org.keycloak.services.managers.RealmManager 連携図

公開メンバ関数
String	getContextPath ()

void	setContextPath (String contextPath)

	RealmManager (KeycloakSession session)

KeycloakSession	getSession ()

RealmModel	getKeycloakAdminstrationRealm ()

RealmModel	getRealm (String id)

RealmModel	getRealmByName (String name)

RealmModel	createRealm (String name)

RealmModel	createRealm (String id, String name)

void	setupAdminCli (RealmModel realm)

void	addQueryCompositeRoles (ClientModel realmAccess)

String	getRealmAdminClientId (RealmModel realm)

String	getRealmAdminClientId (RealmRepresentation realm)

boolean	removeRealm (RealmModel realm)

void	updateRealmEventsConfig (RealmEventsConfigRepresentation rep, RealmModel realm)

void	setupMasterAdminManagement (RealmModel realm)

void	setupImpersonationService (RealmModel realm)

void	setupBrokerService (RealmModel realm)

RealmModel	importRealm (RealmRepresentation rep)

RealmModel	importRealm (RealmRepresentation rep, boolean skipUserDependent)

List< UserModel >	searchUsers (String searchString, RealmModel realmModel)

限定公開メンバ関数
void	setupAuthenticationFlows (RealmModel realm)

void	setupRequiredActions (RealmModel realm)

void	createDefaultClientScopes (RealmModel realm)

void	setupAdminConsole (RealmModel realm)

void	setupAdminConsoleLocaleMapper (RealmModel realm)

void	setupRealmDefaults (RealmModel realm)

限定公開変数類
KeycloakSession	session

RealmProvider	model

String	contextPath = ""

非公開メンバ関数
void	setupOfflineTokens (RealmModel realm, RealmRepresentation realmRep)

void	createMasterAdminManagement (RealmModel realm)

void	checkMasterAdminManagementRoles (RealmModel realm)

void	setupRealmAdminManagement (RealmModel realm)

void	addAndSetAdminRole (String roleName, ClientModel parentClient, RoleModel parentRole)

void	checkRealmAdminManagementRoles (RealmModel realm)

void	setupAccountManagement (RealmModel realm)

boolean	postponeMasterClientSetup (RealmRepresentation rep)

boolean	hasRealmAdminManagementClient (RealmRepresentation rep)

boolean	hasAccountManagementClient (RealmRepresentation rep)

boolean	hasBrokerClient (RealmRepresentation rep)

boolean	hasAdminConsoleClient (RealmRepresentation rep)

boolean	hasAdminCliClient (RealmRepresentation rep)

boolean	hasClient (RealmRepresentation rep, String clientId)

boolean	hasRealmRole (RealmRepresentation rep, String roleName)

boolean	hasClientScope (RealmRepresentation rep, String clientScopeName)

void	setupAuthorizationServices (RealmModel realm)

void	setupClientRegistrations (RealmModel realm)

void	fireRealmPostCreate (RealmModel realm)

詳解

Per request object

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ RealmManager()

org.keycloak.services.managers.RealmManager.RealmManager ( KeycloakSession session )

inline

                                                  {
         this.session = session;
         this.model = session.realms();
     }

関数詳解

◆ addAndSetAdminRole()

void org.keycloak.services.managers.RealmManager.addAndSetAdminRole	(	String	roleName,
		ClientModel	parentClient,
		RoleModel	parentRole
	)

inlineprivate

                                                                                                      {
         RoleModel role = parentClient.addRole(roleName);
         role.setDescription("${role_" + roleName + "}");
         parentRole.addCompositeRole(role);
     }

◆ addQueryCompositeRoles()

void org.keycloak.services.managers.RealmManager.addQueryCompositeRoles ( ClientModel realmAccess )

inline

                                                                 {
         RoleModel queryClients = realmAccess.getRole(AdminRoles.QUERY_CLIENTS);
         RoleModel queryUsers = realmAccess.getRole(AdminRoles.QUERY_USERS);
         RoleModel queryGroups = realmAccess.getRole(AdminRoles.QUERY_GROUPS);
 
