org.keycloak.services.managers.ClientManager クラス

org.keycloak.services.managers.ClientManager 連携図

クラス
class	InstallationAdapterConfig

公開メンバ関数
	ClientManager (RealmManager realmManager)
	ClientManager ()
boolean	removeClient (RealmModel realm, ClientModel client)
Set< String >	validateRegisteredNodes (ClientModel client)
void	enableServiceAccount (ClientModel client)
void	clientIdChanged (ClientModel client, String newClientId)
InstallationAdapterConfig	toInstallationRepresentation (RealmModel realmModel, ClientModel clientModel, URI baseUri)
String	toJBossSubsystemConfig (RealmModel realmModel, ClientModel clientModel, URI baseUri)

静的公開メンバ関数
static ClientModel	createClient (KeycloakSession session, RealmModel realm, ClientRepresentation rep, boolean addDefaultRoles)

限定公開変数類
RealmManager	realmManager

非公開メンバ関数
boolean	showClientCredentialsAdapterConfig (ClientModel client)
Map< String, Object >	getClientCredentialsAdapterConfig (ClientModel client)

静的非公開変数類
static final Logger	logger = Logger.getLogger(ClientManager.class)

詳解

著者

Bill Burke

バージョン

Revision

1

構築子と解体子

ClientManager() [1/2]

org.keycloak.services.managers.ClientManager.ClientManager ( RealmManager  realmManager )

inline

                                                    {
        this.realmManager = realmManager;
    }

ClientManager() [2/2]

org.keycloak.services.managers.ClientManager.ClientManager ( )

inline

                           {
    }

関数詳解

clientIdChanged()

void org.keycloak.services.managers.ClientManager.clientIdChanged ( ClientModel  client, String  newClientId  )

inline

                                                                        {
        logger.debugf("Updating clientId from '%s' to '%s'", client.getClientId(), newClientId);

        UserModel serviceAccountUser = realmManager.getSession().users().getServiceAccount(client);
        if (serviceAccountUser != null) {
            String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + newClientId;
            serviceAccountUser.setUsername(username);
            serviceAccountUser.setEmail(username + "@placeholder.org");
        }
    }

createClient()

static ClientModel org.keycloak.services.managers.ClientManager.createClient ( KeycloakSession  session, RealmModel  realm, ClientRepresentation  rep, boolean  addDefaultRoles  )

inlinestatic

Should not be called from an import. This really expects that the client is created from the admin console.

引数

session
realm
rep
addDefaultRoles

戻り値

                                                                                                                                         {
        ClientModel client = RepresentationToModel.createClient(session, realm, rep, addDefaultRoles);

        if (rep.getProtocol() != null) {
            LoginProtocolFactory providerFactory = (LoginProtocolFactory) session.getKeycloakSessionFactory().getProviderFactory(LoginProtocol.class, rep.getProtocol());
            providerFactory.setupClientDefaults(rep, client);
        }


        // remove default mappers if there is a template
        if (rep.getProtocolMappers() == null && rep.getClientTemplate() != null) {
            Set<ProtocolMapperModel> mappers = client.getProtocolMappers();
            for (ProtocolMapperModel mapper : mappers) client.removeProtocolMapper(mapper);
        }
        return client;

    }

enableServiceAccount()

void org.keycloak.services.managers.ClientManager.enableServiceAccount ( ClientModel  client )

inline

                                                         {
        client.setServiceAccountsEnabled(true);

        // Add dedicated user for this service account
        if (realmManager.getSession().users().getServiceAccount(client) == null) {
            String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId();
            logger.debugf("Creating service account user '%s'", username);

            // Don't use federation for service account user
            UserModel user = realmManager.getSession().userLocalStorage().addUser(client.getRealm(), username);
            user.setEnabled(true);
            user.setEmail(username + "@placeholder.org");
            user.setServiceAccountClientLink(client.getId());
        }

