthentication	(	final UserSessionModel	userSession,
		final AuthenticationSessionModel	clientSession
	)

inline

                                                                                                                                {
         return true;
     }

◆ sendError()

Response org.keycloak.protocol.docker.DockerAuthV2Protocol.sendError	(	final AuthenticationSessionModel	clientSession,
		final LoginProtocol.Error	error
	)

inline

                                                                                                                {
         return new ResponseBuilderImpl().status(Response.Status.INTERNAL_SERVER_ERROR).build();
     }

◆ setEventBuilder()

LoginProtocol org.keycloak.protocol.docker.DockerAuthV2Protocol.setEventBuilder ( final EventBuilder event )

inline

                                                                    {
         this.event = event;
         return this;
     }

◆ setHttpHeaders()

LoginProtocol org.keycloak.protocol.docker.DockerAuthV2Protocol.setHttpHeaders ( final HttpHeaders headers )

inline

                                                                    {
         this.headers = headers;
         return this;
     }

◆ setRealm()

LoginProtocol org.keycloak.protocol.docker.DockerAuthV2Protocol.setRealm ( final RealmModel realm )

inline

                                                           {
         this.realm = realm;
         return this;
     }

◆ setSession()

LoginProtocol org.keycloak.protocol.docker.DockerAuthV2Protocol.setSession ( final KeycloakSession session )

inline

                                                                    {
         this.session = session;
         return this;
     }

◆ setUriInfo()

LoginProtocol org.keycloak.protocol.docker.DockerAuthV2Protocol.setUriInfo ( final UriInfo uriInfo )

inline

                                                            {
         this.uriInfo = uriInfo;
         return this;
     }

メンバ詳解

◆ ACCOUNT_PARAM

final String org.keycloak.protocol.docker.DockerAuthV2Protocol.ACCOUNT_PARAM = "account"

static

◆ event

EventBuilder org.keycloak.protocol.docker.DockerAuthV2Protocol.event

private

◆ headers

HttpHeaders org.keycloak.protocol.docker.DockerAuthV2Protocol.headers

private

◆ ISO_8601_DATE_FORMAT

final String org.keycloak.protocol.docker.DockerAuthV2Protocol.ISO_8601_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'"

static

◆ ISSUER

final String org.keycloak.protocol.docker.DockerAuthV2Protocol.ISSUER = "docker.iss"

static

◆ logger

final Logger org.keycloak.protocol.docker.DockerAuthV2Protocol.logger = Logger.getLogger(DockerEndpoint.class)

staticprotected

◆ LOGIN_PROTOCOL

final String org.keycloak.protocol.docker.DockerAuthV2Protocol.LOGIN_PROTOCOL = "docker-v2"

static

◆ realm

RealmModel org.keycloak.protocol.docker.DockerAuthV2Protocol.realm

private

◆ SCOPE_PARAM

final String org.keycloak.protocol.docker.DockerAuthV2Protocol.SCOPE_PARAM = "scope"

static

◆ SERVICE_PARAM

final String org.keycloak.protocol.docker.DockerAuthV2Protocol.SERVICE_PARAM = "service"

static

◆ session

KeycloakSession org.keycloak.protocol.docker.DockerAuthV2Protocol.session

private

◆ uriInfo

UriInfo org.keycloak.protocol.docker.DockerAuthV2Protocol.uriInfo

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/docker/DockerAuthV2Protocol.java

公開メンバ関数

静的公開変数類

静的限定公開変数類

非公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ DockerAuthV2Protocol() [1/2]

◆ DockerAuthV2Protocol() [2/2]

関数詳解

◆ authenticated()

◆ backchannelLogout()

◆ close()

◆ errorResponse()

◆ finishLogout()

◆ frontchannelLogout()

◆ requireReauthentication()

◆ sendError()

◆ setEventBuilder()

◆ setHttpHeaders()

◆ setRealm()

◆ setSession()

◆ setUriInfo()

メンバ詳解

◆ ACCOUNT_PARAM

◆ event

◆ headers

◆ ISO_8601_DATE_FORMAT

◆ ISSUER

◆ logger

◆ LOGIN_PROTOCOL

◆ realm

◆ SCOPE_PARAM

◆ SERVICE_PARAM

◆ session

◆ uriInfo