Merge pull request #4188 from mposolda/master
KEYCLOAK-4626 Changed javadoc. Remove unused ClientSessionModel class
This commit is contained in:
commit
c43329d033
10 changed files with 27 additions and 113 deletions
|
@ -58,7 +58,7 @@ public interface AuthenticationFlowContext extends AbstractAuthenticationFlowCon
|
|||
|
||||
|
||||
/**
|
||||
* ClientSessionModel attached to this flow
|
||||
* AuthenticationSessionModel attached to this flow
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
|
@ -74,7 +74,7 @@ public interface AuthenticationFlowContext extends AbstractAuthenticationFlowCon
|
|||
/**
|
||||
* Get the action URL for the required action.
|
||||
*
|
||||
* @param code client session access code
|
||||
* @param code authentication session access code
|
||||
* @return
|
||||
*/
|
||||
URI getActionUrl(String code);
|
||||
|
@ -114,7 +114,7 @@ public interface AuthenticationFlowContext extends AbstractAuthenticationFlowCon
|
|||
void resetFlow(Runnable afterResetListener);
|
||||
|
||||
/**
|
||||
* Fork the current flow. The client session will be cloned and set to point at the realm's browser login flow. The Response will be the result
|
||||
* Fork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result
|
||||
* of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email.
|
||||
* It sends an email linking to the current flow and redirects the browser to a new browser login flow.
|
||||
*
|
||||
|
@ -125,7 +125,7 @@ public interface AuthenticationFlowContext extends AbstractAuthenticationFlowCon
|
|||
void fork();
|
||||
|
||||
/**
|
||||
* Fork the current flow. The client session will be cloned and set to point at the realm's browser login flow. The Response will be the result
|
||||
* Fork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result
|
||||
* of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email.
|
||||
* It sends an email linking to the current flow and redirects the browser to a new browser login flow.
|
||||
*
|
||||
|
@ -135,7 +135,7 @@ public interface AuthenticationFlowContext extends AbstractAuthenticationFlowCon
|
|||
*/
|
||||
void forkWithSuccessMessage(FormMessage message);
|
||||
/**
|
||||
* Fork the current flow. The client session will be cloned and set to point at the realm's browser login flow. The Response will be the result
|
||||
* Fork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result
|
||||
* of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email.
|
||||
* It sends an email linking to the current flow and redirects the browser to a new browser login flow.
|
||||
*
|
||||
|
|
|
@ -62,7 +62,7 @@ public enum FlowStatus {
|
|||
ATTEMPTED,
|
||||
|
||||
/**
|
||||
* This flow is being forked. The current client session is being cloned, reset, and redirected to browser login.
|
||||
* This flow is being forked. The current authentication session is being cloned, reset, and redirected to browser login.
|
||||
*
|
||||
*/
|
||||
FORK,
|
||||
|
|
|
@ -1,81 +0,0 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.models;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.keycloak.sessions.CommonClientSessionModel;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
*/
|
||||
public interface ClientSessionModel extends CommonClientSessionModel {
|
||||
|
||||
public UserSessionModel getUserSession();
|
||||
public void setUserSession(UserSessionModel userSession);
|
||||
|
||||
public String getRedirectUri();
|
||||
public void setRedirectUri(String uri);
|
||||
|
||||
public Map<String, ExecutionStatus> getExecutionStatus();
|
||||
public void setExecutionStatus(String authenticator, ExecutionStatus status);
|
||||
public void clearExecutionStatus();
|
||||
public UserModel getAuthenticatedUser();
|
||||
public void setAuthenticatedUser(UserModel user);
|
||||
|
||||
/**
|
||||
* Required actions that are attached to this client session.
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
Set<String> getRequiredActions();
|
||||
|
||||
void addRequiredAction(String action);
|
||||
|
||||
void removeRequiredAction(String action);
|
||||
|
||||
void addRequiredAction(UserModel.RequiredAction action);
|
||||
|
||||
void removeRequiredAction(UserModel.RequiredAction action);
|
||||
|
||||
|
||||
/**
|
||||
* These are notes you want applied to the UserSessionModel when the client session is attached to it.
|
||||
*
|
||||
* @param name
|
||||
* @param value
|
||||
*/
|
||||
public void setUserSessionNote(String name, String value);
|
||||
|
||||
/**
|
||||
* These are notes you want applied to the UserSessionModel when the client session is attached to it.