         RoleModel viewClients = realmAccess.getRole(AdminRoles.VIEW_CLIENTS);
         viewClients.addCompositeRole(queryClients);
         RoleModel viewUsers = realmAccess.getRole(AdminRoles.VIEW_USERS);
         viewUsers.addCompositeRole(queryUsers);
         viewUsers.addCompositeRole(queryGroups);
     }

◆ checkMasterAdminManagementRoles()

void org.keycloak.services.managers.RealmManager.checkMasterAdminManagementRoles ( RealmModel realm )

inlineprivate

                                                                    {
         RealmModel adminRealm = model.getRealmByName(Config.getAdminRealm());
         RoleModel adminRole = adminRealm.getRole(AdminRoles.ADMIN);
 
         ClientModel masterAdminClient = realm.getMasterAdminClient();
         for (String r : AdminRoles.ALL_REALM_ROLES) {
             RoleModel found = masterAdminClient.getRole(r);
             if (found == null) {
                 addAndSetAdminRole(r, masterAdminClient, adminRole);
             }
         }
         addQueryCompositeRoles(masterAdminClient);
     }

◆ checkRealmAdminManagementRoles()

void org.keycloak.services.managers.RealmManager.checkRealmAdminManagementRoles ( RealmModel realm )

inlineprivate

                                                                   {
         if (realm.getName().equals(Config.getAdminRealm())) { return; } // don't need to do this for master realm
 
         String realmAdminClientId = getRealmAdminClientId(realm);
         ClientModel realmAdminClient = realm.getClientByClientId(realmAdminClientId);
         RoleModel adminRole = realmAdminClient.getRole(AdminRoles.REALM_ADMIN);
 
         // if realm-admin role isn't in the realm model, create it
         if (adminRole == null) {
             adminRole = realmAdminClient.addRole(AdminRoles.REALM_ADMIN);
             adminRole.setDescription("${role_" + AdminRoles.REALM_ADMIN + "}");
         }
 
         for (String r : AdminRoles.ALL_REALM_ROLES) {
             RoleModel found = realmAdminClient.getRole(r);
             if (found == null) {
                 addAndSetAdminRole(r, realmAdminClient, adminRole);
             }
         }
         addQueryCompositeRoles(realmAdminClient);
     }

◆ createDefaultClientScopes()

void org.keycloak.services.managers.RealmManager.createDefaultClientScopes ( RealmModel realm )

inlineprotected

                                                                {
         DefaultClientScopes.createDefaultClientScopes(session, realm, true);
     }

◆ createMasterAdminManagement()

void org.keycloak.services.managers.RealmManager.createMasterAdminManagement ( RealmModel realm )

inlineprivate

                                                                {
         RealmModel adminRealm;
         RoleModel adminRole;
 
         if (realm.getName().equals(Config.getAdminRealm())) {
             adminRealm = realm;
 
             adminRole = realm.addRole(AdminRoles.ADMIN);
 
             RoleModel createRealmRole = realm.addRole(AdminRoles.CREATE_REALM);
             adminRole.addCompositeRole(createRealmRole);
             createRealmRole.setDescription("${role_" + AdminRoles.CREATE_REALM + "}");
         } else {
             adminRealm = model.getRealm(Config.getAdminRealm());
             adminRole = adminRealm.getRole(AdminRoles.ADMIN);
         }
         adminRole.setDescription("${role_"+AdminRoles.ADMIN+"}");
 
         ClientModel realmAdminApp = KeycloakModelUtils.createClient(adminRealm, KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName()));
         // No localized name for now
         realmAdminApp.setName(realm.getName() + " Realm");
         realmAdminApp.setBearerOnly(true);
         realm.setMasterAdminClient(realmAdminApp);
 
         for (String r : AdminRoles.ALL_REALM_ROLES) {
             RoleModel role = realmAdminApp.addRole(r);
             role.setDescription("${role_"+r+"}");
             adminRole.addCompositeRole(role);
         }
         addQueryCompositeRoles(realmAdminApp);
     }

◆ createRealm() [1/2]

RealmModel org.keycloak.services.managers.RealmManager.createRealm ( String name )

inline

                                                {
         return createRealm(name, name);
     }

◆ createRealm() [2/2]

RealmModel org.keycloak.services.managers.RealmManager.createRealm	(	String	id,
		String	name
	)

inline

                                                           {
         if (id == null) id = KeycloakModelUtils.generateId();
         RealmModel realm = model.createRealm(id, name);
         realm.setName(name);
 
         // setup defaults
         setupRealmDefaults(realm);
 
         setupMasterAdminManagement(realm);
         setupRealmAdminManagement(realm);
         setupAccountManagement(realm);
         setupBrokerService(realm);
         setupAdminConsole(realm);
         setupAdminConsoleLocaleMapper(realm);
         setupAdminCli(realm);
         setupImpersonationService(realm);
         setupAuthenticationFlows(realm);
         setupRequiredActions(realm);
         setupOfflineTokens(realm, null);
         createDefaultClientScopes(realm);
         setupAuthorizationServices(realm);
         setupClientRegistrations(realm);
 
         fireRealmPostCreate(realm);
 
         return realm;
     }

◆ fireRealmPostCreate()

void org.keycloak.services.managers.RealmManager.fireRealmPostCreate ( RealmModel realm )

inlineprivate

                                                        {
         session.getKeycloakSessionFactory().publish(new RealmModel.RealmPostCreateEvent() {
             @Override
             public RealmModel getCreatedRealm() {
                 return realm;
             }
             @Override
             public KeycloakSession getKeycloakSession() {
                 return session;
             }
         });
 
     }

◆ getContextPath()

String org.keycloak.services.managers.RealmManager.getContextPath ( )

inline

                                    {
         return contextPath;
     }

◆ getKeycloakAdminstrationRealm()

RealmModel org.keycloak.services.managers.RealmManager.getKeycloakAdminstrationRealm ( )

inline

                                                       {
         return getRealm(Config.getAdminRealm());
     }

◆ getRealm()

RealmModel org.keycloak.services.managers.RealmManager.getRealm ( String id )

inline

                                           {
         return model.getRealm(id);
     }

◆ getRealmAdminClientId() [1/2]

String org.keycloak.services.managers.RealmManager.getRealmAdminClientId ( RealmModel realm )

inline

                                                           {
         return Constants.REALM_MANAGEMENT_CLIENT_ID;
     }

◆ getRealmAdminClientId() [2/2]

String org.keycloak.services.managers.RealmManager.getRealmAdminClientId ( RealmRepresentation realm )

inline

                                                                    {
         return Constants.REALM_MANAGEMENT_CLIENT_ID;
     }

◆ getRealmByName()

RealmModel org.keycloak.services.managers.RealmManager.getRealmByName ( String name )

inline

                                                   {
         return model.getRealmByName(name);
     }

◆ getSession()

KeycloakSession org.keycloak.services.managers.RealmManager.getSession ( )

inline

                                         {
         return session;
     }

◆ hasAccountManagementClient()

boolean org.keycloak.services.managers.RealmManager.hasAccountManagementClient ( RealmRepresentation rep )

inlineprivate

                                                                         {
         return hasClient(rep, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
     }

◆ hasAdminCliClient()

boolean org.keycloak.services.managers.RealmManager.hasAdminCliClient ( RealmRepresentation rep )

inlineprivate

                                                                {
         return hasClient(rep, Constants.ADMIN_CLI_CLIENT_ID);
     }

◆ hasAdminConsoleClient()

boolean org.keycloak.services.managers.RealmManager.hasAdminConsoleClient ( RealmRepresentation rep )

inlineprivate

                                                                    {
         return hasClient(rep, Constants.ADMIN_CONSOLE_CLIENT_ID);
     }

◆ hasBrokerClient()

boolean org.keycloak.services.managers.RealmManager.hasBrokerClient ( RealmRepresentation rep )

inlineprivate

                                                              {
         return hasClient(rep, Constants.BROKER_SERVICE_CLIENT_ID);
     }

◆ hasClient()

boolean org.keycloak.services.managers.RealmManager.hasClient	(	RealmRepresentation	rep,
		String	clientId
	)

inlineprivate

                                                                         {
         if (rep.getClients() != null) {
             for (ClientRepresentation clientRep : rep.getClients()) {
                 if (clientRep.getClientId() != null && clientRep.getClientId().equals(clientId)) {
                     return true;
                 }
             }
         }
 
         // TODO: Just for compatibility with old versions. Should be removed later...
         if (rep.getApplications() != null) {
             for (ApplicationRepresentation clientRep : rep.getApplications()) {
                 if (clientRep.getName().equals(clientId)) {
                     return true;
                 }
             }
         }
         if (rep.getOauthClients() != null) {
             for (OAuthClientRepresentation clientRep : rep.getOauthClients()) {
                 if (clientRep.getName().equals(clientId)) {
                     return true;
                 }
             }
         }
 
         return false;
     }

◆ hasClientScope()

boolean org.keycloak.services.managers.RealmManager.hasClientScope	(	RealmRepresentation	rep,
		String	clientScopeName
	)

inlineprivate

                                                                                     {
         if (rep.getClientScopes() == null) {
             return false;
         }
 
         for (ClientScopeRepresentation clientScope : rep.getClientScopes()) {
             if (clientScopeName.equals(clientScope.getName())) {
                 return true;
             }
         }
 
         return false;
     }

◆ hasRealmAdminManagementClient()

boolean org.keycloak.services.managers.RealmManager.hasRealmAdminManagementClient ( RealmRepresentation rep )

inlineprivate

                                                                            {
         String realmAdminClientId =  Config.getAdminRealm().equals(rep.getRealm()) ?  KeycloakModelUtils.getMasterRealmAdminApplicationClientId(rep.getRealm()) : getRealmAdminClientId(rep);
         return hasClient(rep, realmAdminClientId);
     }

◆ hasRealmRole()

boolean org.keycloak.services.managers.RealmManager.hasRealmRole	(	RealmRepresentation	rep,
		String	roleName
	)

inlineprivate

                                                                            {
         if (rep.getRoles() == null || rep.getRoles().getRealm() == null) {
             return false;
         }
 
         for (RoleRepresentation role : rep.getRoles().getRealm()) {
             if (roleName.equals(role.getName())) {
                 return true;
             }
         }
 
         return false;
     }

◆ importRealm() [1/2]

RealmModel org.keycloak.services.managers.RealmManager.importRealm ( RealmRepresentation rep )

inline

                                                            {
         return importRealm(rep, false);
     }

◆ importRealm() [2/2]

RealmModel org.keycloak.services.managers.RealmManager.importRealm	(	RealmRepresentation	rep,
		boolean	skipUserDependent
	)

inline

if "skipUserDependent" is true, then import of any models, which needs users already imported in DB, will be skipped. For example authorization

                                                                                       {
         String id = rep.getId();
         if (id == null) {
             id = KeycloakModelUtils.generateId();
         }
         RealmModel realm = model.createRealm(id, rep.getRealm());
         realm.setName(rep.getRealm());
 
         // setup defaults
 
         setupRealmDefaults(realm);
 
         boolean postponeMasterClientSetup = postponeMasterClientSetup(rep);
         if (!postponeMasterClientSetup) {
             setupMasterAdminManagement(realm);
         }
 
         if (!hasRealmAdminManagementClient(rep)) setupRealmAdminManagement(realm);
         if (!hasAccountManagementClient(rep)) setupAccountManagement(realm);
 
         boolean postponeImpersonationSetup = false;
         if (hasRealmAdminManagementClient(rep)) {
             postponeImpersonationSetup = true;
         } else {
             setupImpersonationService(realm);
         }
 
 
         if (!hasBrokerClient(rep)) setupBrokerService(realm);
         if (!hasAdminConsoleClient(rep)) setupAdminConsole(realm);
 
         boolean postponeAdminCliSetup = false;
         if (!hasAdminCliClient(rep)) {
             if (hasRealmAdminManagementClient(rep)) {
                 postponeAdminCliSetup = true;
             } else {
                 setupAdminCli(realm);
             }
         }
 
         if (!hasRealmRole(rep, Constants.OFFLINE_ACCESS_ROLE) || !hasClientScope(rep, Constants.OFFLINE_ACCESS_ROLE)) {
             setupOfflineTokens(realm, rep);
         }
 
         if (rep.getClientScopes() == null) {
             createDefaultClientScopes(realm);
         }
 
