fixes
This commit is contained in:
parent
007e9530ec
commit
d1a43d6318
6 changed files with 4 additions and 23 deletions
|
@ -8,7 +8,6 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.provider.ProviderFactory;
|
import org.keycloak.provider.ProviderFactory;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
import org.keycloak.representations.idm.ClientTemplateRepresentation;
|
import org.keycloak.representations.idm.ClientTemplateRepresentation;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
|
|
@ -56,7 +56,6 @@ import org.keycloak.provider.ProviderFactory;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.services.managers.AppAuthManager;
|
import org.keycloak.services.managers.AppAuthManager;
|
||||||
import org.keycloak.services.managers.AuthenticationManager.AuthResult;
|
import org.keycloak.services.managers.AuthenticationManager.AuthResult;
|
||||||
import org.keycloak.services.managers.BruteForceProtector;
|
|
||||||
import org.keycloak.services.managers.ClientSessionCode;
|
import org.keycloak.services.managers.ClientSessionCode;
|
||||||
import org.keycloak.services.messages.Messages;
|
import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponse;
|
||||||
|
@ -116,13 +115,11 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
|
|
||||||
private EventBuilder event;
|
private EventBuilder event;
|
||||||
|
|
||||||
private BruteForceProtector protector;
|
|
||||||
|
|
||||||
public IdentityBrokerService(RealmModel realmModel, BruteForceProtector protector) {
|
public IdentityBrokerService(RealmModel realmModel) {
|
||||||
if (realmModel == null) {
|
if (realmModel == null) {
|
||||||
throw new IllegalArgumentException("Realm can not be null.");
|
throw new IllegalArgumentException("Realm can not be null.");
|
||||||
}
|
}
|
||||||
this.protector = protector;
|
|
||||||
this.realmModel = realmModel;
|
this.realmModel = realmModel;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -14,8 +14,6 @@ import org.keycloak.protocol.LoginProtocolFactory;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
||||||
import org.keycloak.services.clientregistration.ClientRegistrationService;
|
import org.keycloak.services.clientregistration.ClientRegistrationService;
|
||||||
import org.keycloak.services.managers.AuthenticationManager;
|
|
||||||
import org.keycloak.services.managers.BruteForceProtector;
|
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.util.CacheControlUtil;
|
import org.keycloak.services.util.CacheControlUtil;
|
||||||
import org.keycloak.wellknown.WellKnownProvider;
|
import org.keycloak.wellknown.WellKnownProvider;
|
||||||
|
@ -41,9 +39,6 @@ public class RealmsResource {
|
||||||
@Context
|
@Context
|
||||||
protected ClientConnection clientConnection;
|
protected ClientConnection clientConnection;
|
||||||
|
|
||||||
@Context
|
|
||||||
protected BruteForceProtector protector;
|
|
||||||
|
|
||||||
public static UriBuilder realmBaseUrl(UriInfo uriInfo) {
|
public static UriBuilder realmBaseUrl(UriInfo uriInfo) {
|
||||||
UriBuilder baseUriBuilder = uriInfo.getBaseUriBuilder();
|
UriBuilder baseUriBuilder = uriInfo.getBaseUriBuilder();
|
||||||
return realmBaseUrl(baseUriBuilder);
|
return realmBaseUrl(baseUriBuilder);
|
||||||
|
@ -177,7 +172,7 @@ public class RealmsResource {
|
||||||
public IdentityBrokerService getBrokerService(final @PathParam("realm") String name) {
|
public IdentityBrokerService getBrokerService(final @PathParam("realm") String name) {
|
||||||
RealmModel realm = init(name);
|
RealmModel realm = init(name);
|
||||||
|
|
||||||
IdentityBrokerService brokerService = new IdentityBrokerService(realm, protector);
|
IdentityBrokerService brokerService = new IdentityBrokerService(realm);
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(brokerService);
|
ResteasyProviderFactory.getInstance().injectProperties(brokerService);
|
||||||
|
|
||||||
brokerService.init();
|
brokerService.init();
|
||||||
|
|
|
@ -45,9 +45,6 @@ public class AttackDetectionResource {
|
||||||
@Context
|
@Context
|
||||||
protected HttpHeaders headers;
|
protected HttpHeaders headers;
|
||||||
|
|
||||||
@Context
|
|
||||||
protected BruteForceProtector protector;
|
|
||||||
|
|
||||||
public AttackDetectionResource(RealmAuth auth, RealmModel realm, AdminEventBuilder adminEvent) {
|
public AttackDetectionResource(RealmAuth auth, RealmModel realm, AdminEventBuilder adminEvent) {
|
||||||
this.auth = auth;
|
this.auth = auth;
|
||||||
this.realm = realm;
|
this.realm = realm;
|
||||||
|
@ -77,7 +74,7 @@ public class AttackDetectionResource {
|
||||||
|
|
||||||
UsernameLoginFailureModel model = session.sessions().getUserLoginFailure(realm, username.toLowerCase());
|
UsernameLoginFailureModel model = session.sessions().getUserLoginFailure(realm, username.toLowerCase());
|
||||||
if (model == null) return data;
|
if (model == null) return data;
|
||||||
if (protector.isTemporarilyDisabled(session, realm, username)) {
|
if (session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, username)) {
|
||||||
data.put("disabled", true);
|
data.put("disabled", true);
|
||||||
}
|
}
|
||||||
data.put("numFailures", model.getNumFailures());
|
data.put("numFailures", model.getNumFailures());
|
||||||
|
|
|
@ -14,7 +14,6 @@ import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.representations.idm.ClientMappingsRepresentation;
|
import org.keycloak.representations.idm.ClientMappingsRepresentation;
|
||||||
import org.keycloak.representations.idm.MappingsRepresentation;
|
import org.keycloak.representations.idm.MappingsRepresentation;
|
||||||
import org.keycloak.representations.idm.RoleRepresentation;
|
import org.keycloak.representations.idm.RoleRepresentation;
|
||||||
import org.keycloak.services.managers.BruteForceProtector;
|
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
|
@ -63,9 +62,6 @@ public class RoleMapperResource {
|
||||||
@Context
|
@Context
|
||||||
protected HttpHeaders headers;
|
protected HttpHeaders headers;
|
||||||
|
|
||||||
@Context
|
|
||||||
protected BruteForceProtector protector;
|
|
||||||
|
|
||||||
public RoleMapperResource(RealmModel realm, RealmAuth auth, RoleMapperModel roleMapper, AdminEventBuilder adminEvent) {
|
public RoleMapperResource(RealmModel realm, RealmAuth auth, RoleMapperModel roleMapper, AdminEventBuilder adminEvent) {
|
||||||
this.auth = auth;
|
this.auth = auth;
|
||||||
this.realm = realm;
|
this.realm = realm;
|
||||||
|
|
|
@ -105,9 +105,6 @@ public class UsersResource {
|
||||||
@Context
|
@Context
|
||||||
protected HttpHeaders headers;
|
protected HttpHeaders headers;
|
||||||
|
|
||||||
@Context
|
|
||||||
protected BruteForceProtector protector;
|
|
||||||
|
|
||||||
public UsersResource(RealmModel realm, RealmAuth auth, TokenManager tokenManager, AdminEventBuilder adminEvent) {
|
public UsersResource(RealmModel realm, RealmAuth auth, TokenManager tokenManager, AdminEventBuilder adminEvent) {
|
||||||
this.auth = auth;
|
this.auth = auth;
|
||||||
this.realm = realm;
|
this.realm = realm;
|
||||||
|
@ -270,7 +267,7 @@ public class UsersResource {
|
||||||
rep.setFederatedIdentities(reps);
|
rep.setFederatedIdentities(reps);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((protector != null) && protector.isTemporarilyDisabled(session, realm, rep.getUsername())) {
|
if (session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, rep.getUsername())) {
|
||||||
rep.setEnabled(false);
|
rep.setEnabled(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue