org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator の継承関係図

org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator 連携図

公開メンバ関数
boolean	requiresUser ()

void	authenticate (AuthenticationFlowContext context)

void	action (AuthenticationFlowContext context)

boolean	configuredFor (KeycloakSession session, RealmModel realm, UserModel user)

void	setRequiredActions (KeycloakSession session, RealmModel realm, UserModel user)

void	close ()

boolean	invalidUser (AuthenticationFlowContext context, UserModel user)

boolean	enabledUser (AuthenticationFlowContext context, UserModel user)

boolean	validateUserAndPassword (AuthenticationFlowContext context, MultivaluedMap< String, String > inputData)

boolean	validatePassword (AuthenticationFlowContext context, UserModel user, MultivaluedMap< String, String > inputData)

静的公開変数類
static final String	REGISTRATION_FORM_ACTION = "registration_form"

static final String	ATTEMPTED_USERNAME = "ATTEMPTED_USERNAME"

限定公開メンバ関数
boolean	onAuthenticate (AuthenticationFlowContext context, String[] challenge)

String	getAuthorizationHeader (AuthenticationFlowContext context)

boolean	checkUsernameAndPassword (AuthenticationFlowContext context, String username, String password)

String []	getChallenge (String authorizationHeader)

Response	invalidUser (AuthenticationFlowContext context)

Response	disabledUser (AuthenticationFlowContext context)

Response	temporarilyDisabledUser (AuthenticationFlowContext context)

Response	invalidCredentials (AuthenticationFlowContext context)

Response	setDuplicateUserChallenge (AuthenticationFlowContext context, String eventError, String loginFormError, AuthenticationFlowError authenticatorError)

void	runDefaultDummyHash (AuthenticationFlowContext context)

void	dummyHash (AuthenticationFlowContext context)

非公開メンバ関数
Response	challengeResponse (AuthenticationFlowContext context)

String	getHeader (AuthenticationFlowContext context)

詳解

著者: Bill Burke

バージョン

Revision: 1

関数詳解

◆ action()

void org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.action ( AuthenticationFlowContext context )

inline

                                                           {
 
     }

◆ authenticate()

void org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.authenticate ( AuthenticationFlowContext context )

inline

                                                                 {
         String authorizationHeader = getAuthorizationHeader(context);
 
         if (authorizationHeader == null) {
             context.challenge(challengeResponse(context));
             return;
         }
 
         String[] challenge = getChallenge(authorizationHeader);
 
         if (challenge == null) {
             context.challenge(challengeResponse(context));
             return;
         }
 
         if (onAuthenticate(context, challenge)) {
             context.success();
             return;
         }
 
         context.setUser(null);
         context.challenge(challengeResponse(context));
     }

◆ challengeResponse()

Response org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.challengeResponse ( AuthenticationFlowContext context )

inlineprivate

                                                                           {
         return Response.status(401).header(HttpHeaders.WWW_AUTHENTICATE, getHeader(context)).build();
     }

◆ checkUsernameAndPassword()

boolean org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.checkUsernameAndPassword	(	AuthenticationFlowContext	context,
		String	username,
		String	password
	)

inlineprotected

                                                                                                                     {
         MultivaluedMap<String, String> map = new MultivaluedHashMap<>();
 
         map.putSingle(AuthenticationManager.FORM_USERNAME, username);
         map.putSingle(CredentialRepresentation.PASSWORD, password);
 
         if (validateUserAndPassword(context, map)) {
             return true;
         }
 
         return false;
     }

◆ close()

void org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.close ( )

inline

                         {
 
     }

◆ configuredFor()

boolean org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.configuredFor	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user
	)

inline

                                                                                             {
         return true;
     }

◆ disabledUser()

Response org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.disabledUser ( AuthenticationFlowContext context )

inlineprotected

                                                                        {
         return challengeResponse(context);
     }

◆ dummyHash()

void org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.dummyHash ( AuthenticationFlowContext context )

inlineprotectedinherited

                                                                 {
         PasswordPolicy policy = context.getRealm().getPasswordPolicy();
         if (policy == null) {
             runDefaultDummyHash(context);
             return;
         } else {
             PasswordHashProvider hash = context.getSession().getProvider(PasswordHashProvider.class, policy.getHashAlgorithm());
             if (hash == null) {
                 runDefaultDummyHash(context);
                 return;
 
             } else {
                 hash.encode("dummypassword", policy.getHashIterations());
             }
         }
 
     }

◆ enabledUser()

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.enabledUser	(	AuthenticationFlowContext	context,
		UserModel	user
	)

inlineinherited

                                                                                   {
         if (!user.isEnabled()) {
             context.getEvent().user(user);
             context.getEvent().error(Errors.USER_DISABLED);
             Response challengeResponse = disabledUser(context);
             // this is not a failure so don't call failureChallenge.
             //context.failureChallenge(AuthenticationFlowError.USER_DISABLED, challengeResponse);
             context.forceChallenge(challengeResponse);
             return false;
         }
         if (isTemporarilyDisabledByBruteForce(context, user)) return false;
         return true;
     }

◆ getAuthorizationHeader()

String org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.getAuthorizationHeader ( AuthenticationFlowContext context )

inlineprotected

                                                                                {
         return context.getHttpRequest().getHttpHeaders().getRequestHeaders().getFirst(HttpHeaders.AUTHORIZATION);
     }

◆ getChallenge()

String [] org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.getChallenge ( String authorizationHeader )

inlineprotected

                                                                 {
         String[] challenge = BasicAuthHelper.parseHeader(authorizationHeader);
 
         if (challenge.length < 2) {
             return null;
         }
 
         return challenge;
     }

◆ getHeader()

String org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.getHeader ( AuthenticationFlowContext context )

inlineprivate

                                                                 {
         return "Basic realm=\"" + context.getRealm().getName() + "\"";
     }

◆ invalidCredentials()

Response org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.invalidCredentials ( AuthenticationFlowContext context )

inlineprotected

                                                                              {
         return challengeResponse(context);
     }

◆ invalidUser() [1/2]

Response org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.invalidUser ( AuthenticationFlowContext context )

inlineprotected

                                                                       {
         return challengeResponse(context);
     }

◆ invalidUser() [2/2]

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.invalidUser	(	AuthenticationFlowContext	context,
		UserModel	user
	)

inlineinherited

                                                                                   {
         if (user == null) {
             dummyHash(context);
             context.getEvent().error(Errors.USER_NOT_FOUND);
             Response challengeResponse = invalidUser(context);
             context.failureChallenge(AuthenticationFlowError.INVALID_USER, challengeResponse);
             return true;
         }
         return false;
     }

◆ onAuthenticate()

boolean org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.onAuthenticate	(	AuthenticationFlowContext	context,
		String []	challenge
	)

inlineprotected

                                                                                             {
         if (checkUsernameAndPassword(context, challenge[0], challenge[1])) {
             return true;
         }
 
         return false;
     }

◆ requiresUser()

boolean org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.requiresUser ( )

inline

                                   {
         return false;
     }

◆ runDefaultDummyHash()

void org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.runDefaultDummyHash ( AuthenticationFlowContext context )

inlineprotectedinherited

                                                                           {
         PasswordHashProvider hash = context.getSession().getProvider(PasswordHashProvider.class, PasswordPolicy.HASH_ALGORITHM_DEFAULT);
         hash.encode("dummypassword", PasswordPolicy.HASH_ITERATIONS_DEFAULT);
     }

◆ setDuplicateUserChallenge()

Response org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.setDuplicateUserChallenge	(	AuthenticationFlowContext	context,
		String	eventError,
		String	loginFormError,
		AuthenticationFlowError	authenticatorError
	)

inlineprotected

                                                                                                                                                                           {
         return challengeResponse(context);
     }

◆ setRequiredActions()

void org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.setRequiredActions	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user
	)

inline

143 {

144 }

◆ temporarilyDisabledUser()

Response org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator.temporarilyDisabledUser ( AuthenticationFlowContext context )

inlineprotected

                                                                                   {
         return challengeResponse(context);
     }

◆ validatePassword()