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public Map<String, String> getUserSessionNotes();
|
||||
|
||||
public void clearUserSessionNotes();
|
||||
|
||||
public String getNote(String name);
|
||||
public void setNote(String name, String value);
|
||||
public void removeNote(String name);
|
||||
public Map<String, String> getNotes();
|
||||
|
||||
|
||||
}
|
|
@ -26,7 +26,6 @@ import org.keycloak.representations.JsonWebToken;
|
|||
import org.keycloak.services.Urls;
|
||||
import org.keycloak.services.managers.AuthenticationSessionManager;
|
||||
import org.keycloak.sessions.AuthenticationSessionModel;
|
||||
import java.util.function.Function;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriBuilderException;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
|
@ -113,7 +112,7 @@ public class ActionTokenContext<T extends JsonWebToken> {
|
|||
ClientModel client = realm.getClientByClientId(clientId == null ? Constants.ACCOUNT_MANAGEMENT_CLIENT_ID : clientId);
|
||||
|
||||
authSession = new AuthenticationSessionManager(session).createAuthenticationSession(realm, client, true);
|
||||
authSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
|
||||
authSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
|
||||
authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
|
||||
String redirectUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName()).toString();
|
||||
authSession.setRedirectUri(redirectUri);
|
||||
|
|
|
@ -114,12 +114,12 @@ public class RestartLoginCookie {
|
|||
|
||||
public RestartLoginCookie() {
|
||||
}
|
||||
public RestartLoginCookie(AuthenticationSessionModel clientSession) {
|
||||
this.action = clientSession.getAction();
|
||||
this.clientId = clientSession.getClient().getClientId();
|
||||
this.authMethod = clientSession.getProtocol();
|
||||
this.redirectUri = clientSession.getRedirectUri();
|
||||
for (Map.Entry<String, String> entry : clientSession.getClientNotes().entrySet()) {
|
||||
public RestartLoginCookie(AuthenticationSessionModel authSession) {
|
||||
this.action = authSession.getAction();
|
||||
this.clientId = authSession.getClient().getClientId();
|
||||
this.authMethod = authSession.getProtocol();
|
||||
this.redirectUri = authSession.getRedirectUri();
|
||||
for (Map.Entry<String, String> entry : authSession.getClientNotes().entrySet()) {
|
||||
notes.put(entry.getKey(), entry.getValue());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -31,7 +31,6 @@ import org.keycloak.jose.jws.Algorithm;
|
|||
import org.keycloak.jose.jws.JWSBuilder;
|
||||
import org.keycloak.models.AuthenticatedClientSessionModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
|
|
@ -482,7 +482,7 @@ public class AuthenticationManager {
|
|||
public static Response redirectToRequiredActions(KeycloakSession session, RealmModel realm, AuthenticationSessionModel authSession, UriInfo uriInfo, String requiredAction) {
|
||||
// redirect to non-action url so browser refresh button works without reposting past data
|
||||
ClientSessionCode<AuthenticationSessionModel> accessCode = new ClientSessionCode<>(session, realm, authSession);
|
||||
accessCode.setAction(ClientSessionModel.Action.REQUIRED_ACTIONS.name());
|
||||
accessCode.setAction(AuthenticationSessionModel.Action.REQUIRED_ACTIONS.name());
|
||||
authSession.setAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH, LoginActionsService.REQUIRED_ACTION);
|
||||
authSession.setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, requiredAction);
|
||||
|
||||
|
|
|
@ -45,7 +45,6 @@ import org.keycloak.exceptions.TokenNotActiveException;
|
|||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatedClientSessionModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
|
@ -235,7 +234,7 @@ public class LoginActionsService {
|
|||
event.event(EventType.LOGIN);
|
||||
|
||||
SessionCodeChecks checks = checksForCode(code, execution, clientId, AUTHENTICATE_PATH);
|
||||
if (!checks.verifyActiveAndValidAction(ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
|
||||
if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
|
||||
return checks.getResponse();
|
||||
}
|
||||
|
||||
|
@ -320,7 +319,7 @@ public class LoginActionsService {
|
|||
}
|
||||
|
||||
/**
|
||||
* Endpoint for executing reset credentials flow. If token is null, a client session is created with the account
|
||||
* Endpoint for executing reset credentials flow. If token is null, a authentication session is created with the account
|
||||
* service as the client. Successful reset sends you to the account page. Note, account service must be enabled.
|
||||
*
|
||||
* @param code
|
||||
|
@ -357,7 +356,7 @@ public class LoginActionsService {
|
|||
// set up the account service as the endpoint to call.
|
||||
ClientModel client = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
|
||||
authSession = new AuthenticationSessionManager(session).createAuthenticationSession(realm, client, true);
|
||||
authSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
|
||||
authSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
|
||||
//authSession.setNote(AuthenticationManager.END_AFTER_REQUIRED_ACTIONS, "true");
|
||||
authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
|
||||
String redirectUri = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName()).toString();
|
||||
|
@ -376,7 +375,7 @@ public class LoginActionsService {
|
|||
*/
|
||||
protected Response resetCredentials(String code, String execution, String clientId) {
|
||||
SessionCodeChecks checks = checksForCode(code, execution, clientId, RESET_CREDENTIALS_PATH);
|
||||
if (!checks.verifyActiveAndValidAction(ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.USER)) {
|
||||
if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.USER)) {
|
||||
return checks.getResponse();
|
||||
}
|
||||
final AuthenticationSessionModel authSession = checks.getAuthenticationSession();
|
||||
|
@ -613,7 +612,7 @@ public class LoginActionsService {
|
|||
}
|
||||
|
||||
SessionCodeChecks checks = checksForCode(code, execution, clientId, REGISTRATION_PATH);
|
||||
if (!checks.verifyActiveAndValidAction(ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
|
||||
if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
|
||||
return checks.getResponse();
|
||||
}
|
||||
|
||||
|
@ -665,7 +664,7 @@ public class LoginActionsService {
|
|||
event.event(eventType);
|
||||
|
||||
SessionCodeChecks checks = checksForCode(code, execution, clientId, flowPath);
|
||||
if (!checks.verifyActiveAndValidAction(ClientSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
|
||||
if (!checks.verifyActiveAndValidAction(AuthenticationSessionModel.Action.AUTHENTICATE.name(), ClientSessionCode.ActionType.LOGIN)) {
|
||||
return checks.getResponse();
|
||||
}
|
||||
event.detail(Details.CODE_ID, code);
|
||||
|
@ -675,7 +674,7 @@ public class LoginActionsService {
|
|||
SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authSession, noteKey);
|
||||
if (serializedCtx == null) {
|
||||
ServicesLogger.LOGGER.notFoundSerializedCtxInClientSession(noteKey);
|
||||
throw new WebApplicationException(ErrorPage.error(session, "Not found serialized context in clientSession."));
|
||||
throw new WebApplicationException(ErrorPage.error(session, "Not found serialized context in authenticationSession."));
|
||||
}
|
||||
BrokeredIdentityContext brokerContext = serializedCtx.deserialize(session, authSession);
|
||||
final String identityProviderAlias = brokerContext.getIdpConfig().getAlias();
|
||||
|
@ -745,7 +744,7 @@ public class LoginActionsService {
|
|||
String code = formData.getFirst("code");
|
||||
String clientId = uriInfo.getQueryParameters().getFirst(Constants.CLIENT_ID);
|
||||
SessionCodeChecks checks = checksForCode(code, null, clientId, REQUIRED_ACTION);
|
||||
if (!checks.verifyRequiredAction(ClientSessionModel.Action.OAUTH_GRANT.name())) {
|
||||
if (!checks.verifyRequiredAction(AuthenticationSessionModel.Action.OAUTH_GRANT.name())) {
|
||||
return checks.getResponse();
|
||||
}
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@ public class LoginActionsServiceChecks {
