org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionTokenHandler.ResetCredsAuthenticationProcessor の継承関係図

org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionTokenHandler.ResetCredsAuthenticationProcessor 連携図

公開メンバ関数
boolean	isBrowserFlow ()

AuthenticationProcessor	setBrowserFlow (boolean browserFlow)

BruteForceProtector	getBruteForceProtector ()

RealmModel	getRealm ()

ClientModel	getClient ()

void	setClient (ClientModel client)

Map< String, String >	getClientAuthAttributes ()

AuthenticationSessionModel	getAuthenticationSession ()

ClientConnection	getConnection ()

UriInfo	getUriInfo ()

KeycloakSession	getSession ()

UserSessionModel	getUserSession ()

AuthenticationProcessor	setRealm (RealmModel realm)

AuthenticationProcessor	setAuthenticationSession (AuthenticationSessionModel authenticationSession)

AuthenticationProcessor	setConnection (ClientConnection connection)

AuthenticationProcessor	setUriInfo (UriInfo uriInfo)

AuthenticationProcessor	setSession (KeycloakSession session)

AuthenticationProcessor	setEventBuilder (EventBuilder eventBuilder)

AuthenticationProcessor	setRequest (HttpRequest request)

AuthenticationProcessor	setFlowId (String flowId)

AuthenticationProcessor	setFlowPath (String flowPath)

AuthenticationProcessor	setForwardedErrorMessage (FormMessage forwardedErrorMessage)

AuthenticationProcessor	setForwardedSuccessMessage (FormMessage forwardedSuccessMessage)

String	generateCode ()

EventBuilder	newEvent ()

EventBuilder	getEvent ()

HttpRequest	getRequest ()

void	setAutheticatedUser (UserModel user)

void	clearAuthenticatedUser ()

URI	getRefreshUrl (boolean authSessionIdParam)

void	logFailure ()

boolean	isSuccessful (AuthenticationExecutionModel model)

Response	handleBrowserException (Exception failure)

Response	handleClientAuthException (Exception failure)

AuthenticationFlow	createFlowExecution (String flowId, AuthenticationExecutionModel execution)

Response	authenticate () throws AuthenticationFlowException

Response	authenticateClient () throws AuthenticationFlowException

Response	redirectToFlow ()

void	resetFlow ()

Response	authenticationAction (String execution)

Response	authenticateOnly () throws AuthenticationFlowException

ClientSessionContext	attachSession ()

void	evaluateRequiredActionTriggers ()

Response	finishAuthentication (LoginProtocol protocol)

void	validateUser (UserModel authenticatedUser)

String	nextRequiredAction ()

AuthenticationProcessor.Result	createAuthenticatorContext (AuthenticationExecutionModel model, Authenticator authenticator, List< AuthenticationExecutionModel > executions)

AuthenticationProcessor.Result	createClientAuthenticatorContext (AuthenticationExecutionModel model, ClientAuthenticator clientAuthenticator, List< AuthenticationExecutionModel > executions)

静的公開メンバ関数
static void	resetFlow (AuthenticationSessionModel authSession, String flowPath)

static AuthenticationSessionModel	clone (KeycloakSession session, AuthenticationSessionModel authSession)

static ClientSessionContext	attachSession (AuthenticationSessionModel authSession, UserSessionModel userSession, KeycloakSession session, RealmModel realm, ClientConnection connection, EventBuilder event)

静的公開変数類
static final String	CURRENT_AUTHENTICATION_EXECUTION = "current.authentication.execution"

static final String	LAST_PROCESSED_EXECUTION = "last.processed.execution"

static final String	CURRENT_FLOW_PATH = "current.flow.path"

static final String	FORKED_FROM = "forked.from"

static final String	BROKER_SESSION_ID = "broker.session.id"

static final String	BROKER_USER_ID = "broker.user.id"

限定公開メンバ関数
Response	authenticationComplete ()

void	logSuccess ()

限定公開変数類
RealmModel	realm

UserSessionModel	userSession

AuthenticationSessionModel	authenticationSession

ClientConnection	connection

UriInfo	uriInfo

KeycloakSession	session

EventBuilder	event

HttpRequest	request

String	flowId

String	flowPath

boolean	browserFlow

BruteForceProtector	protector

Runnable	afterResetListener

FormMessage	forwardedErrorMessage

FormMessage	forwardedSuccessMessage

ClientModel	client

Map< String, String >	clientAuthAttributes = new HashMap<>()

