keycloak
公開メンバ関数 | 限定公開メンバ関数 | 限定公開変数類 | 静的限定公開変数類 | 静的非公開メンバ関数 | 全メンバ一覧
org.keycloak.adapters.wildfly.WildflyRequestAuthenticator クラス
org.keycloak.adapters.wildfly.WildflyRequestAuthenticator の継承関係図
Inheritance graph
org.keycloak.adapters.wildfly.WildflyRequestAuthenticator 連携図
Collaboration graph

公開メンバ関数

 WildflyRequestAuthenticator (HttpFacade facade, KeycloakDeployment deployment, int sslRedirectPort, SecurityContext securityContext, HttpServerExchange exchange, AdapterTokenStore tokenStore)
 
AuthChallenge getChallenge ()
 
AuthOutcome authenticate ()
 

限定公開メンバ関数

void propagateKeycloakContext (KeycloakUndertowAccount account)
 
Principal getPrincipal (Subject subject)
 
Group createGroup (String name, Set< Principal > principals)
 
Group [] getRoleSets (Collection< String > roleSet)
 
OAuthRequestAuthenticator createOAuthAuthenticator ()
 
KeycloakUndertowAccount createAccount (KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal)
 
String changeHttpSessionId (boolean create)
 
String getHttpSessionId (boolean create)
 
HttpSession getSession (boolean create)
 
void completeOAuthAuthentication (KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal)
 
void completeBearerAuthentication (KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal, String method)
 
boolean verifySSL ()
 
boolean isAutodetectedBearerOnly (HttpFacade.Request request)
 
BearerTokenRequestAuthenticator createBearerTokenAuthenticator ()
 
BasicAuthRequestAuthenticator createBasicAuthAuthenticator ()
 
QueryParamterTokenRequestAuthenticator createQueryParamterTokenRequestAuthenticator ()
 
void completeAuthentication (OAuthRequestAuthenticator oauth)
 
void completeAuthentication (BearerTokenRequestAuthenticator bearer, String method)
 

限定公開変数類

SecurityContext securityContext
 
HttpServerExchange exchange
 
HttpFacade facade
 
AuthChallenge challenge
 
KeycloakDeployment deployment
 
AdapterTokenStore tokenStore
 
int sslRedirectPort
 

静的限定公開変数類

static Logger log = Logger.getLogger(WildflyRequestAuthenticator.class)
 

静的非公開メンバ関数

static void mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext (org.jboss.security.SecurityContext sc)
 

詳解

著者
Bill Burke
バージョン
Revision
1

構築子と解体子

◆ WildflyRequestAuthenticator()

org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.WildflyRequestAuthenticator ( HttpFacade  facade,
KeycloakDeployment  deployment,
int  sslRedirectPort,
SecurityContext  securityContext,
HttpServerExchange  exchange,
AdapterTokenStore  tokenStore 
)
inline
58  {
59  super(facade, deployment, sslRedirectPort, securityContext, exchange, tokenStore);
60  }
org.keycloak.adapters.RequestAuthenticator.facade
HttpFacade facade
Definition: RequestAuthenticator.java:35
org.keycloak.adapters.RequestAuthenticator.deployment
KeycloakDeployment deployment
Definition: RequestAuthenticator.java:38
org.keycloak.adapters.RequestAuthenticator.sslRedirectPort
int sslRedirectPort
Definition: RequestAuthenticator.java:40
org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.securityContext
SecurityContext securityContext
Definition: AbstractUndertowRequestAuthenticator.java:37
org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.exchange
HttpServerExchange exchange
Definition: AbstractUndertowRequestAuthenticator.java:38
org.keycloak.adapters.RequestAuthenticator.tokenStore
AdapterTokenStore tokenStore
Definition: RequestAuthenticator.java:39

関数詳解

◆ authenticate()

