From adff0d5da03ff54d777cbabe30c8b8c0cb37803a Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Fri, 19 Jun 2015 21:16:45 -0400 Subject: [PATCH] make authenticator config optional --- .../META-INF/jpa-changelog-1.4.0.xml | 3 ++ .../main/resources/META-INF/persistence.xml | 2 +- .../models/AuthenticationExecutionModel.java | 9 ++++ ...del.java => AuthenticatorConfigModel.java} | 11 +--- .../java/org/keycloak/models/RealmModel.java | 10 ++-- ...ty.java => AuthenticatorConfigEntity.java} | 11 +--- .../keycloak/models/entities/RealmEntity.java | 12 ++--- .../utils/DefaultAuthenticationFlows.java | 30 ++--------- .../models/utils/DefaultRequiredActions.java | 3 -- .../models/file/adapter/RealmAdapter.java | 43 +++++++-------- .../keycloak/models/cache/RealmAdapter.java | 28 +++++----- .../models/cache/entities/CachedRealm.java | 12 ++--- .../org/keycloak/models/jpa/RealmAdapter.java | 35 ++++++------ .../entities/AuthenticationFlowEntity.java | 6 --- ...ty.java => AuthenticatorConfigEntity.java} | 23 ++------ .../models/jpa/entities/RealmEntity.java | 6 +-- .../mongo/keycloak/adapters/RealmAdapter.java | 43 +++++++-------- .../AuthenticationProcessor.java | 53 ++++++++----------- .../authentication/AuthenticatorContext.java | 7 +-- .../authentication/AuthenticatorFactory.java | 6 +-- .../authentication/AuthenticatorUtil.java | 5 +- .../authentication/RequiredActionContext.java | 5 -- .../CookieAuthenticatorFactory.java | 5 +- .../authenticators/OTPFormAuthenticator.java | 7 +-- .../OTPFormAuthenticatorFactory.java | 6 +-- .../SpnegoAuthenticatorFactory.java | 4 +- .../authenticators/UsernamePasswordForm.java | 7 +-- .../UsernamePasswordFormFactory.java | 6 +-- .../AuthenticationManagementResource.java | 8 +-- .../testsuite/utils/CredentialHelper.java | 16 ++---- 30 files changed, 158 insertions(+), 264 deletions(-) rename model/api/src/main/java/org/keycloak/models/{AuthenticatorModel.java => AuthenticatorConfigModel.java} (72%) rename model/api/src/main/java/org/keycloak/models/entities/{AuthenticatorEntity.java => AuthenticatorConfigEntity.java} (70%) rename model/jpa/src/main/java/org/keycloak/models/jpa/entities/{AuthenticatorEntity.java => AuthenticatorConfigEntity.java} (66%) diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml index 8c00cb6129..3134b12a33 100755 --- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml +++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml @@ -12,6 +12,9 @@ + + + diff --git a/model/api/src/main/java/org/keycloak/models/AuthenticationExecutionModel.java b/model/api/src/main/java/org/keycloak/models/AuthenticationExecutionModel.java index 11dfadfe67..15a599f6e2 100755 --- a/model/api/src/main/java/org/keycloak/models/AuthenticationExecutionModel.java +++ b/model/api/src/main/java/org/keycloak/models/AuthenticationExecutionModel.java @@ -20,6 +20,7 @@ public class AuthenticationExecutionModel implements Serializable { } private String id; + private String authenticatorConfig; private String authenticator; private boolean autheticatorFlow; private Requirement requirement; @@ -35,6 +36,14 @@ public class AuthenticationExecutionModel implements Serializable { this.id = id; } + public String getAuthenticatorConfig() { + return authenticatorConfig; + } + + public void setAuthenticatorConfig(String authenticatorConfig) { + this.authenticatorConfig = authenticatorConfig; + } + public String getAuthenticator() { return authenticator; } diff --git a/model/api/src/main/java/org/keycloak/models/AuthenticatorModel.java b/model/api/src/main/java/org/keycloak/models/AuthenticatorConfigModel.java similarity index 72% rename from model/api/src/main/java/org/keycloak/models/AuthenticatorModel.java rename to model/api/src/main/java/org/keycloak/models/AuthenticatorConfigModel.java index 127487b7e2..44b8982e00 100755 --- a/model/api/src/main/java/org/keycloak/models/AuthenticatorModel.java +++ b/model/api/src/main/java/org/keycloak/models/AuthenticatorConfigModel.java @@ -8,12 +8,11 @@ import java.util.Map; * @author Bill Burke * @version $Revision: 1 $ */ -public class AuthenticatorModel implements Serializable { +public class AuthenticatorConfigModel implements Serializable { private static final long serialVersionUID = 1L; private String id; private String alias; - private String providerId; private Map config = new HashMap(); @@ -33,14 +32,6 @@ public class AuthenticatorModel implements Serializable { this.alias = alias; } - public String getProviderId() { - return providerId; - } - - public void setProviderId(String providerId) { - this.providerId = providerId; - } - public Map getConfig() { return config; } diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java index 8aaec249d4..27af04ef83 100755 --- a/model/api/src/main/java/org/keycloak/models/RealmModel.java +++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java @@ -193,11 +193,11 @@ public interface RealmModel extends RoleContainerModel { void removeAuthenticatorExecution(AuthenticationExecutionModel model); - List getAuthenticators(); - AuthenticatorModel addAuthenticator(AuthenticatorModel model); - void updateAuthenticator(AuthenticatorModel model); - void removeAuthenticator(AuthenticatorModel model); - AuthenticatorModel getAuthenticatorById(String id); + List getAuthenticatorConfigs(); + AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model); + void updateAuthenticatorConfig(AuthenticatorConfigModel model); + void removeAuthenticatorConfig(AuthenticatorConfigModel model); + AuthenticatorConfigModel getAuthenticatorConfigById(String id); List getRequiredActionProviders(); RequiredActionProviderModel addRequiredActionProvider(RequiredActionProviderModel model); diff --git a/model/api/src/main/java/org/keycloak/models/entities/AuthenticatorEntity.java b/model/api/src/main/java/org/keycloak/models/entities/AuthenticatorConfigEntity.java similarity index 70% rename from model/api/src/main/java/org/keycloak/models/entities/AuthenticatorEntity.java rename to model/api/src/main/java/org/keycloak/models/entities/AuthenticatorConfigEntity.java index c9077c0f01..cf564ec840 100755 --- a/model/api/src/main/java/org/keycloak/models/entities/AuthenticatorEntity.java +++ b/model/api/src/main/java/org/keycloak/models/entities/AuthenticatorConfigEntity.java @@ -6,10 +6,9 @@ import java.util.Map; * @author Bill Burke * @version $Revision: 1 $ */ -public class AuthenticatorEntity { +public class AuthenticatorConfigEntity { protected String id; protected String alias; - protected String providerId; private Map config; public String getId() { @@ -28,14 +27,6 @@ public class AuthenticatorEntity { this.alias = alias; } - public String getProviderId() { - return providerId; - } - - public void setProviderId(String