Example 46 with AuthenticationExecutionModel
use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.
the class MigrateTo8_0_2 method migrateAuthenticationFlowsWithAlternativeRequirements.
protected void migrateAuthenticationFlowsWithAlternativeRequirements(RealmModel realm) {
for (AuthenticationFlowModel flow : realm.getAuthenticationFlowsStream().collect(Collectors.toList())) {
List<AuthenticationExecutionModel> executions = realm.getAuthenticationExecutionsStream(flow.getId()).collect(Collectors.toList());
Set<AuthenticationExecutionModel.Requirement> requirements = executions.stream().map(AuthenticationExecutionModel::getRequirement).collect(Collectors.toSet());
// to try to preserve same behaviour as in previous versions
if (requirements.contains(REQUIRED) || requirements.contains(CONDITIONAL) && requirements.contains(ALTERNATIVE)) {
// Suffix used just to avoid name conflicts
AtomicInteger suffix = new AtomicInteger(0);
LinkedList<AuthenticationExecutionModel> alternativesToMigrate = new LinkedList<>();
for (AuthenticationExecutionModel execution : executions) {
if (AuthenticationExecutionModel.Requirement.ALTERNATIVE.equals(execution.getRequirement())) {
alternativesToMigrate.add(execution);
}
// If we have some REQUIRED then ALTERNATIVE and then REQUIRED/CONDITIONAL, we migrate the alternatives to the new subflow.
if (REQUIRED.equals(execution.getRequirement()) || CONDITIONAL.equals(execution.getRequirement())) {
if (!alternativesToMigrate.isEmpty()) {
migrateAlternatives(realm, flow, alternativesToMigrate, suffix.get());
suffix.addAndGet(1);
alternativesToMigrate.clear();
}
}
}
if (!alternativesToMigrate.isEmpty()) {
migrateAlternatives(realm, flow, alternativesToMigrate, suffix.get());
}
}
}
}
Also used :
Requirement(org.keycloak.models.AuthenticationExecutionModel.Requirement)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
LinkedList(java.util.LinkedList)
Example 47 with AuthenticationExecutionModel
use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.
the class MigrateTo8_0_2 method migrateAlternatives.
private void migrateAlternatives(RealmModel realm, AuthenticationFlowModel parentFlow, LinkedList<AuthenticationExecutionModel> alternativesToMigrate, int suffix) {
LOG.debugf("Migrating %d ALTERNATIVE executions in the flow '%s' of realm '%s' to separate subflow", alternativesToMigrate.size(), parentFlow.getAlias(), realm.getName());
AuthenticationFlowModel newFlow = new AuthenticationFlowModel();
newFlow.setTopLevel(false);
newFlow.setBuiltIn(parentFlow.isBuiltIn());
newFlow.setAlias(parentFlow.getAlias() + " - Alternatives - " + suffix);
newFlow.setDescription("Subflow of " + parentFlow.getAlias() + " with alternative executions");
newFlow.setProviderId("basic-flow");
newFlow = realm.addAuthenticationFlow(newFlow);
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
execution.setParentFlow(parentFlow.getId());
execution.setRequirement(REQUIRED);
execution.setFlowId(newFlow.getId());
// Use same priority as the first ALTERNATIVE as new execution will defacto replace it in the parent flow
execution.setPriority(alternativesToMigrate.getFirst().getPriority());
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
int priority = 0;
for (AuthenticationExecutionModel ex : alternativesToMigrate) {
priority += 10;
ex.setParentFlow(newFlow.getId());
ex.setPriority(priority);
realm.updateAuthenticatorExecution(ex);
}
}
Also used :
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
Example 48 with AuthenticationExecutionModel
use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.
the class MigrateTo8_0_0 method migrateOptionalAuthenticationExecution.
public static void migrateOptionalAuthenticationExecution(RealmModel realm, AuthenticationFlowModel parentFlow, AuthenticationExecutionModel optionalExecution, boolean updateOptionalExecution) {
LOG.debugf("Migrating optional execution '%s' of flow '%s' of realm '%s' to subflow", optionalExecution.getAuthenticator(), parentFlow.getAlias(), realm.getName());
AuthenticationFlowModel conditionalOTP = new AuthenticationFlowModel();
conditionalOTP.setTopLevel(false);
conditionalOTP.setBuiltIn(parentFlow.isBuiltIn());
conditionalOTP.setAlias(parentFlow.getAlias() + " - " + optionalExecution.getAuthenticator() + " - Conditional");
conditionalOTP.setDescription("Flow to determine if the " + optionalExecution.getAuthenticator() + " authenticator should be used or not.");
conditionalOTP.setProviderId("basic-flow");
conditionalOTP = realm.addAuthenticationFlow(conditionalOTP);
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
execution.setParentFlow(parentFlow.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL);
execution.setFlowId(conditionalOTP.getId());
execution.setPriority(optionalExecution.getPriority());
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(conditionalOTP.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator("conditional-user-configured");
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// Move optionalExecution as child of newly created parent flow
optionalExecution.setParentFlow(conditionalOTP.getId());
optionalExecution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
optionalExecution.setPriority(20);
// In case of JSON migration, the execution is not yet in DB and will be added later
if (updateOptionalExecution) {
realm.updateAuthenticatorExecution(optionalExecution);
}
}
Also used :
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
Example 49 with AuthenticationExecutionModel
use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.
the class RepresentationToModel method toModel.
private static AuthenticationExecutionModel toModel(RealmModel realm, AuthenticationFlowModel parentFlow, AuthenticationExecutionExportRepresentation rep) {
AuthenticationExecutionModel model = new AuthenticationExecutionModel();
if (rep.getAuthenticatorConfig() != null) {
AuthenticatorConfigModel config = realm.getAuthenticatorConfigByAlias(rep.getAuthenticatorConfig());
model.setAuthenticatorConfig(config.getId());
}
model.setAuthenticator(rep.getAuthenticator());
model.setAuthenticatorFlow(rep.isAuthenticatorFlow());
if (rep.getFlowAlias() != null) {
AuthenticationFlowModel flow = realm.getFlowByAlias(rep.getFlowAlias());
model.setFlowId(flow.getId());
}
model.setPriority(rep.getPriority());
try {
model.setRequirement(AuthenticationExecutionModel.Requirement.valueOf(rep.getRequirement()));
model.setParentFlow(parentFlow.getId());
} catch (IllegalArgumentException iae) {
// retro-compatible for previous OPTIONAL being changed to CONDITIONAL
if ("OPTIONAL".equals(rep.getRequirement())) {
MigrateTo8_0_0.migrateOptionalAuthenticationExecution(realm, parentFlow, model, false);
}
}
return model;
}
Also used :
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
Example 50 with AuthenticationExecutionModel
use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.
the class RepresentationToModel method toModel.
public static AuthenticationExecutionModel toModel(RealmModel realm, AuthenticationExecutionRepresentation rep) {
AuthenticationExecutionModel model = new AuthenticationExecutionModel();
model.setId(rep.getId());
model.setFlowId(rep.getFlowId());
model.setAuthenticator(rep.getAuthenticator());
model.setPriority(rep.getPriority());
model.setParentFlow(rep.getParentFlow());
model.setAuthenticatorFlow(rep.isAuthenticatorFlow());
model.setRequirement(AuthenticationExecutionModel.Requirement.valueOf(rep.getRequirement()));
if (rep.getAuthenticatorConfig() != null) {
AuthenticatorConfigModel cfg = realm.getAuthenticatorConfigByAlias(rep.getAuthenticatorConfig());
model.setAuthenticatorConfig(cfg.getId());
}
return model;
}
Also used :
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
Aggregations
AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)51
AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)32
AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)11
Path (javax.ws.rs.Path)8
NoCache (org.jboss.resteasy.annotations.cache.NoCache)8
HashMap (java.util.HashMap)7
Response (javax.ws.rs.core.Response)7
RealmModel (org.keycloak.models.RealmModel)7
BadRequestException (javax.ws.rs.BadRequestException)6
NotFoundException (javax.ws.rs.NotFoundException)6
POST (javax.ws.rs.POST)6
ArrayList (java.util.ArrayList)5
LinkedList (java.util.LinkedList)5
Consumes (javax.ws.rs.Consumes)5
Before (org.junit.Before)5
ClientModel (org.keycloak.models.ClientModel)4
List (java.util.List)3
UserModel (org.keycloak.models.UserModel)3
MultivaluedMap (javax.ws.rs.core.MultivaluedMap)2
Logger (org.jboss.logging.Logger)2
