org.keycloak.authentication.DefaultAuthenticationFlow の継承関係図

org.keycloak.authentication.DefaultAuthenticationFlow 連携図

公開メンバ関数
	DefaultAuthenticationFlow (AuthenticationProcessor processor, AuthenticationFlowModel flow)

Response	processAction (String actionExecution)

Response	processFlow ()

Response	processResult (AuthenticationProcessor.Result result, boolean isAction)

Response	sendChallenge (AuthenticationProcessor.Result result, AuthenticationExecutionModel execution)

限定公開メンバ関数
boolean	isProcessed (AuthenticationExecutionModel model)

Authenticator	createAuthenticator (AuthenticatorFactory factory)

変数
Response	alternativeChallenge = null

AuthenticationExecutionModel	challengedAlternativeExecution = null

boolean	alternativeSuccessful = false

List< AuthenticationExecutionModel >	executions

Iterator< AuthenticationExecutionModel >	executionIterator

AuthenticationProcessor	processor

AuthenticationFlowModel	flow

静的非公開変数類
static final Logger	logger = Logger.getLogger(DefaultAuthenticationFlow.class)

詳解

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ DefaultAuthenticationFlow()

org.keycloak.authentication.DefaultAuthenticationFlow.DefaultAuthenticationFlow	(	AuthenticationProcessor	processor,
		AuthenticationFlowModel	flow
	)

inline

                                                                                                       {
         this.processor = processor;
         this.flow = flow;
         this.executions = processor.getRealm().getAuthenticationExecutions(flow.getId());
         this.executionIterator = executions.iterator();
     }

関数詳解

◆ createAuthenticator()

Authenticator org.keycloak.authentication.DefaultAuthenticationFlow.createAuthenticator ( AuthenticatorFactory factory )

inlineprotected

                                                                               {
         String display = processor.getAuthenticationSession().getAuthNote(OAuth2Constants.DISPLAY);
         if (display == null) return factory.create(processor.getSession());
 
 
         if (factory instanceof DisplayTypeAuthenticatorFactory) {
             Authenticator authenticator = ((DisplayTypeAuthenticatorFactory)factory).createDisplay(processor.getSession(), display);
             if (authenticator != null) return authenticator;
         }
         // todo create a provider for handling lack of display support
         if (OAuth2Constants.DISPLAY_CONSOLE.equalsIgnoreCase(display)) {
             processor.getAuthenticationSession().removeAuthNote(OAuth2Constants.DISPLAY);
             throw new AuthenticationFlowException(AuthenticationFlowError.DISPLAY_NOT_SUPPORTED,
                     ConsoleDisplayMode.browserContinue(processor.getSession(), processor.getRefreshUrl(true).toString()));
 
         } else {
             return factory.create(processor.getSession());
         }
     }

◆ isProcessed()

boolean org.keycloak.authentication.DefaultAuthenticationFlow.isProcessed ( AuthenticationExecutionModel model )

inlineprotected

                                                                       {
         if (model.isDisabled()) return true;
         AuthenticationSessionModel.ExecutionStatus status = processor.getAuthenticationSession().getExecutionStatus().get(model.getId());
         if (status == null) return false;
         return status == AuthenticationSessionModel.ExecutionStatus.SUCCESS || status == AuthenticationSessionModel.ExecutionStatus.SKIPPED
                 || status == AuthenticationSessionModel.ExecutionStatus.ATTEMPTED
                 || status == AuthenticationSessionModel.ExecutionStatus.SETUP_REQUIRED;
     }

◆ processAction()

Response org.keycloak.authentication.DefaultAuthenticationFlow.processAction ( String actionExecution )

