org.keycloak.jose.jws.DefaultTokenManager の継承関係図

org.keycloak.jose.jws.DefaultTokenManager 連携図

公開メンバ関数
	DefaultTokenManager (KeycloakSession session)

String	encode (Token token)

String	signatureAlgorithm (TokenCategory category)

関数
public< T extends Token > T	decode (String token, Class< T > clazz)

非公開メンバ関数
String	getSignatureAlgorithm (String clientAttribute)

非公開変数類
final KeycloakSession	session

静的非公開変数類
static final Logger	logger = Logger.getLogger(DefaultTokenManager.class)

static String	DEFAULT_ALGORITHM_NAME = Algorithm.RS256

詳解

構築子と解体子

◆ DefaultTokenManager()

org.keycloak.jose.jws.DefaultTokenManager.DefaultTokenManager ( KeycloakSession session )

inline

                                                         {
         this.session = session;
     }

関数詳解

◆ decode()

public<T extends Token> T org.keycloak.jose.jws.DefaultTokenManager.decode	(	String	token,
		Class< T >	clazz
	)

inlinepackage

                                                                     {
         if (token == null) {
             return null;
         }
 
         try {
             JWSInput jws = new JWSInput(token);
 
             String signatureAlgorithm = jws.getHeader().getAlgorithm().name();
 
             SignatureProvider signatureProvider = session.getProvider(SignatureProvider.class, signatureAlgorithm);
             if (signatureProvider == null) {
                 return null;
             }
 
             String kid = jws.getHeader().getKeyId();
             // Backwards compatibility. Old offline tokens and cookies didn't have KID in the header
             if (kid == null) {
                 logger.debugf("KID is null in token. Using the realm active key to verify token signature.");
                 kid = session.keys().getActiveKey(session.getContext().getRealm(), KeyUse.SIG, signatureAlgorithm).getKid();
             }
 
             boolean valid = signatureProvider.verifier(kid).verify(jws.getEncodedSignatureInput().getBytes("UTF-8"), jws.getSignature());
             return valid ? jws.readJsonContent(clazz) : null;
         } catch (Exception e) {
             logger.debug("Failed to decode token", e);
             return null;
         }
     }

◆ encode()

String org.keycloak.jose.jws.DefaultTokenManager.encode ( Token token )

inline

                                       {
         String signatureAlgorithm = signatureAlgorithm(token.getCategory());
 
         SignatureProvider signatureProvider = session.getProvider(SignatureProvider.class, signatureAlgorithm);
         SignatureSignerContext signer = signatureProvider.signer();
 
         String encodedToken = new JWSBuilder().type("JWT").jsonContent(token).sign(signer);
         return encodedToken;
     }

◆ getSignatureAlgorithm()

String org.keycloak.jose.jws.DefaultTokenManager.getSignatureAlgorithm ( String clientAttribute )

inlineprivate

                                                                  {
         RealmModel realm = session.getContext().getRealm();
         ClientModel client = session.getContext().getClient();
 
         String algorithm = client != null && clientAttribute != null ? client.getAttribute(clientAttribute) : null;
         if (algorithm != null && !algorithm.equals("")) {
             return algorithm;
         }
 
         algorithm = realm.getDefaultSignatureAlgorithm();
         if (algorithm != null && !algorithm.equals("")) {
             return algorithm;
         }
 
         return DEFAULT_ALGORITHM_NAME;
     }

◆ signatureAlgorithm()

String org.keycloak.jose.jws.DefaultTokenManager.signatureAlgorithm ( TokenCategory category )

inline

                                                              {
         switch (category) {
             case INTERNAL:
                 return Algorithm.HS256;
             case ADMIN:
                 return getSignatureAlgorithm(null);
             case ACCESS:
                 return getSignatureAlgorithm(OIDCConfigAttributes.ACCESS_TOKEN_SIGNED_RESPONSE_ALG);
             case ID:
                 return getSignatureAlgorithm(OIDCConfigAttributes.ID_TOKEN_SIGNED_RESPONSE_ALG);
             case USERINFO:
                 return getSignatureAlgorithm(OIDCConfigAttributes.USER_INFO_RESPONSE_SIGNATURE_ALG);
             default:
                 throw new RuntimeException("Unknown token type");
         }
     }

メンバ詳解

◆ DEFAULT_ALGORITHM_NAME

String org.keycloak.jose.jws.DefaultTokenManager.DEFAULT_ALGORITHM_NAME = Algorithm.RS256

staticprivate

◆ logger

final Logger org.keycloak.jose.jws.DefaultTokenManager.logger = Logger.getLogger(DefaultTokenManager.class)

staticprivate

◆ session

final KeycloakSession org.keycloak.jose.jws.DefaultTokenManager.session

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/jose/jws/DefaultTokenManager.java

公開メンバ関数

関数

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ DefaultTokenManager()

関数詳解

◆ decode()

◆ encode()

◆ getSignatureAlgorithm()

◆ signatureAlgorithm()

メンバ詳解

◆ DEFAULT_ALGORITHM_NAME

◆ logger

◆ session