org.keycloak.authentication.AuthenticationProcessor の継承関係図

org.keycloak.authentication.AuthenticationProcessor 連携図

クラス
class	Result

公開メンバ関数
	AuthenticationProcessor ()

boolean	isBrowserFlow ()

AuthenticationProcessor	setBrowserFlow (boolean browserFlow)

BruteForceProtector	getBruteForceProtector ()

RealmModel	getRealm ()

ClientModel	getClient ()

void	setClient (ClientModel client)

Map< String, String >	getClientAuthAttributes ()

AuthenticationSessionModel	getAuthenticationSession ()

ClientConnection	getConnection ()

UriInfo	getUriInfo ()

KeycloakSession	getSession ()

UserSessionModel	getUserSession ()

AuthenticationProcessor	setRealm (RealmModel realm)

AuthenticationProcessor	setAuthenticationSession (AuthenticationSessionModel authenticationSession)

AuthenticationProcessor	setConnection (ClientConnection connection)

AuthenticationProcessor	setUriInfo (UriInfo uriInfo)

AuthenticationProcessor	setSession (KeycloakSession session)

AuthenticationProcessor	setEventBuilder (EventBuilder eventBuilder)

AuthenticationProcessor	setRequest (HttpRequest request)

AuthenticationProcessor	setFlowId (String flowId)

AuthenticationProcessor	setFlowPath (String flowPath)

AuthenticationProcessor	setForwardedErrorMessage (FormMessage forwardedErrorMessage)

AuthenticationProcessor	setForwardedSuccessMessage (FormMessage forwardedSuccessMessage)

String	generateCode ()

EventBuilder	newEvent ()

EventBuilder	getEvent ()

HttpRequest	getRequest ()

void	setAutheticatedUser (UserModel user)

void	clearAuthenticatedUser ()

URI	getRefreshUrl (boolean authSessionIdParam)

void	logFailure ()

boolean	isSuccessful (AuthenticationExecutionModel model)

Response	handleBrowserException (Exception failure)

Response	handleClientAuthException (Exception failure)

AuthenticationFlow	createFlowExecution (String flowId, AuthenticationExecutionModel execution)

Response	authenticate () throws AuthenticationFlowException

Response	authenticateClient () throws AuthenticationFlowException

Response	redirectToFlow ()

void	resetFlow ()

Response	authenticationAction (String execution)

Response	authenticateOnly () throws AuthenticationFlowException

ClientSessionContext	attachSession ()

void	evaluateRequiredActionTriggers ()

Response	finishAuthentication (LoginProtocol protocol)

void	validateUser (UserModel authenticatedUser)

String	nextRequiredAction ()

AuthenticationProcessor.Result	createAuthenticatorContext (AuthenticationExecutionModel model, Authenticator authenticator, List< AuthenticationExecutionModel > executions)

AuthenticationProcessor.Result	createClientAuthenticatorContext (AuthenticationExecutionModel model, ClientAuthenticator clientAuthenticator, List< AuthenticationExecutionModel > executions)

静的公開メンバ関数
static void	resetFlow (AuthenticationSessionModel authSession, String flowPath)

static AuthenticationSessionModel	clone (KeycloakSession session, AuthenticationSessionModel authSession)

static ClientSessionContext	attachSession (AuthenticationSessionModel authSession, UserSessionModel userSession, KeycloakSession session, RealmModel realm, ClientConnection connection, EventBuilder event)

静的公開変数類
static final String	CURRENT_AUTHENTICATION_EXECUTION = "current.authentication.execution"

static final String	LAST_PROCESSED_EXECUTION = "last.processed.execution"

static final String	CURRENT_FLOW_PATH = "current.flow.path"

static final String	FORKED_FROM = "forked.from"

static final String	BROKER_SESSION_ID = "broker.session.id"

static final String	BROKER_USER_ID = "broker.user.id"

限定公開メンバ関数
void	logSuccess ()

Response	authenticationComplete ()

限定公開変数類
RealmModel	realm

UserSessionModel	userSession

AuthenticationSessionModel	authenticationSession

ClientConnection	connection

UriInfo	uriInfo

KeycloakSession	session

EventBuilder	event

HttpRequest	request

String	flowId

String	flowPath

boolean	browserFlow

BruteForceProtector	protector

Runnable	afterResetListener

FormMessage	forwardedErrorMessage

FormMessage	forwardedSuccessMessage

ClientModel	client

Map< String, String >	clientAuthAttributes = new HashMap<>()

