keycloak-service
公開メンバ関数 | 静的公開変数類 | 限定公開メンバ関数 | 限定公開変数類 | 静的限定公開変数類 | 非公開メンバ関数 | 非公開変数類 | 全メンバ一覧
org.keycloak.protocol.docker.DockerEndpoint クラス
org.keycloak.protocol.docker.DockerEndpoint の継承関係図
Inheritance graph
org.keycloak.protocol.docker.DockerEndpoint 連携図
Collaboration graph

公開メンバ関数

 DockerEndpoint (final RealmModel realm, final EventBuilder event, final EventType login)
 
Response build ()
 

静的公開変数類

static final String APP_INITIATED_FLOW = "APP_INITIATED_FLOW"
 

限定公開メンバ関数

AuthenticationFlowModel getAuthenticationFlow (AuthenticationSessionModel authSession)
 
AuthenticationProcessor createProcessor (AuthenticationSessionModel authSession, String flowId, String flowPath)
 
Response handleBrowserAuthenticationRequest (AuthenticationSessionModel authSession, LoginProtocol protocol, boolean isPassive, boolean redirectToAuthentication)
 
void checkSsl ()
 
void checkRealm ()
 
AuthenticationSessionModel createAuthenticationSession (ClientModel client, String requestState)
 

限定公開変数類

RealmModel realm
 
EventBuilder event
 
AuthenticationManager authManager
 
HttpHeaders headers
 
HttpRequest httpRequest
 
KeycloakSession session
 
ClientConnection clientConnection
 

静的限定公開変数類

static final Logger logger = Logger.getLogger(DockerEndpoint.class)
 

非公開メンバ関数

void updateAuthenticationSession ()
 

非公開変数類

final EventType login
 
String account
 
String service
 
String scope
 
ClientModel client
 
AuthenticationSessionModel authenticationSession
 

詳解

Implements a docker-client understandable format.

構築子と解体子

◆ DockerEndpoint()

org.keycloak.protocol.docker.DockerEndpoint.DockerEndpoint ( final RealmModel  realm,
final EventBuilder  event,
final EventType  login 
)
inline
37  {
38  super(realm, event);
39  this.login = login;
40  }
final EventType login
Definition: DockerEndpoint.java:30
EventBuilder event
Definition: AuthorizationEndpointBase.java:61
RealmModel realm
Definition: AuthorizationEndpointBase.java:60

関数詳解

◆ build()

Response org.keycloak.protocol.docker.DockerEndpoint.build ( )
inline
43  {
44  ProfileHelper.requireFeature(Profile.Feature.DOCKER);
45 
46  final MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters();
47 
48  account = params.getFirst(DockerAuthV2Protocol.ACCOUNT_PARAM);
49  if (account == null) {
50  logger.debug("Account parameter not provided by docker auth. This is techincally required, but not actually used since " +
51  "username is provided by Basic auth header.");
52  }
53  service = params.getFirst(DockerAuthV2Protocol.SERVICE_PARAM);
54  if (service == null) {
55  throw new ErrorResponseException("invalid_request", "service parameter must be provided", Response.Status.BAD_REQUEST);
56  }
57  client = realm.getClientByClientId(service);
58  if (client == null) {
59  logger.errorv("Failed to lookup client given by service={0} parameter for realm: {1}.", service, realm.getName());
60  throw new ErrorResponseException("invalid_client", "Client specified by 'service' parameter does not exist", Response.Status.BAD_REQUEST);
61  }
62  scope = params.getFirst(DockerAuthV2Protocol.SCOPE_PARAM);
63 
64  checkSsl();
65  checkRealm();
66 
67  final AuthorizationEndpointRequest authRequest = AuthorizationEndpointRequestParserProcessor.parseRequest(event, session, client, params);
68  authenticationSession = createAuthenticationSession(client, authRequest.getState());
69 
71 
72  // So back button doesn't work
73  CacheControlUtil.noBackButtonCacheControlHeader();
74 
75  return handleBrowserAuthenticationRequest(authenticationSession, new DockerAuthV2Protocol(session, realm, session.getContext().getUri(), headers, event.event(login)), false, false);
76  }
void updateAuthenticationSession()
Definition: DockerEndpoint.java:78
ClientModel client
Definition: DockerEndpoint.java:34
AuthenticationSessionModel createAuthenticationSession(ClientModel client, String requestState)
Definition: AuthorizationEndpointBase.java:166
Response handleBrowserAuthenticationRequest(AuthenticationSessionModel authSession, LoginProtocol protocol, boolean isPassive, boolean redirectToAuthentication)
Definition: AuthorizationEndpointBase.java:105
void checkRealm()
Definition: AuthorizationEndpointBase.java:159
HttpHeaders headers
Definition: AuthorizationEndpointBase.java:65
String service
Definition: DockerEndpoint.java:32
static final Logger logger
Definition: DockerEndpoint.java:28
String account
Definition: DockerEndpoint.java:31
KeycloakSession session
Definition: AuthorizationEndpointBase.java:69
AuthenticationSessionModel authenticationSession
Definition: DockerEndpoint.java:35
final EventType login
Definition: DockerEndpoint.java:30
String scope
Definition: DockerEndpoint.java:33
void checkSsl()
Definition: AuthorizationEndpointBase.java:152
EventBuilder event
Definition: AuthorizationEndpointBase.java:61
RealmModel realm
Definition: AuthorizationEndpointBase.java:60