        // Add protocol mappers to retrieve clientId in access token
        if (client.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER) == null) {
            logger.debugf("Creating service account protocol mapper '%s' for client '%s'", ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER, client.getClientId());
            ProtocolMapperModel protocolMapper = UserSessionNoteMapper.createClaimMapper(ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER,
                    ServiceAccountConstants.CLIENT_ID,
                    ServiceAccountConstants.CLIENT_ID, "String",
                    true, true);
            client.addProtocolMapper(protocolMapper);
        }

        // Add protocol mappers to retrieve hostname and IP address of client in access token
        if (client.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER) == null) {
            logger.debugf("Creating service account protocol mapper '%s' for client '%s'", ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER, client.getClientId());
            ProtocolMapperModel protocolMapper = UserSessionNoteMapper.createClaimMapper(ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER,
                    ServiceAccountConstants.CLIENT_HOST,
                    ServiceAccountConstants.CLIENT_HOST, "String",
                    true, true);
            client.addProtocolMapper(protocolMapper);
        }

        if (client.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER) == null) {
            logger.debugf("Creating service account protocol mapper '%s' for client '%s'", ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER, client.getClientId());
            ProtocolMapperModel protocolMapper = UserSessionNoteMapper.createClaimMapper(ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER,
                    ServiceAccountConstants.CLIENT_ADDRESS,
                    ServiceAccountConstants.CLIENT_ADDRESS, "String",
                    true, true);
            client.addProtocolMapper(protocolMapper);
        }
    }

getClientCredentialsAdapterConfig()

Map<String, Object> org.keycloak.services.managers.ClientManager.getClientCredentialsAdapterConfig ( ClientModel  client )

inlineprivate

                                                                                      {
        String clientAuthenticator = client.getClientAuthenticatorType();
        ClientAuthenticatorFactory authenticator = (ClientAuthenticatorFactory) realmManager.getSession().getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, clientAuthenticator);
        return authenticator.getAdapterConfiguration(client);
    }

removeClient()

boolean org.keycloak.services.managers.ClientManager.removeClient ( RealmModel  realm, ClientModel  client  )

inline

                                                                      {
        if (realm.removeClient(client.getId())) {
            UserSessionProvider sessions = realmManager.getSession().sessions();
            if (sessions != null) {
                sessions.onClientRemoved(realm, client);
            }

            UserSessionPersisterProvider sessionsPersister = realmManager.getSession().getProvider(UserSessionPersisterProvider.class);
            if (sessionsPersister != null) {
                sessionsPersister.onClientRemoved(realm, client);
            }

            AuthenticationSessionProvider authSessions = realmManager.getSession().authenticationSessions();
            if (authSessions != null) {
                authSessions.onClientRemoved(realm, client);
            }

            UserModel serviceAccountUser = realmManager.getSession().users().getServiceAccount(client);
            if (serviceAccountUser != null) {
                new UserManager(realmManager.getSession()).removeUser(realm, serviceAccountUser);
            }

            return true;
        } else {
            return false;
        }
    }

showClientCredentialsAdapterConfig()

boolean org.keycloak.services.managers.ClientManager.showClientCredentialsAdapterConfig ( ClientModel  client )

inlineprivate

                                                                           {
        if (client.isPublicClient()) {
            return false;
        }

        if (client.isBearerOnly() && client.getNodeReRegistrationTimeout() <= 0) {
            return false;
        }

        return true;
    }

toInstallationRepresentation()

InstallationAdapterConfig org.keycloak.services.managers.ClientManager.toInstallationRepresentation ( RealmModel  realmModel, ClientModel  clientModel, URI  baseUri  )

inline

                                                                                                                               {
        InstallationAdapterConfig rep = new InstallationAdapterConfig();
        rep.setAuthServerUrl(baseUri.toString());
        rep.setRealm(realmModel.getName());
        rep.setSslRequired(realmModel.getSslRequired().name().toLowerCase());

        if (clientModel.isPublicClient() && !clientModel.isBearerOnly()) rep.setPublicClient(true);
        if (clientModel.isBearerOnly()) rep.setBearerOnly(true);
        if (clientModel.getRoles().size() > 0) rep.setUseResourceRoleMappings(true);

        rep.setResource(clientModel.getClientId());

        if (showClientCredentialsAdapterConfig(clientModel)) {
            Map<String, Object> adapterConfig = getClientCredentialsAdapterConfig(clientModel);
            rep.setCredentials(adapterConfig);
        }

        return rep;
    }

toJBossSubsystemConfig()