静的限定公開変数類
static final Logger	logger = Logger.getLogger(AuthenticationProcessor.class)

非公開メンバ関数
void	checkClientSession (boolean checkAction)

詳解

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ AuthenticationProcessor()

org.keycloak.authentication.AuthenticationProcessor.AuthenticationProcessor ( )

inline

109 {

110 }

関数詳解

◆ attachSession() [1/2]

ClientSessionContext org.keycloak.authentication.AuthenticationProcessor.attachSession ( )

inline

                                                 {
         ClientSessionContext clientSessionCtx = attachSession(authenticationSession, userSession, session, realm, connection, event);
 
         if (userSession == null) {
             userSession = clientSessionCtx.getClientSession().getUserSession();
         }
 
         return clientSessionCtx;
     }

◆ attachSession() [2/2]

static ClientSessionContext org.keycloak.authentication.AuthenticationProcessor.attachSession	(	AuthenticationSessionModel	authSession,
		UserSessionModel	userSession,
		KeycloakSession	session,
		RealmModel	realm,
		ClientConnection	connection,
		EventBuilder	event
	)

inlinestatic

                                                                                                                                                                                                                        {
         String username = authSession.getAuthenticatedUser().getUsername();
         String attemptedUsername = authSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
         if (attemptedUsername != null) username = attemptedUsername;
         String rememberMe = authSession.getAuthNote(Details.REMEMBER_ME);
         boolean remember = rememberMe != null && rememberMe.equalsIgnoreCase("true");
         String brokerSessionId = authSession.getAuthNote(BROKER_SESSION_ID);
         String brokerUserId = authSession.getAuthNote(BROKER_USER_ID);
 
         if (userSession == null) { // if no authenticator attached a usersession
 
             userSession = session.sessions().getUserSession(realm, authSession.getParentSession().getId());
             if (userSession == null) {
                 userSession = session.sessions().createUserSession(authSession.getParentSession().getId(), realm, authSession.getAuthenticatedUser(), username, connection.getRemoteAddr(), authSession.getProtocol()
                         , remember, brokerSessionId, brokerUserId);
             } else if (userSession.getUser() == null || !AuthenticationManager.isSessionValid(realm, userSession)) {
                 userSession.restartSession(realm, authSession.getAuthenticatedUser(), username, connection.getRemoteAddr(), authSession.getProtocol()
                         , remember, brokerSessionId, brokerUserId);
             } else {
                 // We have existing userSession even if it wasn't attached to authenticator. Could happen if SSO authentication was ignored (eg. prompt=login) and in some other cases.
                 // We need to handle case when different user was used
                 logger.debugf("No SSO login, but found existing userSession with ID '%s' after finished authentication.", userSession.getId());
                 if (!authSession.getAuthenticatedUser().equals(userSession.getUser())) {
                     event.detail(Details.EXISTING_USER, userSession.getUser().getId());
                     event.error(Errors.DIFFERENT_USER_AUTHENTICATED);
                     throw new ErrorPageException(session, authSession, Response.Status.INTERNAL_SERVER_ERROR, Messages.DIFFERENT_USER_AUTHENTICATED, userSession.getUser().getUsername());
                 }
             }
             userSession.setState(UserSessionModel.State.LOGGED_IN);
         }
 
         if (remember) {
             event.detail(Details.REMEMBER_ME, "true");
         }
 
         ClientSessionContext clientSessionCtx = TokenManager.attachAuthenticationSession(session, userSession, authSession);
 
         event.user(userSession.getUser())
                 .detail(Details.USERNAME, username)
                 .session(userSession);
 
         return clientSessionCtx;
     }

◆ authenticate()

Response org.keycloak.authentication.AuthenticationProcessor.authenticate ( ) throws AuthenticationFlowException

inline

                                                                       {
         logger.debug("AUTHENTICATE");
         Response challenge = authenticateOnly();
         if (challenge != null) return challenge;
         return authenticationComplete();
     }

◆ authenticateClient()