◆ checkRealm()

void org.keycloak.protocol.AuthorizationEndpointBase.checkRealm ( )
inlineprotectedinherited
159  {
160  if (!realm.isEnabled()) {
161  event.error(Errors.REALM_DISABLED);
162  throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.REALM_NOT_ENABLED);
163  }
164  }
KeycloakSession session
Definition: AuthorizationEndpointBase.java:69
RealmModel realm
Definition: AuthorizationEndpointBase.java:60

◆ checkSsl()

void org.keycloak.protocol.AuthorizationEndpointBase.checkSsl ( )
inlineprotectedinherited
152  {
153  if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
154  event.error(Errors.SSL_REQUIRED);
155  throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.HTTPS_REQUIRED);
156  }
157  }
ClientConnection clientConnection
Definition: AuthorizationEndpointBase.java:71
KeycloakSession session
Definition: AuthorizationEndpointBase.java:69
RealmModel realm
Definition: AuthorizationEndpointBase.java:60

◆ createAuthenticationSession()

AuthenticationSessionModel org.keycloak.protocol.AuthorizationEndpointBase.createAuthenticationSession ( ClientModel  client,
String  requestState 
)
inlineprotectedinherited
166  {
167  AuthenticationSessionManager manager = new AuthenticationSessionManager(session);
168  RootAuthenticationSessionModel rootAuthSession = manager.getCurrentRootAuthenticationSession(realm);
169 
170  AuthenticationSessionModel authSession;
171 
172  if (rootAuthSession != null) {
173  authSession = rootAuthSession.createAuthenticationSession(client);
174 
175  logger.debugf("Sent request to authz endpoint. Root authentication session with ID '%s' exists. Client is '%s' . Created new authentication session with tab ID: %s",
176  rootAuthSession.getId(), client.getClientId(), authSession.getTabId());
177  } else {
178  UserSessionCrossDCManager userSessionCrossDCManager = new UserSessionCrossDCManager(session);
179  UserSessionModel userSession = userSessionCrossDCManager.getUserSessionIfExistsRemotely(manager, realm);
180 
181  if (userSession != null) {
182  String userSessionId = userSession.getId();
183  rootAuthSession = session.authenticationSessions().createRootAuthenticationSession(userSessionId, realm);
184  authSession = rootAuthSession.createAuthenticationSession(client);
185  logger.debugf("Sent request to authz endpoint. We don't have root authentication session with ID '%s' but we have userSession." +
186  "Re-created root authentication session with same ID. Client is: %s . New authentication session tab ID: %s", userSessionId, client.getClientId(), authSession.getTabId());
187  } else {
188  rootAuthSession = manager.createAuthenticationSession(realm, true);
189  authSession = rootAuthSession.createAuthenticationSession(client);
190  logger.debugf("Sent request to authz endpoint. Created new root authentication session with ID '%s' . Client: %s . New authentication session tab ID: %s",
191  rootAuthSession.getId(), client.getClientId(), authSession.getTabId());
192  }
193  }
194 
195  session.getProvider(LoginFormsProvider.class).setAuthenticationSession(authSession);
196 
197  return authSession;
198 
199  }
KeycloakSession session
Definition: AuthorizationEndpointBase.java:69
static final Logger logger
Definition: AuthorizationEndpointBase.java:56
RealmModel realm
Definition: AuthorizationEndpointBase.java:60

