Package org.keycloak.authorization.identity

Interface Identity

All Known Implementing Classes:
ClientModelIdentity, KeycloakIdentity, UserModelIdentity
public interface Identity

Represents a security identity, which can be a person or non-person entity that was previously authenticated.

An Identity plays an important role during the evaluation of policies as they represent the entity to which one or more permissions should be granted or not, providing additional information and attributes that can be relevant to the different access control methods involved during the evaluation of policies.

Author:
Pedro Igor

  • Method Summary

    Modifier and Type
    Method
    Description
    Attributes
    getAttributes()
    Returns the attributes or claims associated with this identity.
    String
    getId()
    Returns the unique identifier of this identity.
    default boolean
    hasClientRole(String clientId, String roleName)
    Indicates if this identity is granted with a client role with the given roleName.
    default boolean
    hasOneClientRole(String clientId, String... roleNames)
    Indicates if this identity is granted with a client role of one of the given roleNames.
    default boolean
    hasRealmRole(String roleName)
    Indicates if this identity is granted with a realm role with the given roleName.

  • Method Details

    • getId

      String getId()
      Returns the unique identifier of this identity.
      Returns:
      the unique identifier of this identity

    • getAttributes

      Attributes getAttributes()
      Returns the attributes or claims associated with this identity.
      Returns:
      the attributes or claims associated with this identity

    • hasRealmRole

      default boolean hasRealmRole(String roleName)
      Indicates if this identity is granted with a realm role with the given roleName.
      Parameters:
      roleName - the name of the role
      Returns:
      true if the identity has the given role. Otherwise, it returns false.

    • hasClientRole

      default boolean hasClientRole(String clientId, String roleName)
      Indicates if this identity is granted with a client role with the given roleName.
      Parameters:
      clientId - the client id
      roleName - the name of the role
      Returns:
      true if the identity has the given role. Otherwise, it returns false.

    • hasOneClientRole

      default boolean hasOneClientRole(String clientId, String... roleNames)
      Indicates if this identity is granted with a client role of one of the given roleNames.
      Parameters:
      clientId - the client id
      roleNames - list
      Returns:
      true if the identity has any of the given roles. Otherwise, it returns false.