inline

                                                           {
         logger.debugv("processAction: {0}", actionExecution);
         while (executionIterator.hasNext()) {
             AuthenticationExecutionModel model = executionIterator.next();
             logger.debugv("check: {0} requirement: {1}", model.getAuthenticator(), model.getRequirement().toString());
             if (isProcessed(model)) {
                 logger.debug("execution is processed");
                 if (!alternativeSuccessful && model.isAlternative() && processor.isSuccessful(model))
                     alternativeSuccessful = true;
                 continue;
             }
             if (model.isAuthenticatorFlow()) {
                 AuthenticationFlow authenticationFlow = processor.createFlowExecution(model.getFlowId(), model);
                 Response flowChallenge = authenticationFlow.processAction(actionExecution);
                 if (flowChallenge == null) {
                     processor.getAuthenticationSession().setExecutionStatus(model.getId(), AuthenticationSessionModel.ExecutionStatus.SUCCESS);
                     if (model.isAlternative()) alternativeSuccessful = true;
                     return processFlow();
                 } else {
                    return flowChallenge;
                 }
             } else if (model.getId().equals(actionExecution)) {
                 AuthenticatorFactory factory = (AuthenticatorFactory) processor.getSession().getKeycloakSessionFactory().getProviderFactory(Authenticator.class, model.getAuthenticator());
                 if (factory == null) {
                     throw new RuntimeException("Unable to find factory for AuthenticatorFactory: " + model.getAuthenticator() + " did you forget to declare it in a META-INF/services file?");
                 }
                 Authenticator authenticator = createAuthenticator(factory);
                 AuthenticationProcessor.Result result = processor.createAuthenticatorContext(model, authenticator, executions);
                 logger.debugv("action: {0}", model.getAuthenticator());
                 authenticator.action(result);
                 Response response = processResult(result, true);
                 if (response == null) {
                     processor.getAuthenticationSession().removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
                     return processFlow();
                 } else return response;
             }
         }
         throw new AuthenticationFlowException("action is not in current execution", AuthenticationFlowError.INTERNAL_ERROR);
     }

◆ processFlow()

Response org.keycloak.authentication.DefaultAuthenticationFlow.processFlow ( )

inline

                                   {
         logger.debug("processFlow");
         while (executionIterator.hasNext()) {
             AuthenticationExecutionModel model = executionIterator.next();
             logger.debugv("check execution: {0} requirement: {1}", model.getAuthenticator(), model.getRequirement().toString());
 
             if (isProcessed(model)) {
                 logger.debug("execution is processed");
                 if (!alternativeSuccessful && model.isAlternative() && processor.isSuccessful(model))
                     alternativeSuccessful = true;
                 continue;
             }
             if (model.isAlternative() && alternativeSuccessful) {
                 logger.debug("Skip alternative execution");
                 processor.getAuthenticationSession().setExecutionStatus(model.getId(), AuthenticationSessionModel.ExecutionStatus.SKIPPED);
                 continue;
             }
             if (model.isAuthenticatorFlow()) {
                 logger.debug("execution is flow");
                 AuthenticationFlow authenticationFlow = processor.createFlowExecution(model.getFlowId(), model);
 
                 Response flowChallenge = null;
                 try {
                     flowChallenge = authenticationFlow.processFlow();
                 } catch (AuthenticationFlowException afe) {
                     if (model.isAlternative()) {
                         logger.debug("Thrown exception in alternative Subflow. Ignoring Subflow");
                         processor.getAuthenticationSession().setExecutionStatus(model.getId(), AuthenticationSessionModel.ExecutionStatus.ATTEMPTED);
                         continue;
                     } else {
                         throw afe;
                     }
                 }
 
                 if (flowChallenge == null) {
                     processor.getAuthenticationSession().setExecutionStatus(model.getId(), AuthenticationSessionModel.ExecutionStatus.SUCCESS);
                     if (model.isAlternative()) alternativeSuccessful = true;
                     continue;
                 } else {
                     if (model.isAlternative()) {
                         alternativeChallenge = flowChallenge;
                         challengedAlternativeExecution = model;
                     } else if (model.isRequired()) {
                         processor.getAuthenticationSession().setExecutionStatus(model.getId(), AuthenticationSessionModel.ExecutionStatus.CHALLENGED);
                         return flowChallenge;
                     } else if (model.isOptional()) {
                         processor.getAuthenticationSession().setExecutionStatus(model.getId(), AuthenticationSessionModel.ExecutionStatus.SKIPPED);
                         continue;
                     } else {
                         processor.getAuthenticationSession().setExecutionStatus(model.getId(), AuthenticationSessionModel.ExecutionStatus.SKIPPED);
                         continue;
                     }
                     return flowChallenge;
                 }
             }
 
