org.keycloak.protocol.AuthorizationEndpointBase クラス

org.keycloak.protocol.AuthorizationEndpointBase の継承関係図

org.keycloak.protocol.AuthorizationEndpointBase 連携図

公開メンバ関数
	AuthorizationEndpointBase (RealmModel realm, EventBuilder event)

静的公開変数類
static final String	APP_INITIATED_FLOW = "APP_INITIATED_FLOW"

限定公開メンバ関数
AuthenticationProcessor	createProcessor (AuthenticationSessionModel authSession, String flowId, String flowPath)
Response	handleBrowserAuthenticationRequest (AuthenticationSessionModel authSession, LoginProtocol protocol, boolean isPassive, boolean redirectToAuthentication)
AuthenticationFlowModel	getAuthenticationFlow (AuthenticationSessionModel authSession)
void	checkSsl ()
void	checkRealm ()
AuthenticationSessionModel	createAuthenticationSession (ClientModel client, String requestState)

限定公開変数類
RealmModel	realm
EventBuilder	event
AuthenticationManager	authManager
HttpHeaders	headers
HttpRequest	httpRequest
KeycloakSession	session
ClientConnection	clientConnection

静的非公開変数類
static final Logger	logger = Logger.getLogger(AuthorizationEndpointBase.class)

詳解

Common base class for Authorization REST endpoints implementation, which have to be implemented by each protocol.

著者

Vlastimil Elias (velias at redhat dot com)

構築子と解体子

AuthorizationEndpointBase()

org.keycloak.protocol.AuthorizationEndpointBase.AuthorizationEndpointBase ( RealmModel  realm, EventBuilder  event  )

inline

                                                                           {
        this.realm = realm;
        this.event = event;
    }

関数詳解

checkRealm()

void org.keycloak.protocol.AuthorizationEndpointBase.checkRealm ( )

inlineprotected

                                {
        if (!realm.isEnabled()) {
            event.error(Errors.REALM_DISABLED);
            throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.REALM_NOT_ENABLED);
        }
    }

checkSsl()

void org.keycloak.protocol.AuthorizationEndpointBase.checkSsl ( )

inlineprotected

                              {
        if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
            event.error(Errors.SSL_REQUIRED);
            throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.HTTPS_REQUIRED);
        }
    }

createAuthenticationSession()

AuthenticationSessionModel org.keycloak.protocol.AuthorizationEndpointBase.createAuthenticationSession ( ClientModel  client, String  requestState  )

inlineprotected

                                                                                                              {
        AuthenticationSessionManager manager = new AuthenticationSessionManager(session);
        RootAuthenticationSessionModel rootAuthSession = manager.getCurrentRootAuthenticationSession(realm);

        AuthenticationSessionModel authSession;

        if (rootAuthSession != null) {
            authSession = rootAuthSession.createAuthenticationSession(client);

            logger.debugf("Sent request to authz endpoint. Root authentication session with ID '%s' exists. Client is '%s' . Created new authentication session with tab ID: %s",
                    rootAuthSession.getId(), client.getClientId(), authSession.getTabId());
        } else {
            UserSessionCrossDCManager userSessionCrossDCManager = new UserSessionCrossDCManager(session);
            UserSessionModel userSession = userSessionCrossDCManager.getUserSessionIfExistsRemotely(manager, realm);

            if (userSession != null) {
                String userSessionId = userSession.getId();
                rootAuthSession = session.authenticationSessions().createRootAuthenticationSession(userSessionId, realm);
                authSession = rootAuthSession.createAuthenticationSession(client);
                logger.debugf("Sent request to authz endpoint. We don't have root authentication session with ID '%s' but we have userSession." +
                        "Re-created root authentication session with same ID. Client is: %s . New authentication session tab ID: %s", userSessionId, client.getClientId(), authSession.getTabId());
            } else {
                rootAuthSession = manager.createAuthenticationSession(realm, true);
                authSession = rootAuthSession.createAuthenticationSession(client);
                logger.debugf("Sent request to authz endpoint. Created new root authentication session with ID '%s' . Client: %s . New authentication session tab ID: %s",
                        rootAuthSession.getId(), client.getClientId(), authSession.getTabId());
            }
        }

        session.getProvider(LoginFormsProvider.class).setAuthenticationSession(authSession);

        return authSession;