Response org.keycloak.authentication.AuthenticationProcessor.authenticateClient ( ) throws AuthenticationFlowException

inline

                                                                             {
         logger.debug("AUTHENTICATE CLIENT");
         AuthenticationFlow authenticationFlow = createFlowExecution(this.flowId, null);
         try {
             Response challenge = authenticationFlow.processFlow();
             return challenge;
         } catch (Exception e) {
             return handleClientAuthException(e);
         }
     }

◆ authenticateOnly()

Response org.keycloak.authentication.AuthenticationProcessor.authenticateOnly ( ) throws AuthenticationFlowException

inline

                                                                           {
         logger.debug("AUTHENTICATE ONLY");
         checkClientSession(false);
         event.client(authenticationSession.getClient().getClientId())
                 .detail(Details.REDIRECT_URI, authenticationSession.getRedirectUri())
                 .detail(Details.AUTH_METHOD, authenticationSession.getProtocol());
         String authType = authenticationSession.getAuthNote(Details.AUTH_TYPE);
         if (authType != null) {
             event.detail(Details.AUTH_TYPE, authType);
         }
         UserModel authUser = authenticationSession.getAuthenticatedUser();
         validateUser(authUser);
         AuthenticationFlow authenticationFlow = createFlowExecution(this.flowId, null);
         Response challenge = authenticationFlow.processFlow();
         if (challenge != null) return challenge;
         if (authenticationSession.getAuthenticatedUser() == null) {
             throw new AuthenticationFlowException(AuthenticationFlowError.UNKNOWN_USER);
         }
         return challenge;
     }

◆ authenticationAction()

Response org.keycloak.authentication.AuthenticationProcessor.authenticationAction ( String execution )

inline

                                                            {
         logger.debug("authenticationAction");
         checkClientSession(true);
         String current = authenticationSession.getAuthNote(CURRENT_AUTHENTICATION_EXECUTION);
         if (execution == null || !execution.equals(current)) {
             logger.debug("Current execution does not equal executed execution.  Might be a page refresh");
             return new AuthenticationFlowURLHelper(session, realm, uriInfo).showPageExpired(authenticationSession);
         }
         UserModel authUser = authenticationSession.getAuthenticatedUser();
         validateUser(authUser);
         AuthenticationExecutionModel model = realm.getAuthenticationExecutionById(execution);
         if (model == null) {
             logger.debug("Cannot find execution, reseting flow");
             logFailure();
             resetFlow();
             return authenticate();
         }
         event.client(authenticationSession.getClient().getClientId())
                 .detail(Details.REDIRECT_URI, authenticationSession.getRedirectUri())
                 .detail(Details.AUTH_METHOD, authenticationSession.getProtocol());
         String authType = authenticationSession.getAuthNote(Details.AUTH_TYPE);
         if (authType != null) {
             event.detail(Details.AUTH_TYPE, authType);
         }
 
         AuthenticationFlow authenticationFlow = createFlowExecution(this.flowId, model);
         Response challenge = authenticationFlow.processAction(execution);
         if (challenge != null) return challenge;
         if (authenticationSession.getAuthenticatedUser() == null) {
             throw new AuthenticationFlowException(AuthenticationFlowError.UNKNOWN_USER);
         }
         return authenticationComplete();
     }

◆ authenticationComplete()

Response org.keycloak.authentication.AuthenticationProcessor.authenticationComplete ( )

inlineprotected

                                                 {
         // attachSession(); // Session will be attached after requiredActions + consents are finished.
         AuthenticationManager.setClientScopesInSession(authenticationSession);
 
         String nextRequiredAction = nextRequiredAction();
         if (nextRequiredAction != null) {
             return AuthenticationManager.redirectToRequiredActions(session, realm, authenticationSession, uriInfo, nextRequiredAction);
         } else {
             event.detail(Details.CODE_ID, authenticationSession.getParentSession().getId());  // todo This should be set elsewhere.  find out why tests fail.  Don't know where this is supposed to be set
             // the user has successfully logged in and we can clear his/her previous login failure attempts.
             logSuccess();
             return AuthenticationManager.finishedRequiredActions(session, authenticationSession, userSession, connection, request, uriInfo, event);
         }
     }

