org.keycloak.authorization.admin.PolicyService の継承関係図

org.keycloak.authorization.admin.PolicyService 連携図

公開メンバ関数
	PolicyService (ResourceServer resourceServer, AuthorizationProvider authorization, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)

Object	getResource (@PathParam("type") String type)

Response	create (String payload)

Policy	create (AbstractPolicyRepresentation representation)

Response	findByName (@QueryParam("name") String name)

Response	findAll (@QueryParam("policyId") String id, @QueryParam("name") String name, @QueryParam("type") String type, @QueryParam("resource") String resource, @QueryParam("scope") String scope, @QueryParam("permission") Boolean permission, @QueryParam("owner") String owner, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResult)

Response	findPolicyProviders ()

PolicyEvaluationService	getPolicyEvaluateResource ()

限定公開メンバ関数
PolicyTypeService	doCreatePolicyTypeResource (String type)

Object	doCreatePolicyResource (Policy policy)

AbstractPolicyRepresentation	doCreateRepresentation (String payload)

AbstractPolicyRepresentation	toRepresentation (Policy model, AuthorizationProvider authorization)

List< Object >	doSearch (Integer firstResult, Integer maxResult, Map< String, String[]> filters)

PolicyProviderAdminService	getPolicyProviderAdminResource (String policyType)

PolicyProviderFactory	getPolicyProviderFactory (String policyType)

限定公開変数類
final ResourceServer	resourceServer

final AuthorizationProvider	authorization

final AdminPermissionEvaluator	auth

final AdminEventBuilder	adminEvent

非公開メンバ関数
void	findAssociatedPolicies (Policy policy, List< Policy > policies)

void	audit (AbstractPolicyRepresentation resource, String id, OperationType operation)

非公開変数類
KeycloakSession	session

詳解

著者: Pedro Igor

構築子と解体子

◆ PolicyService()

org.keycloak.authorization.admin.PolicyService.PolicyService	(	ResourceServer	resourceServer,
		AuthorizationProvider	authorization,
		AdminPermissionEvaluator	auth,
		AdminEventBuilder	adminEvent
	)

inline

                                                                                                                                                           {
         this.resourceServer = resourceServer;
         this.authorization = authorization;
         this.auth = auth;
         this.adminEvent = adminEvent.resource(ResourceType.AUTHORIZATION_POLICY);
     }

関数詳解

◆ audit()

void org.keycloak.authorization.admin.PolicyService.audit	(	AbstractPolicyRepresentation	resource,
		String	id,
		OperationType	operation
	)

inlineprivate

                                                                                                   {
         if (authorization.getRealm().isAdminEventsEnabled()) {
             if (id != null) {
                 adminEvent.operation(operation).resourcePath(session.getContext().getUri(), id).representation(resource).success();
             } else {
                 adminEvent.operation(operation).resourcePath(session.getContext().getUri()).representation(resource).success();
             }
         }
     }

◆ create() [1/2]

Response org.keycloak.authorization.admin.PolicyService.create ( String payload )

inline

                                            {
         if (auth != null) {
             this.auth.realm().requireManageAuthorization();
         }
 
         AbstractPolicyRepresentation representation = doCreateRepresentation(payload);
         Policy policy = create(representation);
 
         representation.setId(policy.getId());
 
         audit(representation, representation.getId(), OperationType.CREATE);
 
         return Response.status(Status.CREATED).entity(representation).build();
     }

◆ create() [2/2]

Policy org.keycloak.authorization.admin.PolicyService.create ( AbstractPolicyRepresentation representation )

inline

                                                                       {
         PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
         Policy existing = policyStore.findByName(representation.getName(), resourceServer.getId());
 
         if (existing != null) {
             throw new ErrorResponseException("Policy with name [" + representation.getName() + "] already exists", "Conflicting policy", Status.CONFLICT);
         }
 
         return policyStore.create(representation, resourceServer);
     }

◆ doCreatePolicyResource()

Object org.keycloak.authorization.admin.PolicyService.doCreatePolicyResource ( Policy policy )

inlineprotected

                                                            {
         return new PolicyResourceService(policy, resourceServer, authorization, auth, adminEvent);
     }

◆ doCreatePolicyTypeResource()

PolicyTypeService org.keycloak.authorization.admin.PolicyService.doCreatePolicyTypeResource ( String type )

inlineprotected

                                                                         {
         return new PolicyTypeService(type, resourceServer, authorization, auth, adminEvent);
     }

◆ doCreateRepresentation()

AbstractPolicyRepresentation org.keycloak.authorization.admin.PolicyService.doCreateRepresentation ( String payload )

inlineprotected

                                                                                   {
         PolicyRepresentation representation;
 
         try {
             representation = JsonSerialization.readValue(payload, PolicyRepresentation.class);
         } catch (IOException cause) {
             throw new RuntimeException("Failed to deserialize representation", cause);
         }
 
         return representation;
     }

◆ doSearch()

List<Object> org.keycloak.authorization.admin.PolicyService.doSearch	(	Integer	firstResult,
		Integer	maxResult,
		Map< String, String[]>	filters
	)

inlineprotected

                                                                                                            {
         PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
         return policyStore.findByResourceServer(filters, resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
                 .map(policy -> toRepresentation(policy, authorization))
                 .collect(Collectors.toList());
     }

◆ findAll()

Response org.keycloak.authorization.admin.PolicyService.findAll	(	@QueryParam("policyId") String	id,
		@QueryParam("name") String	name,
		@QueryParam("type") String	type,
		@QueryParam("resource") String	resource,
		@QueryParam("scope") String	scope,
		@QueryParam("permission") Boolean	permission,
		@QueryParam("owner") String	owner,
		@QueryParam("first") Integer	firstResult,
		@QueryParam("max") Integer	maxResult
	)

inline

                                                                   {
         if (auth != null) {
             this.auth.realm().requireViewAuthorization();
         }
 
         Map<String, String[]> search = new HashMap<>();
 
         if (id != null && !"".equals(id.trim())) {
             search.put("id", new String[] {id});
         }
 
         if (name != null && !"".equals(name.trim())) {
             search.put("name", new String[] {name});
         }
 
         if (type != null && !"".equals(type.trim())) {
             search.put("type", new String[] {type});
         }
 
         if (owner != null && !"".equals(owner.trim())) {
             search.put("owner", new String[] {owner});
         }
 
         StoreFactory storeFactory = authorization.getStoreFactory();
 
         if (resource != null && !"".equals(resource.trim())) {
             ResourceStore resourceStore = storeFactory.getResourceStore();
             Resource resourceModel = resourceStore.findById(resource, resourceServer.getId());
 
             if (resourceModel == null) {
                 Map<String, String[]> resourceFilters = new HashMap<>();
 
                 resourceFilters.put("name", new String[]{resource});
 
                 if (owner != null) {
                     resourceFilters.put("owner", new String[]{owner});
                 }
 
                 Set<String> resources = resourceStore.findByResourceServer(resourceFilters, resourceServer.getId(), -1, 1).stream().map(Resource::getId).collect(Collectors.toSet());
 
                 if (resources.isEmpty()) {
                     return Response.ok().build();
                 }
 
                 search.put("resource", resources.toArray(new String[resources.size()]));
             } else {
                 search.put("resource", new String[] {resourceModel.getId()});
             }
         }
 
         if (scope != null && !"".equals(scope.trim())) {
             ScopeStore scopeStore = storeFactory.getScopeStore();
             Scope scopeModel = scopeStore.findById(scope, resourceServer.getId());
 
             if (scopeModel == null) {
                 Map<String, String[]> scopeFilters = new HashMap<>();
 
                 scopeFilters.put("name", new String[]{scope});
 
                 Set<String> scopes = scopeStore.findByResourceServer(scopeFilters, resourceServer.getId(), -1, 1).stream().map(Scope::getId).collect(Collectors.toSet());
 
                 if (scopes.isEmpty()) {
                     return Response.ok().build();
                 }
 
                 search.put("scope", scopes.toArray(new String[scopes.size()]));
             } else {
                 search.put("scope", new String[] {scopeModel.getId()});
             }
         }
 
         if (permission != null) {
             search.put("permission", new String[] {permission.toString()});
         }
 
         return Response.ok(
                 doSearch(firstResult, maxResult, search))
                 .build();
     }

◆ findAssociatedPolicies()

void org.keycloak.authorization.admin.PolicyService.findAssociatedPolicies	(	Policy	policy,
		List< Policy >	policies
	)

inlineprivate

                                                                               {
         policy.getAssociatedPolicies().forEach(associated -> {
             policies.add(associated);
             findAssociatedPolicies(associated, policies);
         });
     }

◆ findByName()