             AuthenticatorFactory factory = (AuthenticatorFactory) processor.getSession().getKeycloakSessionFactory().getProviderFactory(Authenticator.class, model.getAuthenticator());
             if (factory == null) {
                 throw new RuntimeException("Unable to find factory for AuthenticatorFactory: " + model.getAuthenticator() + " did you forget to declare it in a META-INF/services file?");
             }
             Authenticator authenticator = createAuthenticator(factory);
             logger.debugv("authenticator: {0}", factory.getId());
             UserModel authUser = processor.getAuthenticationSession().getAuthenticatedUser();
 
             if (authenticator.requiresUser() && authUser == null) {
                 if (alternativeChallenge != null) {
                     processor.getAuthenticationSession().setExecutionStatus(challengedAlternativeExecution.getId(), AuthenticationSessionModel.ExecutionStatus.CHALLENGED);
                     return alternativeChallenge;
                 }
                 throw new AuthenticationFlowException("authenticator: " + factory.getId(), AuthenticationFlowError.UNKNOWN_USER);
             }
             boolean configuredFor = false;
             if (authenticator.requiresUser() && authUser != null) {
                 configuredFor = authenticator.configuredFor(processor.getSession(), processor.getRealm(), authUser);
                 if (!configuredFor) {
                     if (model.isRequired()) {
                         if (factory.isUserSetupAllowed()) {
                             logger.debugv("authenticator SETUP_REQUIRED: {0}", factory.getId());
                             processor.getAuthenticationSession().setExecutionStatus(model.getId(), AuthenticationSessionModel.ExecutionStatus.SETUP_REQUIRED);
                             authenticator.setRequiredActions(processor.getSession(), processor.getRealm(), processor.getAuthenticationSession().getAuthenticatedUser());
                             continue;
                         } else {
                             throw new AuthenticationFlowException(AuthenticationFlowError.CREDENTIAL_SETUP_REQUIRED);
                         }
                     } else if (model.isOptional()) {
                         processor.getAuthenticationSession().setExecutionStatus(model.getId(), AuthenticationSessionModel.ExecutionStatus.SKIPPED);
                         continue;
                     }
                 }
             }
             // skip if action as successful already
 //            Response redirect = processor.checkWasSuccessfulBrowserAction();
 //            if (redirect != null) return redirect;
 
             AuthenticationProcessor.Result context = processor.createAuthenticatorContext(model, authenticator, executions);
             logger.debugv("invoke authenticator.authenticate: {0}", factory.getId());
             authenticator.authenticate(context);
             Response response = processResult(context, false);
             if (response != null) return response;
         }
         return null;
     }

◆ processResult()

Response org.keycloak.authentication.DefaultAuthenticationFlow.processResult	(	AuthenticationProcessor.Result	result,
		boolean	isAction
	)