静的限定公開変数類
static final Logger	logger = Logger.getLogger(AuthenticationProcessor.class)

詳解

関数詳解

◆ attachSession() [1/2]

ClientSessionContext org.keycloak.authentication.AuthenticationProcessor.attachSession ( )

inlineinherited

                                                 {
         ClientSessionContext clientSessionCtx = attachSession(authenticationSession, userSession, session, realm, connection, event);
 
         if (userSession == null) {
             userSession = clientSessionCtx.getClientSession().getUserSession();
         }
 
         return clientSessionCtx;
     }

◆ attachSession() [2/2]

static ClientSessionContext org.keycloak.authentication.AuthenticationProcessor.attachSession	(	AuthenticationSessionModel	authSession,
		UserSessionModel	userSession,
		KeycloakSession	session,
		RealmModel	realm,
		ClientConnection	connection,
		EventBuilder	event
	)

inlinestaticinherited

                                                                                                                                                                                                                        {
         String username = authSession.getAuthenticatedUser().getUsername();
         String attemptedUsername = authSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
         if (attemptedUsername != null) username = attemptedUsername;
         String rememberMe = authSession.getAuthNote(Details.REMEMBER_ME);
         boolean remember = rememberMe != null && rememberMe.equalsIgnoreCase("true");
         String brokerSessionId = authSession.getAuthNote(BROKER_SESSION_ID);
         String brokerUserId = authSession.getAuthNote(BROKER_USER_ID);
 
         if (userSession == null) { // if no authenticator attached a usersession
 
             userSession = session.sessions().getUserSession(realm, authSession.getParentSession().getId());
             if (userSession == null) {
                 userSession = session.sessions().createUserSession(authSession.getParentSession().getId(), realm, authSession.getAuthenticatedUser(), username, connection.getRemoteAddr(), authSession.getProtocol()
                         , remember, brokerSessionId, brokerUserId);
             } else if (userSession.getUser() == null || !AuthenticationManager.isSessionValid(realm, userSession)) {
                 userSession.restartSession(realm, authSession.getAuthenticatedUser(), username, connection.getRemoteAddr(), authSession.getProtocol()
                         , remember, brokerSessionId, brokerUserId);
             } else {
                 // We have existing userSession even if it wasn't attached to authenticator. Could happen if SSO authentication was ignored (eg. prompt=login) and in some other cases.
                 // We need to handle case when different user was used
                 logger.debugf("No SSO login, but found existing userSession with ID '%s' after finished authentication.", userSession.getId());
                 if (!authSession.getAuthenticatedUser().equals(userSession.getUser())) {
                     event.detail(Details.EXISTING_USER, userSession.getUser().getId());
                     event.error(Errors.DIFFERENT_USER_AUTHENTICATED);
                     throw new ErrorPageException(session, authSession, Response.Status.INTERNAL_SERVER_ERROR, Messages.DIFFERENT_USER_AUTHENTICATED, userSession.getUser().getUsername());
                 }
             }
             userSession.setState(UserSessionModel.State.LOGGED_IN);
         }
 
         if (remember) {
             event.detail(Details.REMEMBER_ME, "true");
         }
 
         ClientSessionContext clientSessionCtx = TokenManager.attachAuthenticationSession(session, userSession, authSession);
 
         event.user(userSession.getUser())
                 .detail(Details.USERNAME, username)
                 .session(userSession);
 
         return clientSessionCtx;
     }

◆ authenticate()

Response org.keycloak.authentication.AuthenticationProcessor.authenticate ( ) throws AuthenticationFlowException

inlineinherited

                                                                       {
         logger.debug("AUTHENTICATE");
         Response challenge = authenticateOnly();
         if (challenge != null) return challenge;
         return authenticationComplete();
     }

◆ authenticateClient()

Response org.keycloak.authentication.AuthenticationProcessor.authenticateClient ( ) throws AuthenticationFlowException

inlineinherited

                                                                             {
         logger.debug("AUTHENTICATE CLIENT");
         AuthenticationFlow authenticationFlow = createFlowExecution(this.flowId, null);
         try {
             Response challenge = authenticationFlow.processFlow();
             return challenge;
         } catch (Exception e) {
             return handleClientAuthException(e);
         }
     }

