org.keycloak.services.resources.WelcomeResource クラス

org.keycloak.services.resources.WelcomeResource 連携図

公開メンバ関数
	WelcomeResource (boolean bootstrap)
Response	getWelcomePage () throws URISyntaxException
Response	createUser (final MultivaluedMap< String, String > formData)
Response	getResource (@PathParam("path") String path)

限定公開変数類
HttpHeaders	headers

静的限定公開変数類
static final Logger	logger = Logger.getLogger(WelcomeResource.class)

非公開メンバ関数
Response	createWelcomePage (String successMessage, String errorMessage)
Theme	getTheme ()
void	checkBootstrap ()
boolean	isLocal ()
boolean	isLocalAddress (InetAddress inetAddress)
String	setCsrfCookie ()
void	expireCsrfCookie ()
void	csrfCheck (final MultivaluedMap< String, String > formData)

非公開変数類
boolean	bootstrap
KeycloakSession	session

静的非公開変数類
static final String	KEYCLOAK_STATE_CHECKER = "WELCOME_STATE_CHECKER"

詳解

著者

Stian Thorgersen

構築子と解体子

WelcomeResource()

org.keycloak.services.resources.WelcomeResource.WelcomeResource ( boolean  bootstrap )

inline

                                              {
        this.bootstrap = bootstrap;
    }

関数詳解

checkBootstrap()

void org.keycloak.services.resources.WelcomeResource.checkBootstrap ( )

inlineprivate

                                  {
        if (bootstrap) {
            bootstrap  = new ApplianceBootstrap(session).isNoMasterUser();
        }
    }

createUser()

Response org.keycloak.services.resources.WelcomeResource.createUser ( final MultivaluedMap< String, String >  formData )

inline

                                                                              {
        checkBootstrap();

        if (!bootstrap) {
            return createWelcomePage(null, null);
        } else {
            if (!isLocal()) {
                ServicesLogger.LOGGER.rejectedNonLocalAttemptToCreateInitialUser(session.getContext().getConnection().getRemoteAddr());
                throw new WebApplicationException(Response.Status.BAD_REQUEST);
            }

            csrfCheck(formData);

            String username = formData.getFirst("username");
            String password = formData.getFirst("password");
            String passwordConfirmation = formData.getFirst("passwordConfirmation");

            if (username == null || username.length() == 0) {
                return createWelcomePage(null, "Username is missing");
            }

            if (password == null || password.length() == 0) {
                return createWelcomePage(null, "Password is missing");
            }

            if (!password.equals(passwordConfirmation)) {
                return createWelcomePage(null, "Password and confirmation doesn't match");
            }

            expireCsrfCookie();

            ApplianceBootstrap applianceBootstrap = new ApplianceBootstrap(session);
            if (applianceBootstrap.isNoMasterUser()) {
                bootstrap = false;
                applianceBootstrap.createMasterRealmUser(username, password);

                ServicesLogger.LOGGER.createdInitialAdminUser(username);
                return createWelcomePage("User created", null);
            } else {
                ServicesLogger.LOGGER.initialUserAlreadyCreated();
                return createWelcomePage(null, "Users already exists");
            }
        }
    }

createWelcomePage()

Response org.keycloak.services.resources.WelcomeResource.createWelcomePage ( String  successMessage, String  errorMessage  )

inlineprivate

                                                                                   {
        try {
          Theme theme = getTheme();

          Map<String, Object> map = new HashMap<>();

          map.put("productName", Version.NAME);

          map.put("properties", theme.getProperties());

          URI uri = Urls.themeRoot(session.getContext().getUri().getBaseUri());
          String resourcesPath = uri.getPath() + "/" + theme.getType().toString().toLowerCase() +"/" + theme.getName();
          map.put("resourcesPath", resourcesPath);

           map.put("bootstrap", bootstrap);
            if (bootstrap) {
                boolean isLocal = isLocal();
                map.put("localUser", isLocal);

                if (isLocal) {
                    String stateChecker = setCsrfCookie();
                    map.put("stateChecker", stateChecker);
                }
            }
            if (successMessage != null) {
                map.put("successMessage", successMessage);
            }
            if (errorMessage != null) {
                map.put("errorMessage", errorMessage);
            }
            FreeMarkerUtil freeMarkerUtil = new FreeMarkerUtil();
            String result = freeMarkerUtil.processTemplate(map, "index.ftl", theme);

            ResponseBuilder rb = Response.status(errorMessage == null ? Status.OK : Status.BAD_REQUEST)
                    .entity(result)
                    .cacheControl(CacheControlUtil.noCache());
            BrowserSecurityHeaderSetup.headers(rb, BrowserSecurityHeaders.defaultHeaders);
            return rb.build();
        } catch (Exception e) {
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

csrfCheck()

void org.keycloak.services.resources.WelcomeResource.csrfCheck ( final MultivaluedMap< String, String >  formData )

inlineprivate

                                                                          {
        String formStateChecker = formData.getFirst("stateChecker");
        Cookie cookie = headers.getCookies().get(KEYCLOAK_STATE_CHECKER);
        if (cookie == null) {
            throw new ForbiddenException();
        }

