keycloak-service
公開メンバ関数 | 非公開メンバ関数 | 非公開変数類 | 静的非公開変数類 | 全メンバ一覧
org.keycloak.services.resources.SessionCodeChecks クラス
org.keycloak.services.resources.SessionCodeChecks 連携図
Collaboration graph

公開メンバ関数

 SessionCodeChecks (RealmModel realm, UriInfo uriInfo, HttpRequest request, ClientConnection clientConnection, KeycloakSession session, EventBuilder event, String authSessionId, String code, String execution, String clientId, String tabId, String flowPath)
 
AuthenticationSessionModel getAuthenticationSession ()
 
Response getResponse ()
 
ClientSessionCode< AuthenticationSessionModel > getClientCode ()
 
boolean isActionRequest ()
 
AuthenticationSessionModel initialVerifyAuthSession ()
 
boolean initialVerify ()
 
boolean verifyActiveAndValidAction (String expectedAction, ClientSessionCode.ActionType actionType)
 
boolean verifyRequiredAction (String executedAction)
 

非公開メンバ関数

boolean failed ()
 
boolean checkSsl ()
 
boolean isActionActive (ClientSessionCode.ActionType actionType)
 
Response restartAuthenticationSessionFromCookie (RootAuthenticationSessionModel existingRootSession)
 
Response redirectToRequiredActions (String action)
 
URI getLastExecutionUrl (String flowPath, String executionId, String tabId)
 
Response showPageExpired (AuthenticationSessionModel authSession)
 

非公開変数類

AuthenticationSessionModel authSession
 
ClientSessionCode< AuthenticationSessionModel > clientCode
 
Response response
 
boolean actionRequest
 
final RealmModel realm
 
final UriInfo uriInfo
 
final HttpRequest request
 
final ClientConnection clientConnection
 
final KeycloakSession session
 
final EventBuilder event
 
final String code
 
final String execution
 
final String clientId
 
final String tabId
 
final String flowPath
 
final String authSessionId
 

静的非公開変数類

static final Logger logger = Logger.getLogger(SessionCodeChecks.class)
 

詳解

構築子と解体子

◆ SessionCodeChecks()

org.keycloak.services.resources.SessionCodeChecks.SessionCodeChecks ( RealmModel  realm,
UriInfo  uriInfo,
HttpRequest  request,
ClientConnection  clientConnection,
KeycloakSession  session,
EventBuilder  event,
String  authSessionId,
String  code,
String  execution,
String  clientId,
String  tabId,
String  flowPath 
)
inline
81  {
82  this.realm = realm;
83  this.uriInfo = uriInfo;
84  this.request = request;
85  this.clientConnection = clientConnection;
86  this.session = session;
87  this.event = event;
88 
89  this.code = code;
90  this.execution = execution;
91  this.clientId = clientId;
92  this.tabId = tabId;
93  this.flowPath = flowPath;
94  this.authSessionId = authSessionId;
95  }
org.keycloak.services.resources.SessionCodeChecks.clientId
final String clientId
Definition: SessionCodeChecks.java:75
org.keycloak.services.resources.SessionCodeChecks.request
final HttpRequest request
Definition: SessionCodeChecks.java:68
org.keycloak.services.resources.SessionCodeChecks.code
final String code
Definition: SessionCodeChecks.java:73
org.keycloak.services.resources.SessionCodeChecks.uriInfo
final UriInfo uriInfo
Definition: SessionCodeChecks.java:67
org.keycloak.services.resources.SessionCodeChecks.realm
final RealmModel realm
Definition: SessionCodeChecks.java:66
org.keycloak.services.resources.SessionCodeChecks.session
final KeycloakSession session
Definition: SessionCodeChecks.java:70
org.keycloak.services.resources.SessionCodeChecks.execution
final String execution
Definition: SessionCodeChecks.java:74
org.keycloak.services.resources.SessionCodeChecks.event
final EventBuilder event
Definition: SessionCodeChecks.java:71
org.keycloak.services.resources.SessionCodeChecks.authSessionId
final String authSessionId
Definition: SessionCodeChecks.java:78
org.keycloak.services.resources.SessionCodeChecks.flowPath
final String flowPath
Definition: SessionCodeChecks.java:77
org.keycloak.services.resources.SessionCodeChecks.clientConnection
final ClientConnection clientConnection
Definition: SessionCodeChecks.java:69
org.keycloak.services.resources.SessionCodeChecks.tabId
final String tabId
Definition: SessionCodeChecks.java:76

関数詳解

◆ checkSsl()

boolean org.keycloak.services.resources.SessionCodeChecks.checkSsl ( )
inlineprivate
122  {
123  if (uriInfo.getBaseUri().getScheme().equals("https")) {
124  return true;
125  } else {
126  return !realm.getSslRequired().isRequired(clientConnection);
127  }
128  }
org.keycloak.services.resources.SessionCodeChecks.uriInfo
final UriInfo uriInfo
Definition: SessionCodeChecks.java:67
org.keycloak.services.resources.SessionCodeChecks.realm
final RealmModel realm
Definition: SessionCodeChecks.java:66
org.keycloak.services.resources.SessionCodeChecks.clientConnection
final ClientConnection clientConnection
Definition: SessionCodeChecks.java:69

◆ failed()

boolean org.keycloak.services.resources.SessionCodeChecks.failed ( )
inlineprivate
103  {
104  return response != null;
105  }
org.keycloak.services.resources.SessionCodeChecks.response
Response response
Definition: SessionCodeChecks.java:63

◆ getAuthenticationSession()

AuthenticationSessionModel org.keycloak.services.resources.SessionCodeChecks.getAuthenticationSession ( )
inline
98  {
99  return authSession;
100  }
org.keycloak.services.resources.SessionCodeChecks.authSession
AuthenticationSessionModel authSession
Definition: SessionCodeChecks.java:61

◆ getClientCode()

ClientSessionCode<AuthenticationSessionModel> org.keycloak.services.resources.SessionCodeChecks.getClientCode ( )
inline
113  {
114  return clientCode;
115  }
org.keycloak.services.resources.SessionCodeChecks.clientCode
ClientSessionCode< AuthenticationSessionModel > clientCode
Definition: SessionCodeChecks.java:62

◆ getLastExecutionUrl()

URI org.keycloak.services.resources.SessionCodeChecks.getLastExecutionUrl ( String  flowPath,
String  executionId,
String  tabId 
)
inlineprivate
423  {
424  return new AuthenticationFlowURLHelper(session, realm, uriInfo)
425  .getLastExecutionUrl(flowPath, executionId, clientId, tabId);
426  }
org.keycloak.services.resources.SessionCodeChecks.clientId
final String clientId
Definition: SessionCodeChecks.java:75
org.keycloak.services.resources.SessionCodeChecks.uriInfo
final UriInfo uriInfo
Definition: SessionCodeChecks.java:67
org.keycloak.services.resources.SessionCodeChecks.realm
final RealmModel realm
Definition: SessionCodeChecks.java:66
org.keycloak.services.resources.SessionCodeChecks.session
final KeycloakSession session
Definition: SessionCodeChecks.java:70
org.keycloak.services.resources.SessionCodeChecks.flowPath
final String flowPath
Definition: SessionCodeChecks.java:77
org.keycloak.services.resources.SessionCodeChecks.tabId
final String tabId
Definition: SessionCodeChecks.java:76

◆ getResponse()

Response org.keycloak.services.resources.SessionCodeChecks.getResponse ( )
inline
108  {
109  return response;
110  }
org.keycloak.services.resources.SessionCodeChecks.response
Response response
Definition: SessionCodeChecks.java:63

