org.keycloak.services.resources.admin.AttackDetectionResource クラス

org.keycloak.services.resources.admin.AttackDetectionResource 連携図

公開メンバ関数
	AttackDetectionResource (AdminPermissionEvaluator auth, RealmModel realm, AdminEventBuilder adminEvent)
Map< String, Object >	bruteForceUserStatus (@PathParam("userId") String userId)
void	clearBruteForceForUser (@PathParam("userId") String userId)
void	clearAllBruteForce ()

限定公開変数類
AdminPermissionEvaluator	auth
RealmModel	realm
KeycloakSession	session
ClientConnection	connection
HttpHeaders	headers

静的限定公開変数類
static final Logger	logger = Logger.getLogger(AttackDetectionResource.class)

非公開変数類
AdminEventBuilder	adminEvent

詳解

Base resource class for the admin REST api of one realm

Attack Detection

著者

Bill Burke

バージョン

Revision

1

構築子と解体子

AttackDetectionResource()

org.keycloak.services.resources.admin.AttackDetectionResource.AttackDetectionResource ( AdminPermissionEvaluator  auth, RealmModel  realm, AdminEventBuilder  adminEvent  )

inline

                                                                                                                  {
        this.auth = auth;
        this.realm = realm;
        this.adminEvent = adminEvent.realm(realm).resource(ResourceType.USER_LOGIN_FAILURE);
    }

関数詳解

bruteForceUserStatus()

Map<String, Object> org.keycloak.services.resources.admin.AttackDetectionResource.bruteForceUserStatus ( @PathParam("userId") String  userId )

inline

Get status of a username in brute force detection

引数

userId

戻り値

                                                                                        {
        UserModel user = session.users().getUserById(userId, realm);
        if (user == null) {
            auth.users().requireView();
        } else {
            auth.users().requireView(user);
        }

        Map<String, Object> data = new HashMap<>();
        data.put("disabled", false);
        data.put("numFailures", 0);
        data.put("lastFailure", 0);
        data.put("lastIPFailure", "n/a");
        if (!realm.isBruteForceProtected()) return data;


        UserLoginFailureModel model = session.sessions().getUserLoginFailure(realm, userId);
        if (model == null) return data;

        boolean disabled;
        if (user == null) {
            disabled = Time.currentTime() < model.getFailedLoginNotBefore();
        } else {
            disabled = session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, user);
        }
        if (disabled) {
            data.put("disabled", true);
        }

        data.put("numFailures", model.getNumFailures());
        data.put("lastFailure", model.getLastFailure());
        data.put("lastIPFailure", model.getLastIPFailure());
        return data;
    }

clearAllBruteForce()

void org.keycloak.services.resources.admin.AttackDetectionResource.clearAllBruteForce ( )

inline

Clear any user login failures for all users

This can release temporary disabled users

                                     {
        auth.users().requireManage();

        session.sessions().removeAllUserLoginFailures(realm);
        adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
    }

clearBruteForceForUser()

void org.keycloak.services.resources.admin.AttackDetectionResource.clearBruteForceForUser ( @PathParam("userId") String  userId )

inline

Clear any user login failures for the user

This can release temporary disabled user

引数

userId

                                                                           {
        UserModel user = session.users().getUserById(userId, realm);
        if (user == null) {
            auth.users().requireManage();
        } else {
            auth.users().requireManage(user);
        }
        UserLoginFailureModel model = session.sessions().getUserLoginFailure(realm, userId);
        if (model != null) {
            session.sessions().removeUserLoginFailure(realm, userId);
            adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
        }
    }

メンバ詳解

adminEvent

AdminEventBuilder org.keycloak.services.resources.admin.AttackDetectionResource.adminEvent

private

auth

AdminPermissionEvaluator org.keycloak.services.resources.admin.AttackDetectionResource.auth

protected

connection

ClientConnection org.keycloak.services.resources.admin.AttackDetectionResource.connection

protected

headers

HttpHeaders org.keycloak.services.resources.admin.AttackDetectionResource.headers

protected

logger

final Logger org.keycloak.services.resources.admin.AttackDetectionResource.logger = Logger.getLogger(AttackDetectionResource.class)

staticprotected

realm

RealmModel org.keycloak.services.resources.admin.AttackDetectionResource.realm

protected

session

KeycloakSession org.keycloak.services.resources.admin.AttackDetectionResource.session

protected

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java