org.keycloak.authentication.FormAuthenticationFlow クラス

org.keycloak.authentication.FormAuthenticationFlow の継承関係図

org.keycloak.authentication.FormAuthenticationFlow 連携図

クラス
class	FormContextImpl
class	ValidationContextImpl

公開メンバ関数
	FormAuthenticationFlow (AuthenticationProcessor processor, AuthenticationExecutionModel execution)
Response	processAction (String actionExecution)
URI	getActionUrl (String executionId, String code)
Response	processFlow ()
Response	renderForm (MultivaluedMap< String, String > formData, List< FormMessage > errors)

公開変数類
String	BASIC_FLOW = "basic-flow"
String	FORM_FLOW = "form-flow"
String	CLIENT_FLOW = "client-flow"

変数
AuthenticationProcessor	processor
AuthenticationExecutionModel	formExecution

非公開変数類
final List< AuthenticationExecutionModel >	formActionExecutions
final FormAuthenticator	formAuthenticator

詳解

著者

Bill Burke

バージョン

Revision

1

構築子と解体子

FormAuthenticationFlow()

org.keycloak.authentication.FormAuthenticationFlow.FormAuthenticationFlow ( AuthenticationProcessor  processor, AuthenticationExecutionModel  execution  )

inline

                                                                                                             {
        this.processor = processor;
        this.formExecution = execution;
        formActionExecutions = processor.getRealm().getAuthenticationExecutions(execution.getFlowId());
        formAuthenticator = processor.getSession().getProvider(FormAuthenticator.class, execution.getAuthenticator());
    }

関数詳解

getActionUrl()

URI org.keycloak.authentication.FormAuthenticationFlow.getActionUrl ( String  executionId, String  code  )

inline

                                                             {
        ClientModel client = processor.getAuthenticationSession().getClient();
        return LoginActionsService.registrationFormProcessor(processor.getUriInfo())
                .queryParam(LoginActionsService.SESSION_CODE, code)
                .queryParam(Constants.EXECUTION, executionId)
                .queryParam(Constants.CLIENT_ID, client.getClientId())
                .queryParam(Constants.TAB_ID, processor.getAuthenticationSession().getTabId())
                .build(processor.getRealm().getName());
    }

processAction()

Response org.keycloak.authentication.FormAuthenticationFlow.processAction ( String  actionExecution )

inline

org.keycloak.authentication.AuthenticationFlowを実装しています。

                                                          {
        if (!actionExecution.equals(formExecution.getId())) {
            throw new AuthenticationFlowException("action is not current execution", AuthenticationFlowError.INTERNAL_ERROR);
        }
        Map<String, AuthenticationSessionModel.ExecutionStatus> executionStatus = new HashMap<>();
        List<FormAction> requiredActions = new LinkedList<>();
        List<ValidationContextImpl> successes = new LinkedList<>();
        List<ValidationContextImpl> errors = new LinkedList<>();
        for (AuthenticationExecutionModel formActionExecution : formActionExecutions) {
            if (!formActionExecution.isEnabled()) {
                executionStatus.put(formActionExecution.getId(), AuthenticationSessionModel.ExecutionStatus.SKIPPED);
                continue;
            }
            FormActionFactory factory = (FormActionFactory)processor.getSession().getKeycloakSessionFactory().getProviderFactory(FormAction.class, formActionExecution.getAuthenticator());
            FormAction action = factory.create(processor.getSession());

            UserModel authUser = processor.getAuthenticationSession().getAuthenticatedUser();
            if (action.requiresUser() && authUser == null) {
                throw new AuthenticationFlowException("form action: " + formExecution.getAuthenticator() + " requires user", AuthenticationFlowError.UNKNOWN_USER);
            }
            boolean configuredFor = false;
            if (action.requiresUser() && authUser != null) {
                configuredFor = action.configuredFor(processor.getSession(), processor.getRealm(), authUser);
                if (!configuredFor) {
                    if (formActionExecution.isRequired()) {
                        if (factory.isUserSetupAllowed()) {
                            AuthenticationProcessor.logger.debugv("authenticator SETUP_REQUIRED: {0}", formExecution.getAuthenticator());
                            executionStatus.put(formActionExecution.getId(), AuthenticationSessionModel.ExecutionStatus.SETUP_REQUIRED);
                            requiredActions.add(action);
                            continue;
                        } else {
                            throw new AuthenticationFlowException(AuthenticationFlowError.CREDENTIAL_SETUP_REQUIRED);
                        }
                    } else if (formActionExecution.isOptional()) {
                        executionStatus.put(formActionExecution.getId(), AuthenticationSessionModel.ExecutionStatus.SKIPPED);
                        continue;
                    }
                }
            }