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validatePassword	(	AuthenticationFlowContext	context,
		UserModel	user,
		MultivaluedMap< String, String >	inputData
	)

inlineinherited

                                                                                                                                  {
         List<CredentialInput> credentials = new LinkedList<>();
         String password = inputData.getFirst(CredentialRepresentation.PASSWORD);
         credentials.add(UserCredentialModel.password(password));
 
         if (isTemporarilyDisabledByBruteForce(context, user)) return false;
 
         if (password != null && !password.isEmpty() && context.getSession().userCredentialManager().isValid(context.getRealm(), user, credentials)) {
             return true;
         } else {
             context.getEvent().user(user);
             context.getEvent().error(Errors.INVALID_USER_CREDENTIALS);
             Response challengeResponse = invalidCredentials(context);
             context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challengeResponse);
             context.clearUser();
             return false;
         }
     }

◆ validateUserAndPassword()

boolean org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validateUserAndPassword	(	AuthenticationFlowContext	context,
		MultivaluedMap< String, String >	inputData
	)

inlineinherited

                                                                                                                         {
         String username = inputData.getFirst(AuthenticationManager.FORM_USERNAME);
         if (username == null) {
             context.getEvent().error(Errors.USER_NOT_FOUND);
             Response challengeResponse = invalidUser(context);
             context.failureChallenge(AuthenticationFlowError.INVALID_USER, challengeResponse);
             return false;
         }
 
         // remove leading and trailing whitespace
         username = username.trim();
 
         context.getEvent().detail(Details.USERNAME, username);
         context.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, username);
 
         UserModel user = null;
         try {
             user = KeycloakModelUtils.findUserByNameOrEmail(context.getSession(), context.getRealm(), username);
         } catch (ModelDuplicateException mde) {
             ServicesLogger.LOGGER.modelDuplicateException(mde);
 
             // Could happen during federation import
             if (mde.getDuplicateFieldName() != null && mde.getDuplicateFieldName().equals(UserModel.EMAIL)) {
                 setDuplicateUserChallenge(context, Errors.EMAIL_IN_USE, Messages.EMAIL_EXISTS, AuthenticationFlowError.INVALID_USER);
             } else {
                 setDuplicateUserChallenge(context, Errors.USERNAME_IN_USE, Messages.USERNAME_EXISTS, AuthenticationFlowError.INVALID_USER);
             }
 
             return false;
         }
 
         if (invalidUser(context, user)) {
             return false;
         }
 
         if (!validatePassword(context, user, inputData)) {
             return false;
         }
 
         if (!enabledUser(context, user)) {
             return false;
         }
 
         String rememberMe = inputData.getFirst("rememberMe");
         boolean remember = rememberMe != null && rememberMe.equalsIgnoreCase("on");
         if (remember) {
             context.getAuthenticationSession().setAuthNote(Details.REMEMBER_ME, "true");
             context.getEvent().detail(Details.REMEMBER_ME, "true");
         } else {
             context.getAuthenticationSession().removeAuthNote(Details.REMEMBER_ME);
         }
         context.setUser(user);
         return true;
     }

メンバ詳解

◆ ATTEMPTED_USERNAME

final String org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME = "ATTEMPTED_USERNAME"

staticinherited

◆ REGISTRATION_FORM_ACTION

final String org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.REGISTRATION_FORM_ACTION = "registration_form"

staticinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authentication/authenticators/challenge/BasicAuthAuthenticator.java

公開メンバ関数

静的公開変数類

限定公開メンバ関数

非公開メンバ関数

詳解

関数詳解

◆ action()

◆ authenticate()

◆ challengeResponse()

◆ checkUsernameAndPassword()

◆ close()

◆ configuredFor()

◆ disabledUser()

◆ dummyHash()

◆ enabledUser()

◆ getAuthorizationHeader()

◆ getChallenge()

◆ getHeader()

◆ invalidCredentials()

◆ invalidUser() [1/2]

◆ invalidUser() [2/2]

◆ onAuthenticate()

◆ requiresUser()

◆ runDefaultDummyHash()

◆ setDuplicateUserChallenge()

◆ setRequiredActions()

◆ temporarilyDisabledUser()

◆ validatePassword()

◆ validateUserAndPassword()

メンバ詳解

◆ ATTEMPTED_USERNAME

◆ REGISTRATION_FORM_ACTION