◆ checkClientSession()

void org.keycloak.authentication.AuthenticationProcessor.checkClientSession ( boolean checkAction )

inlineprivate

                                                          {
         ClientSessionCode code = new ClientSessionCode(session, realm, authenticationSession);
 
         if (checkAction) {
             String action = AuthenticationSessionModel.Action.AUTHENTICATE.name();
             if (!code.isValidAction(action)) {
                 throw new AuthenticationFlowException(AuthenticationFlowError.INVALID_CLIENT_SESSION);
             }
         }
         if (!code.isActionActive(ClientSessionCode.ActionType.LOGIN)) {
             throw new AuthenticationFlowException(AuthenticationFlowError.EXPIRED_CODE);
         }
 
         authenticationSession.getParentSession().setTimestamp(Time.currentTime());
     }

◆ clearAuthenticatedUser()

void org.keycloak.authentication.AuthenticationProcessor.clearAuthenticatedUser ( )

inline

                                          {
         getAuthenticationSession().setAuthenticatedUser(null);
     }

◆ clone()

static AuthenticationSessionModel org.keycloak.authentication.AuthenticationProcessor.clone	(	KeycloakSession	session,
		AuthenticationSessionModel	authSession
	)

inlinestatic

                                                                                                                     {
         AuthenticationSessionModel clone = authSession.getParentSession().createAuthenticationSession(authSession.getClient());
 
         clone.setRedirectUri(authSession.getRedirectUri());
         clone.setProtocol(authSession.getProtocol());
 
         for (Map.Entry<String, String> clientNote : authSession.getClientNotes().entrySet()) {
             clone.setClientNote(clientNote.getKey(), clientNote.getValue());
         }
 
         clone.setAuthNote(FORKED_FROM, authSession.getTabId());
 
         logger.debugf("Forked authSession %s from authSession %s . Client: %s, Root session: %s",
                 clone.getTabId(), authSession.getTabId(), authSession.getClient().getClientId(), authSession.getParentSession().getId());
 
         return clone;
     }

◆ createAuthenticatorContext()

AuthenticationProcessor.Result org.keycloak.authentication.AuthenticationProcessor.createAuthenticatorContext	(	AuthenticationExecutionModel	model,
		Authenticator	authenticator,
		List< AuthenticationExecutionModel >	executions
	)

inline

                                                                                                                                                                                      {
         return new Result(model, authenticator, executions);
     }

◆ createClientAuthenticatorContext()

AuthenticationProcessor.Result org.keycloak.authentication.AuthenticationProcessor.createClientAuthenticatorContext	(	AuthenticationExecutionModel	model,
		ClientAuthenticator	clientAuthenticator,
		List< AuthenticationExecutionModel >	executions
	)

inline

                                                                                                                                                                                                        {
         return new Result(model, clientAuthenticator, executions);
     }

◆ createFlowExecution()

AuthenticationFlow org.keycloak.authentication.AuthenticationProcessor.createFlowExecution	(	String	flowId,
		AuthenticationExecutionModel	execution
	)

inline

                                                                                                          {
         AuthenticationFlowModel flow = realm.getAuthenticationFlowById(flowId);
         if (flow == null) {
             logger.error("Unknown flow to execute with");
             throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
         }
         if (flow.getProviderId() == null || flow.getProviderId().equals(AuthenticationFlow.BASIC_FLOW)) {
             DefaultAuthenticationFlow flowExecution = new DefaultAuthenticationFlow(this, flow);
             return flowExecution;
 
         } else if (flow.getProviderId().equals(AuthenticationFlow.FORM_FLOW)) {
             FormAuthenticationFlow flowExecution = new FormAuthenticationFlow(this, execution);
             return flowExecution;
         } else if (flow.getProviderId().equals(AuthenticationFlow.CLIENT_FLOW)) {
             ClientAuthenticationFlow flowExecution = new ClientAuthenticationFlow(this, flow);
             return flowExecution;
         }
         throw new AuthenticationFlowException("Unknown flow provider type", AuthenticationFlowError.INTERNAL_ERROR);
     }

◆ evaluateRequiredActionTriggers()

void org.keycloak.authentication.AuthenticationProcessor.evaluateRequiredActionTriggers ( )

inline

                                                  {
         AuthenticationManager.evaluateRequiredActionTriggers(session, authenticationSession, connection, request, uriInfo, event, realm, authenticationSession.getAuthenticatedUser());
     }

◆ finishAuthentication()

Response org.keycloak.authentication.AuthenticationProcessor.finishAuthentication ( LoginProtocol protocol )

inline

                                                                  {
         event.success();
         RealmModel realm = authenticationSession.getRealm();
         ClientSessionContext clientSessionCtx = attachSession();
         return AuthenticationManager.redirectAfterSuccessfulFlow(session, realm, userSession, clientSessionCtx, request, uriInfo, connection, event, protocol);
 
     }

◆ generateCode()

String org.keycloak.authentication.AuthenticationProcessor.generateCode ( )

inline

                                  {
         ClientSessionCode accessCode = new ClientSessionCode(session, getRealm(), getAuthenticationSession());
         authenticationSession.getParentSession().setTimestamp(Time.currentTime());
         return accessCode.getOrGenerateCode();
     }

◆ getAuthenticationSession()

AuthenticationSessionModel org.keycloak.authentication.AuthenticationProcessor.getAuthenticationSession ( )

inline

                                                                  {
         return authenticationSession;
     }

◆ getBruteForceProtector()

BruteForceProtector org.keycloak.authentication.AuthenticationProcessor.getBruteForceProtector ( )

inline

                                                         {
         if (protector == null) {
             protector = session.getProvider(BruteForceProtector.class);
         }
         return protector;
     }

◆ getClient()

ClientModel org.keycloak.authentication.AuthenticationProcessor.getClient ( )

inline

                                    {
         return client;
     }

◆ getClientAuthAttributes()

Map<String, String> org.keycloak.authentication.AuthenticationProcessor.getClientAuthAttributes ( )

inline

                                                          {
         return clientAuthAttributes;
     }

◆ getConnection()

ClientConnection org.keycloak.authentication.AuthenticationProcessor.getConnection ( )

inline

                                             {
         return connection;
     }

◆ getEvent()

EventBuilder org.keycloak.authentication.AuthenticationProcessor.getEvent ( )

inline

                                    {
         return event;
     }

◆ getRealm()

RealmModel org.keycloak.authentication.AuthenticationProcessor.getRealm ( )

inline

                                  {
         return realm;
     }

◆ getRefreshUrl()

URI org.keycloak.authentication.AuthenticationProcessor.getRefreshUrl ( boolean authSessionIdParam )

inline

                                                          {
         UriBuilder uriBuilder = LoginActionsService.loginActionsBaseUrl(getUriInfo())
                 .path(AuthenticationProcessor.this.flowPath)
                 .queryParam(Constants.CLIENT_ID, getAuthenticationSession().getClient().getClientId())
                 .queryParam(Constants.TAB_ID, getAuthenticationSession().getTabId());
         if (authSessionIdParam) {
             uriBuilder.queryParam(LoginActionsService.AUTH_SESSION_ID, getAuthenticationSession().getParentSession().getId());
         }
         return uriBuilder
                 .build(getRealm().getName());
     }

◆ getRequest()

HttpRequest org.keycloak.authentication.AuthenticationProcessor.getRequest ( )

inline

                                     {
         return request;
     }

◆ getSession()

KeycloakSession org.keycloak.authentication.AuthenticationProcessor.getSession ( )

inline

                                         {
         return session;
     }

◆ getUriInfo()

UriInfo org.keycloak.authentication.AuthenticationProcessor.getUriInfo ( )

inline

                                 {
         return uriInfo;
     }

◆ getUserSession()

UserSessionModel org.keycloak.authentication.AuthenticationProcessor.getUserSession ( )

inline

                                              {
         return userSession;
     }

◆ handleBrowserException()

Response org.keycloak.authentication.AuthenticationProcessor.handleBrowserException ( Exception failure )

inline

                                                               {
         if (failure instanceof AuthenticationFlowException) {
             AuthenticationFlowException e = (AuthenticationFlowException) failure;
 
             if (e.getError() == AuthenticationFlowError.INVALID_USER) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.USER_NOT_FOUND);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.INVALID_USER);
             } else if (e.getError() == AuthenticationFlowError.USER_DISABLED) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.USER_DISABLED);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session,authenticationSession, Response.Status.BAD_REQUEST, Messages.ACCOUNT_DISABLED);
             } else if (e.getError() == AuthenticationFlowError.USER_TEMPORARILY_DISABLED) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.USER_TEMPORARILY_DISABLED);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session,authenticationSession, Response.Status.BAD_REQUEST, Messages.INVALID_USER);
 
             } else if (e.getError() == AuthenticationFlowError.INVALID_CLIENT_SESSION) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.INVALID_CODE);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.INVALID_CODE);
 
             } else if (e.getError() == AuthenticationFlowError.EXPIRED_CODE) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.EXPIRED_CODE);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.EXPIRED_CODE);
 
             } else if (e.getError() == AuthenticationFlowError.FORK_FLOW) {
                 ForkFlowException reset = (ForkFlowException)e;
 
                 AuthenticationSessionModel clone = clone(session, authenticationSession);
 
                 clone.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
                 setAuthenticationSession(clone);
                 session.getProvider(LoginFormsProvider.class).setAuthenticationSession(clone);
 
                 AuthenticationProcessor processor = new AuthenticationProcessor();
                 processor.setAuthenticationSession(clone)
                         .setFlowPath(LoginActionsService.AUTHENTICATE_PATH)
                         .setFlowId(AuthenticationFlowResolver.resolveBrowserFlow(clone).getId())
                         .setForwardedErrorMessage(reset.getErrorMessage())
                         .setForwardedSuccessMessage(reset.getSuccessMessage())
                         .setConnection(connection)
                         .setEventBuilder(event)
                         .setRealm(realm)
                         .setBrowserFlow(isBrowserFlow())
                         .setSession(session)
                         .setUriInfo(uriInfo)
                         .setRequest(request);
                 CacheControlUtil.noBackButtonCacheControlHeader();
                 return processor.authenticate();
 
             } else if (e.getError() == AuthenticationFlowError.DISPLAY_NOT_SUPPORTED) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.DISPLAY_UNSUPPORTED);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.DISPLAY_UNSUPPORTED);
             } else {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.INVALID_USER_CREDENTIALS);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.INVALID_USER);
             }
 
         } else {
             ServicesLogger.LOGGER.failedAuthentication(failure);
             event.error(Errors.INVALID_USER_CREDENTIALS);
             return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.UNEXPECTED_ERROR_HANDLING_REQUEST);
         }
 
     }

◆ handleClientAuthException()

Response org.keycloak.authentication.AuthenticationProcessor.handleClientAuthException ( Exception failure )

inline

                                                                  {
         if (failure instanceof AuthenticationFlowException) {
             AuthenticationFlowException e = (AuthenticationFlowException) failure;
             ServicesLogger.LOGGER.failedClientAuthentication(e);
             if (e.getError() == AuthenticationFlowError.CLIENT_NOT_FOUND) {
                 event.error(Errors.CLIENT_NOT_FOUND);
                 return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Invalid client credentials");
             } else if (e.getError() == AuthenticationFlowError.CLIENT_DISABLED) {
                 event.error(Errors.CLIENT_DISABLED);
                 return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Invalid client credentials");
             } else if (e.getError() == AuthenticationFlowError.CLIENT_CREDENTIALS_SETUP_REQUIRED) {
                 event.error(Errors.INVALID_CLIENT_CREDENTIALS);
                 return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", e.getMessage());
             } else {
                 event.error(Errors.INVALID_CLIENT_CREDENTIALS);
                 return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", e.getError().toString() + ": " + e.getMessage());
             }
         } else {
             ServicesLogger.LOGGER.errorAuthenticatingClient(failure);
             event.error(Errors.INVALID_CLIENT_CREDENTIALS);
             return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Unexpected error when authenticating client: " + failure.getMessage());
         }
     }

◆ isBrowserFlow()

boolean org.keycloak.authentication.AuthenticationProcessor.isBrowserFlow ( )

inline

                                    {
         return browserFlow;
     }

◆ isSuccessful()

boolean org.keycloak.authentication.AuthenticationProcessor.isSuccessful ( AuthenticationExecutionModel model )

inline

                                                                     {
         AuthenticationSessionModel.ExecutionStatus status = authenticationSession.getExecutionStatus().get(model.getId());
         if (status == null) return false;
         return status == AuthenticationSessionModel.ExecutionStatus.SUCCESS;
     }

◆ logFailure()

void org.keycloak.authentication.AuthenticationProcessor.logFailure ( )

inline

                              {
         if (realm.isBruteForceProtected()) {
             String username = authenticationSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
             // todo need to handle non form failures
             if (username == null) {
 
