keycloak-scim/services/src/main/java/org/keycloak/authentication/AuthenticationFlowContext.java

package org.keycloak.authentication;

import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.ClientConnection;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.services.managers.BruteForceProtector;

import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;

/**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @version $Revision: 1 $
 */
public interface AuthenticationFlowContext {
    /**
     * Current event builder being used
     *
     * @return
     */
    EventBuilder getEvent();

    /**
     * Create a refresh new EventBuilder to use within this context
     *
     * @return
     */
    EventBuilder newEvent();

    /**
     * The current execution in the flow
     *
     * @return
     */
    AuthenticationExecutionModel getExecution();

    /**
     * Current user attached to this flow.  It can return null if no uesr has been identified yet
     *
     * @return
     */
    UserModel getUser();

    /**
     * Attach a specific user to this flow.
     *
     * @param user
     */
    void setUser(UserModel user);

    void attachUserSession(UserSessionModel userSession);

    /**
     * Current realm
     *
     * @return
     */
    RealmModel getRealm();

    /**
     * ClientSessionModel attached to this flow
     *
     * @return
     */
    ClientSessionModel getClientSession();

    /**
     * Information about the IP address from the connecting HTTP client.
     *
     * @return
     */
    ClientConnection getConnection();

    /**
     * UriInfo of the current request
     *
     * @return
     */
    UriInfo getUriInfo();

    /**
     * Current session
     *
     * @return
     */
    KeycloakSession getSession();

    HttpRequest getHttpRequest();
    BruteForceProtector getProtector();


    /**
     * Get any configuration associated with the current execution
     *
     * @return
     */
    AuthenticatorConfigModel getAuthenticatorConfig();

    /**
     * This could be an error message forwarded from brokering when the broker failed authentication
     * and we want to continue authentication locally.  forwardedErrorMessage can then be displayed by
     * whatever form is challenging.
     */
    String getForwardedErrorMessage();

    /**
     * Generates access code and updates clientsession timestamp
     * Access codes must be included in form action callbacks as a query parameter.
     *
     * @return
     */
    String generateAccessCode();


    AuthenticationExecutionModel.Requirement getCategoryRequirementFromCurrentFlow(String authenticatorCategory);

    /**
     * Mark the current execution as successful.  The flow will then continue
     *
     */
    void success();

    /**
     * Aborts the current flow
     *
     * @param error
     */
    void failure(AuthenticationFlowError error);

    /**
     * Aborts the current flow.
     *
     * @param error
     * @param response Response that will be sent back to HTTP client
     */
    void failure(AuthenticationFlowError error, Response response);

    /**
     * Sends a challenge response back to the HTTP client.  If the current execution requirement is optional, this response will not be
     * sent.  If the current execution requirement is alternative, then this challenge will be sent if no other alternative
     * execution was successful.
     *
     * @param challenge
     */
    void challenge(Response challenge);

    /**
     * Sends the challenge back to the HTTP client irregardless of the current executionr equirement
     *
     * @param challenge
     */
    void forceChallenge(Response challenge);

    /**
     * Same behavior as challenge(), but the error count in brute force attack detection will be incremented.
     * For example, if a user enters in a bad password, the user is directed to try again, but Keycloak will keep track
     * of how many failures have happened.
     *
     * @param error
     * @param challenge
     */
    void failureChallenge(AuthenticationFlowError error, Response challenge);

    /**
     * There was no failure or challenge.  The authenticator was attempted, but not fulfilled.  If the current execution
     * requirement is alternative or optional, then this status is ignored by the flow.
     *
     */
    void attempted();
}
document auth spi 2015-08-09 19:06:24 +00:00			`package org.keycloak.authentication;`

			`import org.jboss.resteasy.spi.HttpRequest;`
			`import org.keycloak.ClientConnection;`
			`import org.keycloak.events.EventBuilder;`
			`import org.keycloak.models.AuthenticationExecutionModel;`
			`import org.keycloak.models.AuthenticatorConfigModel;`
			`import org.keycloak.models.ClientSessionModel;`
			`import org.keycloak.models.KeycloakSession;`
			`import org.keycloak.models.RealmModel;`
			`import org.keycloak.models.UserModel;`
			`import org.keycloak.models.UserSessionModel;`
			`import org.keycloak.services.managers.BruteForceProtector;`

			`import javax.ws.rs.core.Response;`
			`import javax.ws.rs.core.UriInfo;`

			`/**`
			`* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>`
			`* @version $Revision: 1 $`
			`*/`
			`public interface AuthenticationFlowContext {`
			`/**`
			`* Current event builder being used`
			`*`
			`* @return`
			`*/`
			`EventBuilder getEvent();`

			`/**`
			`* Create a refresh new EventBuilder to use within this context`
			`*`
			`* @return`
			`*/`
			`EventBuilder newEvent();`

			`/**`
			`* The current execution in the flow`
			`*`
			`* @return`
			`*/`
			`AuthenticationExecutionModel getExecution();`

			`/**`
			`* Current user attached to this flow. It can return null if no uesr has been identified yet`
			`*`
			`* @return`
			`*/`
			`UserModel getUser();`

			`/**`
			`* Attach a specific user to this flow.`
			`*`
			`* @param user`
			`*/`
			`void setUser(UserModel user);`

			`void attachUserSession(UserSessionModel userSession);`

			`/**`
			`* Current realm`
			`*`
			`* @return`
			`*/`
			`RealmModel getRealm();`

			`/**`
			`* ClientSessionModel attached to this flow`
			`*`
			`* @return`
			`*/`
			`ClientSessionModel getClientSession();`

			`/**`
			`* Information about the IP address from the connecting HTTP client.`
			`*`
			`* @return`
			`*/`
			`ClientConnection getConnection();`

			`/**`
			`* UriInfo of the current request`
			`*`
			`* @return`
			`*/`
			`UriInfo getUriInfo();`

			`/**`
			`* Current session`
			`*`
			`* @return`
			`*/`
			`KeycloakSession getSession();`

			`HttpRequest getHttpRequest();`
			`BruteForceProtector getProtector();`


			`/**`
			`* Get any configuration associated with the current execution`
			`*`
			`* @return`
			`*/`
			`AuthenticatorConfigModel getAuthenticatorConfig();`

			`/**`
			`* This could be an error message forwarded from brokering when the broker failed authentication`
			`* and we want to continue authentication locally. forwardedErrorMessage can then be displayed by`
			`* whatever form is challenging.`
			`*/`
			`String getForwardedErrorMessage();`

			`/**`
			`* Generates access code and updates clientsession timestamp`
			`* Access codes must be included in form action callbacks as a query parameter.`
			`*`
			`* @return`
			`*/`
			`String generateAccessCode();`


			`AuthenticationExecutionModel.Requirement getCategoryRequirementFromCurrentFlow(String authenticatorCategory);`

			`/**`
			`* Mark the current execution as successful. The flow will then continue`
			`*`
			`*/`
			`void success();`

			`/**`
			`* Aborts the current flow`
			`*`
			`* @param error`
			`*/`
			`void failure(AuthenticationFlowError error);`

			`/**`
			`* Aborts the current flow.`
			`*`
			`* @param error`
			`* @param response Response that will be sent back to HTTP client`
			`*/`
			`void failure(AuthenticationFlowError error, Response response);`

			`/**`
			`* Sends a challenge response back to the HTTP client. If the current execution requirement is optional, this response will not be`
			`* sent. If the current execution requirement is alternative, then this challenge will be sent if no other alternative`
			`* execution was successful.`
			`*`
			`* @param challenge`
			`*/`
			`void challenge(Response challenge);`

			`/**`
			`* Sends the challenge back to the HTTP client irregardless of the current executionr equirement`
			`*`
			`* @param challenge`
			`*/`
			`void forceChallenge(Response challenge);`

			`/**`
			`* Same behavior as challenge(), but the error count in brute force attack detection will be incremented.`
			`* For example, if a user enters in a bad password, the user is directed to try again, but Keycloak will keep track`
			`* of how many failures have happened.`
			`*`
			`* @param error`
			`* @param challenge`
			`*/`
			`void failureChallenge(AuthenticationFlowError error, Response challenge);`

			`/**`
			`* There was no failure or challenge. The authenticator was attempted, but not fulfilled. If the current execution`
			`* requirement is alternative or optional, then this status is ignored by the flow.`
			`*`
			`*/`
			`void attempted();`
			`}`