◆ initialVerify()

boolean org.keycloak.services.resources.SessionCodeChecks.initialVerify ( )
inline
202  {
203  // Basic realm checks and authenticationSession retrieve
204  authSession = initialVerifyAuthSession();
205  if (authSession == null) {
206  return false;
207  }
208 
209  // Check cached response from previous action request
210  response = BrowserHistoryHelper.getInstance().loadSavedResponse(session, authSession);
211  if (response != null) {
212  return false;
213  }
214 
215  // Client checks
216  event.detail(Details.CODE_ID, authSession.getParentSession().getId());
217  ClientModel client = authSession.getClient();
218  if (client == null) {
219  event.error(Errors.CLIENT_NOT_FOUND);
220  response = ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, Messages.UNKNOWN_LOGIN_REQUESTER);
221  clientCode.removeExpiredClientSession();
222  return false;
223  }
224 
225  event.client(client);
226  session.getContext().setClient(client);
227 
228  if (!client.isEnabled()) {
229  event.error(Errors.CLIENT_DISABLED);
230  response = ErrorPage.error(session,authSession, Response.Status.BAD_REQUEST, Messages.LOGIN_REQUESTER_NOT_ENABLED);
231  clientCode.removeExpiredClientSession();
232  return false;
233  }
234 
235 
236  // Check if it's action or not
237  if (code == null) {
238  String lastExecFromSession = authSession.getAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
239  String lastFlow = authSession.getAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH);
240 
241  // Check if we transitted between flows (eg. clicking "register" on login screen)
242  if (execution==null && !flowPath.equals(lastFlow)) {
243  logger.debugf("Transition between flows! Current flow: %s, Previous flow: %s", flowPath, lastFlow);
244 
245  // Don't allow moving to different flow if I am on requiredActions already
246  if (AuthenticationSessionModel.Action.AUTHENTICATE.name().equals(authSession.getAction())) {
247  authSession.setAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH, flowPath);
248  authSession.removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
249  lastExecFromSession = null;
250  }
251  }
252 
253  if (execution == null || execution.equals(lastExecFromSession)) {
254  // Allow refresh of previous page
255  clientCode = new ClientSessionCode<>(session, realm, authSession);
256  actionRequest = false;
257 
258  // Allow refresh, but rewrite browser history
259  if (execution == null && lastExecFromSession != null) {
260  logger.debugf("Parameter 'execution' is not in the request, but flow wasn't changed. Will update browser history");
261  request.setAttribute(BrowserHistoryHelper.SHOULD_UPDATE_BROWSER_HISTORY, true);
262  }
263 
264  return true;
265  } else {
266  response = showPageExpired(authSession);
267  return false;
268  }
269  } else {
270  ClientSessionCode.ParseResult<AuthenticationSessionModel> result = ClientSessionCode.parseResult(code, tabId, session, realm, client, event, authSession);
271  clientCode = result.getCode();
272  if (clientCode == null) {
273 
274  // In case that is replayed action, but sent to the same FORM like actual FORM, we just re-render the page
275  if (ObjectUtil.isEqualOrBothNull(execution, authSession.getAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION))) {
276  String latestFlowPath = authSession.getAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH);
277  URI redirectUri = getLastExecutionUrl(latestFlowPath, execution, tabId);
278 
279  logger.debugf("Invalid action code, but execution matches. So just redirecting to %s", redirectUri);
280  authSession.setAuthNote(LoginActionsService.FORWARDED_ERROR_MESSAGE_NOTE, Messages.EXPIRED_ACTION);
281  response = Response.status(Response.Status.FOUND).location(redirectUri).build();
282  } else {
283  response = showPageExpired(authSession);
284  }
285  return false;
286  }
287 
288 
289  actionRequest = true;
290  if (execution != null) {
291  authSession.setAuthNote(AuthenticationProcessor.LAST_PROCESSED_EXECUTION, execution);
292  }
293  return true;
294  }
295  }
org.keycloak.services.resources.SessionCodeChecks.initialVerifyAuthSession
AuthenticationSessionModel initialVerifyAuthSession()
Definition: SessionCodeChecks.java:131
org.keycloak.services.resources.SessionCodeChecks.request
final HttpRequest request
Definition: SessionCodeChecks.java:68
org.keycloak.services.managers.ClientSessionCode.removeExpiredClientSession
void removeExpiredClientSession()
Definition: ClientSessionCode.java:190
org.keycloak.services.resources.SessionCodeChecks.code
final String code
Definition: SessionCodeChecks.java:73
org.keycloak.services.resources.SessionCodeChecks.realm
final RealmModel realm
Definition: SessionCodeChecks.java:66
org.keycloak.services.resources.SessionCodeChecks.actionRequest
boolean actionRequest
Definition: SessionCodeChecks.java:64
org.keycloak.services.resources.SessionCodeChecks.session
final KeycloakSession session
Definition: SessionCodeChecks.java:70
org.keycloak.services.resources.SessionCodeChecks.getLastExecutionUrl
URI getLastExecutionUrl(String flowPath, String executionId, String tabId)
Definition: SessionCodeChecks.java:423
org.keycloak.services.resources.SessionCodeChecks.execution
final String execution
Definition: SessionCodeChecks.java:74
org.keycloak.services.resources.SessionCodeChecks.event
final EventBuilder event
Definition: SessionCodeChecks.java:71
org.keycloak.services.resources.SessionCodeChecks.clientCode
ClientSessionCode< AuthenticationSessionModel > clientCode
Definition: SessionCodeChecks.java:62
org.keycloak.services.resources.SessionCodeChecks.showPageExpired
Response showPageExpired(AuthenticationSessionModel authSession)
Definition: SessionCodeChecks.java:429
org.keycloak.services.resources.SessionCodeChecks.response
Response response
Definition: SessionCodeChecks.java:63
org.keycloak.services.resources.SessionCodeChecks.flowPath
final String flowPath
Definition: SessionCodeChecks.java:77
org.keycloak.services.resources.SessionCodeChecks.authSession
AuthenticationSessionModel authSession
Definition: SessionCodeChecks.java:61
org.keycloak.services.resources.SessionCodeChecks.tabId
final String tabId
Definition: SessionCodeChecks.java:76
org.keycloak.services.resources.SessionCodeChecks.logger
static final Logger logger
Definition: SessionCodeChecks.java:59

