refactor execution model
This commit is contained in:
Bill Burke
parent
de940ccff9
commit
04d3d26cb1
26 changed files with 99 additions and 48 deletions
|
|
@ -0,0 +1,14 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
|
||||
<changeSet author="bburke@redhat.com" id="1.5.0">
|
||||
<delete tableName="CLIENT_SESSION_AUTH_STATUS"/>
|
||||
<delete tableName="CLIENT_SESSION_ROLE"/>
|
||||
<delete tableName="CLIENT_SESSION_PROT_MAPPER"/>
|
||||
<delete tableName="CLIENT_SESSION_NOTE"/>
|
||||
<delete tableName="CLIENT_SESSION"/>
|
||||
<delete tableName="USER_SESSION_NOTE"/>
|
||||
<delete tableName="USER_SESSION"/>
|
||||
|
||||
<dropColumn tableName="AUTHENTICATION_EXECUTION" columnName="USER_SETUP_ALLOWED"/>
|
||||
</changeSet>
|
||||
</databaseChangeLog>
|
||||
|
|
@ -8,4 +8,5 @@
|
|||
<include file="META-INF/jpa-changelog-1.2.0.Final.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.3.0.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.4.0.xml"/>
|
||||
<include file="META-INF/jpa-changelog-1.5.0.xml"/>
|
||||
</databaseChangeLog>
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ public interface JpaUpdaterProvider extends Provider {
|
|||
|
||||
public String FIRST_VERSION = "1.0.0.Final";
|
||||
|
||||
public String LAST_VERSION = "1.4.0";
|
||||
public String LAST_VERSION = "1.5.0";
|
||||
|
||||
public String getCurrentVersionSql(String defaultSchema);
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ public class AuthenticationExecutionModel implements Serializable {
|
|||
private String flowId;
|
||||
private boolean authenticatorFlow;
|
||||
private Requirement requirement;
|
||||
private boolean userSetupAllowed;
|
||||
private int priority;
|
||||
private String parentFlow;
|
||||
|
||||
|
|
@ -69,14 +68,6 @@ public class AuthenticationExecutionModel implements Serializable {
|
|||
this.priority = priority;
|
||||
}
|
||||
|
||||
public boolean isUserSetupAllowed() {
|
||||
return userSetupAllowed;
|
||||
}
|
||||
|
||||
public void setUserSetupAllowed(boolean userSetupAllowed) {
|
||||
this.userSetupAllowed = userSetupAllowed;
|
||||
}
|
||||
|
||||
public String getParentFlow() {
|
||||
return parentFlow;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -55,7 +55,6 @@ public class DefaultAuthenticationFlows {
|
|||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator("registration-page-form");
|
||||
execution.setPriority(10);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(true);
|
||||
execution.setFlowId(registrationFormFlow.getId());
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
|
@ -65,7 +64,6 @@ public class DefaultAuthenticationFlows {
|
|||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator("registration-user-creation");
|
||||
execution.setPriority(20);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
|
|
@ -74,7 +72,6 @@ public class DefaultAuthenticationFlows {
|
|||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator("registration-profile-action");
|
||||
execution.setPriority(40);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
|
|
@ -83,7 +80,6 @@ public class DefaultAuthenticationFlows {
|
|||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator("registration-password-action");
|
||||
execution.setPriority(50);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
|
|
@ -99,7 +95,6 @@ public class DefaultAuthenticationFlows {
|
|||
execution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
|
||||
execution.setAuthenticator("registration-recaptcha-action");
|
||||
execution.setPriority(60);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
//execution.setAuthenticatorConfig(captchaConfig.getId());
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
|
@ -137,7 +132,6 @@ public class DefaultAuthenticationFlows {
|
|||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator("direct-grant-validate-username");
|
||||
execution.setPriority(10);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
|
|
@ -150,7 +144,6 @@ public class DefaultAuthenticationFlows {
|
|||
}
|
||||
execution.setAuthenticator("direct-grant-validate-password");
|
||||
execution.setPriority(20);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
|
|
@ -163,7 +156,6 @@ public class DefaultAuthenticationFlows {
|
|||
}
|
||||
execution.setAuthenticator("direct-grant-validate-otp");
|
||||
execution.setPriority(30);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
|
|
@ -184,7 +176,6 @@ public class DefaultAuthenticationFlows {
|
|||
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
|
||||
execution.setAuthenticator("auth-cookie");
|
||||
execution.setPriority(10);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
execution = new AuthenticationExecutionModel();
|
||||
|
|
@ -196,7 +187,6 @@ public class DefaultAuthenticationFlows {
|
|||
}
|
||||
execution.setAuthenticator("auth-spnego");
|
||||
execution.setPriority(20);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
|
|
@ -213,7 +203,6 @@ public class DefaultAuthenticationFlows {
|
|||
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
|
||||
execution.setFlowId(forms.getId());
|
||||
execution.setPriority(30);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(true);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
|
|
@ -224,7 +213,6 @@ public class DefaultAuthenticationFlows {
|
|||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator("auth-username-password-form");
|
||||
execution.setPriority(10);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
|
|
@ -239,7 +227,6 @@ public class DefaultAuthenticationFlows {
|
|||
|
||||
execution.setAuthenticator("auth-otp-form");
|
||||
execution.setPriority(20);
|
||||
execution.setUserSetupAllowed(true);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -468,7 +468,6 @@ public class ModelToRepresentation {
|
|||
rep.setFlowAlias(flow.getAlias());
|
||||
}
|
||||
rep.setPriority(model.getPriority());
|
||||
rep.setUserSetupAllowed(model.isUserSetupAllowed());
|
||||
rep.setRequirement(model.getRequirement().name());
|
||||
return rep;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1083,7 +1083,6 @@ public class RepresentationToModel {
|
|||
model.setFlowId(flow.getId());
|
||||
}
|
||||
model.setPriority(rep.getPriority());
|
||||
model.setUserSetupAllowed(rep.isUserSetupAllowed());
|
||||
model.setRequirement(AuthenticationExecutionModel.Requirement.valueOf(rep.getRequirement()));
|
||||
return model;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1308,7 +1308,6 @@ public class RealmAdapter implements RealmModel {
|
|||
public AuthenticationExecutionModel entityToModel(AuthenticationExecutionEntity entity) {
|
||||
AuthenticationExecutionModel model = new AuthenticationExecutionModel();
|
||||
model.setId(entity.getId());
|
||||
model.setUserSetupAllowed(entity.isUserSetupAllowed());
|
||||
model.setRequirement(entity.getRequirement());
|
||||
model.setPriority(entity.getPriority());
|
||||
model.setAuthenticator(entity.getAuthenticator());
|
||||
|
|
@ -1345,7 +1344,6 @@ public class RealmAdapter implements RealmModel {
|
|||
entity.setAuthenticator(model.getAuthenticator());
|
||||
entity.setPriority(model.getPriority());
|
||||
entity.setRequirement(model.getRequirement());
|
||||
entity.setUserSetupAllowed(model.isUserSetupAllowed());
|
||||
entity.setAuthenticatorFlow(model.isAuthenticatorFlow());
|
||||
entity.setFlowId(model.getFlowId());
|
||||
entity.setAuthenticatorConfig(model.getAuthenticatorConfig());
|
||||
|
|
@ -1371,7 +1369,6 @@ public class RealmAdapter implements RealmModel {
|
|||
entity.setPriority(model.getPriority());
|
||||
entity.setRequirement(model.getRequirement());
|
||||
entity.setFlowId(model.getFlowId());
|
||||
entity.setUserSetupAllowed(model.isUserSetupAllowed());
|
||||
entity.setAuthenticatorConfig(model.getAuthenticatorConfig());
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1622,7 +1622,6 @@ public class RealmAdapter implements RealmModel {
|
|||
public AuthenticationExecutionModel entityToModel(AuthenticationExecutionEntity entity) {
|
||||
AuthenticationExecutionModel model = new AuthenticationExecutionModel();
|
||||
model.setId(entity.getId());
|
||||
model.setUserSetupAllowed(entity.isUserSetupAllowed());
|
||||
model.setRequirement(entity.getRequirement());
|
||||
model.setPriority(entity.getPriority());
|
||||
model.setAuthenticator(entity.getAuthenticator());
|
||||
|
|
@ -1654,7 +1653,6 @@ public class RealmAdapter implements RealmModel {
|
|||
entity.setParentFlow(flow);
|
||||
flow.getExecutions().add(entity);
|
||||
entity.setRealm(realm);
|
||||
entity.setUserSetupAllowed(model.isUserSetupAllowed());
|
||||
entity.setAutheticatorFlow(model.isAuthenticatorFlow());
|
||||
em.persist(entity);
|
||||
em.flush();
|
||||
|
|
@ -1671,7 +1669,6 @@ public class RealmAdapter implements RealmModel {
|
|||
entity.setAuthenticator(model.getAuthenticator());
|
||||
entity.setPriority(model.getPriority());
|
||||
entity.setRequirement(model.getRequirement());
|
||||
entity.setUserSetupAllowed(model.isUserSetupAllowed());
|
||||
entity.setAuthenticatorConfig(model.getAuthenticatorConfig());
|
||||
entity.setFlowId(model.getFlowId());
|
||||
em.flush();
|
||||
|
|
|
|||
|
|
@ -51,9 +51,6 @@ public class AuthenticationExecutionEntity {
|
|||
@Column(name="PRIORITY")
|
||||
protected int priority;
|
||||
|
||||
@Column(name="USER_SETUP_ALLOWED")
|
||||
private boolean userSetupAllowed;
|
||||
|
||||
@Column(name="AUTHENTICATOR_FLOW")
|
||||
private boolean autheticatorFlow;
|
||||
|
||||
|
|
@ -97,14 +94,6 @@ public class AuthenticationExecutionEntity {
|
|||
this.priority = priority;
|
||||
}
|
||||
|
||||
public boolean isUserSetupAllowed() {
|
||||
return userSetupAllowed;
|
||||
}
|
||||
|
||||
public void setUserSetupAllowed(boolean userSetupAllowed) {
|
||||
this.userSetupAllowed = userSetupAllowed;
|
||||
}
|
||||
|
||||
public boolean isAutheticatorFlow() {
|
||||
return autheticatorFlow;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1384,7 +1384,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
public AuthenticationExecutionModel entityToModel(AuthenticationExecutionEntity entity) {
|
||||
AuthenticationExecutionModel model = new AuthenticationExecutionModel();
|
||||
model.setId(entity.getId());
|
||||
model.setUserSetupAllowed(entity.isUserSetupAllowed());
|
||||
model.setRequirement(entity.getRequirement());
|
||||
model.setPriority(entity.getPriority());
|
||||
model.setAuthenticator(entity.getAuthenticator());
|
||||
|
|
@ -1421,7 +1420,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
entity.setAuthenticator(model.getAuthenticator());
|
||||
entity.setPriority(model.getPriority());
|
||||
entity.setRequirement(model.getRequirement());
|
||||
entity.setUserSetupAllowed(model.isUserSetupAllowed());
|
||||
entity.setAuthenticatorFlow(model.isAuthenticatorFlow());
|
||||
entity.setFlowId(model.getFlowId());
|
||||
entity.setParentFlow(model.getParentFlow());
|
||||
|
|
@ -1449,7 +1447,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
entity.setPriority(model.getPriority());
|
||||
entity.setRequirement(model.getRequirement());
|
||||
entity.setFlowId(model.getFlowId());
|
||||
entity.setUserSetupAllowed(model.isUserSetupAllowed());
|
||||
entity.setAuthenticatorConfig(model.getAuthenticatorConfig());
|
||||
updateMongoEntity();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,4 +25,14 @@ public interface ConfigurableAuthenticatorFactory extends ConfiguredProvider {
|
|||
* @return
|
||||
*/
|
||||
AuthenticationExecutionModel.Requirement[] getRequirementChoices();
|
||||
|
||||
/**
|
||||
*
|
||||
* Does this authenticator have required actions that can set if the user does not have
|
||||
* this authenticator set up?
|
||||
*
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
boolean isUserSetupAllowed();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
|||
configuredFor = authenticator.configuredFor(processor.getSession(), processor.getRealm(), authUser);
|
||||
if (!configuredFor) {
|
||||
if (model.isRequired()) {
|
||||
if (model.isUserSetupAllowed()) {
|
||||
if (factory.isUserSetupAllowed()) {
|
||||
AuthenticationProcessor.logger.debugv("authenticator SETUP_REQUIRED: {0}", factory.getId());
|
||||
processor.getClientSession().setExecutionStatus(model.getId(), ClientSessionModel.ExecutionStatus.SETUP_REQUIRED);
|
||||
authenticator.setRequiredActions(processor.getSession(), processor.getRealm(), processor.getClientSession().getAuthenticatedUser());
|
||||
|
|
|
|||
|
|
@ -152,7 +152,8 @@ public class FormAuthenticationFlow implements AuthenticationFlow {
|
|||
executionStatus.put(formActionExecution.getId(), ClientSessionModel.ExecutionStatus.SKIPPED);
|
||||
continue;
|
||||
}
|
||||
FormAction action = processor.getSession().getProvider(FormAction.class, formActionExecution.getAuthenticator());
|
||||
FormActionFactory factory = (FormActionFactory)processor.getSession().getKeycloakSessionFactory().getProviderFactory(FormAction.class, formActionExecution.getAuthenticator());
|
||||
FormAction action = factory.create(processor.getSession());
|
||||
|
||||
UserModel authUser = processor.getClientSession().getAuthenticatedUser();
|
||||
if (action.requiresUser() && authUser == null) {
|
||||
|
|
@ -163,7 +164,7 @@ public class FormAuthenticationFlow implements AuthenticationFlow {
|
|||
configuredFor = action.configuredFor(processor.getSession(), processor.getRealm(), authUser);
|
||||
if (!configuredFor) {
|
||||
if (formActionExecution.isRequired()) {
|
||||
if (formActionExecution.isUserSetupAllowed()) {
|
||||
if (factory.isUserSetupAllowed()) {
|
||||
AuthenticationProcessor.logger.debugv("authenticator SETUP_REQUIRED: {0}", formExecution.getAuthenticator());
|
||||
executionStatus.put(formActionExecution.getId(), ClientSessionModel.ExecutionStatus.SETUP_REQUIRED);
|
||||
requiredActions.add(action);
|
||||
|
|
|
|||
|
|
@ -78,4 +78,10 @@ public class CookieAuthenticatorFactory implements AuthenticatorFactory {
|
|||
public List<ProviderConfigProperty> getConfigProperties() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,6 +59,11 @@ public class OTPFormAuthenticatorFactory implements AuthenticatorFactory {
|
|||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return true;
|
||||
}
|
||||
|
||||
public static final AuthenticationExecutionModel.Requirement[] REQUIREMENT_CHOICES = {
|
||||
AuthenticationExecutionModel.Requirement.REQUIRED,
|
||||
AuthenticationExecutionModel.Requirement.OPTIONAL,
|
||||
|
|
|
|||
|
|
@ -84,4 +84,10 @@ public class SpnegoAuthenticatorFactory implements AuthenticatorFactory {
|
|||
public List<ProviderConfigProperty> getConfigProperties() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -81,4 +81,10 @@ public class UsernamePasswordFormFactory implements AuthenticatorFactory {
|
|||
public List<ProviderConfigProperty> getConfigProperties() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -82,6 +82,12 @@ public class ValidateOTP extends AbstractDirectGrantAuthenticator {
|
|||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public String getDisplayType() {
|
||||
return "OTP";
|
||||
|
|
|
|||
|
|
@ -73,6 +73,12 @@ public class ValidatePassword extends AbstractDirectGrantAuthenticator {
|
|||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public String getDisplayType() {
|
||||
return "Password";
|
||||
|
|
|
|||
|
|
@ -103,6 +103,12 @@ public class ValidateUsername extends AbstractDirectGrantAuthenticator {
|
|||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public String getDisplayType() {
|
||||
return "Username Validation";
|
||||
|
|
|
|||
|
|
@ -82,6 +82,11 @@ public class RegistrationPage implements FormAuthenticator, FormAuthenticatorFac
|
|||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postInit(KeycloakSessionFactory factory) {
|
||||
|
||||
|
|
|
|||
|
|
@ -105,6 +105,11 @@ public class RegistrationPassword implements FormAction, FormActionFactory {
|
|||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
|
|
|
|||
|
|
@ -110,6 +110,12 @@ public class RegistrationProfile implements FormAction, FormActionFactory {
|
|||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
|
|
|
|||
|
|
@ -158,6 +158,12 @@ public class RegistrationRecaptcha implements FormAction, FormActionFactory, Con
|
|||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
|
|
|
|||
|
|
@ -149,6 +149,12 @@ public class RegistrationUserCreation implements FormAction, FormActionFactory {
|
|||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue