org.keycloak.adapters.BasicAuthRequestAuthenticator の継承関係図

org.keycloak.adapters.BasicAuthRequestAuthenticator 連携図

公開メンバ関数
	BasicAuthRequestAuthenticator (KeycloakDeployment deployment)

AuthOutcome	authenticate (HttpFacade exchange)

AuthChallenge	getChallenge ()

String	getTokenString ()

AccessToken	getToken ()

String	getSurrogate ()

限定公開メンバ関数
AccessTokenResponse	getToken (String username, String password) throws Exception

AuthOutcome	authenticateToken (HttpFacade exchange, String tokenString)

AuthChallenge	clientCertChallenge ()

AuthChallenge	challengeResponse (HttpFacade facade, final OIDCAuthenticationError.Reason reason, final String error, final String description)

限定公開変数類
Logger	log = Logger.getLogger(BasicAuthRequestAuthenticator.class)

String	tokenString

AccessToken	token

String	surrogate

AuthChallenge	challenge

KeycloakDeployment	deployment

詳解

Basic auth request authenticator.

構築子と解体子

◆ BasicAuthRequestAuthenticator()

org.keycloak.adapters.BasicAuthRequestAuthenticator.BasicAuthRequestAuthenticator ( KeycloakDeployment deployment )

inline

                                                                         {
         super(deployment);
     }

関数詳解

◆ authenticate()

AuthOutcome org.keycloak.adapters.BasicAuthRequestAuthenticator.authenticate ( HttpFacade exchange )

inline

                                                           {
         List<String> authHeaders = exchange.getRequest().getHeaders("Authorization");
         if (authHeaders == null || authHeaders.size() == 0) {
             challenge = challengeResponse(exchange, OIDCAuthenticationError.Reason.NO_AUTHORIZATION_HEADER, null, null);
             return AuthOutcome.NOT_ATTEMPTED;
         }
 
         tokenString = null;
         for (String authHeader : authHeaders) {
             String[] split = authHeader.trim().split("\\s+");
             if (split == null || split.length != 2) continue;
             if (!split[0].equalsIgnoreCase("Basic")) continue;
             tokenString = split[1];
         }
 
         if (tokenString == null) {
             challenge = challengeResponse(exchange, OIDCAuthenticationError.Reason.INVALID_TOKEN, null, null);
             return AuthOutcome.NOT_ATTEMPTED;
         }
 
         AccessTokenResponse atr=null;        
         try {
             String userpw=new String(Base64.decode(tokenString));
             int seperatorIndex = userpw.indexOf(":");
             String user = userpw.substring(0, seperatorIndex);
             String pw = userpw.substring(seperatorIndex + 1);
             atr = getToken(user, pw);
             tokenString = atr.getToken();
         } catch (Exception e) {
             log.debug("Failed to obtain token", e);
             challenge = challengeResponse(exchange, OIDCAuthenticationError.Reason.INVALID_TOKEN, "no_token", e.getMessage());
             return AuthOutcome.FAILED;
         }
 
         return authenticateToken(exchange, atr.getToken());
     } 

◆ authenticateToken()

AuthOutcome org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken	(	HttpFacade	exchange,
		String	tokenString
	)

inlineprotectedinherited

                                                                                      {
         log.debug("Verifying access_token");
         if (log.isTraceEnabled()) {
             try {
                 JWSInput jwsInput = new JWSInput(tokenString);
                 String wireString = jwsInput.getWireString();
                 log.tracef("\taccess_token: %s", wireString.substring(0, wireString.lastIndexOf(".")) + ".signature");
             } catch (JWSInputException e) {
                 log.errorf(e, "Failed to parse access_token: %s", tokenString);
             }
         }
         try {
             token = AdapterRSATokenVerifier.verifyToken(tokenString, deployment);
         } catch (VerificationException e) {
             log.error("Failed to verify token", e);
             challenge = challengeResponse(exchange, OIDCAuthenticationError.Reason.INVALID_TOKEN, "invalid_token", e.getMessage());
             return AuthOutcome.FAILED;
         }
         if (token.getIssuedAt() < deployment.getNotBefore()) {
             log.error("Stale token");
             challenge = challengeResponse(exchange,  OIDCAuthenticationError.Reason.STALE_TOKEN, "invalid_token", "Stale token");
             return AuthOutcome.FAILED;
         }
         boolean verifyCaller = false;
         if (deployment.isUseResourceRoleMappings()) {
             verifyCaller = token.isVerifyCaller(deployment.getResourceName());
         } else {
             verifyCaller = token.isVerifyCaller();
         }
         surrogate = null;
         if (verifyCaller) {
             if (token.getTrustedCertificates() == null || token.getTrustedCertificates().size() == 0) {
                 log.warn("No trusted certificates in token");
                 challenge = clientCertChallenge();
                 return AuthOutcome.FAILED;
             }
 
             // for now, we just make sure Undertow did two-way SSL
             // assume JBoss Web verifies the client cert
             X509Certificate[] chain = new X509Certificate[0];
             try {
                 chain = exchange.getCertificateChain();
             } catch (Exception ignore) {
 
             }
             if (chain == null || chain.length == 0) {
                 log.warn("No certificates provided by undertow to verify the caller");
                 challenge = clientCertChallenge();
                 return AuthOutcome.FAILED;
             }
             surrogate = chain[0].getSubjectDN().getName();
         }
         log.debug("successful authorized");
         return AuthOutcome.AUTHENTICATED;
     }

◆ challengeResponse()