◆ initialVerifyAuthSession()

AuthenticationSessionModel org.keycloak.services.resources.SessionCodeChecks.initialVerifyAuthSession ( )
inline
131  {
132  // Basic realm checks
133  if (!checkSsl()) {
134  event.error(Errors.SSL_REQUIRED);
135  response = ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.HTTPS_REQUIRED);
136  return null;
137  }
138  if (!realm.isEnabled()) {
139  event.error(Errors.REALM_DISABLED);
140  response = ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.REALM_NOT_ENABLED);
141  return null;
142  }
143 
144  // Setup client to be shown on error/info page based on "client_id" parameter
145  logger.debugf("Will use client '%s' in back-to-application link", clientId);
146  ClientModel client = null;
147  if (clientId != null) {
148  client = realm.getClientByClientId(clientId);
149  }
150  if (client != null) {
151  session.getContext().setClient(client);
152  }
153 
154 
155  // object retrieve
156  AuthenticationSessionManager authSessionManager = new AuthenticationSessionManager(session);
157  AuthenticationSessionModel authSession = null;
158  if (authSessionId != null) authSession = authSessionManager.getAuthenticationSessionByIdAndClient(realm, authSessionId, client, tabId);
159  AuthenticationSessionModel authSessionCookie = authSessionManager.getCurrentAuthenticationSession(realm, client, tabId);
160 
161  if (authSession != null && authSessionCookie != null && !authSession.getParentSession().getId().equals(authSessionCookie.getParentSession().getId())) {
162  event.detail(Details.REASON, "cookie does not match auth_session query parameter");
163  event.error(Errors.INVALID_CODE);
164  response = ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_CODE);
165  return null;
166 
167  }
168 
169  if (authSession != null) {
170  session.getProvider(LoginFormsProvider.class).setAuthenticationSession(authSession);
171  return authSession;
172  }
173 
174  if (authSessionCookie != null) {
175  session.getProvider(LoginFormsProvider.class).setAuthenticationSession(authSessionCookie);
176  return authSessionCookie;
177 
178  }
179 
180  // See if we are already authenticated and userSession with same ID exists.
181  UserSessionModel userSession = authSessionManager.getUserSessionFromAuthCookie(realm);
182 
183  if (userSession != null) {
184  LoginFormsProvider loginForm = session.getProvider(LoginFormsProvider.class).setAuthenticationSession(authSession)
185  .setSuccess(Messages.ALREADY_LOGGED_IN);
186 
187  if (client == null) {
188  loginForm.setAttribute(Constants.SKIP_LINK, true);
189  }
190 
191  response = loginForm.createInfoPage();
192  return null;
193  }
194 
195  // Otherwise just try to restart from the cookie
196  RootAuthenticationSessionModel existingRootAuthSession = authSessionManager.getCurrentRootAuthenticationSession(realm);
197  response = restartAuthenticationSessionFromCookie(existingRootAuthSession);
198  return null;
199  }
org.keycloak.services.resources.SessionCodeChecks.clientId
final String clientId
Definition: SessionCodeChecks.java:75
org.keycloak.services.resources.SessionCodeChecks.realm
final RealmModel realm
Definition: SessionCodeChecks.java:66
org.keycloak.services.resources.SessionCodeChecks.session
final KeycloakSession session
Definition: SessionCodeChecks.java:70
org.keycloak.services.resources.SessionCodeChecks.checkSsl
boolean checkSsl()
Definition: SessionCodeChecks.java:122
org.keycloak.services.resources.SessionCodeChecks.response
Response response
Definition: SessionCodeChecks.java:63
org.keycloak.services.resources.SessionCodeChecks.authSessionId
final String authSessionId
Definition: SessionCodeChecks.java:78
org.keycloak.services.resources.SessionCodeChecks.authSession
AuthenticationSessionModel authSession
Definition: SessionCodeChecks.java:61
org.keycloak.services.resources.SessionCodeChecks.restartAuthenticationSessionFromCookie
Response restartAuthenticationSessionFromCookie(RootAuthenticationSessionModel existingRootSession)
Definition: SessionCodeChecks.java:371
org.keycloak.services.resources.SessionCodeChecks.tabId
final String tabId
Definition: SessionCodeChecks.java:76
org.keycloak.services.resources.SessionCodeChecks.logger
static final Logger logger
Definition: SessionCodeChecks.java:59

◆ isActionActive()

boolean org.keycloak.services.resources.SessionCodeChecks.isActionActive ( ClientSessionCode.ActionType  actionType)
inlineprivate
324  {
325  if (!clientCode.isActionActive(actionType)) {
326  event.clone().error(Errors.EXPIRED_CODE);
327 
328  AuthenticationProcessor.resetFlow(authSession, LoginActionsService.AUTHENTICATE_PATH);
329 
330  authSession.setAuthNote(LoginActionsService.FORWARDED_ERROR_MESSAGE_NOTE, Messages.LOGIN_TIMEOUT);
331 
332  URI redirectUri = getLastExecutionUrl(LoginActionsService.AUTHENTICATE_PATH, null, tabId);
333  logger.debugf("Flow restart after timeout. Redirecting to %s", redirectUri);
334  response = Response.status(Response.Status.FOUND).location(redirectUri).build();
335  return false;
336  }
337  return true;
338  }
org.keycloak.services.resources.SessionCodeChecks.getLastExecutionUrl
URI getLastExecutionUrl(String flowPath, String executionId, String tabId)
Definition: SessionCodeChecks.java:423
org.keycloak.services.resources.SessionCodeChecks.clientCode
ClientSessionCode< AuthenticationSessionModel > clientCode
Definition: SessionCodeChecks.java:62
org.keycloak.services.resources.SessionCodeChecks.response
Response response
Definition: SessionCodeChecks.java:63
org.keycloak.services.resources.SessionCodeChecks.authSession
AuthenticationSessionModel authSession
Definition: SessionCodeChecks.java:61
org.keycloak.services.managers.ClientSessionCode.isActionActive
boolean isActionActive(ActionType actionType)
Definition: ClientSessionCode.java:157
org.keycloak.services.resources.SessionCodeChecks.tabId
final String tabId
Definition: SessionCodeChecks.java:76
org.keycloak.services.resources.SessionCodeChecks.logger
static final Logger logger
Definition: SessionCodeChecks.java:59

◆ isActionRequest()

boolean org.keycloak.services.resources.SessionCodeChecks.isActionRequest ( )
inline
117  {
118  return actionRequest;
119  }
org.keycloak.services.resources.SessionCodeChecks.actionRequest
boolean actionRequest
Definition: SessionCodeChecks.java:64

◆ redirectToRequiredActions()

Response org.keycloak.services.resources.SessionCodeChecks.redirectToRequiredActions ( String  action)
inlineprivate
406  {
407  UriBuilder uriBuilder = LoginActionsService.loginActionsBaseUrl(uriInfo)
408  .path(LoginActionsService.REQUIRED_ACTION);
409 
410  if (action != null) {
411  uriBuilder.queryParam(Constants.EXECUTION, action);
412  }
413 
414  ClientModel client = authSession.getClient();
415  uriBuilder.queryParam(Constants.CLIENT_ID, client.getClientId());
416  uriBuilder.queryParam(Constants.TAB_ID, authSession.getTabId());
417 
418  URI redirect = uriBuilder.build(realm.getName());
419  return Response.status(302).location(redirect).build();
420  }
org.keycloak.services.resources.SessionCodeChecks.uriInfo
final UriInfo uriInfo
Definition: SessionCodeChecks.java:67
org.keycloak.services.resources.SessionCodeChecks.realm
final RealmModel realm
Definition: SessionCodeChecks.java:66
org.keycloak.services.resources.SessionCodeChecks.authSession
AuthenticationSessionModel authSession
Definition: SessionCodeChecks.java:61

◆ restartAuthenticationSessionFromCookie()

Response org.keycloak.services.resources.SessionCodeChecks.restartAuthenticationSessionFromCookie ( RootAuthenticationSessionModel  existingRootSession)
inlineprivate
371  {
372  logger.debug("Authentication session not found. Trying to restart from cookie.");
373  AuthenticationSessionModel authSession = null;
374 
375  try {
376  authSession = RestartLoginCookie.restartSession(session, realm, existingRootSession, clientId);
377  } catch (Exception e) {
378  ServicesLogger.LOGGER.failedToParseRestartLoginCookie(e);
379  }
380 
381  if (authSession != null) {
382 
383  event.clone();
384  event.detail(Details.RESTART_AFTER_TIMEOUT, "true");
385  event.error(Errors.EXPIRED_CODE);
386 
387  String warningMessage = Messages.LOGIN_TIMEOUT;
388  authSession.setAuthNote(LoginActionsService.FORWARDED_ERROR_MESSAGE_NOTE, warningMessage);
389 
390  String flowPath = authSession.getClientNote(AuthorizationEndpointBase.APP_INITIATED_FLOW);
391  if (flowPath == null) {
392  flowPath = LoginActionsService.AUTHENTICATE_PATH;
393  }
394 
395  URI redirectUri = getLastExecutionUrl(flowPath, null, authSession.getTabId());
396  logger.debugf("Authentication session restart from cookie succeeded. Redirecting to %s", redirectUri);
397  return Response.status(Response.Status.FOUND).location(redirectUri).build();
398  } else {
399  // Finally need to show error as all the fallbacks failed
400  event.error(Errors.INVALID_CODE);
401  return ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, Messages.INVALID_CODE);
402  }
403  }
org.keycloak.services.resources.SessionCodeChecks.clientId
final String clientId
Definition: SessionCodeChecks.java:75
org.keycloak.services.resources.SessionCodeChecks.realm
final RealmModel realm
Definition: SessionCodeChecks.java:66
org.keycloak.services.resources.SessionCodeChecks.session
final KeycloakSession session
Definition: SessionCodeChecks.java:70
org.keycloak.services.resources.SessionCodeChecks.getLastExecutionUrl
URI getLastExecutionUrl(String flowPath, String executionId, String tabId)
Definition: SessionCodeChecks.java:423
org.keycloak.services.resources.SessionCodeChecks.flowPath
final String flowPath
Definition: SessionCodeChecks.java:77
org.keycloak.services.resources.SessionCodeChecks.authSession
AuthenticationSessionModel authSession
Definition: SessionCodeChecks.java:61
org.keycloak.services.resources.SessionCodeChecks.logger
static final Logger logger
Definition: SessionCodeChecks.java:59

◆ showPageExpired()

Response org.keycloak.services.resources.SessionCodeChecks.showPageExpired ( AuthenticationSessionModel  authSession)
inlineprivate
429  {
430  return new AuthenticationFlowURLHelper(session, realm, uriInfo)
431  .showPageExpired(authSession);
432  }
org.keycloak.services.resources.SessionCodeChecks.uriInfo
final UriInfo uriInfo
Definition: SessionCodeChecks.java:67
org.keycloak.services.resources.SessionCodeChecks.realm
final RealmModel realm
Definition: SessionCodeChecks.java:66
org.keycloak.services.resources.SessionCodeChecks.session
final KeycloakSession session
Definition: SessionCodeChecks.java:70
org.keycloak.services.resources.SessionCodeChecks.authSession
AuthenticationSessionModel authSession
Definition: SessionCodeChecks.java:61

◆ verifyActiveAndValidAction()

boolean org.keycloak.services.resources.SessionCodeChecks.verifyActiveAndValidAction ( String  expectedAction,
ClientSessionCode.ActionType  actionType 
)
inline
298  {
299  if (failed()) {
300  return false;
301  }
302 
303  if (!isActionActive(actionType)) {
304  return false;
305  }
306 
307  if (!clientCode.isValidAction(expectedAction)) {
308  AuthenticationSessionModel authSession = getAuthenticationSession();
309  if (AuthenticationSessionModel.Action.REQUIRED_ACTIONS.name().equals(authSession.getAction())) {
310  logger.debugf("Incorrect action '%s' . User authenticated already.", authSession.getAction());
311  response = showPageExpired(authSession);
312  return false;
313  } else {
314  logger.errorf("Bad action. Expected action '%s', current action '%s'", expectedAction, authSession.getAction());
315  response = ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, Messages.EXPIRED_CODE);
316  return false;
317  }
318  }
319 
320  return true;
321  }
org.keycloak.services.resources.SessionCodeChecks.failed
boolean failed()
Definition: SessionCodeChecks.java:103
org.keycloak.services.resources.SessionCodeChecks.session
final KeycloakSession session
Definition: SessionCodeChecks.java:70
org.keycloak.services.resources.SessionCodeChecks.getAuthenticationSession
AuthenticationSessionModel getAuthenticationSession()
Definition: SessionCodeChecks.java:98
org.keycloak.services.resources.SessionCodeChecks.isActionActive
boolean isActionActive(ClientSessionCode.ActionType actionType)
Definition: SessionCodeChecks.java:324
org.keycloak.services.resources.SessionCodeChecks.clientCode
ClientSessionCode< AuthenticationSessionModel > clientCode
Definition: SessionCodeChecks.java:62
org.keycloak.services.resources.SessionCodeChecks.showPageExpired
Response showPageExpired(AuthenticationSessionModel authSession)
Definition: SessionCodeChecks.java:429
org.keycloak.services.resources.SessionCodeChecks.response
Response response
Definition: SessionCodeChecks.java:63
org.keycloak.services.resources.SessionCodeChecks.authSession
AuthenticationSessionModel authSession
Definition: SessionCodeChecks.java:61
org.keycloak.services.resources.SessionCodeChecks.logger
static final Logger logger
Definition: SessionCodeChecks.java:59
org.keycloak.services.managers.ClientSessionCode.isValidAction
boolean isValidAction(String requestedAction)
Definition: ClientSessionCode.java:179