            ValidationContextImpl result = new ValidationContextImpl(formActionExecution, action);
            action.validate(result);
            if (result.success) {
                executionStatus.put(formActionExecution.getId(), AuthenticationSessionModel.ExecutionStatus.SUCCESS);
                successes.add(result);
            } else {
                executionStatus.put(formActionExecution.getId(), AuthenticationSessionModel.ExecutionStatus.CHALLENGED);
                errors.add(result);
            }
        }

        if (!errors.isEmpty()) {
            processor.logFailure();
            List<FormMessage> messages = new LinkedList<>();
            Set<String> fields = new HashSet<>();
            for (ValidationContextImpl v : errors) {
                for (FormMessage m : v.errors) {
                    if (!fields.contains(m.getField())) {
                        if (v.excludeOthers) {
                            fields.clear();
                            messages.clear();
                        }

                        fields.add(m.getField());
                        messages.add(m);

                        if (v.excludeOthers) {
                            break;
                        }
                    }
                }
            }
            ValidationContextImpl first = errors.get(0);
            first.getEvent().error(first.error);
            return renderForm(first.formData, messages);
        }

        for (ValidationContextImpl context : successes) {
            context.action.success(context);
        }
        // set status and required actions only if form is fully successful
        for (Map.Entry<String, AuthenticationSessionModel.ExecutionStatus> entry : executionStatus.entrySet()) {
            processor.getAuthenticationSession().setExecutionStatus(entry.getKey(), entry.getValue());
        }
        for (FormAction action : requiredActions) {
            action.setRequiredActions(processor.getSession(), processor.getRealm(), processor.getAuthenticationSession().getAuthenticatedUser());

        }
        processor.getAuthenticationSession().setExecutionStatus(actionExecution, AuthenticationSessionModel.ExecutionStatus.SUCCESS);
        processor.getAuthenticationSession().removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
        return null;
    }

processFlow()

Response org.keycloak.authentication.FormAuthenticationFlow.processFlow ( )

inline

org.keycloak.authentication.AuthenticationFlowを実装しています。

                                  {
        return renderForm(null, null);
    }

renderForm()

Response org.keycloak.authentication.FormAuthenticationFlow.renderForm ( MultivaluedMap< String, String >  formData, List< FormMessage >  errors  )

inline

                                                                                                  {
        String executionId = formExecution.getId();
        processor.getAuthenticationSession().setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, executionId);
        String code = processor.generateCode();
        URI actionUrl = getActionUrl(executionId, code);
        LoginFormsProvider form = processor.getSession().getProvider(LoginFormsProvider.class)
                .setAuthenticationSession(processor.getAuthenticationSession())
                .setActionUri(actionUrl)
                .setExecution(executionId)
                .setClientSessionCode(code)
                .setFormData(formData)
                .setErrors(errors);
        for (AuthenticationExecutionModel formActionExecution : formActionExecutions) {
            if (!formActionExecution.isEnabled()) continue;
            FormAction action = processor.getSession().getProvider(FormAction.class, formActionExecution.getAuthenticator());
            FormContext result = new FormContextImpl(formActionExecution);
            action.buildPage(result, form);
        }
        FormContext context = new FormContextImpl(formExecution);
        return formAuthenticator.render(context, form);
    }

メンバ詳解

BASIC_FLOW

String org.keycloak.authentication.AuthenticationFlow.BASIC_FLOW = "basic-flow"

inherited

CLIENT_FLOW

String org.keycloak.authentication.AuthenticationFlow.CLIENT_FLOW = "client-flow"

inherited

FORM_FLOW

String org.keycloak.authentication.AuthenticationFlow.FORM_FLOW = "form-flow"

inherited

formActionExecutions

final List<AuthenticationExecutionModel> org.keycloak.authentication.FormAuthenticationFlow.formActionExecutions

private

formAuthenticator

final FormAuthenticator org.keycloak.authentication.FormAuthenticationFlow.formAuthenticator

private

formExecution

AuthenticationExecutionModel org.keycloak.authentication.FormAuthenticationFlow.formExecution

package

processor

AuthenticationProcessor org.keycloak.authentication.FormAuthenticationFlow.processor

package

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/oidc-service/src/main/java/org/keycloak/authentication/FormAuthenticationFlow.java