|
|||
|
||||
private final ActionTokenContext<?> context;
|
||||
|
||||
private final ClientSessionModel.Action expectedAction;
|
||||
private final AuthenticationSessionModel.Action expectedAction;
|
||||
|
||||
public IsActionRequired(ActionTokenContext<?> context, Action expectedAction) {
|
||||
this.context = context;
|
||||
|
@ -94,7 +94,7 @@ public class LoginActionsServiceChecks {
|
|||
AuthenticationSessionModel authSession = context.getAuthenticationSession();
|
||||
|
||||
if (authSession != null && ! Objects.equals(authSession.getAction(), this.expectedAction.name())) {
|
||||
if (Objects.equals(ClientSessionModel.Action.REQUIRED_ACTIONS.name(), authSession.getAction())) {
|
||||
if (Objects.equals(AuthenticationSessionModel.Action.REQUIRED_ACTIONS.name(), authSession.getAction())) {
|
||||
throw new LoginActionsServiceException(
|
||||
AuthenticationManager.nextActionAfterAuthentication(context.getSession(), authSession,
|
||||
context.getClientConnection(), context.getRequest(), context.getUriInfo(), context.getEvent()));
|
||||
|
|
|
@ -32,7 +32,6 @@ import org.keycloak.events.Errors;
|
|||
import org.keycloak.events.EventBuilder;
|
||||
import org.keycloak.forms.login.LoginFormsProvider;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -41,7 +40,6 @@ import org.keycloak.protocol.AuthorizationEndpointBase;
|
|||
import org.keycloak.protocol.RestartLoginCookie;
|
||||
import org.keycloak.services.ErrorPage;
|
||||
import org.keycloak.services.ServicesLogger;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.AuthenticationSessionManager;
|
||||
import org.keycloak.services.managers.ClientSessionCode;
|
||||
import org.keycloak.services.messages.Messages;
|
||||
|
@ -215,7 +213,7 @@ public class SessionCodeChecks {
|
|||
logger.debugf("Transition between flows! Current flow: %s, Previous flow: %s", flowPath, lastFlow);
|
||||
|
||||
// Don't allow moving to different flow if I am on requiredActions already
|
||||
if (ClientSessionModel.Action.AUTHENTICATE.name().equals(authSession.getAction())) {
|
||||
if (AuthenticationSessionModel.Action.AUTHENTICATE.name().equals(authSession.getAction())) {
|
||||
authSession.setAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH, flowPath);
|
||||
authSession.removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
|
||||
lastExecFromSession = null;
|
||||
|
@ -271,7 +269,7 @@ public class SessionCodeChecks {
|
|||
|
||||
if (!clientCode.isValidAction(expectedAction)) {
|
||||
AuthenticationSessionModel authSession = getAuthenticationSession();
|
||||
if (ClientSessionModel.Action.REQUIRED_ACTIONS.name().equals(authSession.getAction())) {
|
||||
if (AuthenticationSessionModel.Action.REQUIRED_ACTIONS.name().equals(authSession.getAction())) {
|
||||
logger.debugf("Incorrect action '%s' . User authenticated already.", authSession.getAction());
|
||||
response = showPageExpired(authSession);
|
||||
return false;
|
||||
|
@ -308,7 +306,7 @@ public class SessionCodeChecks {
|
|||
return false;
|
||||
}
|
||||
|
||||
if (!clientCode.isValidAction(ClientSessionModel.Action.REQUIRED_ACTIONS.name())) {
|
||||
if (!clientCode.isValidAction(AuthenticationSessionModel.Action.REQUIRED_ACTIONS.name())) {
|
||||
logger.debugf("Expected required action, but session action is '%s' . Showing expired page now.", authSession.getAction());
|
||||
event.error(Errors.INVALID_CODE);
|
||||
|
||||
|
|
Loading…
Reference in a new issue