Examples with AuthenticationExecutionModel org.keycloak.models.AuthenticationExecutionModel used on opensource projects

Search in sources :

Example 16 with AuthenticationExecutionModel

use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.

the class MapAuthenticationExecutionEntity method toModel.

static AuthenticationExecutionModel toModel(MapAuthenticationExecutionEntity entity) {
    if (entity == null)
        return null;
    AuthenticationExecutionModel model = new AuthenticationExecutionModel();
    model.setId(entity.getId());
    model.setAuthenticator(entity.getAuthenticator());
    model.setAuthenticatorConfig(entity.getAuthenticatorConfig());
    model.setFlowId(entity.getFlowId());
    model.setParentFlow(entity.getParentFlowId());
    model.setRequirement(entity.getRequirement());
    Boolean authenticatorFlow = entity.isAutheticatorFlow();
    model.setAuthenticatorFlow(authenticatorFlow == null ? false : authenticatorFlow);
    Integer priority = entity.getPriority();
    model.setPriority(priority == null ? 0 : priority);
    return model;
}
Also used : AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)

Example 17 with AuthenticationExecutionModel

use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.

the class AccountCredentialResource method isFlowEffectivelyDisabled.

// Returns true if flow is effectively disabled - either it's execution or some parent execution is disabled
private boolean isFlowEffectivelyDisabled(AuthenticationFlowModel flow) {
    while (!flow.isTopLevel()) {
        AuthenticationExecutionModel flowExecution = realm.getAuthenticationExecutionByFlowId(flow.getId());
        // Can happen under some corner cases
        if (flowExecution == null)
            return false;
        if (DISABLED == flowExecution.getRequirement())
            return true;
        if (flowExecution.getParentFlow() == null)
            return false;
        // Check parent flow
        flow = realm.getAuthenticationFlowById(flowExecution.getParentFlow());
        if (flow == null)
            return false;
    }
    return false;
}
Also used : AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)

Example 18 with AuthenticationExecutionModel

use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.

the class ChallengeFlowTest method setupFlows.

@Before
public void setupFlows() {
    SerializableApplicationData serializedApplicationData = new SerializableApplicationData(oauth.APP_AUTH_ROOT, oauth.APP_ROOT + "/admin", oauth.APP_AUTH_ROOT + "/*");
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        ClientModel client = session.clients().getClientByClientId(realm, "test-app-flow");
        if (client != null) {
            return;
        }
        // Parent flow
        AuthenticationFlowModel browser = new AuthenticationFlowModel();
        browser.setAlias("cli-challenge");
        browser.setDescription("challenge based authentication");
        browser.setProviderId("basic-flow");
        browser.setTopLevel(true);
        browser.setBuiltIn(true);
        browser = realm.addAuthenticationFlow(browser);
        // Subflow2 - push the button
        AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
        execution.setParentFlow(browser.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(ConsoleUsernamePasswordAuthenticatorFactory.PROVIDER_ID);
        execution.setPriority(10);
        execution.setAuthenticatorFlow(false);
        realm.addAuthenticatorExecution(execution);
        client = realm.addClient(TEST_APP_FLOW);
        client.setSecret("password");
        client.setBaseUrl(serializedApplicationData.applicationBaseUrl);
        client.setManagementUrl(serializedApplicationData.applicationManagementUrl);
        client.setEnabled(true);
        client.addRedirectUri(serializedApplicationData.applicationRedirectUrl);
        client.addRedirectUri("urn:ietf:wg:oauth:2.0:oob");
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING, browser.getId());
        client.setPublicClient(false);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) Before(org.junit.Before)

Example 19 with AuthenticationExecutionModel

use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.

the class FlowOverrideTest method setupFlows.

@Before
public void setupFlows() {
    SerializableApplicationData serializedApplicationData = new SerializableApplicationData(oauth.APP_AUTH_ROOT, oauth.APP_ROOT + "/admin", oauth.APP_AUTH_ROOT + "/*");
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        ClientModel client = session.clients().getClientByClientId(realm, "test-app-flow");
        if (client != null) {
            return;
        }
        client = session.clients().getClientByClientId(realm, "test-app");
        client.setDirectAccessGrantsEnabled(true);
        // Parent flow
        AuthenticationFlowModel browser = new AuthenticationFlowModel();
        browser.setAlias("parent-flow");
        browser.setDescription("browser based authentication");
        browser.setProviderId("basic-flow");
        browser.setTopLevel(true);
        browser.setBuiltIn(true);
        browser = realm.addAuthenticationFlow(browser);
        // Subflow2
        AuthenticationFlowModel subflow2 = new AuthenticationFlowModel();
        subflow2.setTopLevel(false);
        subflow2.setBuiltIn(true);
        subflow2.setAlias("subflow-2");
        subflow2.setDescription("username+password AND pushButton");
        subflow2.setProviderId("basic-flow");
        subflow2 = realm.addAuthenticationFlow(subflow2);
        AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
        execution.setParentFlow(browser.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        execution.setFlowId(subflow2.getId());
        execution.setPriority(20);
        execution.setAuthenticatorFlow(true);
        realm.addAuthenticatorExecution(execution);
        // Subflow2 - push the button
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(subflow2.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(PushButtonAuthenticatorFactory.PROVIDER_ID);
        execution.setPriority(10);
        execution.setAuthenticatorFlow(false);
        realm.addAuthenticatorExecution(execution);
        // Subflow2 - username-password
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(subflow2.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
        execution.setPriority(20);
        execution.setAuthenticatorFlow(false);
        realm.addAuthenticatorExecution(execution);
        client = realm.addClient(TEST_APP_FLOW);
        client.setSecret("password");
        client.setBaseUrl(serializedApplicationData.applicationBaseUrl);
        client.setManagementUrl(serializedApplicationData.applicationManagementUrl);
        client.setEnabled(true);
        client.addRedirectUri(serializedApplicationData.applicationRedirectUrl);
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING, browser.getId());
        client.setPublicClient(false);
        // Parent flow
        AuthenticationFlowModel directGrant = new AuthenticationFlowModel();
        directGrant.setAlias("direct-override-flow");
        directGrant.setDescription("direct grant based authentication");
        directGrant.setProviderId("basic-flow");
        directGrant.setTopLevel(true);
        directGrant.setBuiltIn(true);
        directGrant = realm.addAuthenticationFlow(directGrant);
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(directGrant.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(UsernameOnlyAuthenticator.PROVIDER_ID);
        execution.setPriority(10);
        execution.setAuthenticatorFlow(false);
        realm.addAuthenticatorExecution(execution);
        AuthenticationFlowModel challengeOTP = new AuthenticationFlowModel();
        challengeOTP.setAlias("challenge-override-flow");
        challengeOTP.setDescription("challenge grant based authentication");
        challengeOTP.setProviderId("basic-flow");
        challengeOTP.setTopLevel(true);
        challengeOTP.setBuiltIn(true);
        challengeOTP = realm.addAuthenticationFlow(challengeOTP);
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(challengeOTP.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(BasicAuthOTPAuthenticatorFactory.PROVIDER_ID);
        execution.setPriority(10);
        realm.addAuthenticatorExecution(execution);
        client = realm.addClient(TEST_APP_DIRECT_OVERRIDE);
        client.setSecret("password");
        client.setBaseUrl(serializedApplicationData.applicationBaseUrl);
        client.setManagementUrl(serializedApplicationData.applicationManagementUrl);
        client.setEnabled(true);
        client.addRedirectUri(serializedApplicationData.applicationRedirectUrl);
        client.setPublicClient(false);
        client.setDirectAccessGrantsEnabled(true);
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING, browser.getId());
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.DIRECT_GRANT_BINDING, directGrant.getId());
        client = realm.addClient(TEST_APP_HTTP_CHALLENGE);
        client.setSecret("password");
        client.setBaseUrl(serializedApplicationData.applicationBaseUrl);
        client.setManagementUrl(serializedApplicationData.applicationManagementUrl);
        client.setEnabled(true);
        client.addRedirectUri(serializedApplicationData.applicationRedirectUrl);
        client.setPublicClient(true);
        client.setDirectAccessGrantsEnabled(true);
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.DIRECT_GRANT_BINDING, realm.getFlowByAlias("http challenge").getId());
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING, realm.getFlowByAlias("http challenge").getId());
        client = realm.addClient(TEST_APP_HTTP_CHALLENGE_OTP);
        client.setSecret("password");
        client.setBaseUrl("http://localhost:8180/auth/realms/master/app/auth");
        client.setManagementUrl("http://localhost:8180/auth/realms/master/app/admin");
        client.setEnabled(true);
        client.addRedirectUri("http://localhost:8180/auth/realms/master/app/auth/*");
        client.setPublicClient(true);
        client.setDirectAccessGrantsEnabled(true);
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.DIRECT_GRANT_BINDING, realm.getFlowByAlias("challenge-override-flow").getId());
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING, realm.getFlowByAlias("challenge-override-flow").getId());
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) Before(org.junit.Before)

Example 20 with AuthenticationExecutionModel

use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.

the class AuthenticationManagementResource method lowerPriority.

/**
 * Lower execution's priority
 *
 * @param execution Execution id
 */
@Path("/executions/{executionId}/lower-priority")
@POST
@NoCache
public void lowerPriority(@PathParam("executionId") String execution) {
    auth.realm().requireManageRealm();
    AuthenticationExecutionModel model = realm.getAuthenticationExecutionById(execution);
    if (model == null) {
        session.getTransactionManager().setRollbackOnly();
        throw new NotFoundException("Illegal execution");
    }
    AuthenticationFlowModel parentFlow = getParentFlow(model);
    if (parentFlow.isBuiltIn()) {
        throw new BadRequestException("It is illegal to modify execution in a built in flow");
    }
    List<AuthenticationExecutionModel> executions = realm.getAuthenticationExecutionsStream(parentFlow.getId()).collect(Collectors.toList());
    int i;
    for (i = 0; i < executions.size(); i++) {
        if (executions.get(i).getId().equals(model.getId())) {
            break;
        }
    }
    if (i + 1 >= executions.size())
        return;
    AuthenticationExecutionModel next = executions.get(i + 1);
    int tmp = model.getPriority();
    model.setPriority(next.getPriority());
    realm.updateAuthenticatorExecution(model);
    next.setPriority(tmp);
    realm.updateAuthenticatorExecution(next);
    adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).success();
}
Also used : AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) NotFoundException(javax.ws.rs.NotFoundException) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) BadRequestException(javax.ws.rs.BadRequestException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Aggregations

AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)51 AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)32 AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)11 Path (javax.ws.rs.Path)8 NoCache (org.jboss.resteasy.annotations.cache.NoCache)8 HashMap (java.util.HashMap)7 Response (javax.ws.rs.core.Response)7 RealmModel (org.keycloak.models.RealmModel)7 BadRequestException (javax.ws.rs.BadRequestException)6 NotFoundException (javax.ws.rs.NotFoundException)6 POST (javax.ws.rs.POST)6 ArrayList (java.util.ArrayList)5 LinkedList (java.util.LinkedList)5 Consumes (javax.ws.rs.Consumes)5 Before (org.junit.Before)5 ClientModel (org.keycloak.models.ClientModel)4 List (java.util.List)3 UserModel (org.keycloak.models.UserModel)3 MultivaluedMap (javax.ws.rs.core.MultivaluedMap)2 Logger (org.jboss.logging.Logger)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial