Package org.keycloak.protocol.oauth2.cimd.clientpolicy.executor

Class AbstractClientIdMetadataDocumentExecutorFactory

java.lang.Object

org.keycloak.protocol.oauth2.cimd.clientpolicy.executor.AbstractClientIdMetadataDocumentExecutorFactory

All Implemented Interfaces:

ConfiguredProvider, EnvironmentDependentProviderFactory, ProviderFactory<ClientPolicyExecutorProvider>, ClientPolicyExecutorProviderFactory

Direct Known Subclasses:

ClientIdMetadataDocumentExecutorFactory

public abstract class AbstractClientIdMetadataDocumentExecutorFactory
extends Object
implements ClientPolicyExecutorProviderFactory, EnvironmentDependentProviderFactory

The abstract class is the factory class of AbstractClientIdMetadataDocumentExecutor.

It provides the following configurations:

• Client ID Verification / Client Metadata Verification (URL related)
• Allow http scheme: allows http scheme of a URI (for development environment)<
• Client ID Validation
• Trusted domains: only allow a URI whose hostname is under the one of the permitted domain (wildcard * can be used)
• Client Metadata Validation
• Restrict same domain: only allow {client_id} and {redirect_uri} parameter of an authorization request whose hostname is under the one of the permitted domain (wildcard * can be used)
• Required properties: only allow a client metadata that includes all required properties

Author:

Takashi Norimatsu

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ALLOW_HTTP_SCHEME
static final String	CONFIG_CIMD_PROVIDER_NAME
static final String	CONFIG_MAX_CACHE_TIME
static final String	CONFIG_MIN_CACHE_TIME
static final String	CONFIG_UPPER_LIMIT_METADATA_BYTES
protected ClientIdMetadataDocumentExecutorFactoryProviderConfig	providerConfig
static final String	REQUIRED_PROPERTIES
static final String	RESTRICT_SAME_DOMAIN
static final String	TRUSTED_DOMAINS

Constructor Summary

Constructors

Constructor	Description
AbstractClientIdMetadataDocumentExecutorFactory()

Method Summary

Modifier and Type	Method	Description
protected static void	addCommonConfigProperties(List<ProviderConfigProperty> configProperties)
void	close()	This is called when the server shuts down.
List<ProviderConfigProperty>	getConfigMetadata()	Returns the metadata for each configuration property supported by this factory.
String	getHelpText()
void	init(Config.Scope config)	Only called once when the factory is first created.
boolean	isSupported(Config.Scope config)	Check if the provider is supported and should be available based on the provider configuration.
void	postInit(KeycloakSessionFactory factory)	Called after all provider factories have been initialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.provider.ConfiguredProvider

getConfig, getConfigProperties

Methods inherited from interface org.keycloak.provider.ProviderFactory

create, dependsOn, getId, order

Field Details

ALLOW_HTTP_SCHEME

public static final String ALLOW_HTTP_SCHEME

See Also:

• Constant Field Values

TRUSTED_DOMAINS

public static final String TRUSTED_DOMAINS

See Also:

• Constant Field Values

REQUIRED_PROPERTIES

public static final String REQUIRED_PROPERTIES

See Also:

• Constant Field Values

RESTRICT_SAME_DOMAIN

public static final String RESTRICT_SAME_DOMAIN

See Also:

• Constant Field Values

CONFIG_CIMD_PROVIDER_NAME

public static final String CONFIG_CIMD_PROVIDER_NAME

See Also:

• Constant Field Values

CONFIG_MIN_CACHE_TIME

public static final String CONFIG_MIN_CACHE_TIME

See Also:

• Constant Field Values

CONFIG_MAX_CACHE_TIME

public static final String CONFIG_MAX_CACHE_TIME

See Also:

• Constant Field Values

CONFIG_UPPER_LIMIT_METADATA_BYTES

public static final String CONFIG_UPPER_LIMIT_METADATA_BYTES

See Also:

• Constant Field Values

providerConfig

protected ClientIdMetadataDocumentExecutorFactoryProviderConfig providerConfig

Constructor Details

AbstractClientIdMetadataDocumentExecutorFactory

public AbstractClientIdMetadataDocumentExecutorFactory()

Method Details

init

public void init(Config.Scope config)

Description copied from interface: ProviderFactory

Only called once when the factory is first created.

Specified by:

init in interface ProviderFactory<ClientPolicyExecutorProvider>

postInit

public void postInit(KeycloakSessionFactory factory)

Description copied from interface: ProviderFactory

Called after all provider factories have been initialized

Specified by:

postInit in interface ProviderFactory<ClientPolicyExecutorProvider>

close

public void close()

Description copied from interface: ProviderFactory

This is called when the server shuts down.

Specified by:

close in interface ProviderFactory<ClientPolicyExecutorProvider>

getHelpText

public String getHelpText()

Specified by:

getHelpText in interface ConfiguredProvider

addCommonConfigProperties

protected static void addCommonConfigProperties(List<ProviderConfigProperty> configProperties)

getConfigMetadata

public List<ProviderConfigProperty> getConfigMetadata()

Description copied from interface: ProviderFactory

Returns the metadata for each configuration property supported by this factory.

Specified by:

getConfigMetadata in interface ProviderFactory<ClientPolicyExecutorProvider>

Returns:

a list with the metadata for each configuration property supported by this factory

isSupported

public boolean isSupported(Config.Scope config)

Description copied from interface: EnvironmentDependentProviderFactory

Check if the provider is supported and should be available based on the provider configuration.

Specified by:

isSupported in interface ClientPolicyExecutorProviderFactory

Specified by:

isSupported in interface EnvironmentDependentProviderFactory

Parameters:

config - the provider configuration

Returns:

true if the provider is supported. Otherwise, false.