String org.keycloak.services.managers.ClientManager.toJBossSubsystemConfig ( RealmModel  realmModel, ClientModel  clientModel, URI  baseUri  )

inline

                                                                                                      {
        StringBuffer buffer = new StringBuffer();
        buffer.append("<secure-deployment name=\"WAR MODULE NAME.war\">\n");
        buffer.append("    <realm>").append(realmModel.getName()).append("</realm>\n");
        buffer.append("    <auth-server-url>").append(baseUri.toString()).append("</auth-server-url>\n");
        if (clientModel.isBearerOnly()){
            buffer.append("    <bearer-only>true</bearer-only>\n");

        } else if (clientModel.isPublicClient()) {
            buffer.append("    <public-client>true</public-client>\n");
        }
        buffer.append("    <ssl-required>").append(realmModel.getSslRequired().name()).append("</ssl-required>\n");
        buffer.append("    <resource>").append(clientModel.getClientId()).append("</resource>\n");
        String cred = clientModel.getSecret();
        if (showClientCredentialsAdapterConfig(clientModel)) {
            Map<String, Object> adapterConfig = getClientCredentialsAdapterConfig(clientModel);
            for (Map.Entry<String, Object> entry : adapterConfig.entrySet()) {
                buffer.append("    <credential name=\"" + entry.getKey() + "\">");

                Object value = entry.getValue();
                if (value instanceof Map) {
                    buffer.append("\n");
                    Map<String, Object> asMap = (Map<String, Object>) value;
                    for (Map.Entry<String, Object> credEntry : asMap.entrySet()) {
                        buffer.append("        <" + credEntry.getKey() + ">" + credEntry.getValue().toString() + "</" + credEntry.getKey() + ">\n");
                    }
                    buffer.append("    </credential>\n");
                } else {
                    buffer.append(value.toString()).append("</credential>\n");
                }
            }
        }
        if (clientModel.getRoles().size() > 0) {
            buffer.append("    <use-resource-role-mappings>true</use-resource-role-mappings>\n");
        }
        buffer.append("</secure-deployment>\n");
        return buffer.toString();
    }

validateRegisteredNodes()

Set<String> org.keycloak.services.managers.ClientManager.validateRegisteredNodes ( ClientModel  client )

inline

                                                                   {
        Map<String, Integer> registeredNodes = client.getRegisteredNodes();
        if (registeredNodes == null || registeredNodes.isEmpty()) {
            return Collections.emptySet();
        }

        int currentTime = Time.currentTime();

        Set<String> validatedNodes = new TreeSet<String>();
        if (client.getNodeReRegistrationTimeout() > 0) {
            List<String> toRemove = new LinkedList<String>();
            for (Map.Entry<String, Integer> entry : registeredNodes.entrySet()) {
                Integer lastReRegistration = entry.getValue();
                if (lastReRegistration + client.getNodeReRegistrationTimeout() < currentTime) {
                    toRemove.add(entry.getKey());
                } else {
                    validatedNodes.add(entry.getKey());
                }
            }

            // Remove time-outed nodes
            for (String node : toRemove) {
                client.unregisterNode(node);
            }
        } else {
            // Periodic node reRegistration is disabled, so allow all nodes
            validatedNodes.addAll(registeredNodes.keySet());
        }

        return validatedNodes;
    }

メンバ詳解

logger

final Logger org.keycloak.services.managers.ClientManager.logger = Logger.getLogger(ClientManager.class)

staticprivate

realmManager

RealmManager org.keycloak.services.managers.ClientManager.realmManager

protected

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/managers/ClientManager.java