    }

createProcessor()

AuthenticationProcessor org.keycloak.protocol.AuthorizationEndpointBase.createProcessor ( AuthenticationSessionModel  authSession, String  flowId, String  flowPath  )

inlineprotected

                                                                                                                              {
        AuthenticationProcessor processor = new AuthenticationProcessor();
        processor.setAuthenticationSession(authSession)
                .setFlowPath(flowPath)
                .setFlowId(flowId)
                .setBrowserFlow(true)
                .setConnection(clientConnection)
                .setEventBuilder(event)
                .setRealm(realm)
                .setSession(session)
                .setUriInfo(session.getContext().getUri())
                .setRequest(httpRequest);

        authSession.setAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH, flowPath);

        return processor;
    }

getAuthenticationFlow()

AuthenticationFlowModel org.keycloak.protocol.AuthorizationEndpointBase.getAuthenticationFlow ( AuthenticationSessionModel  authSession )

inlineprotected

                                                                                                    {
        return AuthenticationFlowResolver.resolveBrowserFlow(authSession);
    }

handleBrowserAuthenticationRequest()

Response org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest ( AuthenticationSessionModel  authSession, LoginProtocol  protocol, boolean  isPassive, boolean  redirectToAuthentication  )

inlineprotected

Common method to handle browser authentication request in protocols unified way.

引数

authSession	for current request
protocol	handler for protocol used to initiate login
isPassive	set to true if login should be passive (without login screen shown)
redirectToAuthentication	if true redirect to flow url. If initial call to protocol is a POST, you probably want to do this. This is so we can disable the back button on browser

戻り値

response to be returned to the browser

                                                                                                                                                                               {
        AuthenticationFlowModel flow = getAuthenticationFlow(authSession);
        String flowId = flow.getId();
        AuthenticationProcessor processor = createProcessor(authSession, flowId, LoginActionsService.AUTHENTICATE_PATH);
        event.detail(Details.CODE_ID, authSession.getParentSession().getId());
        if (isPassive) {
            // OIDC prompt == NONE or SAML 2 IsPassive flag
            // This means that client is just checking if the user is already completely logged in.
            // We cancel login if any authentication action or required action is required
            try {
                if (processor.authenticateOnly() == null) {
                    // processor.attachSession();
                } else {
                    Response response = protocol.sendError(authSession, Error.PASSIVE_LOGIN_REQUIRED);
                    return response;
                }

                AuthenticationManager.setClientScopesInSession(authSession);

                if (processor.nextRequiredAction() != null) {
                    Response response = protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED);
                    return response;
                }

                // Attach session once no requiredActions or other things are required
                processor.attachSession();
            } catch (Exception e) {
                return processor.handleBrowserException(e);
            }
            return processor.finishAuthentication(protocol);
        } else {
            try {
                RestartLoginCookie.setRestartCookie(session, realm, clientConnection, session.getContext().getUri(), authSession);
                if (redirectToAuthentication) {
                    return processor.redirectToFlow();
                }
                return processor.authenticate();
            } catch (Exception e) {
                return processor.handleBrowserException(e);
            }
        }
    }

メンバ詳解

APP_INITIATED_FLOW

final String org.keycloak.protocol.AuthorizationEndpointBase.APP_INITIATED_FLOW = "APP_INITIATED_FLOW"

static

authManager

AuthenticationManager org.keycloak.protocol.AuthorizationEndpointBase.authManager

protected

clientConnection

ClientConnection org.keycloak.protocol.AuthorizationEndpointBase.clientConnection

protected

event

EventBuilder org.keycloak.protocol.AuthorizationEndpointBase.event

protected

headers

HttpHeaders org.keycloak.protocol.AuthorizationEndpointBase.headers

protected

httpRequest

HttpRequest org.keycloak.protocol.AuthorizationEndpointBase.httpRequest

protected

logger

final Logger org.keycloak.protocol.AuthorizationEndpointBase.logger = Logger.getLogger(AuthorizationEndpointBase.class)

staticprivate

realm

RealmModel org.keycloak.protocol.AuthorizationEndpointBase.realm

protected

session

KeycloakSession org.keycloak.protocol.AuthorizationEndpointBase.session

protected

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java