org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionTokenHandler の継承関係図

org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionTokenHandler 連携図

公開メンバ関数
	ExecuteActionsActionTokenHandler ()

Predicate<? super ExecuteActionsActionToken > []	getVerifiers (ActionTokenContext< ExecuteActionsActionToken > tokenContext)

Response	handleToken (ExecuteActionsActionToken token, ActionTokenContext< ExecuteActionsActionToken > tokenContext)

boolean	canUseTokenRepeatedly (ExecuteActionsActionToken token, ActionTokenContext< ExecuteActionsActionToken > tokenContext)

ActionTokenHandler< T >	create (KeycloakSession session)

void	init (Scope config)

void	postInit (KeycloakSessionFactory factory)

String	getId ()

void	close ()

Class< T >	getTokenClass ()

EventType	eventType ()

String	getDefaultErrorMessage ()

String	getDefaultEventError ()

String	getAuthenticationSessionIdFromToken (T token, ActionTokenContext< T > tokenContext, AuthenticationSessionModel currentAuthSession)

AuthenticationSessionModel	startFreshAuthenticationSession (T token, ActionTokenContext< T > tokenContext)

boolean	canUseTokenRepeatedly (T token, ActionTokenContext< T > tokenContext)

詳解

著者: hmlnarik

構築子と解体子

◆ ExecuteActionsActionTokenHandler()

org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionTokenHandler.ExecuteActionsActionTokenHandler ( )

inline

                                               {
         super(
           ExecuteActionsActionToken.TOKEN_TYPE,
           ExecuteActionsActionToken.class,
           Messages.INVALID_CODE,
           EventType.EXECUTE_ACTIONS,
           Errors.NOT_ALLOWED
         );
     }

関数詳解

◆ canUseTokenRepeatedly() [1/2]

boolean org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.canUseTokenRepeatedly	(	T	token,
		ActionTokenContext< T >	tokenContext
	)

inlineinherited

                                                                                       {
         return true;
     }

◆ canUseTokenRepeatedly() [2/2]

boolean org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionTokenHandler.canUseTokenRepeatedly	(	ExecuteActionsActionToken	token,
		ActionTokenContext< ExecuteActionsActionToken >	tokenContext
	)

inline

                                                                                                                                       {
         RealmModel realm = tokenContext.getRealm();
         KeycloakSessionFactory sessionFactory = tokenContext.getSession().getKeycloakSessionFactory();
 
         return token.getRequiredActions().stream()
           .map(actionName -> realm.getRequiredActionProviderByAlias(actionName))    // get realm-specific model from action name and filter out irrelevant
           .filter(Objects::nonNull)
           .filter(RequiredActionProviderModel::isEnabled)
 
           .map(RequiredActionProviderModel::getProviderId)      // get provider ID from model
 
           .map(providerId -> (RequiredActionFactory) sessionFactory.getProviderFactory(RequiredActionProvider.class, providerId))
           .filter(Objects::nonNull)
 
           .noneMatch(RequiredActionFactory::isOneTimeAction);
     }

◆ close()

void org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.close ( )

inlineinherited

66 {

67 }

◆ create()

ActionTokenHandler<T> org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.create ( KeycloakSession session )

inlineinherited

                                                                  {
         return this;
     }

◆ eventType()

EventType org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.eventType ( )

inlineinherited

                                  {
         return this.defaultEventType;
     }

◆ getAuthenticationSessionIdFromToken()

String org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.getAuthenticationSessionIdFromToken	(	T	token,
		ActionTokenContext< T >	tokenContext,
		AuthenticationSessionModel	currentAuthSession
	)

inlineinherited

                                                                                                                                                   {
         return token instanceof DefaultActionToken ? ((DefaultActionToken) token).getCompoundAuthenticationSessionId() : null;
     }

◆ getDefaultErrorMessage()

String org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.getDefaultErrorMessage ( )

inlineinherited

                                            {
         return this.defaultErrorMessage;
     }

◆ getDefaultEventError()

String org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.getDefaultEventError ( )

inlineinherited

                                          {
         return this.defaultEventError;
     }

◆ getId()

String org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.getId ( )

inlineinherited

                           {
         return this.id;
     }

◆ getTokenClass()

Class<T> org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.getTokenClass ( )

inlineinherited

                                     {
         return this.tokenClass;
     }

◆ getVerifiers()

Predicate<? super ExecuteActionsActionToken> [] org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionTokenHandler.getVerifiers ( ActionTokenContext< ExecuteActionsActionToken > tokenContext )

inline

                                                                                                                                    {
         return TokenUtils.predicates(
           TokenUtils.checkThat(
             // either redirect URI is not specified or must be valid for the client
             t -> t.getRedirectUri() == null
                  || RedirectUtils.verifyRedirectUri(tokenContext.getUriInfo(), t.getRedirectUri(),
                       tokenContext.getRealm(), tokenContext.getAuthenticationSession().getClient()) != null,
             Errors.INVALID_REDIRECT_URI,
             Messages.INVALID_REDIRECT_URI
           )
         );
     }

◆ handleToken()

Response org.keycloak.authentication.actiontoken.execactions.ExecuteActionsActionTokenHandler.handleToken	(	ExecuteActionsActionToken	token,
		ActionTokenContext< ExecuteActionsActionToken >	tokenContext
	)

inline

                                                                                                                              {
         AuthenticationSessionModel authSession = tokenContext.getAuthenticationSession();
         final UriInfo uriInfo = tokenContext.getUriInfo();
         final RealmModel realm = tokenContext.getRealm();
         final KeycloakSession session = tokenContext.getSession();
         if (tokenContext.isAuthenticationSessionFresh()) {
             // Update the authentication session in the token
             String authSessionEncodedId = AuthenticationSessionCompoundId.fromAuthSession(authSession).getEncodedId();
             token.setCompoundAuthenticationSessionId(authSessionEncodedId);
             UriBuilder builder = Urls.actionTokenBuilder(uriInfo.getBaseUri(), token.serialize(session, realm, uriInfo),
                     authSession.getClient().getClientId(), authSession.getTabId());
             String confirmUri = builder.build(realm.getName()).toString();
 
             return session.getProvider(LoginFormsProvider.class)
                     .setAuthenticationSession(authSession)
                     .setSuccess(Messages.CONFIRM_EXECUTION_OF_ACTIONS)
                     .setAttribute(Constants.TEMPLATE_ATTR_ACTION_URI, confirmUri)
                     .setAttribute(Constants.TEMPLATE_ATTR_REQUIRED_ACTIONS, token.getRequiredActions())
                     .createInfoPage();
         }
 
         String redirectUri = RedirectUtils.verifyRedirectUri(tokenContext.getUriInfo(), token.getRedirectUri(),
           tokenContext.getRealm(), authSession.getClient());
 
         if (redirectUri != null) {
             authSession.setAuthNote(AuthenticationManager.SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS, "true");
 
             authSession.setRedirectUri(redirectUri);
             authSession.setClientNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUri);
         }
 
         token.getRequiredActions().stream().forEach(authSession::addRequiredAction);
 
         UserModel user = tokenContext.getAuthenticationSession().getAuthenticatedUser();
         // verify user email as we know it is valid as this entry point would never have gotten here.
         user.setEmailVerified(true);
 
         String nextAction = AuthenticationManager.nextRequiredAction(tokenContext.getSession(), authSession, tokenContext.getClientConnection(), tokenContext.getRequest(), tokenContext.getUriInfo(), tokenContext.getEvent());
         return AuthenticationManager.redirectToRequiredActions(tokenContext.getSession(), tokenContext.getRealm(), authSession, tokenContext.getUriInfo(), nextAction);
     }

◆ init()

void org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.init ( Scope config )

inlineinherited

53 {

54 }

◆ postInit()

void org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.postInit ( KeycloakSessionFactory factory )

inlineinherited

57 {

58 }

◆ startFreshAuthenticationSession()

AuthenticationSessionModel org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.startFreshAuthenticationSession	(	T	token,
		ActionTokenContext< T >	tokenContext
	)

inlineinherited

                                                                                                                    {
         AuthenticationSessionModel authSession = tokenContext.createAuthenticationSessionForClient(token.getIssuedFor());
         authSession.setAuthNote(AuthenticationManager.END_AFTER_REQUIRED_ACTIONS, "true");
         return authSession;
     }

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authentication/actiontoken/execactions/ExecuteActionsActionTokenHandler.java

公開メンバ関数

詳解

構築子と解体子

◆ ExecuteActionsActionTokenHandler()

関数詳解

◆ canUseTokenRepeatedly() [1/2]

◆ canUseTokenRepeatedly() [2/2]

◆ close()

◆ create()

◆ eventType()

◆ getAuthenticationSessionIdFromToken()

◆ getDefaultErrorMessage()

◆ getDefaultEventError()

◆ getId()

◆ getTokenClass()

◆ getVerifiers()

◆ handleToken()

◆ init()

◆ postInit()

◆ startFreshAuthenticationSession()