org.keycloak.services.resources.admin.AttackDetectionResource 連携図

公開メンバ関数
	AttackDetectionResource (AdminPermissionEvaluator auth, RealmModel realm, AdminEventBuilder adminEvent)

Map< String, Object >	bruteForceUserStatus (@PathParam("userId") String userId)

void	clearBruteForceForUser (@PathParam("userId") String userId)

void	clearAllBruteForce ()

限定公開変数類
AdminPermissionEvaluator	auth

RealmModel	realm

KeycloakSession	session

ClientConnection	connection

HttpHeaders	headers

静的限定公開変数類
static final Logger	logger = Logger.getLogger(AttackDetectionResource.class)

非公開変数類
AdminEventBuilder	adminEvent

詳解

Base resource class for the admin REST api of one realm

Attack Detection

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ AttackDetectionResource()

org.keycloak.services.resources.admin.AttackDetectionResource.AttackDetectionResource	(	AdminPermissionEvaluator	auth,
		RealmModel	realm,
		AdminEventBuilder	adminEvent
	)

inline

                                                                                                                   {
         this.auth = auth;
         this.realm = realm;
         this.adminEvent = adminEvent.realm(realm).resource(ResourceType.USER_LOGIN_FAILURE);
     }

関数詳解

◆ bruteForceUserStatus()

Map<String, Object> org.keycloak.services.resources.admin.AttackDetectionResource.bruteForceUserStatus ( @PathParam("userId") String userId )

inline

Get status of a username in brute force detection

引数

userId

戻り値

                                                                                         {
         UserModel user = session.users().getUserById(userId, realm);
         if (user == null) {
             auth.users().requireView();
         } else {
             auth.users().requireView(user);
         }
 
         Map<String, Object> data = new HashMap<>();
         data.put("disabled", false);
         data.put("numFailures", 0);
         data.put("lastFailure", 0);
         data.put("lastIPFailure", "n/a");
         if (!realm.isBruteForceProtected()) return data;
 
 
         UserLoginFailureModel model = session.sessions().getUserLoginFailure(realm, userId);
         if (model == null) return data;
 
         boolean disabled;
         if (user == null) {
             disabled = Time.currentTime() < model.getFailedLoginNotBefore();
         } else {
             disabled = session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, user);
         }
         if (disabled) {
             data.put("disabled", true);
         }
 
         data.put("numFailures", model.getNumFailures());
         data.put("lastFailure", model.getLastFailure());
         data.put("lastIPFailure", model.getLastIPFailure());
         return data;
     }

◆ clearAllBruteForce()

void org.keycloak.services.resources.admin.AttackDetectionResource.clearAllBruteForce ( )

inline

Clear any user login failures for all users

This can release temporary disabled users

                                      {
         auth.users().requireManage();
 
         session.sessions().removeAllUserLoginFailures(realm);
         adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
     }

◆ clearBruteForceForUser()

void org.keycloak.services.resources.admin.AttackDetectionResource.clearBruteForceForUser ( @PathParam("userId") String userId )

inline

Clear any user login failures for the user

This can release temporary disabled user

引数

userId

                                                                            {
         UserModel user = session.users().getUserById(userId, realm);
         if (user == null) {
             auth.users().requireManage();
         } else {
             auth.users().requireManage(user);
         }
         UserLoginFailureModel model = session.sessions().getUserLoginFailure(realm, userId);
         if (model != null) {
             session.sessions().removeUserLoginFailure(realm, userId);
             adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
         }
     }

メンバ詳解

◆ adminEvent

AdminEventBuilder org.keycloak.services.resources.admin.AttackDetectionResource.adminEvent

private

◆ auth

AdminPermissionEvaluator org.keycloak.services.resources.admin.AttackDetectionResource.auth

protected

◆ connection

ClientConnection org.keycloak.services.resources.admin.AttackDetectionResource.connection

protected

◆ headers

HttpHeaders org.keycloak.services.resources.admin.AttackDetectionResource.headers

protected

◆ logger

final Logger org.keycloak.services.resources.admin.AttackDetectionResource.logger = Logger.getLogger(AttackDetectionResource.class)

staticprotected

◆ realm

RealmModel org.keycloak.services.resources.admin.AttackDetectionResource.realm

protected

◆ session

KeycloakSession org.keycloak.services.resources.admin.AttackDetectionResource.session

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java

公開メンバ関数

限定公開変数類

静的限定公開変数類

非公開変数類

詳解

構築子と解体子

◆ AttackDetectionResource()

関数詳解

◆ bruteForceUserStatus()

◆ clearAllBruteForce()

◆ clearBruteForceForUser()

メンバ詳解

◆ adminEvent

◆ auth

◆ connection

◆ headers

◆ logger

◆ realm

◆ session