org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator の継承関係図

org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator 連携図

公開メンバ関数
void	action (AuthenticationFlowContext context)

boolean	invalidUser (AuthenticationFlowContext context, UserModel user)

boolean	enabledUser (AuthenticationFlowContext context, UserModel user)

boolean	validateUserAndPassword (AuthenticationFlowContext context, MultivaluedMap< String, String > inputData)

boolean	validatePassword (AuthenticationFlowContext context, UserModel user, MultivaluedMap< String, String > inputData)

void	close ()

void	authenticate (AuthenticationFlowContext context)

boolean	requiresUser ()

boolean	configuredFor (KeycloakSession session, RealmModel realm, UserModel user)

void	setRequiredActions (KeycloakSession session, RealmModel realm, UserModel user)

静的公開変数類
static final String	REGISTRATION_FORM_ACTION = "registration_form"

static final String	ATTEMPTED_USERNAME = "ATTEMPTED_USERNAME"

限定公開メンバ関数
Response	invalidUser (AuthenticationFlowContext context)

Response	disabledUser (AuthenticationFlowContext context)

Response	temporarilyDisabledUser (AuthenticationFlowContext context)

Response	invalidCredentials (AuthenticationFlowContext context)

Response	setDuplicateUserChallenge (AuthenticationFlowContext context, String eventError, String loginFormError, AuthenticationFlowError authenticatorError)

void	runDefaultDummyHash (AuthenticationFlowContext context)

void	dummyHash (AuthenticationFlowContext context)

非公開メンバ関数
boolean	isTemporarilyDisabledByBruteForce (AuthenticationFlowContext context, UserModel user)

静的非公開変数類
static final Logger	logger = Logger.getLogger(AbstractUsernameFormAuthenticator.class)

詳解

著者: Bill Burke

バージョン

Revision: 1

関数詳解

◆ action()

void org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.action ( AuthenticationFlowContext context )

inline

org.keycloak.authentication.Authenticatorを実装しています。

                                                           {
 
     }

◆ authenticate()

void org.keycloak.authentication.Authenticator.authenticate ( AuthenticationFlowContext context )

inherited

Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to

/realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId}

or

/realms/{realm}/login-actions/registration?code={session-code}&execution={executionId}

{session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution().

The action URL will invoke the action() method described below.

引数

context

◆ close()

void org.keycloak.authentication.AbstractFormAuthenticator.close ( )

inlineinherited

org.keycloak.provider.Providerを実装しています。

                         {
 
     }

◆ configuredFor()

boolean org.keycloak.authentication.Authenticator.configuredFor	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user
	)

inherited

Is this authenticator configured for this user.

引数

session
realm
user

戻り値

◆ disabledUser()

Response org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.disabledUser ( AuthenticationFlowContext context )

inlineprotected

                                                                        {
         return context.form()
                 .setError(Messages.ACCOUNT_DISABLED).createLogin();
     }

◆ dummyHash()

void org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.dummyHash ( AuthenticationFlowContext context )

inlineprotected

                                                                 {
         PasswordPolicy policy = context.getRealm().getPasswordPolicy();
         if (policy == null) {
             runDefaultDummyHash(context);
             return;
         } else {
             PasswordHashProvider hash = context.getSession().getProvider(PasswordHashProvider.class, policy.getHashAlgorithm());
             if (hash == null) {
                 runDefaultDummyHash(context);
                 return;
 
             } else {
                 hash.encode("dummypassword", policy.getHashIterations());
             }
         }
 
     }

◆ enabledUser()

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.enabledUser	(	AuthenticationFlowContext	context,
		UserModel	user
	)

inline

                                                                                   {
         if (!user.isEnabled()) {
             context.getEvent().user(user);
             context.getEvent().error(Errors.USER_DISABLED);
             Response challengeResponse = disabledUser(context);
             // this is not a failure so don't call failureChallenge.
             //context.failureChallenge(AuthenticationFlowError.USER_DISABLED, challengeResponse);
             context.forceChallenge(challengeResponse);
             return false;
         }
         if (isTemporarilyDisabledByBruteForce(context, user)) return false;
         return true;
     }

◆ invalidCredentials()

Response org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.invalidCredentials ( AuthenticationFlowContext context )

inlineprotected

                                                                              {
         return context.form()
                 .setError(Messages.INVALID_USER).createLogin();
     }

◆ invalidUser() [1/2]

Response org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.invalidUser ( AuthenticationFlowContext context )

inlineprotected

                                                                       {
         return context.form()
                 .setError(Messages.INVALID_USER)
                 .createLogin();
     }

◆ invalidUser() [2/2]

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.invalidUser	(	AuthenticationFlowContext	context,
		UserModel	user
	)

inline

                                                                                   {
         if (user == null) {
             dummyHash(context);
             context.getEvent().error(Errors.USER_NOT_FOUND);
             Response challengeResponse = invalidUser(context);
             context.failureChallenge(AuthenticationFlowError.INVALID_USER, challengeResponse);
             return true;
         }
         return false;
     }

◆ isTemporarilyDisabledByBruteForce()

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.isTemporarilyDisabledByBruteForce	(	AuthenticationFlowContext	context,
		UserModel	user
	)

inlineprivate

                                                                                                          {
         if (context.getRealm().isBruteForceProtected()) {
             if (context.getProtector().isTemporarilyDisabled(context.getSession(), context.getRealm(), user)) {
                 context.getEvent().user(user);
                 context.getEvent().error(Errors.USER_TEMPORARILY_DISABLED);
                 Response challengeResponse = temporarilyDisabledUser(context);
                 // this is not a failure so don't call failureChallenge.
                 //context.failureChallenge(AuthenticationFlowError.USER_TEMPORARILY_DISABLED, challengeResponse);
                 context.forceChallenge(challengeResponse);
                 return true;
             }
         }
         return false;
     }

◆ requiresUser()

boolean org.keycloak.authentication.Authenticator.requiresUser ( )

inherited

Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?

戻り値

◆ runDefaultDummyHash()

void org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.runDefaultDummyHash ( AuthenticationFlowContext context )

inlineprotected

                                                                           {
         PasswordHashProvider hash = context.getSession().getProvider(PasswordHashProvider.class, PasswordPolicy.HASH_ALGORITHM_DEFAULT);
         hash.encode("dummypassword", PasswordPolicy.HASH_ITERATIONS_DEFAULT);
     }

◆ setDuplicateUserChallenge()

Response org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.setDuplicateUserChallenge	(	AuthenticationFlowContext	context,
		String	eventError,
		String	loginFormError,
		AuthenticationFlowError	authenticatorError
	)

inlineprotected

                                                                                                                                                                           {
         context.getEvent().error(eventError);
         Response challengeResponse = context.form()
                 .setError(loginFormError).createLogin();
         context.failureChallenge(authenticatorError, challengeResponse);
         return challengeResponse;
     }

◆ setRequiredActions()

void org.keycloak.authentication.Authenticator.setRequiredActions	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user
	)

inherited

Set actions to configure authenticator

◆ temporarilyDisabledUser()

Response org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.temporarilyDisabledUser ( AuthenticationFlowContext context )

inlineprotected

                                                                                   {
         return context.form()
                 .setError(Messages.INVALID_USER).createLogin();
     }

◆ validatePassword()

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validatePassword	(	AuthenticationFlowContext	context,
		UserModel	user,
		MultivaluedMap< String, String >	inputData
	)

inline

                                                                                                                                  {
         List<CredentialInput> credentials = new LinkedList<>();
         String password = inputData.getFirst(CredentialRepresentation.PASSWORD);
         credentials.add(UserCredentialModel.password(password));
 
         if (isTemporarilyDisabledByBruteForce(context, user)) return false;
 
         if (password != null && !password.isEmpty() && context.getSession().userCredentialManager().isValid(context.getRealm(), user, credentials)) {
             return true;
         } else {
             context.getEvent().user(user);
             context.getEvent().error(Errors.INVALID_USER_CREDENTIALS);
             Response challengeResponse = invalidCredentials(context);
             context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challengeResponse);
             context.clearUser();
             return false;
         }
     }

◆ validateUserAndPassword()

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validateUserAndPassword	(	AuthenticationFlowContext	context,
		MultivaluedMap< String, String >	inputData
	)

inline

                                                                                                                         {
         String username = inputData.getFirst(AuthenticationManager.FORM_USERNAME);
         if (username == null) {
             context.getEvent().error(Errors.USER_NOT_FOUND);
             Response challengeResponse = invalidUser(context);
             context.failureChallenge(AuthenticationFlowError.INVALID_USER, challengeResponse);
             return false;
         }
 
         // remove leading and trailing whitespace
         username = username.trim();
 
         context.getEvent().detail(Details.USERNAME, username);
         context.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, username);
 
         UserModel user = null;
         try {
             user = KeycloakModelUtils.findUserByNameOrEmail(context.getSession(), context.getRealm(), username);
         } catch (ModelDuplicateException mde) {
             ServicesLogger.LOGGER.modelDuplicateException(mde);
 
             // Could happen during federation import
             if (mde.getDuplicateFieldName() != null && mde.getDuplicateFieldName().equals(UserModel.EMAIL)) {
                 setDuplicateUserChallenge(context, Errors.EMAIL_IN_USE, Messages.EMAIL_EXISTS, AuthenticationFlowError.INVALID_USER);
             } else {
                 setDuplicateUserChallenge(context, Errors.USERNAME_IN_USE, Messages.USERNAME_EXISTS, AuthenticationFlowError.INVALID_USER);
             }
 
             return false;
         }
 
         if (invalidUser(context, user)) {
             return false;
         }
 
         if (!validatePassword(context, user, inputData)) {
             return false;
         }
 
         if (!enabledUser(context, user)) {
             return false;
         }
 
         String rememberMe = inputData.getFirst("rememberMe");
         boolean remember = rememberMe != null && rememberMe.equalsIgnoreCase("on");
         if (remember) {
             context.getAuthenticationSession().setAuthNote(Details.REMEMBER_ME, "true");
             context.getEvent().detail(Details.REMEMBER_ME, "true");
         } else {
             context.getAuthenticationSession().removeAuthNote(Details.REMEMBER_ME);
         }
         context.setUser(user);
         return true;
     }

メンバ詳解

◆ ATTEMPTED_USERNAME

final String org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME = "ATTEMPTED_USERNAME"

static

◆ logger

final Logger org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.logger = Logger.getLogger(AbstractUsernameFormAuthenticator.class)

staticprivate

◆ REGISTRATION_FORM_ACTION

final String org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.REGISTRATION_FORM_ACTION = "registration_form"

static

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java

公開メンバ関数

静的公開変数類

限定公開メンバ関数

非公開メンバ関数

静的非公開変数類

詳解

関数詳解

◆ action()

◆ authenticate()

◆ close()

◆ configuredFor()

◆ disabledUser()

◆ dummyHash()

◆ enabledUser()

◆ invalidCredentials()

◆ invalidUser() [1/2]

◆ invalidUser() [2/2]

◆ isTemporarilyDisabledByBruteForce()

◆ requiresUser()

◆ runDefaultDummyHash()

◆ setDuplicateUserChallenge()

◆ setRequiredActions()

◆ temporarilyDisabledUser()

◆ validatePassword()

◆ validateUserAndPassword()

メンバ詳解

◆ ATTEMPTED_USERNAME

◆ logger

◆ REGISTRATION_FORM_ACTION