◆ createProcessor()

AuthenticationProcessor org.keycloak.protocol.AuthorizationEndpointBase.createProcessor ( AuthenticationSessionModel  authSession,
String  flowId,
String  flowPath 
)
inlineprotectedinherited
78  {
79  AuthenticationProcessor processor = new AuthenticationProcessor();
80  processor.setAuthenticationSession(authSession)
81  .setFlowPath(flowPath)
82  .setFlowId(flowId)
83  .setBrowserFlow(true)
84  .setConnection(clientConnection)
85  .setEventBuilder(event)
86  .setRealm(realm)
87  .setSession(session)
88  .setUriInfo(session.getContext().getUri())
89  .setRequest(httpRequest);
90 
91  authSession.setAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH, flowPath);
92 
93  return processor;
94  }
HttpRequest httpRequest
Definition: AuthorizationEndpointBase.java:67
ClientConnection clientConnection
Definition: AuthorizationEndpointBase.java:71
KeycloakSession session
Definition: AuthorizationEndpointBase.java:69
EventBuilder event
Definition: AuthorizationEndpointBase.java:61
RealmModel realm
Definition: AuthorizationEndpointBase.java:60

◆ getAuthenticationFlow()

AuthenticationFlowModel org.keycloak.protocol.docker.DockerEndpoint.getAuthenticationFlow ( AuthenticationSessionModel  authSession)
inlineprotected
91  {
92  return realm.getDockerAuthenticationFlow();
93  }
RealmModel realm
Definition: AuthorizationEndpointBase.java:60

◆ handleBrowserAuthenticationRequest()

Response org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest ( AuthenticationSessionModel  authSession,
LoginProtocol  protocol,
boolean  isPassive,
boolean  redirectToAuthentication 
)
inlineprotectedinherited

Common method to handle browser authentication request in protocols unified way.

引数
authSessionfor current request
protocolhandler for protocol used to initiate login
isPassiveset to true if login should be passive (without login screen shown)
redirectToAuthenticationif true redirect to flow url. If initial call to protocol is a POST, you probably want to do this. This is so we can disable the back button on browser
戻り値
response to be returned to the browser
105  {
106  AuthenticationFlowModel flow = getAuthenticationFlow(authSession);
107  String flowId = flow.getId();
108  AuthenticationProcessor processor = createProcessor(authSession, flowId, LoginActionsService.AUTHENTICATE_PATH);
109  event.detail(Details.CODE_ID, authSession.getParentSession().getId());
110  if (isPassive) {
111  // OIDC prompt == NONE or SAML 2 IsPassive flag
112  // This means that client is just checking if the user is already completely logged in.
113  // We cancel login if any authentication action or required action is required
114  try {
115  if (processor.authenticateOnly() == null) {
116  // processor.attachSession();
117  } else {
118  Response response = protocol.sendError(authSession, Error.PASSIVE_LOGIN_REQUIRED);
119  return response;
120  }
121 
122  AuthenticationManager.setClientScopesInSession(authSession);
123 
124  if (processor.nextRequiredAction() != null) {
125  Response response = protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED);
126  return response;
127  }
128 
129  // Attach session once no requiredActions or other things are required
130  processor.attachSession();
131  } catch (Exception e) {
132  return processor.handleBrowserException(e);
133  }
134  return processor.finishAuthentication(protocol);
135  } else {
136  try {
137  RestartLoginCookie.setRestartCookie(session, realm, clientConnection, session.getContext().getUri(), authSession);
138  if (redirectToAuthentication) {
139  return processor.redirectToFlow();
140  }
141  return processor.authenticate();
142  } catch (Exception e) {
143  return processor.handleBrowserException(e);
144  }
145  }
146  }
ClientConnection clientConnection
Definition: AuthorizationEndpointBase.java:71
AuthenticationFlowModel getAuthenticationFlow(AuthenticationSessionModel authSession)
Definition: AuthorizationEndpointBase.java:148
KeycloakSession session
Definition: AuthorizationEndpointBase.java:69
AuthenticationProcessor createProcessor(AuthenticationSessionModel authSession, String flowId, String flowPath)
Definition: AuthorizationEndpointBase.java:78
RealmModel realm
Definition: AuthorizationEndpointBase.java:60

◆ updateAuthenticationSession()

void org.keycloak.protocol.docker.DockerEndpoint.updateAuthenticationSession ( )
inlineprivate
78  {
79  authenticationSession.setProtocol(DockerAuthV2Protocol.LOGIN_PROTOCOL);
80  authenticationSession.setAction(CommonClientSessionModel.Action.AUTHENTICATE.name());
81 
82  // Docker specific stuff
83  authenticationSession.setClientNote(DockerAuthV2Protocol.ACCOUNT_PARAM, account);
84  authenticationSession.setClientNote(DockerAuthV2Protocol.SERVICE_PARAM, service);
85  authenticationSession.setClientNote(DockerAuthV2Protocol.SCOPE_PARAM, scope);
86  authenticationSession.setClientNote(DockerAuthV2Protocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
87 
88  }
String service
Definition: DockerEndpoint.java:32
String account
Definition: DockerEndpoint.java:31
KeycloakSession session
Definition: AuthorizationEndpointBase.java:69
AuthenticationSessionModel authenticationSession
Definition: DockerEndpoint.java:35
String scope
Definition: DockerEndpoint.java:33
RealmModel realm
Definition: AuthorizationEndpointBase.java:60

メンバ詳解

◆ account

String org.keycloak.protocol.docker.DockerEndpoint.account
private

◆ APP_INITIATED_FLOW

final String org.keycloak.protocol.AuthorizationEndpointBase.APP_INITIATED_FLOW = "APP_INITIATED_FLOW"
staticinherited

◆ authenticationSession

AuthenticationSessionModel org.keycloak.protocol.docker.DockerEndpoint.authenticationSession
private

◆ authManager

AuthenticationManager org.keycloak.protocol.AuthorizationEndpointBase.authManager
protectedinherited

◆ client

ClientModel org.keycloak.protocol.docker.DockerEndpoint.client
private

◆ clientConnection

ClientConnection org.keycloak.protocol.AuthorizationEndpointBase.clientConnection
protectedinherited

◆ event

EventBuilder org.keycloak.protocol.AuthorizationEndpointBase.event
protectedinherited

◆ headers

HttpHeaders org.keycloak.protocol.AuthorizationEndpointBase.headers
protectedinherited

◆ httpRequest

HttpRequest org.keycloak.protocol.AuthorizationEndpointBase.httpRequest
protectedinherited

◆ logger

final Logger org.keycloak.protocol.docker.DockerEndpoint.logger = Logger.getLogger(DockerEndpoint.class)
staticprotected

◆ login

final EventType org.keycloak.protocol.docker.DockerEndpoint.login
private

◆ realm

RealmModel org.keycloak.protocol.AuthorizationEndpointBase.realm
protectedinherited

◆ scope

String org.keycloak.protocol.docker.DockerEndpoint.scope
private

◆ service

String org.keycloak.protocol.docker.DockerEndpoint.service
private

◆ session

KeycloakSession org.keycloak.protocol.AuthorizationEndpointBase.session
protectedinherited

このクラス詳解は次のファイルから抽出されました: