org.keycloak.authorization.protection.permission.AbstractPermissionService の継承関係図

org.keycloak.authorization.protection.permission.AbstractPermissionService 連携図

公開メンバ関数
	AbstractPermissionService (KeycloakIdentity identity, ResourceServer resourceServer, AuthorizationProvider authorization)

Response	create (List< PermissionRequest > request)

非公開メンバ関数
List< Permission >	verifyRequestedResource (List< PermissionRequest > request)

Set< String >	verifyRequestedScopes (PermissionRequest request, Resource resource)

String	createPermissionTicket (List< PermissionRequest > request)

非公開変数類
final AuthorizationProvider	authorization

final KeycloakIdentity	identity

final ResourceServer	resourceServer

詳解

著者: Pedro Igor

構築子と解体子

◆ AbstractPermissionService()

org.keycloak.authorization.protection.permission.AbstractPermissionService.AbstractPermissionService	(	KeycloakIdentity	identity,
		ResourceServer	resourceServer,
		AuthorizationProvider	authorization
	)

inline

                                                                                                                                     {
         this.identity = identity;
         this.resourceServer = resourceServer;
         this.authorization = authorization;
     }

関数詳解

◆ create()

Response org.keycloak.authorization.protection.permission.AbstractPermissionService.create ( List< PermissionRequest > request )

inline

                                                             {
         if (request == null || request.isEmpty()) {
             throw new ErrorResponseException("invalid_permission_request", "Invalid permission request.", Response.Status.BAD_REQUEST);
         }
 
         return Response.status(Response.Status.CREATED).entity(new PermissionResponse(createPermissionTicket(request))).build();
     }

◆ createPermissionTicket()

String org.keycloak.authorization.protection.permission.AbstractPermissionService.createPermissionTicket ( List< PermissionRequest > request )

inlineprivate

                                                                            {
         List<Permission> permissions = verifyRequestedResource(request);
 
         ClientModel targetClient = authorization.getRealm().getClientById(resourceServer.getId());
         PermissionTicketToken token = new PermissionTicketToken(permissions, targetClient.getClientId(), this.identity.getAccessToken());
         Map<String, List<String>> claims = new HashMap<>();
 
         for (PermissionRequest permissionRequest : request) {
             Map<String, List<String>> requestClaims = permissionRequest.getClaims();
 
             if (requestClaims != null) {
                 claims.putAll(requestClaims);
             }
         }
 
         if (!claims.isEmpty()) {
             token.setClaims(claims);
         }
 
         return this.authorization.getKeycloakSession().tokens().encode(token);
     }

◆ verifyRequestedResource()

List<Permission> org.keycloak.authorization.protection.permission.AbstractPermissionService.verifyRequestedResource ( List< PermissionRequest > request )

inlineprivate

                                                                                       {
         ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
         List<Permission> requestedResources = new ArrayList<>();
 
         for (PermissionRequest permissionRequest : request) {
             String resourceSetId = permissionRequest.getResourceId();
             List<Resource> resources = new ArrayList<>();
 
             if (resourceSetId == null) {
                 if (permissionRequest.getScopes() == null || permissionRequest.getScopes().isEmpty()) {
                     throw new ErrorResponseException("invalid_resource_id", "Resource id or name not provided.", Response.Status.BAD_REQUEST);
                 }
             } else {
                 Resource resource = resourceStore.findById(resourceSetId, resourceServer.getId());
 
                 if (resource != null) {
                     resources.add(resource);
                 } else {
                     Resource userResource = resourceStore.findByName(resourceSetId, identity.getId(), this.resourceServer.getId());
 
                     if (userResource != null) {
                         resources.add(userResource);
                     }
 
                     if (!identity.isResourceServer()) {
                         Resource serverResource = resourceStore.findByName(resourceSetId, this.resourceServer.getId());
 
                         if (serverResource != null) {
                             resources.add(serverResource);
                         }
                     }
                 }
 
                 if (resources.isEmpty()) {
                     throw new ErrorResponseException("invalid_resource_id", "Resource set with id [" + resourceSetId + "] does not exists in this server.", Response.Status.BAD_REQUEST);
                 }
             }
 
             if (resources.isEmpty()) {
                 requestedResources.add(new Permission(null, verifyRequestedScopes(permissionRequest, null)));
             } else {
                 for (Resource resource : resources) {
                     requestedResources.add(new Permission(resource.getId(), verifyRequestedScopes(permissionRequest, resource)));
                 }
             }
         }
 
         return requestedResources;
     }

◆ verifyRequestedScopes()

Set<String> org.keycloak.authorization.protection.permission.AbstractPermissionService.verifyRequestedScopes	(	PermissionRequest	request,
		Resource	resource
	)

inlineprivate

                                                                                             {
         Set<String> requestScopes = request.getScopes();
 
         if (requestScopes == null) {
             return Collections.emptySet();
         }
 
         ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
 
         return requestScopes.stream().map(scopeName -> {
             Scope scope = null;
 
             if (resource != null) {
                 scope = resource.getScopes().stream().filter(scope1 -> scope1.getName().equals(scopeName)).findFirst().orElse(null);
 
                 if (scope == null && resource.getType() != null) {
                     scope = resourceStore.findByType(resource.getType(), resourceServer.getId()).stream()
                             .filter(baseResource -> baseResource.getOwner().equals(resource.getResourceServer().getId()))
                             .flatMap(resource1 -> resource1.getScopes().stream())
                             .filter(baseScope -> baseScope.getName().equals(scopeName)).findFirst().orElse(null);
                 }
             } else {
                 scope = authorization.getStoreFactory().getScopeStore().findByName(scopeName, resourceServer.getId());
             }
 
             if (scope == null) {
                 throw new ErrorResponseException("invalid_scope", "Scope [" + scopeName + "] is invalid", Response.Status.BAD_REQUEST);
             }
 
             return scope.getName();
         }).collect(Collectors.toSet());
     }

メンバ詳解

◆ authorization

final AuthorizationProvider org.keycloak.authorization.protection.permission.AbstractPermissionService.authorization

private

◆ identity

final KeycloakIdentity org.keycloak.authorization.protection.permission.AbstractPermissionService.identity

private

◆ resourceServer

final ResourceServer org.keycloak.authorization.protection.permission.AbstractPermissionService.resourceServer

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java

公開メンバ関数

非公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ AbstractPermissionService()

関数詳解

◆ create()

◆ createPermissionTicket()

◆ verifyRequestedResource()

◆ verifyRequestedScopes()

メンバ詳解

◆ authorization

◆ identity

◆ resourceServer