AuthOutcome org.keycloak.adapters.RequestAuthenticator.authenticate ( )
inlineinherited
58  {
59  if (log.isTraceEnabled()) {
60  log.trace("--> authenticate()");
61  }
62 
63  BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator();
64  if (log.isTraceEnabled()) {
65  log.trace("try bearer");
66  }
67 
68  AuthOutcome outcome = bearer.authenticate(facade);
69  if (outcome == AuthOutcome.FAILED) {
70  challenge = bearer.getChallenge();
71  log.debug("Bearer FAILED");
72  return AuthOutcome.FAILED;
73  } else if (outcome == AuthOutcome.AUTHENTICATED) {
74  if (verifySSL()) return AuthOutcome.FAILED;
75  completeAuthentication(bearer, "KEYCLOAK");
76  log.debug("Bearer AUTHENTICATED");
77  return AuthOutcome.AUTHENTICATED;
78  }
79 
80  QueryParamterTokenRequestAuthenticator queryParamAuth = createQueryParamterTokenRequestAuthenticator();
81  if (log.isTraceEnabled()) {
82  log.trace("try query paramter auth");
83  }
84 
85  outcome = queryParamAuth.authenticate(facade);
86  if (outcome == AuthOutcome.FAILED) {
87  challenge = queryParamAuth.getChallenge();
88  log.debug("QueryParamAuth auth FAILED");
89  return AuthOutcome.FAILED;
90  } else if (outcome == AuthOutcome.AUTHENTICATED) {
91  if (verifySSL()) return AuthOutcome.FAILED;
92  log.debug("QueryParamAuth AUTHENTICATED");
93  completeAuthentication(queryParamAuth, "KEYCLOAK");
94  return AuthOutcome.AUTHENTICATED;
95  }
96 
97  if (deployment.isEnableBasicAuth()) {
98  BasicAuthRequestAuthenticator basicAuth = createBasicAuthAuthenticator();
99  if (log.isTraceEnabled()) {
100  log.trace("try basic auth");
101  }
102 
103  outcome = basicAuth.authenticate(facade);
104  if (outcome == AuthOutcome.FAILED) {
105  challenge = basicAuth.getChallenge();
106  log.debug("BasicAuth FAILED");
107  return AuthOutcome.FAILED;
108  } else if (outcome == AuthOutcome.AUTHENTICATED) {
109  if (verifySSL()) return AuthOutcome.FAILED;
110  log.debug("BasicAuth AUTHENTICATED");
111  completeAuthentication(basicAuth, "BASIC");
112  return AuthOutcome.AUTHENTICATED;
113  }
114  }
115 
116  if (deployment.isBearerOnly()) {
117  challenge = bearer.getChallenge();
118  log.debug("NOT_ATTEMPTED: bearer only");
119  return AuthOutcome.NOT_ATTEMPTED;
120  }
121 
122  if (isAutodetectedBearerOnly(facade.getRequest())) {
123  challenge = bearer.getChallenge();
124  log.debug("NOT_ATTEMPTED: Treating as bearer only");
125  return AuthOutcome.NOT_ATTEMPTED;
126  }
127 
128  if (log.isTraceEnabled()) {
129  log.trace("try oauth");
130  }
131 
132  if (tokenStore.isCached(this)) {
133  if (verifySSL()) return AuthOutcome.FAILED;
134  log.debug("AUTHENTICATED: was cached");
135  return AuthOutcome.AUTHENTICATED;
136  }
137 
138  OAuthRequestAuthenticator oauth = createOAuthAuthenticator();
139  outcome = oauth.authenticate();
140  if (outcome == AuthOutcome.FAILED) {
141  challenge = oauth.getChallenge();
142  return AuthOutcome.FAILED;
143  } else if (outcome == AuthOutcome.NOT_ATTEMPTED) {
144  challenge = oauth.getChallenge();
145  return AuthOutcome.NOT_ATTEMPTED;
146 
147  }
148 
149  if (verifySSL()) return AuthOutcome.FAILED;
150 
151  completeAuthentication(oauth);
152 
153  // redirect to strip out access code and state query parameters
154  facade.getResponse().setHeader("Location", oauth.getStrippedOauthParametersRequestUri());
155  facade.getResponse().setStatus(302);
156  facade.getResponse().end();
157 
158  log.debug("AUTHENTICATED");
159  return AuthOutcome.AUTHENTICATED;
160  }
org.keycloak.adapters.RequestAuthenticator.isAutodetectedBearerOnly
boolean isAutodetectedBearerOnly(HttpFacade.Request request)
Definition: RequestAuthenticator.java:171
org.keycloak.adapters.RequestAuthenticator.createBasicAuthAuthenticator
BasicAuthRequestAuthenticator createBasicAuthAuthenticator()
Definition: RequestAuthenticator.java:207
org.keycloak.adapters.RequestAuthenticator.facade
HttpFacade facade
Definition: RequestAuthenticator.java:35
org.keycloak.adapters.RequestAuthenticator.createQueryParamterTokenRequestAuthenticator
QueryParamterTokenRequestAuthenticator createQueryParamterTokenRequestAuthenticator()
Definition: RequestAuthenticator.java:211
org.keycloak.adapters.RequestAuthenticator.createBearerTokenAuthenticator
BearerTokenRequestAuthenticator createBearerTokenAuthenticator()
Definition: RequestAuthenticator.java:203
org.keycloak.adapters.RequestAuthenticator.deployment
KeycloakDeployment deployment
Definition: RequestAuthenticator.java:38
org.keycloak.adapters.AdapterTokenStore.isCached
boolean isCached(RequestAuthenticator authenticator)
org.keycloak.adapters.RequestAuthenticator.completeAuthentication
void completeAuthentication(OAuthRequestAuthenticator oauth)
Definition: RequestAuthenticator.java:215
org.keycloak.adapters.RequestAuthenticator.createOAuthAuthenticator
abstract OAuthRequestAuthenticator createOAuthAuthenticator()
org.keycloak.adapters.RequestAuthenticator.challenge
AuthChallenge challenge
Definition: RequestAuthenticator.java:36
org.keycloak.adapters.RequestAuthenticator.tokenStore
AdapterTokenStore tokenStore
Definition: RequestAuthenticator.java:39
org.keycloak.adapters.RequestAuthenticator.log
static Logger log
Definition: RequestAuthenticator.java:34
org.keycloak.adapters.KeycloakDeployment.isEnableBasicAuth
boolean isEnableBasicAuth()
Definition: KeycloakDeployment.java:227
org.keycloak.adapters.RequestAuthenticator.verifySSL
boolean verifySSL()
Definition: RequestAuthenticator.java:162
org.keycloak.adapters.KeycloakDeployment.isBearerOnly
boolean isBearerOnly()
Definition: KeycloakDeployment.java:211

◆ changeHttpSessionId()

String org.keycloak.adapters.undertow.ServletRequestAuthenticator.changeHttpSessionId ( boolean  create)
inlineprotectedinherited
66  {
67  if (!deployment.isTurnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, create);
68  else return getHttpSessionId(create);
69  }
org.keycloak.adapters.RequestAuthenticator.deployment
KeycloakDeployment deployment
Definition: RequestAuthenticator.java:38
org.keycloak.adapters.KeycloakDeployment.isTurnOffChangeSessionIdOnLogin
boolean isTurnOffChangeSessionIdOnLogin()
Definition: KeycloakDeployment.java:408
org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.exchange
HttpServerExchange exchange
Definition: AbstractUndertowRequestAuthenticator.java:38
org.keycloak.adapters.undertow.ServletRequestAuthenticator.getHttpSessionId
String getHttpSessionId(boolean create)
Definition: ServletRequestAuthenticator.java:71

◆ completeAuthentication() [1/2]

void org.keycloak.adapters.RequestAuthenticator.completeAuthentication ( OAuthRequestAuthenticator  oauth)
inlineprotectedinherited
215  {
216  RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, tokenStore, oauth.getTokenString(), oauth.getToken(), oauth.getIdTokenString(), oauth.getIdToken(), oauth.getRefreshToken());
217  final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(AdapterUtils.getPrincipalName(deployment, oauth.getToken()), session);
218  completeOAuthAuthentication(principal);
219  log.debugv("User ''{0}'' invoking ''{1}'' on client ''{2}''", principal.getName(), facade.getRequest().getURI(), deployment.getResourceName());
220  }
org.keycloak.adapters.KeycloakDeployment.getResourceName
String getResourceName()
Definition: KeycloakDeployment.java:107
org.keycloak.adapters.RequestAuthenticator.facade
HttpFacade facade
Definition: RequestAuthenticator.java:35
org.keycloak.adapters.RequestAuthenticator.deployment
KeycloakDeployment deployment
Definition: RequestAuthenticator.java:38
org.keycloak.adapters.RequestAuthenticator.completeOAuthAuthentication
abstract void completeOAuthAuthentication(KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal)
org.keycloak.adapters.RequestAuthenticator.tokenStore
AdapterTokenStore tokenStore
Definition: RequestAuthenticator.java:39
org.keycloak.adapters.RequestAuthenticator.log
static Logger log
Definition: RequestAuthenticator.java:34

◆ completeAuthentication() [2/2]

void org.keycloak.adapters.RequestAuthenticator.completeAuthentication ( BearerTokenRequestAuthenticator  bearer,
String  method 
)
inlineprotectedinherited
234  {
235  RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, null, bearer.getTokenString(), bearer.getToken(), null, null, null);
236  final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(AdapterUtils.getPrincipalName(deployment, bearer.getToken()), session);
237  completeBearerAuthentication(principal, method);
238  log.debugv("User ''{0}'' invoking ''{1}'' on client ''{2}''", principal.getName(), facade.getRequest().getURI(), deployment.getResourceName());
239  }
org.keycloak.adapters.KeycloakDeployment.getResourceName
String getResourceName()
Definition: KeycloakDeployment.java:107
org.keycloak.adapters.RequestAuthenticator.facade
HttpFacade facade
Definition: RequestAuthenticator.java:35
org.keycloak.adapters.RequestAuthenticator.deployment
KeycloakDeployment deployment
Definition: RequestAuthenticator.java:38
org.keycloak.adapters.RequestAuthenticator.completeBearerAuthentication
abstract void completeBearerAuthentication(KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal, String method)
org.keycloak.adapters.RequestAuthenticator.log
static Logger log
Definition: RequestAuthenticator.java:34

◆ completeBearerAuthentication()

void org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.completeBearerAuthentication ( KeycloakPrincipal< RefreshableKeycloakSecurityContext principal,
String  method 
)
inlineprotectedinherited
67  {
68  KeycloakUndertowAccount account = createAccount(principal);
69  securityContext.authenticationComplete(account, method, false);
70  propagateKeycloakContext(account);
71  }
org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.propagateKeycloakContext
void propagateKeycloakContext(KeycloakUndertowAccount account)
Definition: AbstractUndertowRequestAuthenticator.java:49
org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.securityContext
SecurityContext securityContext
Definition: AbstractUndertowRequestAuthenticator.java:37
org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.createAccount
abstract KeycloakUndertowAccount createAccount(KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal)

◆ completeOAuthAuthentication()

void org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.completeOAuthAuthentication ( KeycloakPrincipal< RefreshableKeycloakSecurityContext principal)
inlineprotectedinherited
59  {
60  KeycloakUndertowAccount account = createAccount(principal);
61  securityContext.authenticationComplete(account, "KEYCLOAK", false);
62  propagateKeycloakContext(account);
63  tokenStore.saveAccountInfo(account);
64  }
org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.propagateKeycloakContext
void propagateKeycloakContext(KeycloakUndertowAccount account)
Definition: AbstractUndertowRequestAuthenticator.java:49
org.keycloak.adapters.AdapterTokenStore.saveAccountInfo
void saveAccountInfo(OidcKeycloakAccount account)
org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.securityContext
SecurityContext securityContext
Definition: AbstractUndertowRequestAuthenticator.java:37
org.keycloak.adapters.RequestAuthenticator.tokenStore
AdapterTokenStore tokenStore
Definition: RequestAuthenticator.java:39
org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.createAccount
abstract KeycloakUndertowAccount createAccount(KeycloakPrincipal< RefreshableKeycloakSecurityContext > principal)

◆ createAccount()

KeycloakUndertowAccount org.keycloak.adapters.undertow.ServletRequestAuthenticator.createAccount ( KeycloakPrincipal< RefreshableKeycloakSecurityContext principal)
inlineprotectedinherited
61  {
62  return new KeycloakUndertowAccount(principal);
63  }

◆ createBasicAuthAuthenticator()

BasicAuthRequestAuthenticator org.keycloak.adapters.RequestAuthenticator.createBasicAuthAuthenticator ( )
inlineprotectedinherited
207  {
208  return new BasicAuthRequestAuthenticator(deployment);
209  }
org.keycloak.adapters.RequestAuthenticator.deployment
KeycloakDeployment deployment
Definition: RequestAuthenticator.java:38

◆ createBearerTokenAuthenticator()