◆ authenticateOnly()

Response org.keycloak.authentication.AuthenticationProcessor.authenticateOnly ( ) throws AuthenticationFlowException

inlineinherited

                                                                           {
         logger.debug("AUTHENTICATE ONLY");
         checkClientSession(false);
         event.client(authenticationSession.getClient().getClientId())
                 .detail(Details.REDIRECT_URI, authenticationSession.getRedirectUri())
                 .detail(Details.AUTH_METHOD, authenticationSession.getProtocol());
         String authType = authenticationSession.getAuthNote(Details.AUTH_TYPE);
         if (authType != null) {
             event.detail(Details.AUTH_TYPE, authType);
         }
         UserModel authUser = authenticationSession.getAuthenticatedUser();
         validateUser(authUser);
         AuthenticationFlow authenticationFlow = createFlowExecution(this.flowId, null);
         Response challenge = authenticationFlow.processFlow();
         if (challenge != null) return challenge;
         if (authenticationSession.getAuthenticatedUser() == null) {
             throw new AuthenticationFlowException(AuthenticationFlowError.UNKNOWN_USER);
         }
         return challenge;
     }

◆ authenticationAction()

Response org.keycloak.authentication.AuthenticationProcessor.authenticationAction ( String execution )

inlineinherited

                                                            {
         logger.debug("authenticationAction");
         checkClientSession(true);
         String current = authenticationSession.getAuthNote(CURRENT_AUTHENTICATION_EXECUTION);
         if (execution == null || !execution.equals(current)) {
             logger.debug("Current execution does not equal executed execution.  Might be a page refresh");
             return new AuthenticationFlowURLHelper(session, realm, uriInfo).showPageExpired(authenticationSession);
         }
         UserModel authUser = authenticationSession.getAuthenticatedUser();
         validateUser(authUser);
         AuthenticationExecutionModel model = realm.getAuthenticationExecutionById(execution);
         if (model == null) {
             logger.debug("Cannot find execution, reseting flow");
             logFailure();
             resetFlow();
             return authenticate();
         }
         event.client(authenticationSession.getClient().getClientId())
                 .detail(Details.REDIRECT_URI, authenticationSession.getRedirectUri())
                 .detail(Details.AUTH_METHOD, authenticationSession.getProtocol());
         String authType = authenticationSession.getAuthNote(Details.AUTH_TYPE);
         if (authType != null) {
             event.detail(Details.AUTH_TYPE, authType);
         }
 
         AuthenticationFlow authenticationFlow = createFlowExecution(this.flowId, model);
         Response challenge = authenticationFlow.processAction(execution);
         if (challenge != null) return challenge;
         if (authenticationSession.getAuthenticatedUser() == null) {
             throw new AuthenticationFlowException(AuthenticationFlowError.UNKNOWN_USER);
         }
         return authenticationComplete();
     }

◆ authenticationComplete()

Response org.keycloak.authentication.actiontoken.resetcred.ResetCredentialsActionTokenHandler.ResetCredsAuthenticationProcessor.authenticationComplete ( )

inlineprotected

                                                     {
             boolean firstBrokerLoginInProgress = (authenticationSession.getAuthNote(AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE) != null);
             if (firstBrokerLoginInProgress) {
 
                 UserModel linkingUser = AbstractIdpAuthenticator.getExistingUser(session, realm, authenticationSession);
                 if (!linkingUser.getId().equals(authenticationSession.getAuthenticatedUser().getId())) {
                     return ErrorPage.error(session, authenticationSession, Response.Status.INTERNAL_SERVER_ERROR,
                       Messages.IDENTITY_PROVIDER_DIFFERENT_USER_MESSAGE,
                       authenticationSession.getAuthenticatedUser().getUsername(),
                       linkingUser.getUsername()
                     );
                 }
 
                 SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authenticationSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
                 authenticationSession.setAuthNote(AbstractIdpAuthenticator.FIRST_BROKER_LOGIN_SUCCESS, serializedCtx.getIdentityProviderId());
 
                 logger.debugf("Forget-password flow finished when authenticated user '%s' after first broker login with identity provider '%s'.",
                         linkingUser.getUsername(), serializedCtx.getIdentityProviderId());
 
                 return LoginActionsService.redirectToAfterBrokerLoginEndpoint(session, realm, uriInfo, authenticationSession, true);
             } else {
                 return super.authenticationComplete();
             }
         }

◆ clearAuthenticatedUser()

void org.keycloak.authentication.AuthenticationProcessor.clearAuthenticatedUser ( )

inlineinherited

                                          {
         getAuthenticationSession().setAuthenticatedUser(null);
     }

◆ clone()

static AuthenticationSessionModel org.keycloak.authentication.AuthenticationProcessor.clone	(	KeycloakSession	session,
		AuthenticationSessionModel	authSession
	)

inlinestaticinherited

                                                                                                                     {
         AuthenticationSessionModel clone = authSession.getParentSession().createAuthenticationSession(authSession.getClient());
 
         clone.setRedirectUri(authSession.getRedirectUri());
         clone.setProtocol(authSession.getProtocol());
 
         for (Map.Entry<String, String> clientNote : authSession.getClientNotes().entrySet()) {
             clone.setClientNote(clientNote.getKey(), clientNote.getValue());
         }
 
         clone.setAuthNote(FORKED_FROM, authSession.getTabId());
 
         logger.debugf("Forked authSession %s from authSession %s . Client: %s, Root session: %s",
                 clone.getTabId(), authSession.getTabId(), authSession.getClient().getClientId(), authSession.getParentSession().getId());
 
         return clone;
     }

◆ createAuthenticatorContext()

AuthenticationProcessor.Result org.keycloak.authentication.AuthenticationProcessor.createAuthenticatorContext	(	AuthenticationExecutionModel	model,
		Authenticator	authenticator,
		List< AuthenticationExecutionModel >	executions
	)

inlineinherited

                                                                                                                                                                                      {
         return new Result(model, authenticator, executions);
     }

◆ createClientAuthenticatorContext()

AuthenticationProcessor.Result org.keycloak.authentication.AuthenticationProcessor.createClientAuthenticatorContext	(	AuthenticationExecutionModel	model,
		ClientAuthenticator	clientAuthenticator,
		List< AuthenticationExecutionModel >	executions
	)

inlineinherited

                                                                                                                                                                                                        {
         return new Result(model, clientAuthenticator, executions);
     }

◆ createFlowExecution()

AuthenticationFlow org.keycloak.authentication.AuthenticationProcessor.createFlowExecution	(	String	flowId,
		AuthenticationExecutionModel	execution
	)

inlineinherited

                                                                                                          {
         AuthenticationFlowModel flow = realm.getAuthenticationFlowById(flowId);
         if (flow == null) {
             logger.error("Unknown flow to execute with");
             throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
         }
         if (flow.getProviderId() == null || flow.getProviderId().equals(AuthenticationFlow.BASIC_FLOW)) {
             DefaultAuthenticationFlow flowExecution = new DefaultAuthenticationFlow(this, flow);
             return flowExecution;
 
         } else if (flow.getProviderId().equals(AuthenticationFlow.FORM_FLOW)) {
             FormAuthenticationFlow flowExecution = new FormAuthenticationFlow(this, execution);
             return flowExecution;
         } else if (flow.getProviderId().equals(AuthenticationFlow.CLIENT_FLOW)) {
             ClientAuthenticationFlow flowExecution = new ClientAuthenticationFlow(this, flow);
             return flowExecution;
         }
         throw new AuthenticationFlowException("Unknown flow provider type", AuthenticationFlowError.INTERNAL_ERROR);
     }

◆ evaluateRequiredActionTriggers()

void org.keycloak.authentication.AuthenticationProcessor.evaluateRequiredActionTriggers ( )

inlineinherited

                                                  {
         AuthenticationManager.evaluateRequiredActionTriggers(session, authenticationSession, connection, request, uriInfo, event, realm, authenticationSession.getAuthenticatedUser());
     }

◆ finishAuthentication()

Response org.keycloak.authentication.AuthenticationProcessor.finishAuthentication ( LoginProtocol protocol )

inlineinherited

                                                                  {
         event.success();
         RealmModel realm = authenticationSession.getRealm();
         ClientSessionContext clientSessionCtx = attachSession();
         return AuthenticationManager.redirectAfterSuccessfulFlow(session, realm, userSession, clientSessionCtx, request, uriInfo, connection, event, protocol);
 
     }

◆ generateCode()

String org.keycloak.authentication.AuthenticationProcessor.generateCode ( )

inlineinherited

                                  {
         ClientSessionCode accessCode = new ClientSessionCode(session, getRealm(), getAuthenticationSession());
         authenticationSession.getParentSession().setTimestamp(Time.currentTime());
         return accessCode.getOrGenerateCode();
     }

◆ getAuthenticationSession()

AuthenticationSessionModel org.keycloak.authentication.AuthenticationProcessor.getAuthenticationSession ( )

inlineinherited

                                                                  {
         return authenticationSession;
     }

◆ getBruteForceProtector()

BruteForceProtector org.keycloak.authentication.AuthenticationProcessor.getBruteForceProtector ( )

inlineinherited

                                                         {
         if (protector == null) {
             protector = session.getProvider(BruteForceProtector.class);
         }
         return protector;
     }

◆ getClient()

ClientModel org.keycloak.authentication.AuthenticationProcessor.getClient ( )

inlineinherited

                                    {
         return client;
     }

◆ getClientAuthAttributes()

Map<String, String> org.keycloak.authentication.AuthenticationProcessor.getClientAuthAttributes ( )

inlineinherited

                                                          {
         return clientAuthAttributes;
     }

◆ getConnection()

ClientConnection org.keycloak.authentication.AuthenticationProcessor.getConnection ( )

inlineinherited

                                             {
         return connection;
     }

◆ getEvent()

EventBuilder org.keycloak.authentication.AuthenticationProcessor.getEvent ( )

inlineinherited

                                    {
         return event;
     }

◆ getRealm()

RealmModel org.keycloak.authentication.AuthenticationProcessor.getRealm ( )

inlineinherited

                                  {
         return realm;
     }

◆ getRefreshUrl()

URI org.keycloak.authentication.AuthenticationProcessor.getRefreshUrl ( boolean authSessionIdParam )

inlineinherited

                                                          {
         UriBuilder uriBuilder = LoginActionsService.loginActionsBaseUrl(getUriInfo())
                 .path(AuthenticationProcessor.this.flowPath)
                 .queryParam(Constants.CLIENT_ID, getAuthenticationSession().getClient().getClientId())
                 .queryParam(Constants.TAB_ID, getAuthenticationSession().getTabId());
         if (authSessionIdParam) {
             uriBuilder.queryParam(LoginActionsService.AUTH_SESSION_ID, getAuthenticationSession().getParentSession().getId());
         }
         return uriBuilder
                 .build(getRealm().getName());
     }

◆ getRequest()

HttpRequest org.keycloak.authentication.AuthenticationProcessor.getRequest ( )

inlineinherited

                                     {
         return request;
     }

◆ getSession()

KeycloakSession org.keycloak.authentication.AuthenticationProcessor.getSession ( )

inlineinherited

                                         {
         return session;
     }

◆ getUriInfo()

UriInfo org.keycloak.authentication.AuthenticationProcessor.getUriInfo ( )

inlineinherited

                                 {
         return uriInfo;
     }

◆ getUserSession()

UserSessionModel org.keycloak.authentication.AuthenticationProcessor.getUserSession ( )

inlineinherited

                                              {
         return userSession;
     }

◆ handleBrowserException()

Response org.keycloak.authentication.AuthenticationProcessor.handleBrowserException ( Exception failure )

inlineinherited

                                                               {
         if (failure instanceof AuthenticationFlowException) {
             AuthenticationFlowException e = (AuthenticationFlowException) failure;
 
             if (e.getError() == AuthenticationFlowError.INVALID_USER) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.USER_NOT_FOUND);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.INVALID_USER);
             } else if (e.getError() == AuthenticationFlowError.USER_DISABLED) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.USER_DISABLED);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session,authenticationSession, Response.Status.BAD_REQUEST, Messages.ACCOUNT_DISABLED);
             } else if (e.getError() == AuthenticationFlowError.USER_TEMPORARILY_DISABLED) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.USER_TEMPORARILY_DISABLED);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session,authenticationSession, Response.Status.BAD_REQUEST, Messages.INVALID_USER);
 
             } else if (e.getError() == AuthenticationFlowError.INVALID_CLIENT_SESSION) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.INVALID_CODE);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.INVALID_CODE);
 
             } else if (e.getError() == AuthenticationFlowError.EXPIRED_CODE) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.EXPIRED_CODE);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.EXPIRED_CODE);
 