             } else {
                 UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
                 if (user != null) {
                     getBruteForceProtector().failedLogin(realm, user, connection);
                 }
             }
         }
     }

◆ logSuccess()

void org.keycloak.authentication.AuthenticationProcessor.logSuccess ( )

inlineprotected

                                 {
         if (realm.isBruteForceProtected()) {
             String username = authenticationSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
             // TODO: as above, need to handle non form success
 
             if(username == null) {
                 return;
             }
 
             UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
             if (user != null) {
                 getBruteForceProtector().successfulLogin(realm, user, connection);
             }
         }
     }

◆ newEvent()

EventBuilder org.keycloak.authentication.AuthenticationProcessor.newEvent ( )

inline

                                    {
         this.event = new EventBuilder(realm, session, connection);
         return this.event;
     }

◆ nextRequiredAction()

String org.keycloak.authentication.AuthenticationProcessor.nextRequiredAction ( )

inline

                                        {
         return AuthenticationManager.nextRequiredAction(session, authenticationSession, connection, request, uriInfo, event);
     }

◆ redirectToFlow()

Response org.keycloak.authentication.AuthenticationProcessor.redirectToFlow ( )

inline

                                      {
         URI redirect = new AuthenticationFlowURLHelper(session, realm, uriInfo).getLastExecutionUrl(authenticationSession);
 
         logger.debug("Redirecting to URL: " + redirect.toString());
 
         return Response.status(302).location(redirect).build();
 
     }

◆ resetFlow() [1/2]

void org.keycloak.authentication.AuthenticationProcessor.resetFlow ( )

inline

                             {
         resetFlow(authenticationSession, flowPath);
 
         if (afterResetListener != null) {
             afterResetListener.run();
         }
     }

◆ resetFlow() [2/2]

static void org.keycloak.authentication.AuthenticationProcessor.resetFlow	(	AuthenticationSessionModel	authSession,
		String	flowPath
	)

inlinestatic

                                                                                           {
         logger.debug("RESET FLOW");
         authSession.getParentSession().setTimestamp(Time.currentTime());
         authSession.setAuthenticatedUser(null);
         authSession.clearExecutionStatus();
         authSession.clearUserSessionNotes();
         authSession.clearAuthNotes();
 
         authSession.setAction(CommonClientSessionModel.Action.AUTHENTICATE.name());
 
         authSession.setAuthNote(CURRENT_FLOW_PATH, flowPath);
     }

◆ setAuthenticationSession()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setAuthenticationSession ( AuthenticationSessionModel authenticationSession )

inline

                                                                                                               {
         this.authenticationSession = authenticationSession;
         return this;
     }

◆ setAutheticatedUser()

void org.keycloak.authentication.AuthenticationProcessor.setAutheticatedUser ( UserModel user )

inline

                                                     {
         UserModel previousUser = getAuthenticationSession().getAuthenticatedUser();
         if (previousUser != null && !user.getId().equals(previousUser.getId()))
             throw new AuthenticationFlowException(AuthenticationFlowError.USER_CONFLICT);
         validateUser(user);
         getAuthenticationSession().setAuthenticatedUser(user);
     }

◆ setBrowserFlow()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setBrowserFlow ( boolean browserFlow )

inline

                                                                        {
         this.browserFlow = browserFlow;
         return this;
     }

◆ setClient()

void org.keycloak.authentication.AuthenticationProcessor.setClient ( ClientModel client )

inline

                                               {
         this.client = client;
     }

◆ setConnection()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setConnection ( ClientConnection connection )

inline

                                                                               {
         this.connection = connection;
         return this;
     }

◆ setEventBuilder()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setEventBuilder ( EventBuilder eventBuilder )

inline

                                                                               {
         this.event = eventBuilder;
         return this;
     }

◆ setFlowId()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setFlowId ( String flowId )

inline

                                                             {
         this.flowId = flowId;
         return this;
     }

◆ setFlowPath()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setFlowPath ( String flowPath )

inline

This is the path segment to append when generating an action URL.

引数

flowPath

                                                                 {
         this.flowPath = flowPath;
         return this;
     }

◆ setForwardedErrorMessage()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setForwardedErrorMessage ( FormMessage forwardedErrorMessage )

inline

                                                                                                {
         this.forwardedErrorMessage = forwardedErrorMessage;
         return this;
     }

◆ setForwardedSuccessMessage()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setForwardedSuccessMessage ( FormMessage forwardedSuccessMessage )

inline

                                                                                                    {
         this.forwardedSuccessMessage = forwardedSuccessMessage;
         return this;
     }

◆ setRealm()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setRealm ( RealmModel realm )

inline

                                                               {
         this.realm = realm;
         return this;
     }

◆ setRequest()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setRequest ( HttpRequest request )

inline

                                                                    {
         this.request = request;
         return this;
     }

◆ setSession()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setSession ( KeycloakSession session )

inline

                                                                        {
         this.session = session;
         return this;
     }

◆ setUriInfo()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setUriInfo ( UriInfo uriInfo )

inline

                                                                {
         this.uriInfo = uriInfo;
         return this;
     }

◆ validateUser()

void org.keycloak.authentication.AuthenticationProcessor.validateUser ( UserModel authenticatedUser )

inline

                                                           {
         if (authenticatedUser == null) return;
         if (!authenticatedUser.isEnabled()) throw new AuthenticationFlowException(AuthenticationFlowError.USER_DISABLED);
         if (realm.isBruteForceProtected() && !realm.isPermanentLockout()) {
             if (getBruteForceProtector().isTemporarilyDisabled(session, realm, authenticatedUser)) {
                 getEvent().error(Errors.RESET_CREDENTIAL_DISABLED);
                 ServicesLogger.LOGGER.passwordResetFailed(new AuthenticationFlowException(AuthenticationFlowError.USER_TEMPORARILY_DISABLED));
             }
         }
     }

protected

This could be an error message forwarded from another authenticator

◆ forwardedSuccessMessage

FormMessage org.keycloak.authentication.AuthenticationProcessor.forwardedSuccessMessage

UserSessionModel org.keycloak.authentication.AuthenticationProcessor.userSession

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/oidc-service/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java

クラス

公開メンバ関数

静的公開メンバ関数

静的公開変数類

限定公開メンバ関数

限定公開変数類

静的限定公開変数類

非公開メンバ関数

詳解

構築子と解体子

◆ AuthenticationProcessor()

関数詳解

◆ attachSession() [1/2]

◆ attachSession() [2/2]

◆ authenticate()

◆ authenticateClient()

◆ authenticateOnly()

◆ authenticationAction()

◆ authenticationComplete()

◆ checkClientSession()

◆ clearAuthenticatedUser()

◆ clone()

◆ createAuthenticatorContext()

◆ createClientAuthenticatorContext()

◆ createFlowExecution()

◆ evaluateRequiredActionTriggers()

◆ finishAuthentication()

◆ generateCode()

◆ getAuthenticationSession()

◆ getBruteForceProtector()

◆ getClient()

◆ getClientAuthAttributes()

◆ getConnection()

◆ getEvent()

◆ getRealm()

◆ getRefreshUrl()

◆ getRequest()

◆ getSession()

◆ getUriInfo()

◆ getUserSession()

◆ handleBrowserException()

◆ handleClientAuthException()

◆ isBrowserFlow()

◆ isSuccessful()

◆ logFailure()

◆ logSuccess()

◆ newEvent()

◆ nextRequiredAction()

◆ redirectToFlow()

◆ resetFlow() [1/2]

◆ resetFlow() [2/2]

◆ setAuthenticationSession()

◆ setAutheticatedUser()

◆ setBrowserFlow()

◆ setClient()

◆ setConnection()

◆ setEventBuilder()

◆ setFlowId()

◆ setFlowPath()

◆ setForwardedErrorMessage()

◆ setForwardedSuccessMessage()

◆ setRealm()

◆ setRequest()

◆ setSession()

◆ setUriInfo()

◆ validateUser()

メンバ詳解

◆ afterResetListener

◆ authenticationSession

◆ BROKER_SESSION_ID

◆ BROKER_USER_ID

◆ browserFlow

◆ client

◆ clientAuthAttributes

◆ connection

◆ CURRENT_AUTHENTICATION_EXECUTION

◆ CURRENT_FLOW_PATH

◆ event

◆ flowId

◆ flowPath