BearerTokenRequestAuthenticator org.keycloak.adapters.RequestAuthenticator.createBearerTokenAuthenticator ( )
inlineprotectedinherited
203  {
204  return new BearerTokenRequestAuthenticator(deployment);
205  }
org.keycloak.adapters.RequestAuthenticator.deployment
KeycloakDeployment deployment
Definition: RequestAuthenticator.java:38

◆ createGroup()

Group org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.createGroup ( String  name,
Set< Principal >  principals 
)
inlineprotected
137  {
138  Group roles = null;
139  Iterator<Principal> iter = principals.iterator();
140  while (iter.hasNext()) {
141  Object next = iter.next();
142  if (!(next instanceof Group))
143  continue;
144  Group grp = (Group) next;
145  if (grp.getName().equals(name)) {
146  roles = grp;
147  break;
148  }
149  }
150  // If we did not find a group create one
151  if (roles == null) {
152  roles = new SimpleGroup(name);
153  principals.add(roles);
154  }
155  return roles;
156  }

◆ createOAuthAuthenticator()

OAuthRequestAuthenticator org.keycloak.adapters.undertow.ServletRequestAuthenticator.createOAuthAuthenticator ( )
inlineprotectedinherited
48  {
49  return new OAuthRequestAuthenticator(this, facade, deployment, sslRedirectPort, tokenStore);
50  }
org.keycloak.adapters.RequestAuthenticator.facade
HttpFacade facade
Definition: RequestAuthenticator.java:35
org.keycloak.adapters.RequestAuthenticator.deployment
KeycloakDeployment deployment
Definition: RequestAuthenticator.java:38
org.keycloak.adapters.RequestAuthenticator.sslRedirectPort
int sslRedirectPort
Definition: RequestAuthenticator.java:40
org.keycloak.adapters.RequestAuthenticator.tokenStore
AdapterTokenStore tokenStore
Definition: RequestAuthenticator.java:39

◆ createQueryParamterTokenRequestAuthenticator()

QueryParamterTokenRequestAuthenticator org.keycloak.adapters.RequestAuthenticator.createQueryParamterTokenRequestAuthenticator ( )
inlineprotectedinherited
211  {
212  return new QueryParamterTokenRequestAuthenticator(deployment);
213  }
org.keycloak.adapters.RequestAuthenticator.deployment
KeycloakDeployment deployment
Definition: RequestAuthenticator.java:38

◆ getChallenge()

AuthChallenge org.keycloak.adapters.RequestAuthenticator.getChallenge ( )
inlineinherited
54  {
55  return challenge;
56  }
org.keycloak.adapters.RequestAuthenticator.challenge
AuthChallenge challenge
Definition: RequestAuthenticator.java:36

◆ getHttpSessionId()

String org.keycloak.adapters.undertow.ServletRequestAuthenticator.getHttpSessionId ( boolean  create)
inlineprotectedinherited
71  {
72  HttpSession session = getSession(create);
73  return session != null ? session.getId() : null;
74  }
org.keycloak.adapters.undertow.ServletRequestAuthenticator.getSession
HttpSession getSession(boolean create)
Definition: ServletRequestAuthenticator.java:76

◆ getPrincipal()

Principal org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.getPrincipal ( Subject  subject)
inlineprotected

Get the Principal given the authenticated Subject. Currently the first subject that is not of type

Group

is considered or the single subject inside the CallerPrincipal group.

引数
subject
戻り値
the authenticated subject
113  {
114  Principal principal = null;
115  Principal callerPrincipal = null;
116  if (subject != null) {
117  Set<Principal> principals = subject.getPrincipals();
118  if (principals != null && !principals.isEmpty()) {
119  for (Principal p : principals) {
120  if (!(p instanceof Group) && principal == null) {
121  principal = p;
122  }
123  if (p instanceof Group) {
124  Group g = Group.class.cast(p);
125  if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
126  Enumeration<? extends Principal> e = g.members();
127  if (e.hasMoreElements())
128  callerPrincipal = e.nextElement();
129  }
130  }
131  }
132  }
133  }
134  return callerPrincipal == null ? principal : callerPrincipal;
135  }

◆ getRoleSets()

Group [] org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.getRoleSets ( Collection< String >  roleSet)
inlineprotected
158  {
159  SimpleGroup roles = new SimpleGroup("Roles");
160  Group[] roleSets = {roles};
161  for (String role : roleSet) {
162  roles.addMember(new SimplePrincipal(role));
163  }
164  return roleSets;
165  }

