keycloak-scim/services/src/main/java/org/keycloak/authentication/AbstractAuthenticationFlowContext.java

167 lines
4.2 KiB
Java
Raw Normal View History

package org.keycloak.authentication;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.ClientConnection;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.BruteForceProtector;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface AbstractAuthenticationFlowContext {
/**
* Current event builder being used
*
* @return
*/
EventBuilder getEvent();
/**
* Create a refresh new EventBuilder to use within this context
*
* @return
*/
EventBuilder newEvent();
/**
* The current execution in the flow
*
* @return
*/
AuthenticationExecutionModel getExecution();
/**
* Current realm
*
* @return
*/
RealmModel getRealm();
/**
* Information about the IP address from the connecting HTTP client.
*
* @return
*/
ClientConnection getConnection();
/**
* UriInfo of the current request
*
* @return
*/
UriInfo getUriInfo();
/**
* Current session
*
* @return
*/
KeycloakSession getSession();
HttpRequest getHttpRequest();
BruteForceProtector getProtector();
/**
* Get any configuration associated with the current execution
*
* @return
*/
AuthenticatorConfigModel getAuthenticatorConfig();
/**
* This could be an error message forwarded from brokering when the broker failed authentication
* and we want to continue authentication locally. forwardedErrorMessage can then be displayed by
* whatever form is challenging.
*/
String getForwardedErrorMessage();
/**
* Generates access code and updates clientsession timestamp
* Access codes must be included in form action callbacks as a query parameter.
*
* @return
*/
String generateAccessCode();
AuthenticationExecutionModel.Requirement getCategoryRequirementFromCurrentFlow(String authenticatorCategory);
/**
* Mark the current execution as successful. The flow will then continue
*
*/
void success();
/**
* Aborts the current flow
*
* @param error
*/
void failure(AuthenticationFlowError error);
/**
* Aborts the current flow.
*
* @param error
* @param response Response that will be sent back to HTTP client
*/
void failure(AuthenticationFlowError error, Response response);
/**
* Sends a challenge response back to the HTTP client. If the current execution requirement is optional, this response will not be
* sent. If the current execution requirement is alternative, then this challenge will be sent if no other alternative
* execution was successful.
*
* @param challenge
*/
void challenge(Response challenge);
/**
* Sends the challenge back to the HTTP client irregardless of the current executionr equirement
*
* @param challenge
*/
void forceChallenge(Response challenge);
/**
* Same behavior as challenge(), but the error count in brute force attack detection will be incremented.
* For example, if a user enters in a bad password, the user is directed to try again, but Keycloak will keep track
* of how many failures have happened.
*
* @param error
* @param challenge
*/
void failureChallenge(AuthenticationFlowError error, Response challenge);
/**
* There was no failure or challenge. The authenticator was attempted, but not fulfilled. If the current execution
* requirement is alternative or optional, then this status is ignored by the flow.
*
*/
void attempted();
/**
* Get the current status of the current execution.
*
* @return may return null if not set yet.
*/
FlowStatus getStatus();
/**
* Get the error condition of a failed execution.
*
* @return may return null if there was no error
*/
AuthenticationFlowError getError();
}