org.keycloak.authorization.common.KeycloakIdentity の継承関係図

org.keycloak.authorization.common.KeycloakIdentity 連携図

公開メンバ関数
	KeycloakIdentity (KeycloakSession keycloakSession)

	KeycloakIdentity (KeycloakSession keycloakSession, IDToken token)

	KeycloakIdentity (IDToken token, KeycloakSession keycloakSession, RealmModel realm)

	KeycloakIdentity (AccessToken accessToken, KeycloakSession keycloakSession)

String	getId ()

Attributes	getAttributes ()

AccessToken	getAccessToken ()

boolean	isResourceServer ()

限定公開変数類
final AccessToken	accessToken

final RealmModel	realm

final KeycloakSession	keycloakSession

final Attributes	attributes

非公開メンバ関数
ClientModel	getTargetClient ()

UserModel	getUserFromSessionState ()

詳解

著者: Pedro Igor

構築子と解体子

◆ KeycloakIdentity() [1/4]

org.keycloak.authorization.common.KeycloakIdentity.KeycloakIdentity ( KeycloakSession keycloakSession )

inline

                                                              {
         this(Tokens.getAccessToken(keycloakSession), keycloakSession);
     }

◆ KeycloakIdentity() [2/4]

org.keycloak.authorization.common.KeycloakIdentity.KeycloakIdentity	(	KeycloakSession	keycloakSession,
		IDToken	token
	)

inline

                                                                             {
         this(token, keycloakSession, keycloakSession.getContext().getRealm());
     }

◆ KeycloakIdentity() [3/4]

org.keycloak.authorization.common.KeycloakIdentity.KeycloakIdentity	(	IDToken	token,
		KeycloakSession	keycloakSession,
		RealmModel	realm
	)

inline

                                                                                               {
         if (token == null) {
             throw new ErrorResponseException("invalid_bearer_token", "Could not obtain bearer access_token from request.", Status.FORBIDDEN);
         }
         if (keycloakSession == null) {
             throw new ErrorResponseException("no_keycloak_session", "No keycloak session", Status.FORBIDDEN);
         }
         if (realm == null) {
             throw new ErrorResponseException("no_keycloak_session", "No realm set", Status.FORBIDDEN);
         }
         this.keycloakSession = keycloakSession;
         this.realm = realm;
 
         Map<String, Collection<String>> attributes = new HashMap<>();
 
         try {
             ObjectNode objectNode = JsonSerialization.createObjectNode(token);
             Iterator<String> iterator = objectNode.fieldNames();
 
             while (iterator.hasNext()) {
                 String fieldName = iterator.next();
                 JsonNode fieldValue = objectNode.get(fieldName);
                 List<String> values = new ArrayList<>();
 
                 if (fieldValue.isArray()) {
                     Iterator<JsonNode> valueIterator = fieldValue.iterator();
 
                     while (valueIterator.hasNext()) {
                         values.add(valueIterator.next().asText());
                     }
                 } else {
                     String value = fieldValue.asText();
 
                     if (StringUtil.isNullOrEmpty(value)) {
                         continue;
                     }
 
                     values.add(value);
                 }
 
                 if (!values.isEmpty()) {
                     attributes.put(fieldName, values);
                 }
             }
 
             if (token instanceof AccessToken) {
                 this.accessToken = AccessToken.class.cast(token);
             } else {
                 UserSessionProvider sessions = keycloakSession.sessions();
                 UserSessionModel userSession = sessions.getUserSession(realm, token.getSessionState());
 
                 if (userSession == null) {
                     userSession = sessions.getOfflineUserSession(realm, token.getSessionState());
                 }
 
                 ClientModel client = realm.getClientByClientId(token.getIssuedFor());
                 AuthenticatedClientSessionModel clientSessionModel = userSession.getAuthenticatedClientSessions().get(client.getId());
 
                 ClientSessionContext clientSessionCtx = DefaultClientSessionContext.fromClientSessionScopeParameter(clientSessionModel);
                 this.accessToken = new TokenManager().createClientAccessToken(keycloakSession, realm, client, userSession.getUser(), userSession, clientSessionCtx);
             }
 
             AccessToken.Access realmAccess = this.accessToken.getRealmAccess();
 
             if (realmAccess != null) {
                 attributes.put("kc.realm.roles", realmAccess.getRoles());
             }
 
             Map<String, AccessToken.Access> resourceAccess = this.accessToken.getResourceAccess();
 
             if (resourceAccess != null) {
                 resourceAccess.forEach((clientId, access) -> attributes.put("kc.client." + clientId + ".roles", access.getRoles()));
             }
         } catch (Exception e) {
             throw new RuntimeException("Error while reading attributes from security token.", e);
         }
 
         this.attributes = Attributes.from(attributes);
     }

◆ KeycloakIdentity() [4/4]

org.keycloak.authorization.common.KeycloakIdentity.KeycloakIdentity	(	AccessToken	accessToken,
		KeycloakSession	keycloakSession
	)

inline

                                                                                       {
         if (accessToken == null) {
             throw new ErrorResponseException("invalid_bearer_token", "Could not obtain bearer access_token from request.", Status.FORBIDDEN);
         }
         if (keycloakSession == null) {
             throw new ErrorResponseException("no_keycloak_session", "No keycloak session", Status.FORBIDDEN);
         }
         this.accessToken = accessToken;
         this.keycloakSession = keycloakSession;
         this.realm = keycloakSession.getContext().getRealm();
 
         Map<String, Collection<String>> attributes = new HashMap<>();
 
         try {
             ObjectNode objectNode = JsonSerialization.createObjectNode(this.accessToken);
             Iterator<String> iterator = objectNode.fieldNames();
 
             while (iterator.hasNext()) {
                 String fieldName = iterator.next();
                 JsonNode fieldValue = objectNode.get(fieldName);
                 List<String> values = new ArrayList<>();
 
                 if (fieldValue.isArray()) {
                     Iterator<JsonNode> valueIterator = fieldValue.iterator();
 
                     while (valueIterator.hasNext()) {
                         values.add(valueIterator.next().asText());
                     }
                 } else {
                     String value = fieldValue.asText();
 
                     if (StringUtil.isNullOrEmpty(value)) {
                         continue;
                     }
 
                     values.add(value);
                 }
 
                 if (!values.isEmpty()) {
                     attributes.put(fieldName, values);
                 }
             }
 
             AccessToken.Access realmAccess = accessToken.getRealmAccess();
 
             if (realmAccess != null) {
                 attributes.put("kc.realm.roles", realmAccess.getRoles());
             }
 
             Map<String, AccessToken.Access> resourceAccess = accessToken.getResourceAccess();
 
             if (resourceAccess != null) {
                 resourceAccess.forEach((clientId, access) -> attributes.put("kc.client." + clientId + ".roles", access.getRoles()));
             }
         } catch (Exception e) {
             throw new RuntimeException("Error while reading attributes from security token.", e);
         }
 
         this.attributes = Attributes.from(attributes);
     }

関数詳解

◆ getAccessToken()

AccessToken org.keycloak.authorization.common.KeycloakIdentity.getAccessToken ( )

inline

                                         {
         return this.accessToken;
     }

◆ getAttributes()

Attributes org.keycloak.authorization.common.KeycloakIdentity.getAttributes ( )

inline

                                       {
         return this.attributes;
     }

◆ getId()

String org.keycloak.authorization.common.KeycloakIdentity.getId ( )

inline

                           {
         if (isResourceServer()) {
             ClientModel client = getTargetClient();
             return client==null ? null : client.getId();
         }
 
         return this.getUserFromSessionState().getId();
     }

◆ getTargetClient()

ClientModel org.keycloak.authorization.common.KeycloakIdentity.getTargetClient ( )

inlineprivate

                                           {
         if (this.accessToken.getIssuedFor() != null) {
             return realm.getClientByClientId(accessToken.getIssuedFor());
         }
 
         if (this.accessToken.getAudience() != null && this.accessToken.getAudience().length > 0) {
             String audience = this.accessToken.getAudience()[0];
             return realm.getClientByClientId(audience);
         }
 
         return null;
     }

◆ getUserFromSessionState()

UserModel org.keycloak.authorization.common.KeycloakIdentity.getUserFromSessionState ( )

inlineprivate

                                                 {
         UserSessionProvider sessions = keycloakSession.sessions();
         UserSessionModel userSession = sessions.getUserSession(realm, accessToken.getSessionState());
 
         if (userSession == null) {
             userSession = sessions.getOfflineUserSession(realm, accessToken.getSessionState());
         }
 
         return userSession.getUser();
     }

◆ isResourceServer()

boolean org.keycloak.authorization.common.KeycloakIdentity.isResourceServer ( )

inline

                                       {
         UserModel clientUser = null;
 
         ClientModel clientModel = getTargetClient();
 
         if (clientModel != null) {
             clientUser = this.keycloakSession.users().getServiceAccount(clientModel);
         }
 
         if (clientUser == null) {
             return false;
         }
 
         return this.getUserFromSessionState().getId().equals(clientUser.getId());
     }

メンバ詳解

◆ accessToken

final AccessToken org.keycloak.authorization.common.KeycloakIdentity.accessToken

protected

◆ attributes

final Attributes org.keycloak.authorization.common.KeycloakIdentity.attributes

protected

◆ keycloakSession

final KeycloakSession org.keycloak.authorization.common.KeycloakIdentity.keycloakSession

protected

◆ realm

final RealmModel org.keycloak.authorization.common.KeycloakIdentity.realm

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authorization/common/KeycloakIdentity.java

公開メンバ関数

限定公開変数類

非公開メンバ関数

詳解

構築子と解体子

◆ KeycloakIdentity() [1/4]

◆ KeycloakIdentity() [2/4]

◆ KeycloakIdentity() [3/4]

◆ KeycloakIdentity() [4/4]

関数詳解

◆ getAccessToken()

◆ getAttributes()

◆ getId()

◆ getTargetClient()

◆ getUserFromSessionState()

◆ isResourceServer()

メンバ詳解

◆ accessToken

◆ attributes

◆ keycloakSession

◆ realm