             } else if (e.getError() == AuthenticationFlowError.FORK_FLOW) {
                 ForkFlowException reset = (ForkFlowException)e;
 
                 AuthenticationSessionModel clone = clone(session, authenticationSession);
 
                 clone.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
                 setAuthenticationSession(clone);
                 session.getProvider(LoginFormsProvider.class).setAuthenticationSession(clone);
 
                 AuthenticationProcessor processor = new AuthenticationProcessor();
                 processor.setAuthenticationSession(clone)
                         .setFlowPath(LoginActionsService.AUTHENTICATE_PATH)
                         .setFlowId(AuthenticationFlowResolver.resolveBrowserFlow(clone).getId())
                         .setForwardedErrorMessage(reset.getErrorMessage())
                         .setForwardedSuccessMessage(reset.getSuccessMessage())
                         .setConnection(connection)
                         .setEventBuilder(event)
                         .setRealm(realm)
                         .setBrowserFlow(isBrowserFlow())
                         .setSession(session)
                         .setUriInfo(uriInfo)
                         .setRequest(request);
                 CacheControlUtil.noBackButtonCacheControlHeader();
                 return processor.authenticate();
 
             } else if (e.getError() == AuthenticationFlowError.DISPLAY_NOT_SUPPORTED) {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.DISPLAY_UNSUPPORTED);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.DISPLAY_UNSUPPORTED);
             } else {
                 ServicesLogger.LOGGER.failedAuthentication(e);
                 event.error(Errors.INVALID_USER_CREDENTIALS);
                 if (e.getResponse() != null) return e.getResponse();
                 return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.INVALID_USER);
             }
 
         } else {
             ServicesLogger.LOGGER.failedAuthentication(failure);
             event.error(Errors.INVALID_USER_CREDENTIALS);
             return ErrorPage.error(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.UNEXPECTED_ERROR_HANDLING_REQUEST);
         }
 
     }

◆ handleClientAuthException()

Response org.keycloak.authentication.AuthenticationProcessor.handleClientAuthException ( Exception failure )

inlineinherited

                                                                  {
         if (failure instanceof AuthenticationFlowException) {
             AuthenticationFlowException e = (AuthenticationFlowException) failure;
             ServicesLogger.LOGGER.failedClientAuthentication(e);
             if (e.getError() == AuthenticationFlowError.CLIENT_NOT_FOUND) {
                 event.error(Errors.CLIENT_NOT_FOUND);
                 return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Invalid client credentials");
             } else if (e.getError() == AuthenticationFlowError.CLIENT_DISABLED) {
                 event.error(Errors.CLIENT_DISABLED);
                 return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Invalid client credentials");
             } else if (e.getError() == AuthenticationFlowError.CLIENT_CREDENTIALS_SETUP_REQUIRED) {
                 event.error(Errors.INVALID_CLIENT_CREDENTIALS);
                 return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", e.getMessage());
             } else {
                 event.error(Errors.INVALID_CLIENT_CREDENTIALS);
                 return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", e.getError().toString() + ": " + e.getMessage());
             }
         } else {
             ServicesLogger.LOGGER.errorAuthenticatingClient(failure);
             event.error(Errors.INVALID_CLIENT_CREDENTIALS);
             return ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Unexpected error when authenticating client: " + failure.getMessage());
         }
     }

◆ isBrowserFlow()

boolean org.keycloak.authentication.AuthenticationProcessor.isBrowserFlow ( )

inlineinherited

                                    {
         return browserFlow;
     }

◆ isSuccessful()

boolean org.keycloak.authentication.AuthenticationProcessor.isSuccessful ( AuthenticationExecutionModel model )

inlineinherited

                                                                     {
         AuthenticationSessionModel.ExecutionStatus status = authenticationSession.getExecutionStatus().get(model.getId());
         if (status == null) return false;
         return status == AuthenticationSessionModel.ExecutionStatus.SUCCESS;
     }

◆ logFailure()

void org.keycloak.authentication.AuthenticationProcessor.logFailure ( )

inlineinherited

                              {
         if (realm.isBruteForceProtected()) {
             String username = authenticationSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
             // todo need to handle non form failures
             if (username == null) {
 
             } else {
                 UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
                 if (user != null) {
                     getBruteForceProtector().failedLogin(realm, user, connection);
                 }
             }
         }
     }

◆ logSuccess()

void org.keycloak.authentication.AuthenticationProcessor.logSuccess ( )

inlineprotectedinherited

                                 {
         if (realm.isBruteForceProtected()) {
             String username = authenticationSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
             // TODO: as above, need to handle non form success
 
             if(username == null) {
                 return;
             }
 
             UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
             if (user != null) {
                 getBruteForceProtector().successfulLogin(realm, user, connection);
             }
         }
     }

◆ newEvent()

EventBuilder org.keycloak.authentication.AuthenticationProcessor.newEvent ( )

inlineinherited

                                    {
         this.event = new EventBuilder(realm, session, connection);
         return this.event;
     }

◆ nextRequiredAction()

String org.keycloak.authentication.AuthenticationProcessor.nextRequiredAction ( )

inlineinherited

                                        {
         return AuthenticationManager.nextRequiredAction(session, authenticationSession, connection, request, uriInfo, event);
     }

◆ redirectToFlow()

Response org.keycloak.authentication.AuthenticationProcessor.redirectToFlow ( )

inlineinherited

                                      {
         URI redirect = new AuthenticationFlowURLHelper(session, realm, uriInfo).getLastExecutionUrl(authenticationSession);
 
         logger.debug("Redirecting to URL: " + redirect.toString());
 
         return Response.status(302).location(redirect).build();
 
     }

◆ resetFlow() [1/2]

void org.keycloak.authentication.AuthenticationProcessor.resetFlow ( )

inlineinherited

                             {
         resetFlow(authenticationSession, flowPath);
 
         if (afterResetListener != null) {
             afterResetListener.run();
         }
     }

◆ resetFlow() [2/2]

static void org.keycloak.authentication.AuthenticationProcessor.resetFlow	(	AuthenticationSessionModel	authSession,
		String	flowPath
	)

inlinestaticinherited

                                                                                           {
         logger.debug("RESET FLOW");
         authSession.getParentSession().setTimestamp(Time.currentTime());
         authSession.setAuthenticatedUser(null);
         authSession.clearExecutionStatus();
         authSession.clearUserSessionNotes();
         authSession.clearAuthNotes();
 
         authSession.setAction(CommonClientSessionModel.Action.AUTHENTICATE.name());
 
         authSession.setAuthNote(CURRENT_FLOW_PATH, flowPath);
     }

◆ setAuthenticationSession()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setAuthenticationSession ( AuthenticationSessionModel authenticationSession )

inlineinherited

                                                                                                               {
         this.authenticationSession = authenticationSession;
         return this;
     }

◆ setAutheticatedUser()

void org.keycloak.authentication.AuthenticationProcessor.setAutheticatedUser ( UserModel user )

inlineinherited

                                                     {
         UserModel previousUser = getAuthenticationSession().getAuthenticatedUser();
         if (previousUser != null && !user.getId().equals(previousUser.getId()))
             throw new AuthenticationFlowException(AuthenticationFlowError.USER_CONFLICT);
         validateUser(user);
         getAuthenticationSession().setAuthenticatedUser(user);
     }

◆ setBrowserFlow()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setBrowserFlow ( boolean browserFlow )

inlineinherited

                                                                        {
         this.browserFlow = browserFlow;
         return this;
     }

◆ setClient()

void org.keycloak.authentication.AuthenticationProcessor.setClient ( ClientModel client )

inlineinherited

                                               {
         this.client = client;
     }

◆ setConnection()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setConnection ( ClientConnection connection )

inlineinherited

                                                                               {
         this.connection = connection;
         return this;
     }

◆ setEventBuilder()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setEventBuilder ( EventBuilder eventBuilder )

inlineinherited

                                                                               {
         this.event = eventBuilder;
         return this;
     }

◆ setFlowId()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setFlowId ( String flowId )

inlineinherited

                                                             {
         this.flowId = flowId;
         return this;
     }

◆ setFlowPath()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setFlowPath ( String flowPath )

inlineinherited

This is the path segment to append when generating an action URL.

引数

flowPath

                                                                 {
         this.flowPath = flowPath;
         return this;
     }

◆ setForwardedErrorMessage()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setForwardedErrorMessage ( FormMessage forwardedErrorMessage )

inlineinherited

                                                                                                {
         this.forwardedErrorMessage = forwardedErrorMessage;
         return this;
     }

◆ setForwardedSuccessMessage()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setForwardedSuccessMessage ( FormMessage forwardedSuccessMessage )

inlineinherited

                                                                                                    {
         this.forwardedSuccessMessage = forwardedSuccessMessage;
         return this;
     }

◆ setRealm()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setRealm ( RealmModel realm )

inlineinherited

                                                               {
         this.realm = realm;
         return this;
     }

◆ setRequest()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setRequest ( HttpRequest request )

inlineinherited

                                                                    {
         this.request = request;
         return this;
     }

◆ setSession()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setSession ( KeycloakSession session )

inlineinherited

                                                                        {
         this.session = session;
         return this;
     }

◆ setUriInfo()

AuthenticationProcessor org.keycloak.authentication.AuthenticationProcessor.setUriInfo ( UriInfo uriInfo )

inlineinherited

                                                                {
         this.uriInfo = uriInfo;
         return this;
     }

◆ validateUser()

void org.keycloak.authentication.AuthenticationProcessor.validateUser ( UserModel authenticatedUser )

inlineinherited

                                                           {
         if (authenticatedUser == null) return;
         if (!authenticatedUser.isEnabled()) throw new AuthenticationFlowException(AuthenticationFlowError.USER_DISABLED);
         if (realm.isBruteForceProtected() && !realm.isPermanentLockout()) {
             if (getBruteForceProtector().isTemporarilyDisabled(session, realm, authenticatedUser)) {
                 getEvent().error(Errors.RESET_CREDENTIAL_DISABLED);
                 ServicesLogger.LOGGER.passwordResetFailed(new AuthenticationFlowException(AuthenticationFlowError.USER_TEMPORARILY_DISABLED));
             }
         }
     }

protectedinherited

This could be an error message forwarded from another authenticator

◆ forwardedSuccessMessage

FormMessage org.keycloak.authentication.AuthenticationProcessor.forwardedSuccessMessage

UserSessionModel org.keycloak.authentication.AuthenticationProcessor.userSession

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authentication/actiontoken/resetcred/ResetCredentialsActionTokenHandler.java

公開メンバ関数

静的公開メンバ関数

静的公開変数類

限定公開メンバ関数

限定公開変数類

静的限定公開変数類

詳解

関数詳解

◆ attachSession() [1/2]

◆ attachSession() [2/2]

◆ authenticate()

◆ authenticateClient()

◆ authenticateOnly()

◆ authenticationAction()

◆ authenticationComplete()

◆ clearAuthenticatedUser()

◆ clone()

◆ createAuthenticatorContext()

◆ createClientAuthenticatorContext()

◆ createFlowExecution()

◆ evaluateRequiredActionTriggers()

◆ finishAuthentication()

◆ generateCode()

◆ getAuthenticationSession()

◆ getBruteForceProtector()

◆ getClient()

◆ getClientAuthAttributes()

◆ getConnection()

◆ getEvent()

◆ getRealm()

◆ getRefreshUrl()

◆ getRequest()

◆ getSession()

◆ getUriInfo()

◆ getUserSession()

◆ handleBrowserException()

◆ handleClientAuthException()

◆ isBrowserFlow()

◆ isSuccessful()

◆ logFailure()

◆ logSuccess()

◆ newEvent()

◆ nextRequiredAction()

◆ redirectToFlow()

◆ resetFlow() [1/2]

◆ resetFlow() [2/2]

◆ setAuthenticationSession()

◆ setAutheticatedUser()

◆ setBrowserFlow()

◆ setClient()

◆ setConnection()

◆ setEventBuilder()

◆ setFlowId()

◆ setFlowPath()

◆ setForwardedErrorMessage()

◆ setForwardedSuccessMessage()

◆ setRealm()

◆ setRequest()

◆ setSession()

◆ setUriInfo()

◆ validateUser()

メンバ詳解

◆ afterResetListener

◆ authenticationSession

◆ BROKER_SESSION_ID

◆ BROKER_USER_ID

◆ browserFlow

◆ client

◆ clientAuthAttributes

◆ connection

◆ CURRENT_AUTHENTICATION_EXECUTION

◆ CURRENT_FLOW_PATH

◆ event

◆ flowId

◆ flowPath

◆ FORKED_FROM

◆ forwardedErrorMessage

◆ forwardedSuccessMessage

◆ LAST_PROCESSED_EXECUTION

◆ logger