org.keycloak.authorization.util.Permissions 連携図

静的公開メンバ関数
static ResourcePermission	permission (ResourceServer server, Resource resource, Scope scope)

static List< ResourcePermission >	all (ResourceServer resourceServer, Identity identity, AuthorizationProvider authorization, AuthorizationRequest request)

static ResourcePermission	createResourcePermissions (Resource resource, Collection< Scope > requestedScopes, AuthorizationProvider authorization, AuthorizationRequest request)

static ResourcePermission	createResourcePermissions (Resource resource, AuthorizationProvider authorization, AuthorizationRequest request)

静的非公開メンバ関数
static List< Scope >	populateTypedScopes (Resource resource, AuthorizationProvider authorization)

詳解

著者: Pedro Igor

関数詳解

◆ all()

static List<ResourcePermission> org.keycloak.authorization.util.Permissions.all	(	ResourceServer	resourceServer,
		Identity	identity,
		AuthorizationProvider	authorization,
		AuthorizationRequest	request
	)

inlinestatic

Returns a list of permissions for all resources and scopes that belong to the given resourceServer and identity.

TODO: review once we support caches

引数

resourceServer
identity
authorization

戻り値

                                                                                                                                                                     {
         List<ResourcePermission> permissions = new ArrayList<>();
         StoreFactory storeFactory = authorization.getStoreFactory();
         ResourceStore resourceStore = storeFactory.getResourceStore();
         Metadata metadata = request.getMetadata();
         final AtomicLong limit;
 
         if (metadata != null && metadata.getLimit() != null) {
             limit = new AtomicLong(metadata.getLimit());
         } else {
             limit = new AtomicLong(Long.MAX_VALUE);
         }
 
         // obtain all resources where owner is the resource server
         resourceStore.findByOwner(resourceServer.getId(), resourceServer.getId(), resource -> {
             if (limit.decrementAndGet() >= 0) {
                 permissions.add(createResourcePermissions(resource, authorization, request));
             }
         });
 
         // obtain all resources where owner is the current user
         resourceStore.findByOwner(identity.getId(), resourceServer.getId(), resource -> {
             if (limit.decrementAndGet() >= 0) {
                 permissions.add(createResourcePermissions(resource, authorization, request));
             }
         });
 
         // obtain all resources granted to the user via permission tickets (uma)
         List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().findGranted(identity.getId(), resourceServer.getId());
 
         if (!tickets.isEmpty()) {
             Map<String, ResourcePermission> userManagedPermissions = new HashMap<>();
 
             for (PermissionTicket ticket : tickets) {
                 ResourcePermission permission = userManagedPermissions.get(ticket.getResource().getId());
 
                 if (permission == null) {
                     userManagedPermissions.put(ticket.getResource().getId(), new ResourcePermission(ticket.getResource(), new ArrayList<>(), resourceServer, request.getClaims()));
                     limit.decrementAndGet();
                 }
 
                 if (limit.decrementAndGet() <= 0) {
                     break;
                 }
             }
 
             permissions.addAll(userManagedPermissions.values());
         }
 
         return permissions;
     }

◆ createResourcePermissions() [1/2]

static ResourcePermission org.keycloak.authorization.util.Permissions.createResourcePermissions	(	Resource	resource,
		Collection< Scope >	requestedScopes,
		AuthorizationProvider	authorization,
		AuthorizationRequest	request
	)

inlinestatic

                                                                                                                                                                                         {
         List<Scope> scopes;
 
         if (requestedScopes.isEmpty()) {
             scopes = populateTypedScopes(resource, authorization);
         } else {
             scopes = requestedScopes.stream().filter(scope -> resource.getScopes().contains(scope)).collect(Collectors.toList());
         }
 
         return new ResourcePermission(resource, scopes, resource.getResourceServer(), request.getClaims());
     }

◆ createResourcePermissions() [2/2]

static ResourcePermission org.keycloak.authorization.util.Permissions.createResourcePermissions	(	Resource	resource,
		AuthorizationProvider	authorization,
		AuthorizationRequest	request
	)

inlinestatic

                                                                                                                                                      {
         List<Scope> requestedScopes = resource.getScopes();
 
         if (requestedScopes.isEmpty()) {
             return new ResourcePermission(resource, populateTypedScopes(resource, authorization), resource.getResourceServer(), request.getClaims());
         }
 
         return new ResourcePermission(resource, resource.getResourceServer(), request.getClaims());
     }

◆ permission()

static ResourcePermission org.keycloak.authorization.util.Permissions.permission	(	ResourceServer	server,
		Resource	resource,
		Scope	scope
	)

inlinestatic

                                                                                                        {
        return new ResourcePermission(resource, new ArrayList<>(Arrays.asList(scope)), server);
     }

◆ populateTypedScopes()

static List<Scope> org.keycloak.authorization.util.Permissions.populateTypedScopes	(	Resource	resource,
		AuthorizationProvider	authorization
	)

inlinestaticprivate

                                                                                                            {
         List<Scope> scopes = new LinkedList<>(resource.getScopes());
         String type = resource.getType();
         ResourceServer resourceServer = resource.getResourceServer();
 
         // check if there is a typed resource whose scopes are inherited by the resource being requested. In this case, we assume that parent resource
         // is owned by the resource server itself
         if (type != null && !resource.getOwner().equals(resourceServer.getId())) {
             StoreFactory storeFactory = authorization.getStoreFactory();
             ResourceStore resourceStore = storeFactory.getResourceStore();
             resourceStore.findByType(type, resourceServer.getId(), resource1 -> {
                 if (resource1.getOwner().equals(resourceServer.getId())) {
                     for (Scope typeScope : resource1.getScopes()) {
                         if (!scopes.contains(typeScope)) {
                             scopes.add(typeScope);
                         }
                     }
                 }
             });
         }
 
         return scopes;
     }

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authorization/util/Permissions.java

静的公開メンバ関数

静的非公開メンバ関数

詳解

関数詳解

◆ all()

◆ createResourcePermissions() [1/2]

◆ createResourcePermissions() [2/2]

◆ permission()

◆ populateTypedScopes()