diff --git a/server-spi-private/src/main/java/org/keycloak/authentication/AuthenticationFlowContext.java b/server-spi-private/src/main/java/org/keycloak/authentication/AuthenticationFlowContext.java
index fb6e02997a..2f5576efd3 100755
--- a/server-spi-private/src/main/java/org/keycloak/authentication/AuthenticationFlowContext.java
+++ b/server-spi-private/src/main/java/org/keycloak/authentication/AuthenticationFlowContext.java
@@ -58,7 +58,7 @@ public interface AuthenticationFlowContext extends AbstractAuthenticationFlowCon
/**
- * ClientSessionModel attached to this flow
+ * AuthenticationSessionModel attached to this flow
*
* @return
*/
@@ -74,7 +74,7 @@ public interface AuthenticationFlowContext extends AbstractAuthenticationFlowCon
/**
* Get the action URL for the required action.
*
- * @param code client session access code
+ * @param code authentication session access code
* @return
*/
URI getActionUrl(String code);
@@ -114,7 +114,7 @@ public interface AuthenticationFlowContext extends AbstractAuthenticationFlowCon
void resetFlow(Runnable afterResetListener);
/**
- * Fork the current flow. The client session will be cloned and set to point at the realm's browser login flow. The Response will be the result
+ * Fork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result
* of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email.
* It sends an email linking to the current flow and redirects the browser to a new browser login flow.
*
@@ -125,7 +125,7 @@ public interface AuthenticationFlowContext extends AbstractAuthenticationFlowCon
void fork();
/**
- * Fork the current flow. The client session will be cloned and set to point at the realm's browser login flow. The Response will be the result
+ * Fork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result
* of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email.
* It sends an email linking to the current flow and redirects the browser to a new browser login flow.
*
@@ -135,7 +135,7 @@ public interface AuthenticationFlowContext extends AbstractAuthenticationFlowCon
*/
void forkWithSuccessMessage(FormMessage message);
/**
- * Fork the current flow. The client session will be cloned and set to point at the realm's browser login flow. The Response will be the result
+ * Fork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result
* of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email.
* It sends an email linking to the current flow and redirects the browser to a new browser login flow.
*
diff --git a/server-spi-private/src/main/java/org/keycloak/authentication/FlowStatus.java b/server-spi-private/src/main/java/org/keycloak/authentication/FlowStatus.java
index 3ad8ef0005..4037720a70 100755
--- a/server-spi-private/src/main/java/org/keycloak/authentication/FlowStatus.java
+++ b/server-spi-private/src/main/java/org/keycloak/authentication/FlowStatus.java
@@ -62,7 +62,7 @@ public enum FlowStatus {
ATTEMPTED,
/**
- * This flow is being forked. The current client session is being cloned, reset, and redirected to browser login.
+ * This flow is being forked. The current authentication session is being cloned, reset, and redirected to browser login.
*
*/
FORK,
diff --git a/server-spi/src/main/java/org/keycloak/models/ClientSessionModel.java b/server-spi/src/main/java/org/keycloak/models/ClientSessionModel.java
deleted file mode 100755
index 12abb10903..0000000000
--- a/server-spi/src/main/java/org/keycloak/models/ClientSessionModel.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.models;
-
-import java.util.Map;
-import java.util.Set;
-
-import org.keycloak.sessions.CommonClientSessionModel;
-
-/**
- * @author Stian Thorgersen
- */
-public interface ClientSessionModel extends CommonClientSessionModel {
-
- public UserSessionModel getUserSession();
- public void setUserSession(UserSessionModel userSession);
-
- public String getRedirectUri();
- public void setRedirectUri(String uri);
-
- public Map getExecutionStatus();
- public void setExecutionStatus(String authenticator, ExecutionStatus status);
- public void clearExecutionStatus();
- public UserModel getAuthenticatedUser();
- public void setAuthenticatedUser(UserModel user);
-
- /**
- * Required actions that are attached to this client session.
- *
- * @return
- */
- Set getRequiredActions();
-
- void addRequiredAction(String action);
-
- void removeRequiredAction(String action);
-
- void addRequiredAction(UserModel.RequiredAction action);
-
- void removeRequiredAction(UserModel.RequiredAction action);
-
-
- /**
- * These are notes you want applied to the UserSessionModel when the client session is attached to it.
- *
- * @param name
- * @param value
- */
- public void setUserSessionNote(String name, String value);
-
- /**
- * These are notes you want applied to the UserSessionModel when the client session is attached to it.