         RepresentationToModel.importRealm(session, rep, realm, skipUserDependent);
         List<ClientRepresentation> clients = rep.getClients();
 
         if (clients != null) {
             ClientManager clientManager = new ClientManager(new RealmManager(session));
 
             for (ClientRepresentation client : clients) {
                 ClientModel clientModel = realm.getClientById(client.getId());
 
                 if (clientModel.isServiceAccountsEnabled()) {
                     clientManager.enableServiceAccount(clientModel);
                 }
 
                 if (Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) {
                     RepresentationToModel.createResourceServer(clientModel, session, true);
                 }
             }
         }
 
         setupAdminConsoleLocaleMapper(realm);
 
         if (postponeMasterClientSetup) {
             setupMasterAdminManagement(realm);
         }
 
         // Assert all admin roles are available once import took place. This is needed due to import from previous version where JSON file may not contain all admin roles
         checkMasterAdminManagementRoles(realm);
         checkRealmAdminManagementRoles(realm);
 
         // Could happen when migrating from older version and I have exported JSON file, which contains "realm-management" client but not "impersonation" client
         // I need to postpone impersonation because it needs "realm-management" client and its roles set
         if (postponeImpersonationSetup) {
             setupImpersonationService(realm);
             String realmAdminClientId = getRealmAdminClientId(realm);
          }
 
         if (postponeAdminCliSetup) {
             setupAdminCli(realm);
         }
 
         setupAuthenticationFlows(realm);
         setupRequiredActions(realm);
 
         // Refresh periodic sync tasks for configured storageProviders
         List<UserStorageProviderModel> storageProviders = realm.getUserStorageProviders();
         UserStorageSyncManager storageSync = new UserStorageSyncManager();
         for (UserStorageProviderModel provider : storageProviders) {
             storageSync.notifyToRefreshPeriodicSync(session, realm, provider, false);
         }
 
         setupAuthorizationServices(realm);
         setupClientRegistrations(realm);
 
         if (rep.getKeycloakVersion() != null) {
             MigrationModelManager.migrateImport(session, realm, rep, skipUserDependent);
         }
 
         fireRealmPostCreate(realm);
 
         return realm;
     }

◆ postponeMasterClientSetup()

boolean org.keycloak.services.managers.RealmManager.postponeMasterClientSetup ( RealmRepresentation rep )

inlineprivate

                                                                        {
         if (!Config.getAdminRealm().equals(rep.getRealm())) {
             return false;
         }
 
         return hasRealmAdminManagementClient(rep);
     }

◆ removeRealm()

boolean org.keycloak.services.managers.RealmManager.removeRealm ( RealmModel realm )

inline

                                                  {
 
         ClientModel masterAdminClient = realm.getMasterAdminClient();
         boolean removed = model.removeRealm(realm.getId());
         if (removed) {
             if (masterAdminClient != null) {
                 new ClientManager(this).removeClient(getKeycloakAdminstrationRealm(), masterAdminClient);
             }
 
             UserSessionProvider sessions = session.sessions();
             if (sessions != null) {
                 sessions.onRealmRemoved(realm);
             }
 
             UserSessionPersisterProvider sessionsPersister = session.getProvider(UserSessionPersisterProvider.class);
             if (sessionsPersister != null) {
                 sessionsPersister.onRealmRemoved(realm);
             }
 
             AuthenticationSessionProvider authSessions = session.authenticationSessions();
             if (authSessions != null) {
                 authSessions.onRealmRemoved(realm);
             }
 
           // Refresh periodic sync tasks for configured storageProviders
             List<UserStorageProviderModel> storageProviders = realm.getUserStorageProviders();
             UserStorageSyncManager storageSync = new UserStorageSyncManager();
             for (UserStorageProviderModel provider : storageProviders) {
                 storageSync.notifyToRefreshPeriodicSync(session, realm, provider, true);
             }
 
         }
         return removed;
     }

◆ searchUsers()

List<UserModel> org.keycloak.services.managers.RealmManager.searchUsers	(	String	searchString,
		RealmModel	realmModel
	)

inline

Query users based on a search string:

"Bill Burke" first and last name "bburke@redhat.com" email "Burke" lastname or username

引数

searchString
realmModel

戻り値

                                                                                    {
         if (searchString == null) {
             return Collections.emptyList();
         }
         return session.users().searchForUser(searchString.trim(), realmModel);
     }

