org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist クラス

org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist の継承関係図

org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist 連携図

公開メンバ関数
	FileBasedPasswordBlacklist (Path blacklistBasePath, String name)
String	getName ()
boolean	contains (String password)

関数
void	lazyInit ()

非公開メンバ関数
BloomFilter< String >	load ()
long	getPasswordCount () throws IOException

静的非公開メンバ関数
static BufferedReader	newReader (Path path) throws IOException
static Path	detectBlacklistsBasePath (Config.Scope config)
static Path	ensureExists (Path path)

非公開変数類
final String	name
final Path	path
BloomFilter< String >	blacklist

静的非公開変数類
static final double	FALSE_POSITIVE_PROBABILITY = 0.01
static final int	BUFFER_SIZE_IN_BYTES = 512 * 1024

詳解

A FileBasedPasswordBlacklist uses password-blacklist files as to construct a PasswordBlacklist.

This implementation uses a dynamically sized BloomFilter to provide a false positive probability of 1%.

参照

BloomFilter

構築子と解体子

FileBasedPasswordBlacklist()

org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.FileBasedPasswordBlacklist ( Path  blacklistBasePath, String  name  )

inline

                                                                               {

            this.name = name;
            this.path = blacklistBasePath.resolve(name);


            if (name.contains("/")) {
                // disallow '/' to avoid accidental filesystem traversal
                throw new IllegalArgumentException("" + name + " must not contain slashes!");
            }

            if (!Files.exists(this.path)) {
                throw new IllegalArgumentException("Password blacklist " + name + " not found!");
            }
        }

関数詳解

contains()

boolean org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.contains ( String  password )

inline

org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.PasswordBlacklistを実装しています。

                                                 {
            return blacklist != null && blacklist.mightContain(password);
        }

detectBlacklistsBasePath()

static Path org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.detectBlacklistsBasePath ( Config.Scope  config )

inlinestaticprivate

Discovers password blacklists location.

1. system property

   keycloak.password.blacklists.path 

   if present
2. SPI config property

   blacklistsPath 

and fallback to the

/data/password-blacklists 

folder of the currently running wildfly instance.

引数

config

戻り値

the detected blacklist path

例外

IllegalStateException

if no blacklist folder could be detected

                                                                          {

            String pathFromSysProperty = System.getProperty(SYSTEM_PROPERTY);
            if (pathFromSysProperty != null) {
                return ensureExists(Paths.get(pathFromSysProperty));
            }

            String pathFromSpiConfig = config.get(BLACKLISTS_PATH_PROPERTY);
            if (pathFromSpiConfig != null) {
                return ensureExists(Paths.get(pathFromSpiConfig));
            }

            String pathFromJbossDataPath = System.getProperty(JBOSS_SERVER_DATA_DIR) + "/" + PASSWORD_BLACKLISTS_FOLDER;
            if (!Files.exists(Paths.get(pathFromJbossDataPath))) {
                if (!Paths.get(pathFromJbossDataPath).toFile().mkdirs()) {
                    LOG.errorf("Could not create folder for password blacklists: %s", pathFromJbossDataPath);
                }
            }
            return ensureExists(Paths.get(pathFromJbossDataPath));
        }

ensureExists()

static Path org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.ensureExists ( Path  path )

inlinestaticprivate

                                                    {

            Objects.requireNonNull(path, "path");

            if (Files.exists(path)) {
                return path;
            }

            throw new IllegalStateException("Password blacklists location does not exist: " + path);
        }

getName()

String org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.getName ( )

inline

org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.PasswordBlacklistを実装しています。

                                {
            return name;
        }

getPasswordCount()

long org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.getPasswordCount ( ) throws IOException

inlineprivate

Determines password blacklist size to correctly size the BloomFilter backing this blacklist.

戻り値

例外

IOException

                                                           {

      /*
       * TODO find a more efficient way to determine the password count,
       * e.g. require a header-line in the password-blacklist file
       */
            try (BufferedReader br = newReader(path)) {
                return br.lines().count();
            }
        }

lazyInit()

void org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.lazyInit ( )

inlinepackage

                        {

            if (blacklist != null) {
                return;
            }

            this.blacklist = load();
        }

load()

BloomFilter<String> org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.load ( )

inlineprivate

Loads the referenced blacklist into a BloomFilter.

戻り値

the BloomFilter backing a password blacklist

                                           {

            try {
                LOG.infof("Loading blacklist with name %s from %s - start", name, path);

                long passwordCount = getPasswordCount();

                BloomFilter<String> filter = BloomFilter.create(
                        Funnels.stringFunnel(StandardCharsets.UTF_8),
                        passwordCount,
                        FALSE_POSITIVE_PROBABILITY);

                try (BufferedReader br = newReader(path)) {
                    br.lines().forEach(filter::put);
                }

                LOG.infof("Loading blacklist with name %s from %s - end", name, path);

                return filter;
            } catch (IOException e) {
                throw new RuntimeException("Could not load password blacklist from path: " + path, e);
            }
        }

newReader()

static BufferedReader org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.newReader ( Path  path ) throws IOException

inlinestaticprivate

                                                                              {
            return new BufferedReader(Files.newBufferedReader(path), BUFFER_SIZE_IN_BYTES);
        }

メンバ詳解

blacklist

BloomFilter<String> org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.blacklist

private

Initialized lazily via lazyInit()

BUFFER_SIZE_IN_BYTES

final int org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.BUFFER_SIZE_IN_BYTES = 512 * 1024

staticprivate

FALSE_POSITIVE_PROBABILITY

final double org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.FALSE_POSITIVE_PROBABILITY = 0.01

staticprivate

name

final String org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.name

private

The name of the blacklist filename.

path

final Path org.keycloak.policy.BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist.path

private

The concrete path to the password-blacklist file.

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/policy/BlacklistPasswordPolicyProviderFactory.java