inline

                                                                                            {
         AuthenticationExecutionModel execution = result.getExecution();
         FlowStatus status = result.getStatus();
         switch (status) {
             case SUCCESS:
                 logger.debugv("authenticator SUCCESS: {0}", execution.getAuthenticator());
                 processor.getAuthenticationSession().setExecutionStatus(execution.getId(), AuthenticationSessionModel.ExecutionStatus.SUCCESS);
                 if (execution.isAlternative()) alternativeSuccessful = true;
                 return null;
             case FAILED:
                 logger.debugv("authenticator FAILED: {0}", execution.getAuthenticator());
                 processor.logFailure();
                 processor.getAuthenticationSession().setExecutionStatus(execution.getId(), AuthenticationSessionModel.ExecutionStatus.FAILED);
                 if (result.getChallenge() != null) {
                     return sendChallenge(result, execution);
                 }
                 throw new AuthenticationFlowException(result.getError());
             case FORK:
                 logger.debugv("reset browser login from authenticator: {0}", execution.getAuthenticator());
                 processor.getAuthenticationSession().setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, execution.getId());
                 throw new ForkFlowException(result.getSuccessMessage(), result.getErrorMessage());
             case FORCE_CHALLENGE:
                 processor.getAuthenticationSession().setExecutionStatus(execution.getId(), AuthenticationSessionModel.ExecutionStatus.CHALLENGED);
                 return sendChallenge(result, execution);
             case CHALLENGE:
                 logger.debugv("authenticator CHALLENGE: {0}", execution.getAuthenticator());
                 if (execution.isRequired()) {
                     processor.getAuthenticationSession().setExecutionStatus(execution.getId(), AuthenticationSessionModel.ExecutionStatus.CHALLENGED);
                     return sendChallenge(result, execution);
                 }
                 UserModel authenticatedUser = processor.getAuthenticationSession().getAuthenticatedUser();
                 if (execution.isOptional() && authenticatedUser != null && result.getAuthenticator().configuredFor(processor.getSession(), processor.getRealm(), authenticatedUser)) {
                     processor.getAuthenticationSession().setExecutionStatus(execution.getId(), AuthenticationSessionModel.ExecutionStatus.CHALLENGED);
                     return sendChallenge(result, execution);
                 }
                 if (execution.isAlternative()) {
                     alternativeChallenge = result.getChallenge();
                     challengedAlternativeExecution = execution;
                 } else {
                     processor.getAuthenticationSession().setExecutionStatus(execution.getId(), AuthenticationSessionModel.ExecutionStatus.SKIPPED);
                 }
                 return null;
             case FAILURE_CHALLENGE:
                 logger.debugv("authenticator FAILURE_CHALLENGE: {0}", execution.getAuthenticator());
                 processor.logFailure();
                 processor.getAuthenticationSession().setExecutionStatus(execution.getId(), AuthenticationSessionModel.ExecutionStatus.CHALLENGED);
                 return sendChallenge(result, execution);
             case ATTEMPTED:
                 logger.debugv("authenticator ATTEMPTED: {0}", execution.getAuthenticator());
                 if (execution.getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
                     throw new AuthenticationFlowException(AuthenticationFlowError.INVALID_CREDENTIALS);
                 }
                 processor.getAuthenticationSession().setExecutionStatus(execution.getId(), AuthenticationSessionModel.ExecutionStatus.ATTEMPTED);
                 return null;
             case FLOW_RESET:
                 processor.resetFlow();
                 return processor.authenticate();
             default:
                 logger.debugv("authenticator INTERNAL_ERROR: {0}", execution.getAuthenticator());
                 ServicesLogger.LOGGER.unknownResultStatus();
                 throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
         }
     }

◆ sendChallenge()

Response org.keycloak.authentication.DefaultAuthenticationFlow.sendChallenge	(	AuthenticationProcessor.Result	result,
		AuthenticationExecutionModel	execution
	)

inline

                                                                                                                  {
         processor.getAuthenticationSession().setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, execution.getId());
         return result.getChallenge();
     }

メンバ詳解

◆ alternativeChallenge

Response org.keycloak.authentication.DefaultAuthenticationFlow.alternativeChallenge = null

package

◆ alternativeSuccessful

boolean org.keycloak.authentication.DefaultAuthenticationFlow.alternativeSuccessful = false

package

◆ challengedAlternativeExecution

AuthenticationExecutionModel org.keycloak.authentication.DefaultAuthenticationFlow.challengedAlternativeExecution = null

package

◆ executionIterator

Iterator<AuthenticationExecutionModel> org.keycloak.authentication.DefaultAuthenticationFlow.executionIterator

package

◆ executions

List<AuthenticationExecutionModel> org.keycloak.authentication.DefaultAuthenticationFlow.executions

package

◆ flow

AuthenticationFlowModel org.keycloak.authentication.DefaultAuthenticationFlow.flow

package

◆ logger

final Logger org.keycloak.authentication.DefaultAuthenticationFlow.logger = Logger.getLogger(DefaultAuthenticationFlow.class)

staticprivate

◆ processor

AuthenticationProcessor org.keycloak.authentication.DefaultAuthenticationFlow.processor

package

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authentication/DefaultAuthenticationFlow.java

公開メンバ関数

限定公開メンバ関数

変数

静的非公開変数類

詳解

構築子と解体子

◆ DefaultAuthenticationFlow()

関数詳解

◆ createAuthenticator()

◆ isProcessed()

◆ processAction()

◆ processFlow()

◆ processResult()

◆ sendChallenge()

メンバ詳解

◆ alternativeChallenge

◆ alternativeSuccessful

◆ challengedAlternativeExecution

◆ executionIterator

◆ executions

◆ flow

◆ logger

◆ processor