◆ setContextPath()

void org.keycloak.services.managers.RealmManager.setContextPath ( String contextPath )

inline

                                                    {
         this.contextPath = contextPath;
     }

◆ setupAccountManagement()

void org.keycloak.services.managers.RealmManager.setupAccountManagement ( RealmModel realm )

inlineprivate

                                                           {
         ClientModel client = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
         if (client == null) {
             client = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
             client.setName("${client_" + Constants.ACCOUNT_MANAGEMENT_CLIENT_ID + "}");
             client.setEnabled(true);
             client.setFullScopeAllowed(false);
             String base = contextPath + "/realms/" + realm.getName() + "/account";
             String redirectUri = base + "/*";
             client.addRedirectUri(redirectUri);
             client.setBaseUrl(base);
             client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
 
             for (String role : AccountRoles.ALL) {
                 client.addDefaultRole(role);
                 RoleModel roleModel = client.getRole(role);
                 roleModel.setDescription("${role_" + role + "}");
             }
             RoleModel manageAccountLinks = client.addRole(AccountRoles.MANAGE_ACCOUNT_LINKS);
             manageAccountLinks.setDescription("${role_" + AccountRoles.MANAGE_ACCOUNT_LINKS + "}");
             RoleModel manageAccount = client.getRole(AccountRoles.MANAGE_ACCOUNT);
             manageAccount.addCompositeRole(manageAccountLinks);
         }
     }

◆ setupAdminCli()

void org.keycloak.services.managers.RealmManager.setupAdminCli ( RealmModel realm )

inline

                                                 {
         ClientModel adminCli = realm.getClientByClientId(Constants.ADMIN_CLI_CLIENT_ID);
         if (adminCli == null) {
             adminCli = KeycloakModelUtils.createClient(realm, Constants.ADMIN_CLI_CLIENT_ID);
             adminCli.setName("${client_" + Constants.ADMIN_CLI_CLIENT_ID + "}");
             adminCli.setEnabled(true);
             adminCli.setPublicClient(true);
             adminCli.setFullScopeAllowed(false);
             adminCli.setStandardFlowEnabled(false);
             adminCli.setDirectAccessGrantsEnabled(true);
             adminCli.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
         }
 
     }

◆ setupAdminConsole()

void org.keycloak.services.managers.RealmManager.setupAdminConsole ( RealmModel realm )

inlineprotected

                                                        {
         ClientModel adminConsole = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
         if (adminConsole == null) adminConsole = KeycloakModelUtils.createClient(realm, Constants.ADMIN_CONSOLE_CLIENT_ID);
         adminConsole.setName("${client_" + Constants.ADMIN_CONSOLE_CLIENT_ID + "}");
         String baseUrl = contextPath + "/admin/" + realm.getName() + "/console";
         adminConsole.setBaseUrl(baseUrl + "/index.html");
         adminConsole.setEnabled(true);
         adminConsole.setPublicClient(true);
         adminConsole.addRedirectUri(baseUrl + "/*");
         adminConsole.setFullScopeAllowed(false);
         adminConsole.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
     }

◆ setupAdminConsoleLocaleMapper()

void org.keycloak.services.managers.RealmManager.setupAdminConsoleLocaleMapper ( RealmModel realm )

inlineprotected

                                                                    {
         ClientModel adminConsole = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
         ProtocolMapperModel localeMapper = adminConsole.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, OIDCLoginProtocolFactory.LOCALE);
 
         if (localeMapper == null) {
             localeMapper = ProtocolMapperUtils.findLocaleMapper(session);
             if (localeMapper != null) {
                 adminConsole.addProtocolMapper(localeMapper);
             }
         }
     }

◆ setupAuthenticationFlows()

void org.keycloak.services.managers.RealmManager.setupAuthenticationFlows ( RealmModel realm )

inlineprotected

                                                               {
         if (realm.getAuthenticationFlows().size() == 0) DefaultAuthenticationFlows.addFlows(realm);
     }

◆ setupAuthorizationServices()

void org.keycloak.services.managers.RealmManager.setupAuthorizationServices ( RealmModel realm )

inlineprivate

                                                               {
         KeycloakModelUtils.setupAuthorizationServices(realm);
     }

◆ setupBrokerService()

void org.keycloak.services.managers.RealmManager.setupBrokerService ( RealmModel realm )

inline

                                                      {
         ClientModel client = realm.getClientByClientId(Constants.BROKER_SERVICE_CLIENT_ID);
         if (client == null) {
             client = KeycloakModelUtils.createClient(realm, Constants.BROKER_SERVICE_CLIENT_ID);
             client.setEnabled(true);
             client.setName("${client_" + Constants.BROKER_SERVICE_CLIENT_ID + "}");
             client.setFullScopeAllowed(false);
             client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
 
             for (String role : Constants.BROKER_SERVICE_ROLES) {
                 RoleModel roleModel = client.addRole(role);
                 roleModel.setDescription("${role_"+ role.toLowerCase().replaceAll("_", "-") +"}");
             }
         }
     }

◆ setupClientRegistrations()

void org.keycloak.services.managers.RealmManager.setupClientRegistrations ( RealmModel realm )

inlineprivate

                                                             {
         DefaultClientRegistrationPolicies.addDefaultPolicies(realm);
     }

◆ setupImpersonationService()

void org.keycloak.services.managers.RealmManager.setupImpersonationService ( RealmModel realm )

inline

                                                             {
         ImpersonationConstants.setupImpersonationService(session, realm);
     }

◆ setupMasterAdminManagement()

void org.keycloak.services.managers.RealmManager.setupMasterAdminManagement ( RealmModel realm )

inline

                                                              {
         // Need to refresh masterApp for current realm
         String adminRealmId = Config.getAdminRealm();
         RealmModel adminRealm = model.getRealm(adminRealmId);
         ClientModel masterApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName()));
         if (masterApp != null) {
             realm.setMasterAdminClient(masterApp);
         }  else {
             createMasterAdminManagement(realm);
         }
     }

◆ setupOfflineTokens()

void org.keycloak.services.managers.RealmManager.setupOfflineTokens	(	RealmModel	realm,
		RealmRepresentation	realmRep
	)

inlineprivate

                                                                                     {
         RoleModel offlineRole = KeycloakModelUtils.setupOfflineRole(realm);
 
         if (realmRep != null && hasRealmRole(realmRep, Constants.OFFLINE_ACCESS_ROLE)) {
             // Case when realmRep had the offline_access role, but not the offline_access client scope. Need to manually remove the role
             List<RoleRepresentation> realmRoles = realmRep.getRoles().getRealm();
             for (RoleRepresentation role : realmRoles) {
                 if (Constants.OFFLINE_ACCESS_ROLE.equals(role.getName())) {
                     realmRoles.remove(role);
                     break;
                 }
             }
         }
 
         if (realmRep == null || !hasClientScope(realmRep, Constants.OFFLINE_ACCESS_ROLE)) {
             DefaultClientScopes.createOfflineAccessClientScope(realm, offlineRole);
         }
     }

◆ setupRealmAdminManagement()

void org.keycloak.services.managers.RealmManager.setupRealmAdminManagement ( RealmModel realm )

inlineprivate

                                                              {
         if (realm.getName().equals(Config.getAdminRealm())) { return; } // don't need to do this for master realm
 
         String realmAdminClientId = getRealmAdminClientId(realm);
         ClientModel realmAdminClient = realm.getClientByClientId(realmAdminClientId);
         if (realmAdminClient == null) {
             realmAdminClient = KeycloakModelUtils.createClient(realm, realmAdminClientId);
             realmAdminClient.setName("${client_" + realmAdminClientId + "}");
         }
         RoleModel adminRole = realmAdminClient.addRole(AdminRoles.REALM_ADMIN);
         adminRole.setDescription("${role_" + AdminRoles.REALM_ADMIN + "}");
         realmAdminClient.setBearerOnly(true);
         realmAdminClient.setFullScopeAllowed(false);
         realmAdminClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
 
         for (String r : AdminRoles.ALL_REALM_ROLES) {
             addAndSetAdminRole(r, realmAdminClient, adminRole);
         }
         addQueryCompositeRoles(realmAdminClient);
     }

◆ setupRealmDefaults()

void org.keycloak.services.managers.RealmManager.setupRealmDefaults ( RealmModel realm )

inlineprotected

                                                         {
         realm.setBrowserSecurityHeaders(BrowserSecurityHeaders.defaultHeaders);
 
         // brute force
         realm.setBruteForceProtected(false); // default settings off for now todo set it on
         realm.setPermanentLockout(false);
         realm.setMaxFailureWaitSeconds(900);
         realm.setMinimumQuickLoginWaitSeconds(60);
         realm.setWaitIncrementSeconds(60);
         realm.setQuickLoginCheckMilliSeconds(1000);
         realm.setMaxDeltaTimeSeconds(60 * 60 * 12); // 12 hours
         realm.setFailureFactor(30);
         realm.setSslRequired(SslRequired.EXTERNAL);
         realm.setOTPPolicy(OTPPolicy.DEFAULT_POLICY);
         realm.setLoginWithEmailAllowed(true);
 
         realm.setEventsListeners(Collections.singleton("jboss-logging"));
     }

◆ setupRequiredActions()

void org.keycloak.services.managers.RealmManager.setupRequiredActions ( RealmModel realm )

inlineprotected

                                                           {
         if (realm.getRequiredActionProviders().size() == 0) DefaultRequiredActions.addActions(realm);
     }

◆ updateRealmEventsConfig()

void org.keycloak.services.managers.RealmManager.updateRealmEventsConfig	(	RealmEventsConfigRepresentation	rep,
		RealmModel	realm
	)

inline

                                                                                                {
         realm.setEventsEnabled(rep.isEventsEnabled());
         realm.setEventsExpiration(rep.getEventsExpiration() != null ? rep.getEventsExpiration() : 0);
         if (rep.getEventsListeners() != null) {
             realm.setEventsListeners(new HashSet<>(rep.getEventsListeners()));
         }
         if(rep.getEnabledEventTypes() != null) {
             realm.setEnabledEventTypes(new HashSet<>(rep.getEnabledEventTypes()));
         }
         if(rep.isAdminEventsEnabled() != null) {
             realm.setAdminEventsEnabled(rep.isAdminEventsEnabled());
         }
         if(rep.isAdminEventsDetailsEnabled() != null){
             realm.setAdminEventsDetailsEnabled(rep.isAdminEventsDetailsEnabled());
         }
     }

メンバ詳解

◆ contextPath

String org.keycloak.services.managers.RealmManager.contextPath = ""

protected

◆ model

RealmProvider org.keycloak.services.managers.RealmManager.model

protected

◆ session

KeycloakSession org.keycloak.services.managers.RealmManager.session

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/managers/RealmManager.java

公開メンバ関数

限定公開メンバ関数

限定公開変数類

非公開メンバ関数

詳解

構築子と解体子

◆ RealmManager()

関数詳解

◆ addAndSetAdminRole()

◆ addQueryCompositeRoles()

◆ checkMasterAdminManagementRoles()

◆ checkRealmAdminManagementRoles()

◆ createDefaultClientScopes()

◆ createMasterAdminManagement()

◆ createRealm() [1/2]

◆ createRealm() [2/2]

◆ fireRealmPostCreate()

◆ getContextPath()

◆ getKeycloakAdminstrationRealm()

◆ getRealm()

◆ getRealmAdminClientId() [1/2]

◆ getRealmAdminClientId() [2/2]

◆ getRealmByName()

◆ getSession()

◆ hasAccountManagementClient()

◆ hasAdminCliClient()

◆ hasAdminConsoleClient()

◆ hasBrokerClient()

◆ hasClient()

◆ hasClientScope()

◆ hasRealmAdminManagementClient()

◆ hasRealmRole()

◆ importRealm() [1/2]

◆ importRealm() [2/2]

◆ postponeMasterClientSetup()

◆ removeRealm()

◆ searchUsers()

◆ setContextPath()

◆ setupAccountManagement()

◆ setupAdminCli()

◆ setupAdminConsole()

◆ setupAdminConsoleLocaleMapper()

◆ setupAuthenticationFlows()

◆ setupAuthorizationServices()

◆ setupBrokerService()

◆ setupClientRegistrations()

◆ setupImpersonationService()

◆ setupMasterAdminManagement()

◆ setupOfflineTokens()

◆ setupRealmAdminManagement()

◆ setupRealmDefaults()

◆ setupRequiredActions()

◆ updateRealmEventsConfig()

メンバ詳解

◆ contextPath

◆ model

◆ session