org.keycloak.policy.BlacklistPasswordPolicyProviderFactory クラス

org.keycloak.policy.BlacklistPasswordPolicyProviderFactory の継承関係図

org.keycloak.policy.BlacklistPasswordPolicyProviderFactory 連携図

クラス
class	FileBasedPasswordBlacklist
interface	PasswordBlacklist

公開メンバ関数
PasswordPolicyProvider	create (KeycloakSession session)
void	init (Config.Scope config)
void	postInit (KeycloakSessionFactory factory)
void	close ()
String	getDisplayName ()
String	getConfigType ()
String	getDefaultConfigValue ()
boolean	isMultiplSupported ()
String	getId ()
PasswordBlacklist	resolvePasswordBlacklist (String blacklistName)
default int	order ()

静的公開変数類
static final String	ID = "passwordBlacklist"
static final String	SYSTEM_PROPERTY = "keycloak.password.blacklists.path"
static final String	BLACKLISTS_PATH_PROPERTY = "blacklistsPath"
static final String	JBOSS_SERVER_DATA_DIR = "jboss.server.data.dir"
static final String	PASSWORD_BLACKLISTS_FOLDER = "password-blacklists/"

非公開変数類
ConcurrentMap< String, FileBasedPasswordBlacklist >	blacklistRegistry = new ConcurrentHashMap<>()
volatile Path	blacklistsBasePath
Config.Scope	config

静的非公開変数類
static final Logger	LOG = Logger.getLogger(BlacklistPasswordPolicyProviderFactory.class)

詳解

Creates BlacklistPasswordPolicyProvider instances.

Password blacklists are simple text files where every line is a blacklisted password delimited by

\n 

. Blacklist files are discovered and registered at startup.

Blacklists can be configured via the Authentication: Password Policy section in the admin-console. A blacklist-file is referred to by its name in the policy configuration.

Users can provide custom blacklists by adding a blacklist password file to the configured blacklist folder.

The location of the password-blacklists folder is derived as follows

1. the value of the System property

   keycloak.password.blacklists.path 

   if configured - fails if folder is missing
2. the value of the SPI config property:

   blacklistsPath 

   when explicitly configured - fails if folder is missing
3. otherwise

   ${jboss.server.data.dir}/password-blacklists/ 

   if nothing else is configured - the folder is created automatically if not present

Note that the preferred way for configuration is to copy the password file to the

${jboss.server.data.dir}/password-blacklists/ 

folder

To configure a password blacklist via the SPI configuration, run the following jboss-cli script:

/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsPath, value=/data/keycloak/blacklists/)
 

A password blacklist with the filename

10_million_password_list_top_1000000-password-blacklist.txt 

that is located beneath

/data/keycloak/blacklists/ 

can be referred to as

10_million_password_list_top_1000000-password-blacklist.txt 

in the Authentication: Password Policy configuration.

著者

Thomas Darimont

関数詳解

close()

void org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.close ( )

inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

                        {
    }

create()

PasswordPolicyProvider org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.create ( KeycloakSession  session )

inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

                                                                  {
        if (this.blacklistsBasePath == null) {
            synchronized (this) {
                if (this.blacklistsBasePath == null) {
                    this.blacklistsBasePath = FileBasedPasswordBlacklist.detectBlacklistsBasePath(config);
                }
            }
        }
        return new BlacklistPasswordPolicyProvider(session.getContext(), this);
    }

getConfigType()

String org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.getConfigType ( )

inline

org.keycloak.policy.PasswordPolicyProviderFactoryを実装しています。

                                  {
        return PasswordPolicyProvider.STRING_CONFIG_TYPE;
    }

getDefaultConfigValue()

String org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.getDefaultConfigValue ( )

inline

org.keycloak.policy.PasswordPolicyProviderFactoryを実装しています。

                                          {
        return "";
    }

getDisplayName()

String org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.getDisplayName ( )

inline

org.keycloak.policy.PasswordPolicyProviderFactoryを実装しています。

                                   {
        return "Password Blacklist";
    }

getId()

String org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.getId ( )

inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

                          {
        return ID;
    }

init()

void org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.init ( Config.Scope  config )

inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

                                          {
        this.config = config;
    }

isMultiplSupported()

boolean org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.isMultiplSupported ( )

inline

org.keycloak.policy.PasswordPolicyProviderFactoryを実装しています。

                                        {
        return false;
    }

order()

default int org.keycloak.provider.ProviderFactory< T extends Provider >.order ( )

inlineinherited

org.keycloak.protocol.docker.DockerAuthV2ProtocolFactory, org.keycloak.urls.HostnameProviderFactory, org.keycloak.protocol.oidc.ext.OIDCExtProviderFactoryで実装されています。

                        {
        return 0;
    }

postInit()

void org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.postInit ( KeycloakSessionFactory  factory )

inline

org.keycloak.provider.ProviderFactory< T extends Provider >を実装しています。

                                                         {
    }

resolvePasswordBlacklist()

PasswordBlacklist org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.resolvePasswordBlacklist ( String  blacklistName )

inline

Resolves and potentially registers a PasswordBlacklist for the given

blacklistName 

.

引数

blacklistName

戻り値

                                                                            {

        Objects.requireNonNull(blacklistName, "blacklistName");

        String cleanedBlacklistName = blacklistName.trim();
        if (cleanedBlacklistName.isEmpty()) {
            throw new IllegalArgumentException("Password blacklist name must not be empty!");
        }

        return blacklistRegistry.computeIfAbsent(cleanedBlacklistName, (name) -> {
            FileBasedPasswordBlacklist pbl = new FileBasedPasswordBlacklist(this.blacklistsBasePath, name);
            pbl.lazyInit();
            return pbl;
        });
    }

メンバ詳解

blacklistRegistry

ConcurrentMap<String, FileBasedPasswordBlacklist> org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.blacklistRegistry = new ConcurrentHashMap<>()

private

BLACKLISTS_PATH_PROPERTY

final String org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.BLACKLISTS_PATH_PROPERTY = "blacklistsPath"

static

blacklistsBasePath

volatile Path org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.blacklistsBasePath

private

config

Config.Scope org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.config

private

ID

final String org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.ID = "passwordBlacklist"

static

JBOSS_SERVER_DATA_DIR

final String org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.JBOSS_SERVER_DATA_DIR = "jboss.server.data.dir"

static

LOG

final Logger org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.LOG = Logger.getLogger(BlacklistPasswordPolicyProviderFactory.class)

staticprivate

PASSWORD_BLACKLISTS_FOLDER

final String org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.PASSWORD_BLACKLISTS_FOLDER = "password-blacklists/"

static

SYSTEM_PROPERTY

final String org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.SYSTEM_PROPERTY = "keycloak.password.blacklists.path"

static

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/policy/BlacklistPasswordPolicyProviderFactory.java