◆ getSession()

HttpSession org.keycloak.adapters.undertow.ServletRequestAuthenticator.getSession ( boolean  create)
inlineprotectedinherited
76  {
77  final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
78  HttpServletRequest req = (HttpServletRequest) servletRequestContext.getServletRequest();
79  return req.getSession(create);
80  }
org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.exchange
HttpServerExchange exchange
Definition: AbstractUndertowRequestAuthenticator.java:38

◆ isAutodetectedBearerOnly()

boolean org.keycloak.adapters.RequestAuthenticator.isAutodetectedBearerOnly ( HttpFacade.Request  request)
inlineprotectedinherited
171  {
172  if (!deployment.isAutodetectBearerOnly()) return false;
173 
174  String headerValue = facade.getRequest().getHeader("X-Requested-With");
175  if (headerValue != null && headerValue.equalsIgnoreCase("XMLHttpRequest")) {
176  return true;
177  }
178 
179  headerValue = facade.getRequest().getHeader("Faces-Request");
180  if (headerValue != null && headerValue.startsWith("partial/")) {
181  return true;
182  }
183 
184  headerValue = facade.getRequest().getHeader("SOAPAction");
185  if (headerValue != null) {
186  return true;
187  }
188 
189  List<String> accepts = facade.getRequest().getHeaders("Accept");
190  if (accepts == null) accepts = Collections.emptyList();
191 
192  for (String accept : accepts) {
193  if (accept.contains("text/html") || accept.contains("text/*") || accept.contains("*/*")) {
194  return false;
195  }
196  }
197 
198  return true;
199  }
org.keycloak.adapters.RequestAuthenticator.facade
HttpFacade facade
Definition: RequestAuthenticator.java:35
org.keycloak.adapters.RequestAuthenticator.deployment
KeycloakDeployment deployment
Definition: RequestAuthenticator.java:38
org.keycloak.adapters.KeycloakDeployment.isAutodetectBearerOnly
boolean isAutodetectBearerOnly()
Definition: KeycloakDeployment.java:219

◆ mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext()

static void org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext ( org.jboss.security.SecurityContext  sc)
inlinestaticprivate
167  {
168  SubjectInfo subjectInfo = sc.getSubjectInfo();
169  if (subjectInfo == null) {
170  return;
171  }
172 
173  Subject authenticatedSubject = subjectInfo.getAuthenticatedSubject();
174  if (authenticatedSubject == null) {
175  return;
176  }
177 
178  // Get role group of security context in order to add roles of authenticatedSubject.
179  RoleGroup scRoles = sc.getUtil().getRoles();
180  if (scRoles == null) {
181  scRoles = new SimpleRoleGroup("Roles");
182  sc.getUtil().setRoles(scRoles);
183  }
184 
185  // Get group roles of authenticatedSubject and add each role of the group into security context
186  Iterator<Principal> principalItr = authenticatedSubject.getPrincipals().iterator();
187  while (principalItr.hasNext()) {
188  Principal principal = principalItr.next();
189  if (principal instanceof Group) {
190  Enumeration<? extends Principal> members = ((Group) principal).members();
191  while (members.hasMoreElements()) {
192  Principal role = members.nextElement();
193  scRoles.addRole(new SimpleRole(role.getName()));
194  }
195  }
196  }
197  }

◆ propagateKeycloakContext()

void org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.propagateKeycloakContext ( KeycloakUndertowAccount  account)
inlineprotected
63  {
64  super.propagateKeycloakContext(account);
65  SecurityInfoHelper.propagateSessionInfo(account);
66  log.debug("propagate security context to wildfly");
67  Subject subject = new Subject();
68  Set<Principal> principals = subject.getPrincipals();
69  principals.add(account.getPrincipal());
70  Group[] roleSets = getRoleSets(account.getRoles());
71  for (int g = 0; g < roleSets.length; g++) {
72  Group group = roleSets[g];
73  String name = group.getName();
74  Group subjectGroup = createGroup(name, principals);
75  if (subjectGroup instanceof NestableGroup) {
76  /* A NestableGroup only allows Groups to be added to it so we
77  need to add a SimpleGroup to subjectRoles to contain the roles
78  */
79  SimpleGroup tmp = new SimpleGroup("Roles");
80  subjectGroup.addMember(tmp);
81  subjectGroup = tmp;
82  }
83  // Copy the group members to the Subject group
84  Enumeration<? extends Principal> members = group.members();
85  while (members.hasMoreElements()) {
86  Principal role = (Principal) members.nextElement();
87  subjectGroup.addMember(role);
88  }
89  }
90  // add the CallerPrincipal group if none has been added in getRoleSets
91  Group callerGroup = new SimpleGroup(SecurityConstants.CALLER_PRINCIPAL_GROUP);
92  callerGroup.addMember(account.getPrincipal());
93  principals.add(callerGroup);
94  org.jboss.security.SecurityContext sc = SecurityContextAssociation.getSecurityContext();
95  Principal userPrincipal = getPrincipal(subject);
96  sc.getUtil().createSubjectInfo(userPrincipal, account, subject);
97 
98  // Roles of subjectInfo are null, because is was constructed by
99  // org.jboss.security.identity.extensions.CredentialIdentityFactory
100  // .createIdentity(Principal [=userPrincipal], Object [=account], Role [=null]).
101  // Therefore the roles are only contained in the authenticatedSubject (member of subjectInfo)
102  // and subsequent logics do only access subjectInfo#roles instead of authenticatedSubject#roles.
103  mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(sc);
104  }
org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext
static void mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(org.jboss.security.SecurityContext sc)
Definition: WildflyRequestAuthenticator.java:167
org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.getPrincipal
Principal getPrincipal(Subject subject)
Definition: WildflyRequestAuthenticator.java:113
org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.createGroup
Group createGroup(String name, Set< Principal > principals)
Definition: WildflyRequestAuthenticator.java:137
org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.getRoleSets
Group [] getRoleSets(Collection< String > roleSet)
Definition: WildflyRequestAuthenticator.java:158
org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.log
static Logger log
Definition: WildflyRequestAuthenticator.java:54

◆ verifySSL()

boolean org.keycloak.adapters.RequestAuthenticator.verifySSL ( )
inlineprotectedinherited
162  {
163  if (!facade.getRequest().isSecure() && deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr())) {
164  log.warnf("SSL is required to authenticate. Remote address %s is secure: %s, SSL required for: %s .",
165  facade.getRequest().getRemoteAddr(), facade.getRequest().isSecure(), deployment.getSslRequired().name());
166  return true;
167  }
168  return false;
169  }
org.keycloak.adapters.KeycloakDeployment.getSslRequired
SslRequired getSslRequired()
Definition: KeycloakDeployment.java:275
org.keycloak.adapters.RequestAuthenticator.facade
HttpFacade facade
Definition: RequestAuthenticator.java:35
org.keycloak.adapters.RequestAuthenticator.deployment
KeycloakDeployment deployment
Definition: RequestAuthenticator.java:38
org.keycloak.common.enums.SslRequired.isRequired
boolean isRequired(ClientConnection connection)
Definition: SslRequired.java:34
org.keycloak.adapters.RequestAuthenticator.log
static Logger log
Definition: RequestAuthenticator.java:34

メンバ詳解

◆ challenge

AuthChallenge org.keycloak.adapters.RequestAuthenticator.challenge
protectedinherited

◆ deployment

KeycloakDeployment org.keycloak.adapters.RequestAuthenticator.deployment
protectedinherited

◆ exchange

HttpServerExchange org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.exchange
protectedinherited

◆ facade

HttpFacade org.keycloak.adapters.RequestAuthenticator.facade
protectedinherited

◆ log

Logger org.keycloak.adapters.wildfly.WildflyRequestAuthenticator.log = Logger.getLogger(WildflyRequestAuthenticator.class)
staticprotected

◆ securityContext

SecurityContext org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator.securityContext
protectedinherited

◆ sslRedirectPort

int org.keycloak.adapters.RequestAuthenticator.sslRedirectPort
protectedinherited

◆ tokenStore

AdapterTokenStore org.keycloak.adapters.RequestAuthenticator.tokenStore
protectedinherited
このクラス詳解は次のファイルから抽出されました:
2018年10月28日(日) 23時22分40秒作成 - keycloak / 構成:   doxygen 1.8.13