providerId) { - this.providerId = providerId; - } - public Map getConfig() { return config; } diff --git a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java index 0548d4958f..c8bcecdffd 100755 --- a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java +++ b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java @@ -2,10 +2,8 @@ package org.keycloak.models.entities; import java.util.ArrayList; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; /** * @author Marek Posolda @@ -77,7 +75,7 @@ public class RealmEntity extends AbstractIdentifiableEntity { private String defaultLocale; private List identityProviderMappers = new ArrayList(); private List authenticationFlows = new ArrayList<>(); - private List authenticators = new ArrayList<>(); + private List authenticatorConfigs = new ArrayList<>(); private List requiredActionProviders = new ArrayList<>(); @@ -496,12 +494,12 @@ public class RealmEntity extends AbstractIdentifiableEntity { this.authenticationFlows = authenticationFlows; } - public List getAuthenticators() { - return authenticators; + public List getAuthenticatorConfigs() { + return authenticatorConfigs; } - public void setAuthenticators(List authenticators) { - this.authenticators = authenticators; + public void setAuthenticatorConfigs(List authenticators) { + this.authenticatorConfigs = authenticators; } public List getRequiredActionProviders() { diff --git a/model/api/src/main/java/org/keycloak/models/utils/DefaultAuthenticationFlows.java b/model/api/src/main/java/org/keycloak/models/utils/DefaultAuthenticationFlows.java index 48c5d610c4..df2e677dcc 100755 --- a/model/api/src/main/java/org/keycloak/models/utils/DefaultAuthenticationFlows.java +++ b/model/api/src/main/java/org/keycloak/models/utils/DefaultAuthenticationFlows.java @@ -2,7 +2,7 @@ package org.keycloak.models.utils; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.RealmModel; /** @@ -15,26 +15,6 @@ public class DefaultAuthenticationFlows { public static final String FORMS_FLOW = "forms"; public static void addFlows(RealmModel realm) { - AuthenticatorModel model = new AuthenticatorModel(); - model.setProviderId("auth-cookie"); - model.setAlias("Cookie"); - AuthenticatorModel cookieAuth = realm.addAuthenticator(model); - - model = new AuthenticatorModel(); - model.setProviderId("auth-username-password-form"); - model.setAlias("Username Password Form"); - AuthenticatorModel usernamePasswordForm = realm.addAuthenticator(model); - - model = new AuthenticatorModel(); - model.setProviderId("auth-otp-form"); - model.setAlias("Single OTP Form"); - AuthenticatorModel otpForm = realm.addAuthenticator(model); - - model = new AuthenticatorModel(); - model.setProviderId("auth-spnego"); - model.setAlias("Kerberos"); - AuthenticatorModel kerberos = realm.addAuthenticator(model); - AuthenticationFlowModel browser = new AuthenticationFlowModel(); browser.setAlias(BROWSER_FLOW); browser.setDescription("browser based authentication"); @@ -42,7 +22,7 @@ public class DefaultAuthenticationFlows { AuthenticationExecutionModel execution = new AuthenticationExecutionModel(); execution.setParentFlow(browser.getId()); execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE); - execution.setAuthenticator(cookieAuth.getId()); + execution.setAuthenticator("auth-cookie"); execution.setPriority(10); execution.setUserSetupAllowed(false); execution.setAutheticatorFlow(false); @@ -50,7 +30,7 @@ public class DefaultAuthenticationFlows { execution = new AuthenticationExecutionModel(); execution.setParentFlow(browser.getId()); execution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED); - execution.setAuthenticator(kerberos.getId()); + execution.setAuthenticator("auth-spnego"); execution.setPriority(20); execution.setUserSetupAllowed(false); execution.setAutheticatorFlow(false); @@ -75,7 +55,7 @@ public class DefaultAuthenticationFlows { execution = new AuthenticationExecutionModel(); execution.setParentFlow(forms.getId()); execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED); - execution.setAuthenticator(usernamePasswordForm.getId()); + execution.setAuthenticator("auth-username-password-form"); execution.setPriority(10); execution.setUserSetupAllowed(false); execution.setAutheticatorFlow(false); @@ -85,7 +65,7 @@ public class DefaultAuthenticationFlows { execution = new AuthenticationExecutionModel(); execution.setParentFlow(forms.getId()); execution.setRequirement(AuthenticationExecutionModel.Requirement.OPTIONAL); - execution.setAuthenticator(otpForm.getId()); + execution.setAuthenticator("auth-otp-form"); execution.setPriority(20); execution.setUserSetupAllowed(true); execution.setAutheticatorFlow(false); diff --git a/model/api/src/main/java/org/keycloak/models/utils/DefaultRequiredActions.java b/model/api/src/main/java/org/keycloak/models/utils/DefaultRequiredActions.java index ab5468cf68..d0ddee128c 100755 --- a/model/api/src/main/java/org/keycloak/models/utils/DefaultRequiredActions.java +++ b/model/api/src/main/java/org/keycloak/models/utils/DefaultRequiredActions.java @@ -1,8 +1,5 @@ package org.keycloak.models.utils; -import org.keycloak.models.AuthenticationExecutionModel; -import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.AuthenticatorModel; import org.keycloak.models.RealmModel; import org.keycloak.models.RequiredActionProviderModel; import org.keycloak.models.UserModel; diff --git a/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java b/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java index c5b49d0491..1dc6fabe93 100755 --- a/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java +++ b/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java @@ -20,7 +20,7 @@ import org.keycloak.connections.file.InMemoryModel; import org.keycloak.enums.SslRequired; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.ClientModel; import org.keycloak.models.IdentityProviderMapperModel; import org.keycloak.models.IdentityProviderModel; @@ -38,7 +38,7 @@ import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.UserModel; import org.keycloak.models.entities.AuthenticationExecutionEntity; import org.keycloak.models.entities.AuthenticationFlowEntity; -import org.keycloak.models.entities.AuthenticatorEntity; +import org.keycloak.models.entities.AuthenticatorConfigEntity; import org.keycloak.models.entities.ClientEntity; import org.keycloak.models.entities.IdentityProviderMapperEntity; import org.keycloak.models.entities.RealmEntity; @@ -1373,44 +1373,43 @@ public class RealmAdapter implements RealmModel { } @Override - public List getAuthenticators() { - List authenticators = new LinkedList<>(); - for (AuthenticatorEntity entity : realm.getAuthenticators()) { + public List getAuthenticatorConfigs() { + List authenticators = new LinkedList<>(); + for (AuthenticatorConfigEntity entity : realm.getAuthenticatorConfigs()) { authenticators.add(entityToModel(entity)); } return authenticators; } @Override - public AuthenticatorModel addAuthenticator(AuthenticatorModel model) { - AuthenticatorEntity auth = new AuthenticatorEntity(); + public AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model) { + AuthenticatorConfigEntity auth = new AuthenticatorConfigEntity(); auth.setId(KeycloakModelUtils.generateId()); auth.setAlias(model.getAlias()); - auth.setProviderId(model.getProviderId()); auth.setConfig(model.getConfig()); - realm.getAuthenticators().add(auth); + realm.getAuthenticatorConfigs().add(auth); model.setId(auth.getId()); return model; } @Override - public void removeAuthenticator(AuthenticatorModel model) { - AuthenticatorEntity entity = getAuthenticatorEntity(model.getId()); + public void removeAuthenticatorConfig(AuthenticatorConfigModel model) { + AuthenticatorConfigEntity entity = getAuthenticatorEntity(model.getId()); if (entity == null) return; - realm.getAuthenticators().remove(entity); + realm.getAuthenticatorConfigs().remove(entity); } @Override - public AuthenticatorModel getAuthenticatorById(String id) { - AuthenticatorEntity entity = getAuthenticatorEntity(id); + public AuthenticatorConfigModel getAuthenticatorConfigById(String id) { + AuthenticatorConfigEntity entity = getAuthenticatorEntity(id); if (entity == null) return null; return entityToModel(entity); } - public AuthenticatorEntity getAuthenticatorEntity(String id) { - AuthenticatorEntity entity = null; - for (AuthenticatorEntity auth : realm.getAuthenticators()) { + public AuthenticatorConfigEntity getAuthenticatorEntity(String id) { + AuthenticatorConfigEntity entity = null; + for (AuthenticatorConfigEntity auth : realm.getAuthenticatorConfigs()) { if (auth.getId().equals(id)) { entity = auth; break; @@ -1419,10 +1418,9 @@ public class RealmAdapter implements RealmModel { return entity; } - public AuthenticatorModel entityToModel(AuthenticatorEntity entity) { - AuthenticatorModel model = new AuthenticatorModel(); + public AuthenticatorConfigModel entityToModel(AuthenticatorConfigEntity entity) { + AuthenticatorConfigModel model = new AuthenticatorConfigModel(); model.setId(entity.getId()); - model.setProviderId(entity.getProviderId()); model.setAlias(entity.getAlias()); Map config = new HashMap<>(); if (entity.getConfig() != null) config.putAll(entity.getConfig()); @@ -1431,11 +1429,10 @@ public class RealmAdapter implements RealmModel { } @Override - public void updateAuthenticator(AuthenticatorModel model) { - AuthenticatorEntity entity = getAuthenticatorEntity(model.getId()); + public void updateAuthenticatorConfig(AuthenticatorConfigModel model) { + AuthenticatorConfigEntity entity = getAuthenticatorEntity(model.getId()); if (entity == null) return; entity.setAlias(model.getAlias()); - entity.setProviderId(model.getProviderId()); if (entity.getConfig() == null) { entity.setConfig(model.getConfig()); } else { diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java index cf1bcb1e7d..b620f18d73 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java @@ -4,7 +4,7 @@ import org.keycloak.Config; import org.keycloak.enums.SslRequired; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.ClientModel; import org.keycloak.models.IdentityProviderMapperModel; import org.keycloak.models.IdentityProviderModel; @@ -1095,37 +1095,37 @@ public class RealmAdapter implements RealmModel { } @Override - public List getAuthenticators() { - if (updated != null) return updated.getAuthenticators(); - List models = new ArrayList<>(); - models.addAll(cached.getAuthenticators().values()); + public List getAuthenticatorConfigs() { + if (updated != null) return updated.getAuthenticatorConfigs(); + List models = new ArrayList<>(); + models.addAll(cached.getAuthenticatorConfigs().values()); return models; } @Override - public AuthenticatorModel addAuthenticator(AuthenticatorModel model) { + public AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model) { getDelegateForUpdate(); - return updated.addAuthenticator(model); + return updated.addAuthenticatorConfig(model); } @Override - public void updateAuthenticator(AuthenticatorModel model) { + public void updateAuthenticatorConfig(AuthenticatorConfigModel model) { getDelegateForUpdate(); - updated.updateAuthenticator(model); + updated.updateAuthenticatorConfig(model); } @Override - public void removeAuthenticator(AuthenticatorModel model) { + public void removeAuthenticatorConfig(AuthenticatorConfigModel model) { getDelegateForUpdate(); - updated.removeAuthenticator(model); + updated.removeAuthenticatorConfig(model); } @Override - public AuthenticatorModel getAuthenticatorById(String id) { - if (updated != null) return updated.getAuthenticatorById(id); - return cached.getAuthenticators().get(id); + public AuthenticatorConfigModel getAuthenticatorConfigById(String id) { + if (updated != null) return updated.getAuthenticatorConfigById(id); + return cached.getAuthenticatorConfigs().get(id); } @Override diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java index b08748d9af..dd6e2e7705 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java @@ -3,7 +3,7 @@ package org.keycloak.models.cache.entities; import org.keycloak.enums.SslRequired; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.ClientModel; import org.keycloak.models.IdentityProviderMapperModel; import org.keycloak.models.IdentityProviderModel; @@ -83,7 +83,7 @@ public class CachedRealm implements Serializable { private Map browserSecurityHeaders = new HashMap(); private Map smtpConfig = new HashMap(); private Map authenticationFlows = new HashMap<>(); - private Map authenticators = new HashMap<>(); + private Map authenticatorConfigs = new HashMap<>(); private Map requiredActionProviders = new HashMap<>(); private Map requiredActionProvidersByAlias = new HashMap<>(); private MultivaluedHashMap authenticationExecutions = new MultivaluedHashMap<>(); @@ -202,8 +202,8 @@ public class CachedRealm implements Serializable { executionsById.put(execution.getId(), execution); } } - for (AuthenticatorModel authenticator : model.getAuthenticators()) { - authenticators.put(authenticator.getId(), authenticator); + for (AuthenticatorConfigModel authenticator : model.getAuthenticatorConfigs()) { + authenticatorConfigs.put(authenticator.getId(), authenticator); } for (RequiredActionProviderModel action : model.getRequiredActionProviders()) { requiredActionProviders.put(action.getId(), action); @@ -436,8 +436,8 @@ public class CachedRealm implements Serializable { return authenticationFlows; } - public Map getAuthenticators() { - return