org.keycloak.protocol.oidc.utils.RedirectUtils 連携図

静的公開メンバ関数
static String	verifyRealmRedirectUri (UriInfo uriInfo, String redirectUri, RealmModel realm)

static String	verifyRedirectUri (UriInfo uriInfo, String redirectUri, RealmModel realm, ClientModel client)

static String	verifyRedirectUri (UriInfo uriInfo, String redirectUri, RealmModel realm, ClientModel client, boolean requireRedirectUri)

static Set< String >	resolveValidRedirects (UriInfo uriInfo, String rootUrl, Set< String > validRedirects)

静的非公開メンバ関数
static Set< String >	getValidateRedirectUris (UriInfo uriInfo, RealmModel realm)

static String	verifyRedirectUri (UriInfo uriInfo, String rootUrl, String redirectUri, RealmModel realm, Set< String > validRedirects, boolean requireRedirectUri)

static String	lowerCaseHostname (String redirectUri)

static String	relativeToAbsoluteURI (UriInfo uriInfo, String rootUrl, String relative)

static boolean	matchesRedirects (Set< String > validRedirects, String redirect)

static String	getSingleValidRedirectUri (Collection< String > validRedirects)

静的非公開変数類
static final Logger	logger = Logger.getLogger(RedirectUtils.class)

詳解

著者: Stian Thorgersen

関数詳解

◆ getSingleValidRedirectUri()

static String org.keycloak.protocol.oidc.utils.RedirectUtils.getSingleValidRedirectUri ( Collection< String > validRedirects )

inlinestaticprivate

                                                                                        {
         if (validRedirects.size() != 1) return null;
         String validRedirect = validRedirects.iterator().next();
         int idx = validRedirect.indexOf("/*");
         if (idx > -1) {
             validRedirect = validRedirect.substring(0, idx);
         }
         return validRedirect;
     }

◆ getValidateRedirectUris()

static Set<String> org.keycloak.protocol.oidc.utils.RedirectUtils.getValidateRedirectUris	(	UriInfo	uriInfo,
		RealmModel	realm
	)

inlinestaticprivate

                                                                                           {
         Set<String> redirects = new HashSet<>();
         for (ClientModel client : realm.getClients()) {
             redirects.addAll(resolveValidRedirects(uriInfo, client.getRootUrl(), client.getRedirectUris()));
         }
         return redirects;
     }

◆ lowerCaseHostname()

static String org.keycloak.protocol.oidc.utils.RedirectUtils.lowerCaseHostname ( String redirectUri )

inlinestaticprivate

                                                                 {
         int n = redirectUri.indexOf('/', 7);
         if (n == -1) {
             return redirectUri.toLowerCase();
         } else {
             return redirectUri.substring(0, n).toLowerCase() + redirectUri.substring(n);
         }
     }

◆ matchesRedirects()

static boolean org.keycloak.protocol.oidc.utils.RedirectUtils.matchesRedirects	(	Set< String >	validRedirects,
		String	redirect
	)

inlinestaticprivate

                                                                                          {
         for (String validRedirect : validRedirects) {
             if (validRedirect.endsWith("*") && !validRedirect.contains("?")) {
                 // strip off the query component - we don't check them when wildcards are effective
                 String r = redirect.contains("?") ? redirect.substring(0, redirect.indexOf("?")) : redirect;
                 // strip off *
                 int length = validRedirect.length() - 1;
                 validRedirect = validRedirect.substring(0, length);
                 if (r.startsWith(validRedirect)) return true;
                 // strip off trailing '/'
                 if (length - 1 > 0 && validRedirect.charAt(length - 1) == '/') length--;
                 validRedirect = validRedirect.substring(0, length);
                 if (validRedirect.equals(r)) return true;
             } else if (validRedirect.equals(redirect)) return true;
         }
         return false;
     }

◆ relativeToAbsoluteURI()

static String org.keycloak.protocol.oidc.utils.RedirectUtils.relativeToAbsoluteURI	(	UriInfo	uriInfo,
		String	rootUrl,
		String	relative
	)

inlinestaticprivate

                                                                                                   {
         if (rootUrl == null || rootUrl.isEmpty()) {
             rootUrl = UriUtils.getOrigin(uriInfo.getBaseUri());
         }
         StringBuilder sb = new StringBuilder();
         sb.append(rootUrl);
         sb.append(relative);
         return sb.toString();
     }

◆ resolveValidRedirects()

static Set<String> org.keycloak.protocol.oidc.utils.RedirectUtils.resolveValidRedirects	(	UriInfo	uriInfo,
		String	rootUrl,
		Set< String >	validRedirects
	)

inlinestatic

                                                                                                                  {
         // If the valid redirect URI is relative (no scheme, host, port) then use the request's scheme, host, and port
         Set<String> resolveValidRedirects = new HashSet<String>();
         for (String validRedirect : validRedirects) {
             resolveValidRedirects.add(validRedirect); // add even relative urls.
             if (validRedirect.startsWith("/")) {
                 validRedirect = relativeToAbsoluteURI(uriInfo, rootUrl, validRedirect);
                 logger.debugv("replacing relative valid redirect with: {0}", validRedirect);
                 resolveValidRedirects.add(validRedirect);
             }
         }
         return resolveValidRedirects;
     }

◆ verifyRealmRedirectUri()

static String org.keycloak.protocol.oidc.utils.RedirectUtils.verifyRealmRedirectUri	(	UriInfo	uriInfo,
		String	redirectUri,
		RealmModel	realm
	)

inlinestatic

                                                                                                        {
         Set<String> validRedirects = getValidateRedirectUris(uriInfo, realm);
         return verifyRedirectUri(uriInfo, null, redirectUri, realm, validRedirects, true);
     }

◆ verifyRedirectUri() [1/3]

static String org.keycloak.protocol.oidc.utils.RedirectUtils.verifyRedirectUri	(	UriInfo	uriInfo,
		String	redirectUri,
		RealmModel	realm,
		ClientModel	client
	)

inlinestatic

                                                                                                                       {
         return verifyRedirectUri(uriInfo, redirectUri, realm, client, true);
     }

◆ verifyRedirectUri() [2/3]

static String org.keycloak.protocol.oidc.utils.RedirectUtils.verifyRedirectUri	(	UriInfo	uriInfo,
		String	redirectUri,
		RealmModel	realm,
		ClientModel	client,
		boolean	requireRedirectUri
	)

inlinestatic

                                                                                                                                                   {
         if (client != null)
             return verifyRedirectUri(uriInfo, client.getRootUrl(), redirectUri, realm, client.getRedirectUris(), requireRedirectUri);
         return null;
     }

◆ verifyRedirectUri() [3/3]

static String org.keycloak.protocol.oidc.utils.RedirectUtils.verifyRedirectUri	(	UriInfo	uriInfo,
		String	rootUrl,
		String	redirectUri,
		RealmModel	realm,
		Set< String >	validRedirects,
		boolean	requireRedirectUri
	)

inlinestaticprivate

                                                                                                                                                                            {
         if (redirectUri == null) {
             if (!requireRedirectUri) {
                 redirectUri = getSingleValidRedirectUri(validRedirects);
             }
 
             if (redirectUri == null) {
                 logger.debug("No Redirect URI parameter specified");
                 return null;
             }
         } else if (validRedirects.isEmpty()) {
             logger.debug("No Redirect URIs supplied");
             redirectUri = null;
         } else {
             redirectUri = lowerCaseHostname(redirectUri);
 
             String r = redirectUri;
             Set<String> resolveValidRedirects = resolveValidRedirects(uriInfo, rootUrl, validRedirects);
 
             boolean valid = matchesRedirects(resolveValidRedirects, r);
 
             if (!valid && r.startsWith(Constants.INSTALLED_APP_URL) && r.indexOf(':', Constants.INSTALLED_APP_URL.length()) >= 0) {
                 int i = r.indexOf(':', Constants.INSTALLED_APP_URL.length());
 
                 StringBuilder sb = new StringBuilder();
                 sb.append(r.substring(0, i));
 
                 i = r.indexOf('/', i);
                 if (i >= 0) {
                     sb.append(r.substring(i));
                 }
 
                 r = sb.toString();
 
                 valid = matchesRedirects(resolveValidRedirects, r);
             }
             if (valid && redirectUri.startsWith("/")) {
                 redirectUri = relativeToAbsoluteURI(uriInfo, rootUrl, redirectUri);
             }
             redirectUri = valid ? redirectUri : null;
         }
 
         if (Constants.INSTALLED_APP_URN.equals(redirectUri)) {
             return Urls.realmInstalledAppUrnCallback(uriInfo.getBaseUri(), realm.getName()).toString();
         } else {
             return redirectUri;
         }
     }

メンバ詳解

◆ logger

final Logger org.keycloak.protocol.oidc.utils.RedirectUtils.logger = Logger.getLogger(RedirectUtils.class)

staticprivate

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java

静的公開メンバ関数

静的非公開メンバ関数

静的非公開変数類

詳解

関数詳解

◆ getSingleValidRedirectUri()

◆ getValidateRedirectUris()

◆ lowerCaseHostname()

◆ matchesRedirects()

◆ relativeToAbsoluteURI()

◆ resolveValidRedirects()

◆ verifyRealmRedirectUri()

◆ verifyRedirectUri() [1/3]

◆ verifyRedirectUri() [2/3]

◆ verifyRedirectUri() [3/3]

メンバ詳解

◆ logger