AuthChallenge org.keycloak.adapters.BearerTokenRequestAuthenticator.challengeResponse	(	HttpFacade	facade,
		final OIDCAuthenticationError.Reason	reason,
		final String	error,
		final String	description
	)

inlineprotectedinherited

                                                                                                                                                             {
         StringBuilder header = new StringBuilder("Bearer realm=\"");
         header.append(deployment.getRealm()).append("\"");
         if (error != null) {
             header.append(", error=\"").append(error).append("\"");
         }
         if (description != null) {
             header.append(", error_description=\"").append(description).append("\"");
         }
         final String challenge = header.toString();
         return new AuthChallenge() {
             @Override
             public int getResponseCode() {
                 return 401;
             }
 
             @Override
             public boolean challenge(HttpFacade facade) {
                 if (deployment.getPolicyEnforcer() != null) {
                     deployment.getPolicyEnforcer().enforce(OIDCHttpFacade.class.cast(facade));
                     return true;
                 }
                 OIDCAuthenticationError error = new OIDCAuthenticationError(reason, description);
                 facade.getRequest().setError(error);
                 facade.getResponse().addHeader("WWW-Authenticate", challenge);
                 if(deployment.isDelegateBearerErrorResponseSending()){
                     facade.getResponse().setStatus(401);
                 }
                 else {
                     facade.getResponse().sendError(401);
                 }
                 return true;
             }
         };
     }

◆ clientCertChallenge()

AuthChallenge org.keycloak.adapters.BearerTokenRequestAuthenticator.clientCertChallenge ( )

inlineprotectedinherited

                                                   {
         return new AuthChallenge() {
             @Override
             public int getResponseCode() {
                 return 0;
             }
 
             @Override
             public boolean challenge(HttpFacade exchange) {
                 // do the same thing as client cert auth
                 return false;
             }
         };
     }

◆ getChallenge()

AuthChallenge org.keycloak.adapters.BearerTokenRequestAuthenticator.getChallenge ( )

inlineinherited

                                         {
         return challenge;
     }

◆ getSurrogate()

String org.keycloak.adapters.BearerTokenRequestAuthenticator.getSurrogate ( )

inlineinherited

                                  {
         return surrogate;
     }

◆ getToken() [1/2]

AccessToken org.keycloak.adapters.BearerTokenRequestAuthenticator.getToken ( )

inlineinherited

                                   {
         return token;
     }

◆ getToken() [2/2]

AccessTokenResponse org.keycloak.adapters.BasicAuthRequestAuthenticator.getToken	(	String	username,
		String	password
	)		throws Exception

inlineprotected

                                                                                               {
         AccessTokenResponse tokenResponse=null;
         HttpClient client = deployment.getClient();
 
         HttpPost post = new HttpPost(
                 KeycloakUriBuilder.fromUri(deployment.getAuthServerBaseUrl())
                 .path(ServiceUrlConstants.TOKEN_PATH).build(deployment.getRealm()));
         java.util.List <NameValuePair> formparams = new java.util.ArrayList <NameValuePair>();
         formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD));
         formparams.add(new BasicNameValuePair("username", username));
         formparams.add(new BasicNameValuePair("password", password));
 
         ClientCredentialsProviderUtils.setClientCredentials(deployment, post, formparams);
 
         UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8");
         post.setEntity(form);
 
         HttpResponse response = client.execute(post);
         int status = response.getStatusLine().getStatusCode();
         HttpEntity entity = response.getEntity();
         if (status != 200) {
             EntityUtils.consumeQuietly(entity);
             throw new java.io.IOException("Bad status: " + status);
         }
         if (entity == null) {
             throw new java.io.IOException("No Entity");
         }
         java.io.InputStream is = entity.getContent();
         try {
             tokenResponse = JsonSerialization.readValue(is, AccessTokenResponse.class);
         } finally {
             try {
                 is.close();
             } catch (java.io.IOException ignored) { }
         }
         
         return (tokenResponse);
     }

◆ getTokenString()

String org.keycloak.adapters.BearerTokenRequestAuthenticator.getTokenString ( )

inlineinherited

                                    {
         return tokenString;
     }

メンバ詳解

◆ challenge

AuthChallenge org.keycloak.adapters.BearerTokenRequestAuthenticator.challenge

protectedinherited

◆ deployment

KeycloakDeployment org.keycloak.adapters.BearerTokenRequestAuthenticator.deployment

protectedinherited

◆ log

Logger org.keycloak.adapters.BasicAuthRequestAuthenticator.log = Logger.getLogger(BasicAuthRequestAuthenticator.class)

protected

◆ surrogate

String org.keycloak.adapters.BearerTokenRequestAuthenticator.surrogate

protectedinherited

◆ token

AccessToken org.keycloak.adapters.BearerTokenRequestAuthenticator.token

protectedinherited

◆ tokenString

String org.keycloak.adapters.BearerTokenRequestAuthenticator.tokenString

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/keycloak/doxygen/src/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java

公開メンバ関数

限定公開メンバ関数

限定公開変数類

詳解

構築子と解体子

◆ BasicAuthRequestAuthenticator()

関数詳解

◆ authenticate()

◆ authenticateToken()

◆ challengeResponse()

◆ clientCertChallenge()

◆ getChallenge()

◆ getSurrogate()

◆ getToken() [1/2]

◆ getToken() [2/2]

◆ getTokenString()

メンバ詳解

◆ challenge

◆ deployment

◆ log

◆ surrogate

◆ token

◆ tokenString