Response org.keycloak.authorization.admin.PolicyService.findByName ( @QueryParam("name") String name )

inline

                                                                 {
         if (auth != null) {
             this.auth.realm().requireViewAuthorization();
         }
 
         StoreFactory storeFactory = authorization.getStoreFactory();
 
         if (name == null) {
             return Response.status(Status.BAD_REQUEST).build();
         }
 
         Policy model = storeFactory.getPolicyStore().findByName(name, this.resourceServer.getId());
 
         if (model == null) {
             return Response.status(Status.OK).build();
         }
 
         return Response.ok(toRepresentation(model, authorization)).build();
     }

◆ findPolicyProviders()

Response org.keycloak.authorization.admin.PolicyService.findPolicyProviders ( )

inline

                                           {
         if (auth != null) {
             this.auth.realm().requireViewAuthorization();
         }
 
         return Response.ok(
                 authorization.getProviderFactories().stream()
                         .filter(factory -> !factory.isInternal())
                         .map(factory -> {
                             PolicyProviderRepresentation representation = new PolicyProviderRepresentation();
 
                             representation.setName(factory.getName());
                             representation.setGroup(factory.getGroup());
                             representation.setType(factory.getId());
 
                             return representation;
                         })
                         .collect(Collectors.toList()))
                 .build();
     }

◆ getPolicyEvaluateResource()

PolicyEvaluationService org.keycloak.authorization.admin.PolicyService.getPolicyEvaluateResource ( )

inline

                                                                {
         if (auth != null) {
             this.auth.realm().requireViewAuthorization();
         }
 
         PolicyEvaluationService resource = new PolicyEvaluationService(this.resourceServer, this.authorization, this.auth);
 
         ResteasyProviderFactory.getInstance().injectProperties(resource);
 
         return resource;
     }

◆ getPolicyProviderAdminResource()

PolicyProviderAdminService org.keycloak.authorization.admin.PolicyService.getPolicyProviderAdminResource ( String policyType )

inlineprotected

                                                                                            {
         return getPolicyProviderFactory(policyType).getAdminResource(resourceServer, authorization);
     }

◆ getPolicyProviderFactory()

PolicyProviderFactory org.keycloak.authorization.admin.PolicyService.getPolicyProviderFactory ( String policyType )

inlineprotected

                                                                                 {
         return authorization.getProviderFactory(policyType);
     }

◆ getResource()

Object org.keycloak.authorization.admin.PolicyService.getResource ( @PathParam("type") String type )

inline

                                                               {
         PolicyProviderFactory providerFactory = getPolicyProviderFactory(type);
 
         if (providerFactory != null) {
             return doCreatePolicyTypeResource(type);
         }
 
         Policy policy = authorization.getStoreFactory().getPolicyStore().findById(type, resourceServer.getId());
 
         return doCreatePolicyResource(policy);
     }

◆ toRepresentation()

AbstractPolicyRepresentation org.keycloak.authorization.admin.PolicyService.toRepresentation	(	Policy	model,
		AuthorizationProvider	authorization
	)

inlineprotected

                                                                                                                {
         return ModelToRepresentation.toRepresentation(model, authorization, true, false);
     }

メンバ詳解

◆ adminEvent

final AdminEventBuilder org.keycloak.authorization.admin.PolicyService.adminEvent

protected

◆ auth

final AdminPermissionEvaluator org.keycloak.authorization.admin.PolicyService.auth

protected

◆ authorization

final AuthorizationProvider org.keycloak.authorization.admin.PolicyService.authorization

protected

◆ resourceServer

final ResourceServer org.keycloak.authorization.admin.PolicyService.resourceServer

protected

◆ session

KeycloakSession org.keycloak.authorization.admin.PolicyService.session

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java

公開メンバ関数

限定公開メンバ関数

限定公開変数類

非公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ PolicyService()

関数詳解

◆ audit()

◆ create() [1/2]

◆ create() [2/2]

◆ doCreatePolicyResource()

◆ doCreatePolicyTypeResource()

◆ doCreateRepresentation()

◆ doSearch()

◆ findAll()

◆ findAssociatedPolicies()

◆ findByName()

◆ findPolicyProviders()

◆ getPolicyEvaluateResource()

◆ getPolicyProviderAdminResource()

◆ getPolicyProviderFactory()

◆ getResource()

◆ toRepresentation()

メンバ詳解

◆ adminEvent

◆ auth

◆ authorization

◆ resourceServer

◆ session