org.keycloak.services.resources.admin.ClientScopesResource 連携図

公開メンバ関数
	ClientScopesResource (RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)

List< ClientScopeRepresentation >	getClientScopes ()

Response	createClientScope (ClientScopeRepresentation rep)

Response	generateAudienceClientScope (final @QueryParam("clientId") String clientId)

ClientScopeResource	getClientScope (final @PathParam("id") String id)

限定公開変数類
RealmModel	realm

KeycloakSession	session

静的限定公開変数類
static final Logger	logger = Logger.getLogger(ClientScopesResource.class)

非公開変数類
AdminPermissionEvaluator	auth

AdminEventBuilder	adminEvent

詳解

Base resource class for managing a realm's client scopes.

Client Scopes

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ ClientScopesResource()

org.keycloak.services.resources.admin.ClientScopesResource.ClientScopesResource	(	RealmModel	realm,
		AdminPermissionEvaluator	auth,
		AdminEventBuilder	adminEvent
	)

inline

                                                                                                                {
         this.realm = realm;
         this.auth = auth;
         this.adminEvent = adminEvent.resource(ResourceType.CLIENT_SCOPE);
     }

関数詳解

◆ createClientScope()

Response org.keycloak.services.resources.admin.ClientScopesResource.createClientScope ( ClientScopeRepresentation rep )

inline

Create a new client scope

Client Scope's name must be unique!

引数

rep

戻り値

                                                                      {
         auth.clients().requireManageClientScopes();
 
         try {
             ClientScopeModel clientModel = RepresentationToModel.createClientScope(session, realm, rep);
 
             adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
 
             return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
         } catch (ModelDuplicateException e) {
             return ErrorResponse.exists("Client Scope " + rep.getName() + " already exists");
         }
     }

◆ generateAudienceClientScope()

Response org.keycloak.services.resources.admin.ClientScopesResource.generateAudienceClientScope ( final @QueryParam("clientId") String clientId )

inline

Generate new client scope for specified service client. The "Frontend" clients, who will use this client scope, will be able to send their access token to authenticate against specified service client

引数

clientId Client ID of service client (typically bearer-only client)

戻り値

                                                                                                {
         auth.clients().requireManageClientScopes();
 
         logger.debugf("Generating audience scope for service client: " + clientId);
 
         String clientScopeName = clientId;
         try {
             ClientModel serviceClient = realm.getClientByClientId(clientId);
             if (serviceClient == null) {
                 logger.warnf("Referenced service client '%s' doesn't exists", clientId);
                 return ErrorResponse.exists("Referenced service client doesn't exists");
             }
 
             ClientScopeModel clientScopeModel = realm.addClientScope(clientScopeName);
             clientScopeModel.setDescription("Client scope useful for frontend clients, which want to call service " + clientId);
             clientScopeModel.setProtocol(serviceClient.getProtocol()==null ? OIDCLoginProtocol.LOGIN_PROTOCOL : serviceClient.getProtocol());
             clientScopeModel.setDisplayOnConsentScreen(true);
 
             String consentText = serviceClient.getName() != null ? serviceClient.getName() : serviceClient.getClientId();
             consentText = consentText.substring(0, 1).toUpperCase() + consentText.substring(1);
             clientScopeModel.setConsentScreenText(consentText);
 
             // Add audience protocol mapper
             ProtocolMapperModel audienceMapper = AudienceProtocolMapper.createClaimMapper("Audience for " + clientId, clientId, null,true, false);
             clientScopeModel.addProtocolMapper(audienceMapper);
 
             // Add scope to client roles
             for (RoleModel role : serviceClient.getRoles()) {
                 clientScopeModel.addScopeMapping(role);
             }
 
             adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).success();
 
             return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientScopeModel.getId()).build()).build();
         } catch (ModelDuplicateException e) {
             return ErrorResponse.exists("Client Scope " + clientScopeName + " already exists");
         }
     }

◆ getClientScope()

ClientScopeResource org.keycloak.services.resources.admin.ClientScopesResource.getClientScope ( final @PathParam("id") String id )

inline

Base path for managing a specific client scope.

引数

id	id of client scope (not name)

戻り値

                                                                                 {
         auth.clients().requireListClientScopes();
         ClientScopeModel clientModel = realm.getClientScopeById(id);
         if (clientModel == null) {
             throw new NotFoundException("Could not find client scope");
         }
         ClientScopeResource clientResource = new ClientScopeResource(realm, auth, clientModel, session, adminEvent);
         ResteasyProviderFactory.getInstance().injectProperties(clientResource);
         return clientResource;
     }

◆ getClientScopes()

List<ClientScopeRepresentation> org.keycloak.services.resources.admin.ClientScopesResource.getClientScopes ( )

inline

Get client scopes belonging to the realm

Returns a list of client scopes belonging to the realm

                                                              {
         auth.clients().requireListClientScopes();
 
         List<ClientScopeRepresentation> rep = new ArrayList<>();
         List<ClientScopeModel> clientModels = realm.getClientScopes();
 
         boolean viewable = auth.clients().canViewClientScopes();
         for (ClientScopeModel clientModel : clientModels) {
             if (viewable) rep.add(ModelToRepresentation.toRepresentation(clientModel));
             else {
                 ClientScopeRepresentation tempRep = new ClientScopeRepresentation();
                 tempRep.setName(clientModel.getName());
                 tempRep.setId(clientModel.getId());
                 tempRep.setProtocol(clientModel.getProtocol());
             }
         }
         return rep;
     }

メンバ詳解

◆ adminEvent

AdminEventBuilder org.keycloak.services.resources.admin.ClientScopesResource.adminEvent

private

◆ auth

AdminPermissionEvaluator org.keycloak.services.resources.admin.ClientScopesResource.auth

private

◆ logger

final Logger org.keycloak.services.resources.admin.ClientScopesResource.logger = Logger.getLogger(ClientScopesResource.class)

staticprotected

◆ realm

RealmModel org.keycloak.services.resources.admin.ClientScopesResource.realm

protected

◆ session

KeycloakSession org.keycloak.services.resources.admin.ClientScopesResource.session

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/resources/admin/ClientScopesResource.java

公開メンバ関数

限定公開変数類

静的限定公開変数類

非公開変数類

詳解

構築子と解体子

◆ ClientScopesResource()

関数詳解

◆ createClientScope()

◆ generateAudienceClientScope()

◆ getClientScope()

◆ getClientScopes()

メンバ詳解

◆ adminEvent

◆ auth

◆ logger

◆ realm

◆ session