        String cookieStateChecker = cookie.getValue();

        if (cookieStateChecker == null || !cookieStateChecker.equals(formStateChecker)) {
            throw new ForbiddenException();
        }
    }

expireCsrfCookie()

void org.keycloak.services.resources.WelcomeResource.expireCsrfCookie ( )

inlineprivate

                                    {
        String cookiePath = session.getContext().getUri().getPath();
        boolean secureOnly = session.getContext().getUri().getRequestUri().getScheme().equalsIgnoreCase("https");
        CookieHelper.addCookie(KEYCLOAK_STATE_CHECKER, "", cookiePath, null, null, 0, secureOnly, true);
    }

getResource()

Response org.keycloak.services.resources.WelcomeResource.getResource ( @PathParam("path") String  path )

inline

Resources for welcome page

引数

path

戻り値

                                                                {
        try {
            InputStream resource = getTheme().getResourceAsStream(path);
            if (resource != null) {
                String contentType = MimeTypeUtil.getContentType(path);
                Response.ResponseBuilder builder = Response.ok(resource).type(contentType).cacheControl(CacheControlUtil.getDefaultCacheControl());
                return builder.build();
            } else {
                return Response.status(Response.Status.NOT_FOUND).build();
            }
        } catch (IOException e) {
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

getTheme()

Theme org.keycloak.services.resources.WelcomeResource.getTheme ( )

inlineprivate

                             {
        try {
            return session.theme().getTheme(Theme.Type.WELCOME);
        } catch (IOException e) {
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

getWelcomePage()

Response org.keycloak.services.resources.WelcomeResource.getWelcomePage ( ) throws URISyntaxException

inline

Welcome page of Keycloak

戻り値

例外

URISyntaxException

                                                               {
        checkBootstrap();

        String requestUri = session.getContext().getUri().getRequestUri().toString();
        if (!requestUri.endsWith("/")) {
            return Response.seeOther(new URI(requestUri + "/")).build();
        } else {
            return createWelcomePage(null, null);
        }
    }

isLocal()

boolean org.keycloak.services.resources.WelcomeResource.isLocal ( )

inlineprivate

                              {
        try {
            ClientConnection clientConnection = session.getContext().getConnection();
            InetAddress remoteInetAddress = InetAddress.getByName(clientConnection.getRemoteAddr());
            InetAddress localInetAddress = InetAddress.getByName(clientConnection.getLocalAddr());
            String xForwardedFor = headers.getHeaderString("X-Forwarded-For");
            logger.debugf("Checking WelcomePage. Remote address: %s, Local address: %s, X-Forwarded-For header: %s", remoteInetAddress.toString(), localInetAddress.toString(), xForwardedFor);

            // Access through AJP protocol (loadbalancer) may cause that remoteAddress is "127.0.0.1".
            // So consider that welcome page accessed locally just if it was accessed really through "localhost" URL and without loadbalancer (x-forwarded-for header is empty).
            return isLocalAddress(remoteInetAddress) && isLocalAddress(localInetAddress) && xForwardedFor == null;
        } catch (UnknownHostException e) {
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

isLocalAddress()

boolean org.keycloak.services.resources.WelcomeResource.isLocalAddress ( InetAddress  inetAddress )

inlineprivate

                                                            {
        return inetAddress.isAnyLocalAddress() || inetAddress.isLoopbackAddress();
    }

setCsrfCookie()

String org.keycloak.services.resources.WelcomeResource.setCsrfCookie ( )

inlineprivate

                                   {
        String stateChecker = Base64Url.encode(KeycloakModelUtils.generateSecret());
        String cookiePath = session.getContext().getUri().getPath();
        boolean secureOnly = session.getContext().getUri().getRequestUri().getScheme().equalsIgnoreCase("https");
        CookieHelper.addCookie(KEYCLOAK_STATE_CHECKER, stateChecker, cookiePath, null, null, 300, secureOnly, true);
        return stateChecker;
    }

メンバ詳解

bootstrap

boolean org.keycloak.services.resources.WelcomeResource.bootstrap

private

headers

HttpHeaders org.keycloak.services.resources.WelcomeResource.headers

protected

KEYCLOAK_STATE_CHECKER

final String org.keycloak.services.resources.WelcomeResource.KEYCLOAK_STATE_CHECKER = "WELCOME_STATE_CHECKER"

staticprivate

logger

final Logger org.keycloak.services.resources.WelcomeResource.logger = Logger.getLogger(WelcomeResource.class)

staticprotected

session

KeycloakSession org.keycloak.services.resources.WelcomeResource.session

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java