org.keycloak.adapters.undertow.ServletRequestAuthenticator の継承関係図

org.keycloak.adapters.undertow.ServletRequestAuthenticator 連携図

公開メンバ関数
	ServletRequestAuthenticator (HttpFacade facade, KeycloakDeployment deployment, int sslRedirectPort, SecurityContext securityContext, HttpServerExchange exchange, AdapterTokenStore tokenStore)

AuthChallenge	getChallenge ()

AuthOutcome	authenticate ()

限定公開メンバ関数
OAuthRequestAuthenticator	createOAuthAuthenticator ()

void	propagateKeycloakContext (KeycloakUndertowAccount account)

KeycloakUndertowAccount	createAccount (KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal)

String	changeHttpSessionId (boolean create)

String	getHttpSessionId (boolean create)

HttpSession	getSession (boolean create)

void	completeOAuthAuthentication (KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal)

void	completeBearerAuthentication (KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal, String method)

boolean	verifySSL ()

boolean	isAutodetectedBearerOnly (HttpFacade.Request request)

BearerTokenRequestAuthenticator	createBearerTokenAuthenticator ()

BasicAuthRequestAuthenticator	createBasicAuthAuthenticator ()

QueryParamterTokenRequestAuthenticator	createQueryParamterTokenRequestAuthenticator ()

void	completeAuthentication (OAuthRequestAuthenticator oauth)

void	completeAuthentication (BearerTokenRequestAuthenticator bearer, String method)

限定公開変数類
SecurityContext	securityContext

HttpServerExchange	exchange

HttpFacade	facade

AuthChallenge	challenge

KeycloakDeployment	deployment

AdapterTokenStore	tokenStore

int	sslRedirectPort

静的限定公開変数類
static Logger	log = Logger.getLogger(RequestAuthenticator.class)

詳解

著者: Bill Burke; Stan Silvert ssilv.nosp@m.ert@.nosp@m.redha.nosp@m.t.co.nosp@m.m (C) 2014 Red Hat Inc.

バージョン

Revision: 1

構築子と解体子

◆ ServletRequestAuthenticator()

org.keycloak.adapters.undertow.ServletRequestAuthenticator.ServletRequestAuthenticator	(	HttpFacade	facade,
		KeycloakDeployment	deployment,
		int	sslRedirectPort,
		SecurityContext	securityContext,
		HttpServerExchange	exchange,
		AdapterTokenStore	tokenStore
	)

inline

                                                                      {
         super(facade, deployment, sslRedirectPort, securityContext, exchange, tokenStore);
     }

関数詳解

◆ authenticate()

AuthOutcome org.keycloak.adapters.RequestAuthenticator.authenticate ( )

inlineinherited

                                       {
         if (log.isTraceEnabled()) {
             log.trace("--> authenticate()");
         }
 
         BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator();
         if (log.isTraceEnabled()) {
             log.trace("try bearer");
         }
 
         AuthOutcome outcome = bearer.authenticate(facade);
         if (outcome == AuthOutcome.FAILED) {
             challenge = bearer.getChallenge();
             log.debug("Bearer FAILED");
             return AuthOutcome.FAILED;
         } else if (outcome == AuthOutcome.AUTHENTICATED) {
             if (verifySSL()) return AuthOutcome.FAILED;
             completeAuthentication(bearer, "KEYCLOAK");
             log.debug("Bearer AUTHENTICATED");
             return AuthOutcome.AUTHENTICATED;
         }
 
         QueryParamterTokenRequestAuthenticator queryParamAuth = createQueryParamterTokenRequestAuthenticator();
         if (log.isTraceEnabled()) {
             log.trace("try query paramter auth");
         }
 
         outcome = queryParamAuth.authenticate(facade);
         if (outcome == AuthOutcome.FAILED) {
             challenge = queryParamAuth.getChallenge();
             log.debug("QueryParamAuth auth FAILED");
             return AuthOutcome.FAILED;
         } else if (outcome == AuthOutcome.AUTHENTICATED) {
             if (verifySSL()) return AuthOutcome.FAILED;
             log.debug("QueryParamAuth AUTHENTICATED");
             completeAuthentication(queryParamAuth, "KEYCLOAK");
             return AuthOutcome.AUTHENTICATED;
         }
 
         if (deployment.isEnableBasicAuth()) {
             BasicAuthRequestAuthenticator basicAuth = createBasicAuthAuthenticator();
             if (log.isTraceEnabled()) {
                 log.trace("try basic auth");
             }
 
             outcome = basicAuth.authenticate(facade);
             if (outcome == AuthOutcome.FAILED) {
                 challenge = basicAuth.getChallenge();
                 log.debug("BasicAuth FAILED");
                 return AuthOutcome.FAILED;
             } else if (outcome == AuthOutcome.AUTHENTICATED) {
                 if (verifySSL()) return AuthOutcome.FAILED;
                 log.debug("BasicAuth AUTHENTICATED");
                 completeAuthentication(basicAuth, "BASIC");
                 return AuthOutcome.AUTHENTICATED;
             }
         }
 
         if (deployment.isBearerOnly()) {
             challenge = bearer.getChallenge();
             log.debug("NOT_ATTEMPTED: bearer only");
             return AuthOutcome.NOT_ATTEMPTED;
         }
 
         if (isAutodetectedBearerOnly(facade.getRequest())) {
             challenge = bearer.getChallenge();
             log.debug("NOT_ATTEMPTED: Treating as bearer only");
             return AuthOutcome.NOT_ATTEMPTED;
         }
 
         if (log.isTraceEnabled()) {
             log.trace("try oauth");
         }
 
         if (tokenStore.isCached(this)) {
             if (verifySSL()) return AuthOutcome.FAILED;
             log.debug("AUTHENTICATED: was cached");
             return AuthOutcome.AUTHENTICATED;
         }
 
         OAuthRequestAuthenticator oauth = createOAuthAuthenticator();
         outcome = oauth.authenticate();
         if (outcome == AuthOutcome.FAILED) {
             challenge = oauth.getChallenge();
             return AuthOutcome.FAILED;
         } else if (outcome == AuthOutcome.NOT_ATTEMPTED) {
             challenge = oauth.getChallenge();
             return AuthOutcome.NOT_ATTEMPTED;
 
         }
 
         if (verifySSL()) return AuthOutcome.FAILED;
 
         completeAuthentication(oauth);
 
         // redirect to strip out access code and state query parameters
         facade.getResponse().setHeader("Location", oauth.getStrippedOauthParametersRequestUri());
         facade.getResponse().setStatus(302);
         facade.getResponse().end();
 
         log.debug("AUTHENTICATED");
         return AuthOutcome.AUTHENTICATED;
     }

◆ changeHttpSessionId()

String org.keycloak.adapters.undertow.ServletRequestAuthenticator.changeHttpSessionId ( boolean create )

inlineprotected

                                                          {
         if (!deployment.isTurnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, create);
         else return getHttpSessionId(create);
     }

◆ completeAuthentication() [1/2]

void org.keycloak.adapters.RequestAuthenticator.completeAuthentication ( OAuthRequestAuthenticator oauth )

inlineprotectedinherited

                                                                            {
         RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, tokenStore, oauth.getTokenString(), oauth.getToken(), oauth.getIdTokenString(), oauth.getIdToken(), oauth.getRefreshToken());
         final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(AdapterUtils.getPrincipalName(deployment, oauth.getToken()), session);
         completeOAuthAuthentication(principal);
         log.debugv("User ''{0}'' invoking ''{1}'' on client ''{2}''", principal.getName(), facade.getRequest().getURI(), deployment.getResourceName());
     }

◆ completeAuthentication() [2/2]

void org.keycloak.adapters.RequestAuthenticator.completeAuthentication	(	BearerTokenRequestAuthenticator	bearer,
		String	method
	)

inlineprotectedinherited

                                                                                                  {
         RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, null, bearer.getTokenString(), bearer.getToken(), null, null, null);
         final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(AdapterUtils.getPrincipalName(deployment, bearer.getToken()), session);
         completeBearerAuthentication(principal, method);
         log.debugv("User ''{0}'' invoking ''{1}'' on client ''{2}''", principal.getName(), facade.getRequest().getURI(), deployment.getResourceName());
     }

◆ completeBearerAuthentication()

void org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.completeBearerAuthentication	(	KeycloakPrincipal< RefreshableKeycloakSecurityContext >	principal,
		String	method
	)

inlineprotectedinherited

                                                                                                                                 {
         KeycloakUndertowAccount account = createAccount(principal);
         securityContext.authenticationComplete(account, method, false);
         propagateKeycloakContext(account);
     }

◆ completeOAuthAuthentication()

void org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.completeOAuthAuthentication ( KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal )

inlineprotectedinherited

                                                                                                                 {
         KeycloakUndertowAccount account = createAccount(principal);
         securityContext.authenticationComplete(account, "KEYCLOAK", false);
         propagateKeycloakContext(account);
         tokenStore.saveAccountInfo(account);
     }

◆ createAccount()

KeycloakUndertowAccount org.keycloak.adapters.undertow.ServletRequestAuthenticator.createAccount ( KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal )

inlineprotected

                                                                                                                      {
         return new KeycloakUndertowAccount(principal);
     }

◆ createBasicAuthAuthenticator()

BasicAuthRequestAuthenticator org.keycloak.adapters.RequestAuthenticator.createBasicAuthAuthenticator ( )

inlineprotectedinherited

                                                                            {
         return new BasicAuthRequestAuthenticator(deployment);
     }

◆ createBearerTokenAuthenticator()

BearerTokenRequestAuthenticator org.keycloak.adapters.RequestAuthenticator.createBearerTokenAuthenticator ( )

inlineprotectedinherited

                                                                                {
         return new BearerTokenRequestAuthenticator(deployment);
     }

◆ createOAuthAuthenticator()

OAuthRequestAuthenticator org.keycloak.adapters.undertow.ServletRequestAuthenticator.createOAuthAuthenticator ( )

inlineprotected

                                                                    {
         return new OAuthRequestAuthenticator(this, facade, deployment, sslRedirectPort, tokenStore);
     }

◆ createQueryParamterTokenRequestAuthenticator()

QueryParamterTokenRequestAuthenticator org.keycloak.adapters.RequestAuthenticator.createQueryParamterTokenRequestAuthenticator ( )

inlineprotectedinherited

                                                                                                     {
         return new QueryParamterTokenRequestAuthenticator(deployment);
     }

◆ getChallenge()

AuthChallenge org.keycloak.adapters.RequestAuthenticator.getChallenge ( )

inlineinherited

                                         {
         return challenge;
     }

◆ getHttpSessionId()

String org.keycloak.adapters.undertow.ServletRequestAuthenticator.getHttpSessionId ( boolean create )

inlineprotected

                                                       {
         HttpSession session = getSession(create);
         return session != null ? session.getId() : null;
     }

◆ getSession()

HttpSession org.keycloak.adapters.undertow.ServletRequestAuthenticator.getSession ( boolean create )

inlineprotected

                                                      {
         final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
         HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest();
         return req.getSession(create);
     }

◆ isAutodetectedBearerOnly()

boolean org.keycloak.adapters.RequestAuthenticator.isAutodetectedBearerOnly ( HttpFacade.Request request )

inlineprotectedinherited

                                                                            {
         if (!deployment.isAutodetectBearerOnly()) return false;
 
         String headerValue = facade.getRequest().getHeader("X-Requested-With");
         if (headerValue != null && headerValue.equalsIgnoreCase("XMLHttpRequest")) {
             return true;
         }
 
         headerValue = facade.getRequest().getHeader("Faces-Request");
         if (headerValue != null && headerValue.startsWith("partial/")) {
             return true;
         }
 
         headerValue = facade.getRequest().getHeader("SOAPAction");
         if (headerValue != null) {
             return true;
         }
 
         List<String> accepts = facade.getRequest().getHeaders("Accept");
         if (accepts == null) accepts = Collections.emptyList();
 
         for (String accept : accepts) {
             if (accept.contains("text/html") || accept.contains("text/*") || accept.contains("*/*")) {
                 return false;
             }
         }
 
         return true;
     }

◆ propagateKeycloakContext()

void org.keycloak.adapters.undertow.ServletRequestAuthenticator.propagateKeycloakContext ( KeycloakUndertowAccount account )

inlineprotected

                                                                              {
         super.propagateKeycloakContext(account);
         final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
         HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest();
         req.setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext());
     }

◆ verifySSL()

boolean org.keycloak.adapters.RequestAuthenticator.verifySSL ( )

inlineprotectedinherited

                                   {
         if (!facade.getRequest().isSecure() && deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr())) {
             log.warnf("SSL is required to authenticate. Remote address %s is secure: %s, SSL required for: %s .",
                     facade.getRequest().getRemoteAddr(), facade.getRequest().isSecure(), deployment.getSslRequired().name());
             return true;
         }
         return false;
     }

メンバ詳解

◆ challenge

AuthChallenge org.keycloak.adapters.RequestAuthenticator.challenge

protectedinherited

◆ deployment

KeycloakDeployment org.keycloak.adapters.RequestAuthenticator.deployment

protectedinherited

◆ exchange

HttpServerExchange org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.exchange

protectedinherited

◆ facade

HttpFacade org.keycloak.adapters.RequestAuthenticator.facade

protectedinherited

◆ log

Logger org.keycloak.adapters.RequestAuthenticator.log = Logger.getLogger(RequestAuthenticator.class)

staticprotectedinherited

◆ securityContext

SecurityContext org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.securityContext

protectedinherited

◆ sslRedirectPort

int org.keycloak.adapters.RequestAuthenticator.sslRedirectPort

protectedinherited

◆ tokenStore

AdapterTokenStore org.keycloak.adapters.RequestAuthenticator.tokenStore

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/keycloak/doxygen/src/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/ServletRequestAuthenticator.java

公開メンバ関数

限定公開メンバ関数

限定公開変数類

静的限定公開変数類

詳解

構築子と解体子

◆ ServletRequestAuthenticator()

関数詳解

◆ authenticate()

◆ changeHttpSessionId()

◆ completeAuthentication() [1/2]

◆ completeAuthentication() [2/2]

◆ completeBearerAuthentication()

◆ completeOAuthAuthentication()

◆ createAccount()

◆ createBasicAuthAuthenticator()

◆ createBearerTokenAuthenticator()

◆ createOAuthAuthenticator()

◆ createQueryParamterTokenRequestAuthenticator()

◆ getChallenge()

◆ getHttpSessionId()

◆ getSession()

◆ isAutodetectedBearerOnly()

◆ propagateKeycloakContext()

◆ verifySSL()

メンバ詳解

◆ challenge

◆ deployment

◆ exchange

◆ facade

◆ log

◆ securityContext

◆ sslRedirectPort

◆ tokenStore