authenticators; + public Map getAuthenticatorConfigs() { + return authenticatorConfigs; } public MultivaluedHashMap getAuthenticationExecutions() { diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java index 5c62dcdf42..de47499896 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java @@ -3,7 +3,7 @@ package org.keycloak.models.jpa; import org.keycloak.enums.SslRequired; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.ClientModel; import org.keycloak.models.IdentityProviderMapperModel; import org.keycloak.models.IdentityProviderModel; @@ -20,7 +20,7 @@ import org.keycloak.models.UserFederationProviderCreationEventImpl; import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.jpa.entities.AuthenticationExecutionEntity; import org.keycloak.models.jpa.entities.AuthenticationFlowEntity; -import org.keycloak.models.jpa.entities.AuthenticatorEntity; +import org.keycloak.models.jpa.entities.AuthenticatorConfigEntity; import org.keycloak.models.jpa.entities.ClientEntity; import org.keycloak.models.jpa.entities.IdentityProviderEntity; import org.keycloak.models.jpa.entities.IdentityProviderMapperEntity; @@ -1661,14 +1661,13 @@ public class RealmAdapter implements RealmModel { } @Override - public AuthenticatorModel addAuthenticator(AuthenticatorModel model) { - AuthenticatorEntity auth = new AuthenticatorEntity(); + public AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model) { + AuthenticatorConfigEntity auth = new AuthenticatorConfigEntity(); auth.setId(KeycloakModelUtils.generateId()); auth.setAlias(model.getAlias()); auth.setRealm(realm); - auth.setProviderId(model.getProviderId()); auth.setConfig(model.getConfig()); - realm.getAuthenticators().add(auth); + realm.getAuthenticatorConfigs().add(auth); em.persist(auth); em.flush(); model.setId(auth.getId()); @@ -1676,8 +1675,8 @@ public class RealmAdapter implements RealmModel { } @Override - public void removeAuthenticator(AuthenticatorModel model) { - AuthenticatorEntity entity = em.find(AuthenticatorEntity.class, model.getId()); + public void removeAuthenticatorConfig(AuthenticatorConfigModel model) { + AuthenticatorConfigEntity entity = em.find(AuthenticatorConfigEntity.class, model.getId()); if (entity == null) return; em.remove(entity); em.flush(); @@ -1685,16 +1684,15 @@ public class RealmAdapter implements RealmModel { } @Override - public AuthenticatorModel getAuthenticatorById(String id) { - AuthenticatorEntity entity = em.find(AuthenticatorEntity.class, id); + public AuthenticatorConfigModel getAuthenticatorConfigById(String id) { + AuthenticatorConfigEntity entity = em.find(AuthenticatorConfigEntity.class, id); if (entity == null) return null; return entityToModel(entity); } - public AuthenticatorModel entityToModel(AuthenticatorEntity entity) { - AuthenticatorModel model = new AuthenticatorModel(); + public AuthenticatorConfigModel entityToModel(AuthenticatorConfigEntity entity) { + AuthenticatorConfigModel model = new AuthenticatorConfigModel(); model.setId(entity.getId()); - model.setProviderId(entity.getProviderId()); model.setAlias(entity.getAlias()); Map config = new HashMap<>(); if (entity.getConfig() != null) config.putAll(entity.getConfig()); @@ -1703,11 +1701,10 @@ public class RealmAdapter implements RealmModel { } @Override - public void updateAuthenticator(AuthenticatorModel model) { - AuthenticatorEntity entity = em.find(AuthenticatorEntity.class, model.getId()); + public void updateAuthenticatorConfig(AuthenticatorConfigModel model) { + AuthenticatorConfigEntity entity = em.find(AuthenticatorConfigEntity.class, model.getId()); if (entity == null) return; entity.setAlias(model.getAlias()); - entity.setProviderId(model.getProviderId()); if (entity.getConfig() == null) { entity.setConfig(model.getConfig()); } else { @@ -1719,9 +1716,9 @@ public class RealmAdapter implements RealmModel { } @Override - public List getAuthenticators() { - List authenticators = new LinkedList<>(); - for (AuthenticatorEntity entity : realm.getAuthenticators()) { + public List getAuthenticatorConfigs() { + List authenticators = new LinkedList<>(); + for (AuthenticatorConfigEntity entity : realm.getAuthenticatorConfigs()) { authenticators.add(entityToModel(entity)); } return authenticators; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationFlowEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationFlowEntity.java index 464fb4a770..1a60832cc1 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationFlowEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationFlowEntity.java @@ -1,24 +1,18 @@ package org.keycloak.models.jpa.entities; -import org.keycloak.models.AuthenticatorModel; - import javax.persistence.CascadeType; -import javax.persistence.CollectionTable; import javax.persistence.Column; -import javax.persistence.ElementCollection; import javax.persistence.Entity; import javax.persistence.FetchType; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; -import javax.persistence.MapKeyColumn; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; import javax.persistence.OneToMany; import javax.persistence.Table; import java.util.ArrayList; import java.util.Collection; -import java.util.Map; /** * @author Bill Burke diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticatorEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticatorConfigEntity.java similarity index 66% rename from model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticatorEntity.java rename to model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticatorConfigEntity.java index 1e97cd2e5b..ae97860a5a 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticatorEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticatorConfigEntity.java @@ -1,32 +1,26 @@ package org.keycloak.models.jpa.entities; -import org.keycloak.models.AuthenticatorModel; - import javax.persistence.CollectionTable; import javax.persistence.Column; import javax.persistence.ElementCollection; import javax.persistence.Entity; import javax.persistence.FetchType; import javax.persistence.Id; -import javax.persistence.IdClass; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.MapKeyColumn; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; import javax.persistence.Table; -import java.io.Serializable; import java.util.Map; /** * @author Bill Burke * @version $Revision: 1 $ */ -@Table(name="AUTHENTICATOR") +@Table(name="AUTHENTICATOR_CONFIG") @Entity -@NamedQueries({ - @NamedQuery(name="deleteAuthenticatorsByRealm", query="delete from AuthenticatorEntity authenticator where authenticator.realm = :realm"),}) -public class AuthenticatorEntity { +public class AuthenticatorConfigEntity { @Id @Column(name="ID", length = 36) protected String id; @@ -38,13 +32,10 @@ public class AuthenticatorEntity { @JoinColumn(name = "REALM_ID") protected RealmEntity realm; - @Column(name="PROVIDER_ID") - protected String providerId; - @ElementCollection @MapKeyColumn(name="NAME") @Column(name="VALUE") - @CollectionTable(name="AUTHENTICATOR_CONFIG", joinColumns={ @JoinColumn(name="AUTHENTICATOR_ID") }) + @CollectionTable(name="AUTHENTICATOR_CONFIG_ENTRY", joinColumns={ @JoinColumn(name="AUTHENTICATOR_ID") }) private Map config; public String getId() { @@ -63,14 +54,6 @@ public class AuthenticatorEntity { this.alias = alias; } - public String getProviderId() { - return providerId; - } - - public void setProviderId(String providerId) { - this.providerId = providerId; - } - public RealmEntity getRealm() { return realm; } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java index be77599717..193f1fa5b1 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java @@ -155,7 +155,7 @@ public class RealmEntity { Collection identityProviderMappers = new ArrayList(); @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm") - Collection authenticators = new ArrayList<>(); + Collection authenticators = new ArrayList<>(); @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm") Collection requiredActionProviders = new ArrayList<>(); @@ -556,11 +556,11 @@ public class RealmEntity { this.identityProviderMappers = identityProviderMappers; } - public Collection getAuthenticators() { + public Collection getAuthenticatorConfigs() { return authenticators; } - public void setAuthenticators(Collection authenticators) { + public void setAuthenticatorConfigs(Collection authenticators) { this.authenticators = authenticators; } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java index bf1627fe52..dee96e217b 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java @@ -7,7 +7,7 @@ import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.enums.SslRequired; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.ClientModel; import org.keycloak.models.IdentityProviderMapperModel; import org.keycloak.models.IdentityProviderModel; @@ -25,7 +25,7 @@ import org.keycloak.models.UserFederationProviderCreationEventImpl; import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.entities.AuthenticationExecutionEntity; import org.keycloak.models.entities.AuthenticationFlowEntity; -import org.keycloak.models.entities.AuthenticatorEntity; +import org.keycloak.models.entities.AuthenticatorConfigEntity; import org.keycloak.models.entities.IdentityProviderEntity; import org.keycloak.models.entities.IdentityProviderMapperEntity; import org.keycloak.models.entities.RequiredActionProviderEntity; @@ -1453,46 +1453,45 @@ public class RealmAdapter extends AbstractMongoAdapter impleme } @Override - public List getAuthenticators() { - List authenticators = new LinkedList<>(); - for (AuthenticatorEntity entity : getMongoEntity().getAuthenticators()) { + public List getAuthenticatorConfigs() { + List authenticators = new LinkedList<>(); + for (AuthenticatorConfigEntity entity : getMongoEntity().getAuthenticatorConfigs()) { authenticators.add(entityToModel(entity)); } return authenticators; } @Override - public AuthenticatorModel addAuthenticator(AuthenticatorModel model) { - AuthenticatorEntity auth = new AuthenticatorEntity(); + public AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model) { + AuthenticatorConfigEntity auth = new AuthenticatorConfigEntity(); auth.setId(KeycloakModelUtils.generateId()); auth.setAlias(model.getAlias()); - auth.setProviderId(model.getProviderId()); auth.setConfig(model.getConfig()); - realm.getAuthenticators().add(auth); + realm.getAuthenticatorConfigs().add(auth); model.setId(auth.getId()); updateMongoEntity(); return model; } @Override - public void removeAuthenticator(AuthenticatorModel model) { - AuthenticatorEntity entity = getAuthenticatorEntity(model.getId()); + public void removeAuthenticatorConfig(AuthenticatorConfigModel model) { + AuthenticatorConfigEntity entity = getAuthenticatorConfigEntity(model.getId()); if (entity == null) return; - getMongoEntity().getAuthenticators().remove(entity); + getMongoEntity().getAuthenticatorConfigs().remove(entity); updateMongoEntity(); } @Override - public AuthenticatorModel getAuthenticatorById(String id) { - AuthenticatorEntity entity = getAuthenticatorEntity(id); + public AuthenticatorConfigModel getAuthenticatorConfigById(String id) { + AuthenticatorConfigEntity entity = getAuthenticatorConfigEntity(id); if (entity == null) return null; return entityToModel(entity); } - public AuthenticatorEntity getAuthenticatorEntity(String id) { - AuthenticatorEntity entity = null; - for (AuthenticatorEntity auth : getMongoEntity().getAuthenticators()) { + public AuthenticatorConfigEntity getAuthenticatorConfigEntity(String id) { + AuthenticatorConfigEntity entity = null; + for (AuthenticatorConfigEntity auth : getMongoEntity().getAuthenticatorConfigs()) { if (auth.getId().equals(id)) { entity = auth; break; @@ -1501,10 +1500,9 @@ public class RealmAdapter extends AbstractMongoAdapter impleme return entity; } - public AuthenticatorModel entityToModel(AuthenticatorEntity entity) { - AuthenticatorModel model = new AuthenticatorModel(); + public AuthenticatorConfigModel entityToModel(AuthenticatorConfigEntity entity) { + AuthenticatorConfigModel model = new AuthenticatorConfigModel(); model.setId(entity.getId()); - model.setProviderId(entity.getProviderId()); model.setAlias(entity.getAlias()); Map config = new HashMap<>(); if (entity.getConfig() != null) config.putAll(entity.getConfig()); @@ -1513,11 +1511,10 @@ public class RealmAdapter extends AbstractMongoAdapter impleme } @Override - public void updateAuthenticator(AuthenticatorModel model) { - AuthenticatorEntity entity = getAuthenticatorEntity(model.getId()); + public void updateAuthenticatorConfig(AuthenticatorConfigModel model) { + AuthenticatorConfigEntity entity = getAuthenticatorConfigEntity(model.getId()); if (entity == null) return; entity.setAlias(model.getAlias()); - entity.setProviderId(model.getProviderId()); if (entity.getConfig() == null) { entity.setConfig(model.getConfig()); } else { diff --git a/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java b/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java index aa0a0cfec5..509e5c58e2 100755 --- a/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java +++ b/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java @@ -10,7 +10,7 @@ import org.keycloak.events.EventBuilder; import org.keycloak.events.EventType; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.ClientSessionModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -26,7 +26,6 @@ import org.keycloak.util.Time; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; -import