◆ verifyRequiredAction()

boolean org.keycloak.services.resources.SessionCodeChecks.verifyRequiredAction ( String  executedAction)
inline
341  {
342  if (failed()) {
343  return false;
344  }
345 
346  if (!clientCode.isValidAction(AuthenticationSessionModel.Action.REQUIRED_ACTIONS.name())) {
347  logger.debugf("Expected required action, but session action is '%s' . Showing expired page now.", authSession.getAction());
348  event.error(Errors.INVALID_CODE);
349 
350  response = showPageExpired(authSession);
351 
352  return false;
353  }
354 
355  if (!isActionActive(ClientSessionCode.ActionType.USER)) {
356  return false;
357  }
358 
359  if (actionRequest) {
360  String currentRequiredAction = authSession.getAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
361  if (executedAction == null || !executedAction.equals(currentRequiredAction)) {
362  logger.debug("required action doesn't match current required action");
363  response = redirectToRequiredActions(currentRequiredAction);
364  return false;
365  }
366  }
367  return true;
368  }
org.keycloak.services.resources.SessionCodeChecks.failed
boolean failed()
Definition: SessionCodeChecks.java:103
org.keycloak.services.resources.SessionCodeChecks.redirectToRequiredActions
Response redirectToRequiredActions(String action)
Definition: SessionCodeChecks.java:406
org.keycloak.services.resources.SessionCodeChecks.actionRequest
boolean actionRequest
Definition: SessionCodeChecks.java:64
org.keycloak.services.resources.SessionCodeChecks.isActionActive
boolean isActionActive(ClientSessionCode.ActionType actionType)
Definition: SessionCodeChecks.java:324
org.keycloak.services.resources.SessionCodeChecks.clientCode
ClientSessionCode< AuthenticationSessionModel > clientCode
Definition: SessionCodeChecks.java:62
org.keycloak.services.resources.SessionCodeChecks.showPageExpired
Response showPageExpired(AuthenticationSessionModel authSession)
Definition: SessionCodeChecks.java:429
org.keycloak.services.resources.SessionCodeChecks.response
Response response
Definition: SessionCodeChecks.java:63
org.keycloak.services.resources.SessionCodeChecks.authSession
AuthenticationSessionModel authSession
Definition: SessionCodeChecks.java:61
org.keycloak.services.resources.SessionCodeChecks.logger
static final Logger logger
Definition: SessionCodeChecks.java:59
org.keycloak.services.managers.ClientSessionCode.isValidAction
boolean isValidAction(String requestedAction)
Definition: ClientSessionCode.java:179

メンバ詳解

◆ actionRequest

boolean org.keycloak.services.resources.SessionCodeChecks.actionRequest
private

◆ authSession

AuthenticationSessionModel org.keycloak.services.resources.SessionCodeChecks.authSession
private

◆ authSessionId

final String org.keycloak.services.resources.SessionCodeChecks.authSessionId
private

◆ clientCode

ClientSessionCode<AuthenticationSessionModel> org.keycloak.services.resources.SessionCodeChecks.clientCode
private

◆ clientConnection

final ClientConnection org.keycloak.services.resources.SessionCodeChecks.clientConnection
private

◆ clientId

final String org.keycloak.services.resources.SessionCodeChecks.clientId
private

◆ code

final String org.keycloak.services.resources.SessionCodeChecks.code
private

◆ event

final EventBuilder org.keycloak.services.resources.SessionCodeChecks.event
private

◆ execution

final String org.keycloak.services.resources.SessionCodeChecks.execution
private

◆ flowPath

final String org.keycloak.services.resources.SessionCodeChecks.flowPath
private

◆ logger

final Logger org.keycloak.services.resources.SessionCodeChecks.logger = Logger.getLogger(SessionCodeChecks.class)
staticprivate

◆ realm

final RealmModel org.keycloak.services.resources.SessionCodeChecks.realm
private

◆ request

final HttpRequest org.keycloak.services.resources.SessionCodeChecks.request
private

◆ response

Response org.keycloak.services.resources.SessionCodeChecks.response
private

◆ session

final KeycloakSession org.keycloak.services.resources.SessionCodeChecks.session
private

◆ tabId

final String org.keycloak.services.resources.SessionCodeChecks.tabId
private

◆ uriInfo

final UriInfo org.keycloak.services.resources.SessionCodeChecks.uriInfo
private
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時00分29秒作成 - keycloak-service / 構成:   doxygen 1.8.13