org.keycloak.services.managers.AuthenticationSessionManager 連携図

公開メンバ関数
	AuthenticationSessionManager (KeycloakSession session)

RootAuthenticationSessionModel	createAuthenticationSession (RealmModel realm, boolean browserCookie)

RootAuthenticationSessionModel	getCurrentRootAuthenticationSession (RealmModel realm)

UserSessionModel	getUserSessionFromAuthCookie (RealmModel realm)

AuthenticationSessionModel	getCurrentAuthenticationSession (RealmModel realm, ClientModel client, String tabId)

void	setAuthSessionCookie (String authSessionId, RealmModel realm)

void	removeAuthenticationSession (RealmModel realm, AuthenticationSessionModel authSession, boolean expireRestartCookie)

UserSessionModel	getUserSession (AuthenticationSessionModel authSession)

AuthenticationSessionModel	getAuthenticationSessionByIdAndClient (RealmModel realm, String authSessionId, ClientModel client, String tabId)

静的公開変数類
static final String	AUTH_SESSION_ID = "AUTH_SESSION_ID"

static final int	AUTH_SESSION_LIMIT = 3

関数
AuthSessionId	decodeAuthSessionId (String encodedAuthSessionId)

void	reencodeAuthSessionCookie (String oldEncodedAuthSessionId, AuthSessionId newAuthSessionId, RealmModel realm)

List< String >	getAuthSessionCookies (RealmModel realm)

非公開変数類
final KeycloakSession	session

静的非公開変数類
static final Logger	log = Logger.getLogger(AuthenticationSessionManager.class)

詳解

著者: Marek Posolda

構築子と解体子

◆ AuthenticationSessionManager()

org.keycloak.services.managers.AuthenticationSessionManager.AuthenticationSessionManager ( KeycloakSession session )

inline

                                                                  {
         this.session = session;
     }

関数詳解

◆ createAuthenticationSession()

RootAuthenticationSessionModel org.keycloak.services.managers.AuthenticationSessionManager.createAuthenticationSession	(	RealmModel	realm,
		boolean	browserCookie
	)

inline

Creates a fresh authentication session for the given realm . Optionally sets the browser authentication session cookie AUTH_SESSION_ID with the ID of the new session.

引数

realm
browserCookie	Set the cookie in the browser for the

戻り値

                                                                                                                {
         RootAuthenticationSessionModel rootAuthSession = session.authenticationSessions().createRootAuthenticationSession(realm);
 
         if (browserCookie) {
             setAuthSessionCookie(rootAuthSession.getId(), realm);
         }
 
         return rootAuthSession;
     }

◆ decodeAuthSessionId()

AuthSessionId org.keycloak.services.managers.AuthenticationSessionManager.decodeAuthSessionId ( String encodedAuthSessionId )

inlinepackage

引数

encodedAuthSessionId encoded ID with attached route in cluster environment (EG. "5e161e00-d426-4ea6-98e9-52eb9844e2d7.node1" )

戻り値: object with decoded and actually encoded authSessionId

                                                                    {
         log.debugf("Found AUTH_SESSION_ID cookie with value %s", encodedAuthSessionId);
         StickySessionEncoderProvider encoder = session.getProvider(StickySessionEncoderProvider.class);
         String decodedAuthSessionId = encoder.decodeSessionId(encodedAuthSessionId);
         String reencoded = encoder.encodeSessionId(decodedAuthSessionId);
 
         return new AuthSessionId(decodedAuthSessionId, reencoded);
     }

◆ getAuthenticationSessionByIdAndClient()

AuthenticationSessionModel org.keycloak.services.managers.AuthenticationSessionManager.getAuthenticationSessionByIdAndClient	(	RealmModel	realm,
		String	authSessionId,
		ClientModel	client,
		String	tabId
	)

inline

                                                                                                                                                       {
         RootAuthenticationSessionModel rootAuthSession = session.authenticationSessions().getRootAuthenticationSession(realm, authSessionId);
         return rootAuthSession==null ? null : rootAuthSession.getAuthenticationSession(client, tabId);
     }

◆ getAuthSessionCookies()

List<String> org.keycloak.services.managers.AuthenticationSessionManager.getAuthSessionCookies ( RealmModel realm )

inlinepackage

引数

realm

戻り値: list of the values of AUTH_SESSION_ID cookies. It is assumed that values could be encoded with route added (EG. "5e161e00-d426-4ea6-98e9-52eb9844e2d7.node1" )

                                                          {
         Set<String> cookiesVal = CookieHelper.getCookieValue(AUTH_SESSION_ID);
 
         if (cookiesVal.size() > 1) {
             AuthenticationManager.expireOldAuthSessionCookie(realm, session.getContext().getUri(), session.getContext().getConnection());
         }
 
         List<String> authSessionIds = cookiesVal.stream().limit(AUTH_SESSION_LIMIT).collect(Collectors.toList());
 
         if (authSessionIds.isEmpty()) {
             log.debugf("Not found AUTH_SESSION_ID cookie");
         }
 
         return authSessionIds;
     }

◆ getCurrentAuthenticationSession()

AuthenticationSessionModel org.keycloak.services.managers.AuthenticationSessionManager.getCurrentAuthenticationSession	(	RealmModel	realm,
		ClientModel	client,
		String	tabId
	)

inline

Returns current authentication session if it exists, otherwise returns

null

.

引数

realm

戻り値

                                                                                                                           {
         List<String> authSessionCookies = getAuthSessionCookies(realm);
 
         return authSessionCookies.stream().map(oldEncodedId -> {
             AuthSessionId authSessionId = decodeAuthSessionId(oldEncodedId);
             String sessionId = authSessionId.getDecodedId();
 
             AuthenticationSessionModel authSession = getAuthenticationSessionByIdAndClient(realm, sessionId, client, tabId);
 
             if (authSession != null) {
                 reencodeAuthSessionCookie(oldEncodedId, authSessionId, realm);
                 return authSession;
             }
 
             return null;
         }).filter(authSession -> Objects.nonNull(authSession)).findFirst().orElse(null);
     }

◆ getCurrentRootAuthenticationSession()

RootAuthenticationSessionModel org.keycloak.services.managers.AuthenticationSessionManager.getCurrentRootAuthenticationSession ( RealmModel realm )

inline

                                                                                                 {
         List<String> authSessionCookies = getAuthSessionCookies(realm);
 
         return authSessionCookies.stream().map(oldEncodedId -> {
             AuthSessionId authSessionId = decodeAuthSessionId(oldEncodedId);
             String sessionId = authSessionId.getDecodedId();
 
             RootAuthenticationSessionModel rootAuthSession = session.authenticationSessions().getRootAuthenticationSession(realm, sessionId);
 
             if (rootAuthSession != null) {
                 reencodeAuthSessionCookie(oldEncodedId, authSessionId, realm);
                 return rootAuthSession;
             }
 
             return null;
         }).filter(authSession -> Objects.nonNull(authSession)).findFirst().orElse(null);
     }

◆ getUserSession()

UserSessionModel org.keycloak.services.managers.AuthenticationSessionManager.getUserSession ( AuthenticationSessionModel authSession )

inline

                                                                                    {
         return session.sessions().getUserSession(authSession.getRealm(), authSession.getParentSession().getId());
     }

◆ getUserSessionFromAuthCookie()

UserSessionModel org.keycloak.services.managers.AuthenticationSessionManager.getUserSessionFromAuthCookie ( RealmModel realm )

inline

                                                                            {
         List<String> authSessionCookies = getAuthSessionCookies(realm);
 
         return authSessionCookies.stream().map(oldEncodedId -> {
             AuthSessionId authSessionId = decodeAuthSessionId(oldEncodedId);
             String sessionId = authSessionId.getDecodedId();
 
             UserSessionModel userSession = session.sessions().getUserSession(realm, sessionId);
 
             if (userSession != null) {
                 reencodeAuthSessionCookie(oldEncodedId, authSessionId, realm);
                 return userSession;
             }
 
             return null;
         }).filter(authSession -> Objects.nonNull(authSession)).findFirst().orElse(null);
     }

◆ reencodeAuthSessionCookie()

void org.keycloak.services.managers.AuthenticationSessionManager.reencodeAuthSessionCookie	(	String	oldEncodedAuthSessionId,
		AuthSessionId	newAuthSessionId,
		RealmModel	realm
	)

inlinepackage

                                                                                                                      {
         if (!oldEncodedAuthSessionId.equals(newAuthSessionId.getEncodedId())) {
             log.debugf("Route changed. Will update authentication session cookie. Old: '%s', New: '%s'", oldEncodedAuthSessionId,
                     newAuthSessionId.getEncodedId());
             setAuthSessionCookie(newAuthSessionId.getDecodedId(), realm);
         }
     }

◆ removeAuthenticationSession()

void org.keycloak.services.managers.AuthenticationSessionManager.removeAuthenticationSession	(	RealmModel	realm,
		AuthenticationSessionModel	authSession,
		boolean	expireRestartCookie
	)

inline

                                                                                                                                    {
         RootAuthenticationSessionModel rootAuthSession = authSession.getParentSession();
 
         log.debugf("Removing authSession '%s'. Expire restart cookie: %b", rootAuthSession.getId(), expireRestartCookie);
         session.authenticationSessions().removeRootAuthenticationSession(realm, rootAuthSession);
 
         // expire restart cookie
         if (expireRestartCookie) {
             ClientConnection clientConnection = session.getContext().getConnection();
             UriInfo uriInfo = session.getContext().getUri();
             RestartLoginCookie.expireRestartCookie(realm, clientConnection, uriInfo);
         }
     }

◆ setAuthSessionCookie()

void org.keycloak.services.managers.AuthenticationSessionManager.setAuthSessionCookie	(	String	authSessionId,
		RealmModel	realm
	)

inline

引数

authSessionId	decoded authSessionId (without route info attached)
realm

                                                                              {
         UriInfo uriInfo = session.getContext().getUri();
         String cookiePath = AuthenticationManager.getRealmCookiePath(realm, uriInfo);
 
         boolean sslRequired = realm.getSslRequired().isRequired(session.getContext().getConnection());
 
         StickySessionEncoderProvider encoder = session.getProvider(StickySessionEncoderProvider.class);
         String encodedAuthSessionId = encoder.encodeSessionId(authSessionId);
 
         CookieHelper.addCookie(AUTH_SESSION_ID, encodedAuthSessionId, cookiePath, null, null, -1, sslRequired, true);
 
         log.debugf("Set AUTH_SESSION_ID cookie with value %s", encodedAuthSessionId);
     }

メンバ詳解

◆ AUTH_SESSION_ID

final String org.keycloak.services.managers.AuthenticationSessionManager.AUTH_SESSION_ID = "AUTH_SESSION_ID"

static

◆ AUTH_SESSION_LIMIT

final int org.keycloak.services.managers.AuthenticationSessionManager.AUTH_SESSION_LIMIT = 3

static

◆ log

final Logger org.keycloak.services.managers.AuthenticationSessionManager.log = Logger.getLogger(AuthenticationSessionManager.class)

staticprivate

◆ session

final KeycloakSession org.keycloak.services.managers.AuthenticationSessionManager.session

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/oidc-service/src/main/java/org/keycloak/services/managers/AuthenticationSessionManager.java

公開メンバ関数

静的公開変数類

関数

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ AuthenticationSessionManager()

関数詳解

◆ createAuthenticationSession()

◆ decodeAuthSessionId()

◆ getAuthenticationSessionByIdAndClient()

◆ getAuthSessionCookies()

◆ getCurrentAuthenticationSession()

◆ getCurrentRootAuthenticationSession()

◆ getUserSession()

◆ getUserSessionFromAuthCookie()

◆ reencodeAuthSessionCookie()

◆ removeAuthenticationSession()

◆ setAuthSessionCookie()

メンバ詳解

◆ AUTH_SESSION_ID

◆ AUTH_SESSION_LIMIT

◆ log

◆ session