java.util.HashMap; import java.util.Iterator; /** @@ -162,16 +161,15 @@ public class AuthenticationProcessor { } private class Result implements AuthenticatorContext { - AuthenticatorModel model; + AuthenticatorConfigModel authenticatorConfig; AuthenticationExecutionModel execution; Authenticator authenticator; Status status; Response challenge; Error error; - private Result(AuthenticationExecutionModel execution, AuthenticatorModel model, Authenticator authenticator) { + private Result(AuthenticationExecutionModel execution, Authenticator authenticator) { this.execution = execution; - this.model = model; this.authenticator = authenticator; } @@ -186,13 +184,11 @@ public class AuthenticationProcessor { } @Override - public AuthenticatorModel getAuthenticatorModel() { - return model; - } - - @Override - public void setAuthenticatorModel(AuthenticatorModel model) { - this.model = model; + public AuthenticatorConfigModel getAuthenticatorConfig() { + if (execution.getAuthenticatorConfig() == null) return null; + if (authenticatorConfig != null) return authenticatorConfig; + authenticatorConfig = realm.getAuthenticatorConfigById(execution.getAuthenticatorConfig()); + return authenticatorConfig; } @Override @@ -490,10 +486,9 @@ public class AuthenticationProcessor { if (authType != null) { event.detail(Details.AUTH_TYPE, authType); } - AuthenticatorModel authenticatorModel = realm.getAuthenticatorById(model.getAuthenticator()); - AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticatorModel.getProviderId()); - Authenticator authenticator = factory.create(authenticatorModel); - Result context = new Result(model, authenticatorModel, authenticator); + AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, model.getAuthenticator()); + Authenticator authenticator = factory.create(); + Result context = new Result(model, authenticator); authenticator.action(context); FlowExecution flowExecution = createFlowExecution(this.flowId); @@ -639,10 +634,9 @@ public class AuthenticationProcessor { } - AuthenticatorModel authenticatorModel = realm.getAuthenticatorById(model.getAuthenticator()); - AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticatorModel.getProviderId()); - Authenticator authenticator = factory.create(authenticatorModel); - logger.debugv("authenticator: {0}", authenticatorModel.getProviderId()); + AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, model.getAuthenticator()); + Authenticator authenticator = factory.create(); + logger.debugv("authenticator: {0}", factory.getId()); UserModel authUser = clientSession.getAuthenticatedUser(); if (authenticator.requiresUser() && authUser == null){ @@ -650,7 +644,7 @@ public class AuthenticationProcessor { clientSession.setExecutionStatus(challengedAlternativeExecution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED); return alternativeChallenge; } - throw new AuthException("authenticator: " + authenticatorModel.getProviderId(), Error.UNKNOWN_USER); + throw new AuthException("authenticator: " + factory.getId(), Error.UNKNOWN_USER); } boolean configuredFor = false; if (authenticator.requiresUser() && authUser != null) { @@ -658,7 +652,7 @@ public class AuthenticationProcessor { if (!configuredFor) { if (model.isRequired()) { if (model.isUserSetupAllowed()) { - logger.debugv("authenticator SETUP_REQUIRED: {0}", authenticatorModel.getProviderId()); + logger.debugv("authenticator SETUP_REQUIRED: {0}", factory.getId()); clientSession.setExecutionStatus(model.getId(), ClientSessionModel.ExecutionStatus.SETUP_REQUIRED); authenticator.setRequiredActions(session, realm, clientSession.getAuthenticatedUser()); continue; @@ -671,7 +665,7 @@ public class AuthenticationProcessor { } } } - Result context = new Result(model, authenticatorModel, authenticator); + Result context = new Result(model, authenticator); authenticator.authenticate(context); Response response = processResult(context); if (response != null) return response; @@ -682,15 +676,14 @@ public class AuthenticationProcessor { public Response processResult(Result result) { AuthenticationExecutionModel execution = result.getExecution(); - AuthenticatorModel authenticatorModel = result.getAuthenticatorModel(); Status status = result.getStatus(); if (status == Status.SUCCESS){ - logger.debugv("authenticator SUCCESS: {0}", authenticatorModel.getProviderId()); + logger.debugv("authenticator SUCCESS: {0}", execution.getAuthenticator()); clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.SUCCESS); if (execution.isAlternative()) alternativeSuccessful = true; return null; } else if (status == Status.FAILED) { - logger.debugv("authenticator FAILED: {0}", authenticatorModel.getProviderId()); + logger.debugv("authenticator FAILED: {0}", execution.getAuthenticator()); logFailure(); clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.FAILED); if (result.challenge != null) { @@ -701,7 +694,7 @@ public class AuthenticationProcessor { clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED); return sendChallenge(result, execution); } else if (status == Status.CHALLENGE) { - logger.debugv("authenticator CHALLENGE: {0}", authenticatorModel.getProviderId()); + logger.debugv("authenticator CHALLENGE: {0}", execution.getAuthenticator()); if (execution.isRequired()) { clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED); return sendChallenge(result, execution); @@ -719,19 +712,19 @@ public class AuthenticationProcessor { } return null; } else if (status == Status.FAILURE_CHALLENGE) { - logger.debugv("authenticator FAILURE_CHALLENGE: {0}", authenticatorModel.getProviderId()); + logger.debugv("authenticator FAILURE_CHALLENGE: {0}", execution.getAuthenticator()); logFailure(); clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED); return sendChallenge(result, execution); } else if (status == Status.ATTEMPTED) { - logger.debugv("authenticator ATTEMPTED: {0}", authenticatorModel.getProviderId()); + logger.debugv("authenticator ATTEMPTED: {0}", execution.getAuthenticator()); if (execution.getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) { throw new AuthException(Error.INVALID_CREDENTIALS); } clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.ATTEMPTED); return null; } else { - logger.debugv("authenticator INTERNAL_ERROR: {0}", authenticatorModel.getProviderId()); + logger.debugv("authenticator INTERNAL_ERROR: {0}", execution.getAuthenticator()); logger.error("Unknown result status"); throw new AuthException(Error.INTERNAL_ERROR); } diff --git a/services/src/main/java/org/keycloak/authentication/AuthenticatorContext.java b/services/src/main/java/org/keycloak/authentication/AuthenticatorContext.java index 637d3a8399..49e663c5e5 100755 --- a/services/src/main/java/org/keycloak/authentication/AuthenticatorContext.java +++ b/services/src/main/java/org/keycloak/authentication/AuthenticatorContext.java @@ -4,14 +4,13 @@ import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.ClientConnection; import org.keycloak.events.EventBuilder; import org.keycloak.models.AuthenticationExecutionModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.ClientSessionModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; import org.keycloak.services.managers.BruteForceProtector; -import org.keycloak.services.managers.ClientSessionCode; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; @@ -27,9 +26,7 @@ public interface AuthenticatorContext { void setExecution(AuthenticationExecutionModel execution); - AuthenticatorModel getAuthenticatorModel(); - - void setAuthenticatorModel(AuthenticatorModel model); + AuthenticatorConfigModel getAuthenticatorConfig(); String getAction(); diff --git a/services/src/main/java/org/keycloak/authentication/AuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/AuthenticatorFactory.java index 32414ab491..2e6178c034 100755 --- a/services/src/main/java/org/keycloak/authentication/AuthenticatorFactory.java +++ b/services/src/main/java/org/keycloak/authentication/AuthenticatorFactory.java @@ -1,18 +1,16 @@ package org.keycloak.authentication; import org.keycloak.models.AuthenticationExecutionModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.provider.ConfiguredProvider; import org.keycloak.provider.ProviderFactory; -import java.util.List; - /** * @author Bill Burke * @version $Revision: 1 $ */ public interface AuthenticatorFactory extends ProviderFactory, ConfiguredProvider { - Authenticator create(AuthenticatorModel model); + Authenticator create(); String getDisplayType(); /** diff --git a/services/src/main/java/org/keycloak/authentication/AuthenticatorUtil.java b/services/src/main/java/org/keycloak/authentication/AuthenticatorUtil.java index 30c123e287..591ca4b7d9 100755 --- a/services/src/main/java/org/keycloak/authentication/AuthenticatorUtil.java +++ b/services/src/main/java/org/keycloak/authentication/AuthenticatorUtil.java @@ -1,7 +1,7 @@ package org.keycloak.authentication; import org.keycloak.models.AuthenticationExecutionModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.RealmModel; import java.util.LinkedList; @@ -36,8 +36,7 @@ public class AuthenticatorUtil { if (recurse != null) return recurse; } - AuthenticatorModel authenticator = realm.getAuthenticatorById(model.getAuthenticator()); - if (authenticator.getProviderId().equals(authProviderId)) { + if (model.getAuthenticator().equals(authProviderId)) { return model; } } diff --git a/services/src/main/java/org/keycloak/authentication/RequiredActionContext.java b/services/src/main/java/org/keycloak/authentication/RequiredActionContext.java index dc630a8aca..4a838a3fc5 100755 --- a/services/src/main/java/org/keycloak/authentication/RequiredActionContext.java +++ b/services/src/main/java/org/keycloak/authentication/RequiredActionContext.java @@ -3,17 +3,12 @@ package org.keycloak.authentication; import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.ClientConnection; import org.keycloak.events.EventBuilder; -import org.keycloak.models.AuthenticationExecutionModel; -import org.keycloak.models.AuthenticatorModel; import org.keycloak.models.ClientSessionModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; -import org.keycloak.services.managers.BruteForceProtector; -import org.keycloak.services.managers.ClientSessionCode; -import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; /** diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/CookieAuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/authenticators/CookieAuthenticatorFactory.java index fc670d4a93..d45d2aeb9a 100755 --- a/services/src/main/java/org/keycloak/authentication/authenticators/CookieAuthenticatorFactory.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/CookieAuthenticatorFactory.java @@ -4,10 +4,9 @@ import org.keycloak.Config; import org.keycloak.authentication.Authenticator; import org.keycloak.authentication.AuthenticatorFactory; import org.keycloak.models.AuthenticationExecutionModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.UserCredentialModel; import org.keycloak.provider.ProviderConfigProperty; import java.util.List; @@ -20,7 +19,7 @@ public class CookieAuthenticatorFactory implements AuthenticatorFactory { public static final String PROVIDER_ID = "auth-cookie"; static CookieAuthenticator SINGLETON = new CookieAuthenticator(); @Override - public Authenticator create(AuthenticatorModel model) { + public Authenticator create() { return SINGLETON; } diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/OTPFormAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/OTPFormAuthenticator.java index fd2aa08b69..357e313d59 100755 --- a/services/src/main/java/org/keycloak/authentication/authenticators/OTPFormAuthenticator.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/OTPFormAuthenticator.java @@ -5,7 +5,7 @@ import org.keycloak.authentication.Authenticator; import org.keycloak.authentication.AuthenticatorContext; import org.keycloak.events.Errors; import org.keycloak.login.LoginFormsProvider; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserCredentialModel; @@ -25,11 +25,6 @@ import java.util.List; */ public class OTPFormAuthenticator extends AbstractFormAuthenticator implements Authenticator { public static final String TOTP_FORM_ACTION = "totp"; - protected AuthenticatorModel model; - - public OTPFormAuthenticator(AuthenticatorModel model) { - this.model = model; - } @Override public void action(AuthenticatorContext context) { diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/OTPFormAuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/authenticators/OTPFormAuthenticatorFactory.java index 6c8850d127..6e21a52c06 100755 --- a/services/src/main/java/org/keycloak/authentication/authenticators/OTPFormAuthenticatorFactory.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/OTPFormAuthenticatorFactory.java @@ -4,7 +4,7 @@ import org.keycloak.Config; import org.keycloak.authentication.Authenticator; import org.keycloak.authentication.AuthenticatorFactory; import org.keycloak.models.AuthenticationExecutionModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.UserCredentialModel; @@ -21,8 +21,8 @@ public class OTPFormAuthenticatorFactory implements AuthenticatorFactory { public static final String PROVIDER_ID = "auth-otp-form"; @Override - public Authenticator create(AuthenticatorModel model) { - return new OTPFormAuthenticator(model); + public Authenticator create() { + return new OTPFormAuthenticator(); } @Override diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/SpnegoAuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/authenticators/SpnegoAuthenticatorFactory.java index 392ad4a5a1..8310d64f8b 100755 --- a/services/src/main/java/org/keycloak/authentication/authenticators/SpnegoAuthenticatorFactory.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/SpnegoAuthenticatorFactory.java @@ -4,7 +4,7 @@ import org.keycloak.Config; import org.keycloak.authentication.Authenticator; import org.keycloak.authentication.AuthenticatorFactory; import org.keycloak.models.AuthenticationExecutionModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.UserCredentialModel; @@ -21,7 +21,7 @@ public class SpnegoAuthenticatorFactory implements AuthenticatorFactory { public static final String PROVIDER_ID = "auth-spnego"; @Override - public Authenticator create(AuthenticatorModel model) { + public Authenticator create() { return new SpnegoAuthenticator(); } diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordForm.java b/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordForm.java index 0f7a076419..302fcf8153 100755 --- a/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordForm.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordForm.java @@ -6,7 +6,7 @@ import org.keycloak.authentication.Authenticator; import org.keycloak.authentication.AuthenticatorContext; import org.keycloak.events.Errors; import org.keycloak.login.LoginFormsProvider; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; @@ -22,11 +22,6 @@ import javax.ws.rs.core.Response; * @version $Revision: 1 $ */ public class UsernamePasswordForm extends AbstractFormAuthenticator implements Authenticator { - protected AuthenticatorModel model; - - public UsernamePasswordForm(AuthenticatorModel model) { - this.model = model; - } @Override public void action(AuthenticatorContext context) { diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordFormFactory.java b/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordFormFactory.java index 24c5c5a30b..36b3d217a8 100755 --- a/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordFormFactory.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/UsernamePasswordFormFactory.java @@ -4,7 +4,7 @@ import org.keycloak.Config; import org.keycloak.authentication.Authenticator; import org.keycloak.authentication.AuthenticatorFactory; import org.keycloak.models.AuthenticationExecutionModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.UserCredentialModel; @@ -21,8 +21,8 @@ public class UsernamePasswordFormFactory implements AuthenticatorFactory { public static final String PROVIDER_ID = "auth-username-password-form"; @Override - public Authenticator create(AuthenticatorModel model) { - return new UsernamePasswordForm(model); + public Authenticator create() { + return new UsernamePasswordForm(); } @Override diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java index 8bf8a62526..d048a571a0 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java @@ -6,15 +6,12 @@ import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.authentication.Authenticator; import org.keycloak.authentication.AuthenticatorFactory; import org.keycloak.authentication.AuthenticatorUtil; -import org.keycloak.authentication.RequiredActionFactory; -import org.keycloak.authentication.RequiredActionProvider; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RequiredActionProviderModel; -import org.keycloak.provider.ProviderFactory; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -141,8 +138,7 @@ public class AuthenticationManagementResource { if (!flow.getId().equals(execution.getParentFlow())) { rep.setSubFlow(true); } - AuthenticatorModel authenticator = realm.getAuthenticatorById(execution.getAuthenticator()); - AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticator.getProviderId()); + AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, execution.getAuthenticator()); if (factory.getReferenceType() == null) continue; rep.setReferenceType(factory.getReferenceType()); rep.setConfigurable(factory.isConfigurable()); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/utils/CredentialHelper.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/utils/CredentialHelper.java index fb38f17c8a..557fa7ef99 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/utils/CredentialHelper.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/utils/CredentialHelper.java @@ -5,7 +5,7 @@ import org.keycloak.authentication.authenticators.SpnegoAuthenticatorFactory; import org.keycloak.authentication.authenticators.UsernamePasswordFormFactory; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationFlowModel; -import org.keycloak.models.AuthenticatorModel; +import org.keycloak.models.AuthenticatorConfigModel; import org.keycloak.models.RealmModel; import org.keycloak.models.utils.DefaultAuthenticationFlows; import org.keycloak.representations.idm.CredentialRepresentation; @@ -43,9 +43,8 @@ public class CredentialHelper { } public static AuthenticationExecutionModel.Requirement getRequirement(RealmModel realm, String authenticatorProviderId, String flowAlias) { - AuthenticatorModel authenticator = findAuthenticatorByProviderId(realm, authenticatorProviderId); AuthenticationFlowModel flow = findAuthenticatorFlowByAlias(realm, flowAlias); - AuthenticationExecutionModel execution = findExecutionByAuthenticator(realm, flow.getId(), authenticator.getId()); + AuthenticationExecutionModel execution = findExecutionByAuthenticator(realm, flow.getId(), authenticatorProviderId); return execution.getRequirement(); } @@ -56,21 +55,12 @@ public class CredentialHelper { } public static void authenticationRequirement(RealmModel realm, String authenticatorProviderId, String flowAlias, AuthenticationExecutionModel.Requirement requirement) { - AuthenticatorModel authenticator = findAuthenticatorByProviderId(realm, authenticatorProviderId); AuthenticationFlowModel flow = findAuthenticatorFlowByAlias(realm, flowAlias); - AuthenticationExecutionModel execution = findExecutionByAuthenticator(realm, flow.getId(), authenticator.getId()); + AuthenticationExecutionModel execution = findExecutionByAuthenticator(realm, flow.getId(), authenticatorProviderId); execution.setRequirement(requirement); realm.updateAuthenticatorExecution(execution); } - public static AuthenticatorModel findAuthenticatorByProviderId(RealmModel realm, String providerId) { - for (AuthenticatorModel model : realm.getAuthenticators()) { - if (model.getProviderId().equals(providerId)) { - return model; - } - } - return null; - } public static AuthenticationFlowModel findAuthenticatorFlowByAlias(RealmModel realm, String alias) { for (AuthenticationFlowModel model : realm.getAuthenticationFlows()) { if (model.getAlias().equals(alias)) {