- *
- * @return
- */
- public Map getUserSessionNotes();
-
- public void clearUserSessionNotes();
-
- public String getNote(String name);
- public void setNote(String name, String value);
- public void removeNote(String name);
- public Map getNotes();
-
-
-}
diff --git a/services/src/main/java/org/keycloak/authentication/actiontoken/ActionTokenContext.java b/services/src/main/java/org/keycloak/authentication/actiontoken/ActionTokenContext.java
index ca00b0dbc5..1550a8d374 100644
--- a/services/src/main/java/org/keycloak/authentication/actiontoken/ActionTokenContext.java
+++ b/services/src/main/java/org/keycloak/authentication/actiontoken/ActionTokenContext.java
@@ -26,7 +26,6 @@ import org.keycloak.representations.JsonWebToken;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.sessions.AuthenticationSessionModel;
-import java.util.function.Function;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilderException;
import javax.ws.rs.core.UriInfo;
@@ -113,7 +112,7 @@ public class ActionTokenContext {
ClientModel client = realm.getClientByClientId(clientId == null ? Constants.ACCOUNT_MANAGEMENT_CLIENT_ID : clientId);
authSession = new AuthenticationSessionManager(session).createAuthenticationSession(realm, client, true);
- authSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
+ authSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
String redirectUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName()).toString();
authSession.setRedirectUri(redirectUri);
diff --git a/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java b/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
index 0e488e18d7..e259738de6 100644
--- a/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
+++ b/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
@@ -114,12 +114,12 @@ public class RestartLoginCookie {
public RestartLoginCookie() {
}
- public RestartLoginCookie(AuthenticationSessionModel clientSession) {
- this.action = clientSession.getAction();
- this.clientId = clientSession.getClient().getClientId();
- this.authMethod = clientSession.getProtocol();
- this.redirectUri = clientSession.getRedirectUri();
- for (Map.Entry entry : clientSession.getClientNotes().entrySet()) {
+ public RestartLoginCookie(AuthenticationSessionModel authSession) {
+ this.action = authSession.getAction();
+ this.clientId = authSession.getClient().getClientId();
+ this.authMethod = authSession.getProtocol();
+ this.redirectUri = authSession.getRedirectUri();
+ for (Map.Entry entry : authSession.getClientNotes().entrySet()) {
notes.put(entry.getKey(), entry.getValue());
}
}
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java
index 6ee2be3b0b..1b8817d7b7 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java
@@ -31,7 +31,6 @@ import org.keycloak.jose.jws.Algorithm;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.ClientModel;
-import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index 805867bf6c..07bd1f60bc 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -482,7 +482,7 @@ public class AuthenticationManager {
public static Response redirectToRequiredActions(KeycloakSession session, RealmModel realm, AuthenticationSessionModel authSession, UriInfo uriInfo, String requiredAction) {
// redirect to non-action url so browser refresh button works without reposting past data
ClientSessionCode accessCode = new ClientSessionCode<>(session, realm, authSession);
- accessCode.setAction(ClientSessionModel.Action.REQUIRED_ACTIONS.name());
+ accessCode.setAction(AuthenticationSessionModel.Action.REQUIRED_ACTIONS.name());
authSession.setAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH, LoginActionsService.REQUIRED_ACTION);
authSession.setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, requiredAction);
diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
index e4364125ec..b1bd354207 100755
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@@ -45,7 +45,6 @@ import org.keycloak.exceptions.TokenNotActiveException;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.ClientModel;
-import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
@@ -235,7 +234,7 @@ public class LoginActionsService {
event.event(EventType.LOGIN);
SessionCodeChecks checks = checksForCode(code, execution, clientId, AUTHENTICATE_PATH);
- if (!checks.verifyActiveAndValidAction(ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
+ if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
return checks.getResponse();
}
@@ -320,7 +319,7 @@ public class LoginActionsService {
}
/**
- * Endpoint for executing reset credentials flow. If token is null, a client session is created with the account
+ * Endpoint for executing reset credentials flow. If token is null, a authentication session is created with the account
* service as the client. Successful reset sends you to the account page. Note, account service must be enabled.
*
* @param code
@@ -357,7 +356,7 @@ public class LoginActionsService {
// set up the account service as the endpoint to call.
ClientModel client = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
authSession = new AuthenticationSessionManager(session).createAuthenticationSession(realm, client, true);
- authSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
+ authSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
//authSession.setNote(AuthenticationManager.END_AFTER_REQUIRED_ACTIONS, "true");
authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
String redirectUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName()).toString();
@@ -376,7 +375,7 @@ public class LoginActionsService {
*/
protected Response resetCredentials(String code, String execution, String clientId) {
SessionCodeChecks checks = checksForCode(code, execution, clientId, RESET_CREDENTIALS_PATH);
- if (!checks.verifyActiveAndValidAction(ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.USER)) {
+ if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.USER)) {
return checks.getResponse();
}
final AuthenticationSessionModel authSession = checks.getAuthenticationSession();
@@ -613,7 +612,7 @@ public class LoginActionsService {
}
SessionCodeChecks checks = checksForCode(code, execution, clientId, REGISTRATION_PATH);
- if (!checks.verifyActiveAndValidAction(ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
+ if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
return checks.getResponse();
}
@@ -665,7 +664,7 @@ public class LoginActionsService {
event.event(eventType);
SessionCodeChecks checks = checksForCode(code, execution, clientId, flowPath);
- if (!checks.verifyActiveAndValidAction(ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
+ if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
return checks.getResponse();
}
event.detail(Details.CODE_ID, code);
@@ -675,7 +674,7 @@ public class LoginActionsService {
SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authSession, noteKey);
if (serializedCtx == null) {
ServicesLogger.LOGGER.notFoundSerializedCtxInClientSession(noteKey);
- throw new WebApplicationException(ErrorPage.error(session, "Not found serialized context in clientSession."));
+ throw new WebApplicationException(ErrorPage.error(session, "Not found serialized context in authenticationSession."));
}
BrokeredIdentityContext brokerContext = serializedCtx.deserialize(session, authSession);
final String identityProviderAlias = brokerContext.getIdpConfig().getAlias();
@@ -745,7 +744,7 @@ public class LoginActionsService {
String code = formData.getFirst("code");
String clientId = uriInfo.getQueryParameters().getFirst(Constants.CLIENT_ID);
SessionCodeChecks checks = checksForCode(code, null, clientId, REQUIRED_ACTION);
- if (!checks.verifyRequiredAction(ClientSessionModel.Action.OAUTH_GRANT.name())) {
+ if (!checks.verifyRequiredAction(AuthenticationSessionModel.Action.OAUTH_GRANT.name())) {
return checks.getResponse();
}
diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsServiceChecks.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsServiceChecks.java
index 3c29ede4d7..9edc513b44 100644
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsServiceChecks.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsServiceChecks.java
@@ -82,7 +82,7 @@ public class LoginActionsServiceChecks {
private final ActionTokenContext context;
- private final ClientSessionModel.Action expectedAction;
+ private final AuthenticationSessionModel.Action expectedAction;
public IsActionRequired(ActionTokenContext context, Action expectedAction) {
this.context = context;
@@ -94,7 +94,7 @@ public class LoginActionsServiceChecks {
AuthenticationSessionModel authSession = context.getAuthenticationSession();
if (authSession != null && ! Objects.equals(authSession.getAction(), this.expectedAction.name())) {
- if (Objects.equals(ClientSessionModel.Action.REQUIRED_ACTIONS.name(), authSession.getAction())) {
+ if (Objects.equals(AuthenticationSessionModel.Action.REQUIRED_ACTIONS.name(), authSession.getAction())) {
throw new LoginActionsServiceException(
AuthenticationManager.nextActionAfterAuthentication(context.getSession(), authSession,
context.getClientConnection(), context.getRequest(), context.getUriInfo(), context.getEvent()));
diff --git a/services/src/main/java/org/keycloak/services/resources/SessionCodeChecks.java b/services/src/main/java/org/keycloak/services/resources/SessionCodeChecks.java
index 941fa5c4cd..0f3ebbe158 100644
--- a/services/src/main/java/org/keycloak/services/resources/SessionCodeChecks.java
+++ b/services/src/main/java/org/keycloak/services/resources/SessionCodeChecks.java
@@ -32,7 +32,6 @@ import org.keycloak.events.Errors;
import org.keycloak.events.EventBuilder;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.ClientModel;
-import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@@ -41,7 +40,6 @@ import org.keycloak.protocol.AuthorizationEndpointBase;
import org.keycloak.protocol.RestartLoginCookie;
import org.keycloak.services.ErrorPage;
import org.keycloak.services.ServicesLogger;
-import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.messages.Messages;
@@ -215,7 +213,7 @@ public class SessionCodeChecks {
logger.debugf("Transition between flows! Current flow: %s, Previous flow: %s", flowPath, lastFlow);
// Don't allow moving to different flow if I am on requiredActions already
- if (ClientSessionModel.Action.AUTHENTICATE.name().equals(authSession.getAction())) {
+ if (AuthenticationSessionModel.Action.AUTHENTICATE.name().equals(authSession.getAction())) {
authSession.setAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH, flowPath);
authSession.removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
lastExecFromSession = null;
@@ -271,7 +269,7 @@ public class SessionCodeChecks {
if (!clientCode.isValidAction(expectedAction)) {
AuthenticationSessionModel authSession = getAuthenticationSession();
- if (ClientSessionModel.Action.REQUIRED_ACTIONS.name().equals(authSession.getAction())) {
+ if (AuthenticationSessionModel.Action.REQUIRED_ACTIONS.name().equals(authSession.getAction())) {
logger.debugf("Incorrect action '%s' . User authenticated already.", authSession.getAction());
response = showPageExpired(authSession);
return false;
@@ -308,7 +306,7 @@ public class SessionCodeChecks {
return false;
}
- if (!clientCode.isValidAction(ClientSessionModel.Action.REQUIRED_ACTIONS.name())) {
+ if (!clientCode.isValidAction(AuthenticationSessionModel.Action.REQUIRED_ACTIONS.name())) {
logger.debugf("Expected required action, but session action is '%s' . Showing expired page now.", authSession.getAction());
event.error(Errors.INVALID_CODE);