Package org.keycloak.utils
Class RoleResolveUtil
- java.lang.Object
-
- org.keycloak.utils.RoleResolveUtil
-
public class RoleResolveUtil extends Object
Helper class to ensure that all the user's permitted roles (including composite roles) are loaded just once per request. Then all underlying protocolMappers can consume them.- Author:
- Marek Posolda
-
-
Constructor Summary
Constructors Constructor Description RoleResolveUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static Map<String,org.keycloak.representations.AccessToken.Access>getAllResolvedClientRoles(org.keycloak.models.KeycloakSession session, org.keycloak.models.ClientSessionContext clientSessionCtx)Object (but can be empty map) containing all the user's client roles of all clients.static org.keycloak.representations.AccessToken.AccessgetResolvedClientRoles(org.keycloak.models.KeycloakSession session, org.keycloak.models.ClientSessionContext clientSessionCtx, String clientId, boolean createIfMissing)Object (possibly null) containing all the user's client roles of client specified by clientId.static org.keycloak.representations.AccessToken.AccessgetResolvedRealmRoles(org.keycloak.models.KeycloakSession session, org.keycloak.models.ClientSessionContext clientSessionCtx, boolean createIfMissing)Object (possibly null) containing all the user's realm roles.
-
-
-
Method Detail
-
getResolvedRealmRoles
public static org.keycloak.representations.AccessToken.Access getResolvedRealmRoles(org.keycloak.models.KeycloakSession session, org.keycloak.models.ClientSessionContext clientSessionCtx, boolean createIfMissing)Object (possibly null) containing all the user's realm roles. Including user's groups roles. Composite roles are expanded. Just the roles, which current client has role-scope-mapping for (or it's clientScopes) are included. Current client means the client corresponding to specified clientSessionCtx.- Parameters:
session-clientSessionCtx-createIfMissing-- Returns:
- can return null (just in case that createIfMissing is false)
-
getResolvedClientRoles
public static org.keycloak.representations.AccessToken.Access getResolvedClientRoles(org.keycloak.models.KeycloakSession session, org.keycloak.models.ClientSessionContext clientSessionCtx, String clientId, boolean createIfMissing)Object (possibly null) containing all the user's client roles of client specified by clientId. Including user's groups roles. Composite roles are expanded. Just the roles, which current client has role-scope-mapping for (or it's clientScopes) are included. Current client means the client corresponding to specified clientSessionCtx.- Parameters:
session-clientSessionCtx-clientId-createIfMissing-- Returns:
- can return null (just in case that createIfMissing is false)
-
getAllResolvedClientRoles
public static Map<String,org.keycloak.representations.AccessToken.Access> getAllResolvedClientRoles(org.keycloak.models.KeycloakSession session, org.keycloak.models.ClientSessionContext clientSessionCtx)
Object (but can be empty map) containing all the user's client roles of all clients. Including user's groups roles. Composite roles are expanded. Just the roles, which current client has role-scope-mapping for (or it's clientScopes) are included. Current client means the client corresponding to specified clientSessionCtx.- Parameters:
session-clientSessionCtx-- Returns:
- not-null object (can return empty map)
-
-