Package org.keycloak.authentication
Class AuthenticationProcessor.Result
- java.lang.Object
-
- org.keycloak.authentication.AuthenticationProcessor.Result
-
- All Implemented Interfaces:
AbstractAuthenticationFlowContext
,AuthenticationFlowContext
,ClientAuthenticationFlowContext
- Enclosing class:
- AuthenticationProcessor
public class AuthenticationProcessor.Result extends Object implements AuthenticationFlowContext, ClientAuthenticationFlowContext
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
attachUserSession(UserSessionModel userSession)
void
attempted()
There was no failure or challenge.void
cancelLogin()
End the flow and redirect browser based on protocol specific respones.void
challenge(javax.ws.rs.core.Response challenge)
Sends a challenge response back to the HTTP client.void
clearUser()
Clear the user from the flow.void
failure(AuthenticationFlowError error)
Aborts the current flowvoid
failure(AuthenticationFlowError error, javax.ws.rs.core.Response challenge)
Aborts the current flow.void
failure(AuthenticationFlowError error, javax.ws.rs.core.Response challenge, String eventDetails, String userErrorMessage)
Aborts the current flow.void
failureChallenge(AuthenticationFlowError error, javax.ws.rs.core.Response challenge)
Same behavior as forceChallenge(), but the error count in brute force attack detection will be incremented.void
forceChallenge(javax.ws.rs.core.Response challenge)
Sends the challenge back to the HTTP client irregardless of the current executionr requirementvoid
fork()
Fork the current flow.void
forkWithErrorMessage(FormMessage message)
Fork the current flow.void
forkWithSuccessMessage(FormMessage message)
Fork the current flow.LoginFormsProvider
form()
Create a Freemarker form builder that presets the user, action URI, and a generated access codeString
generateAccessCode()
Generates access code and updates clientsession timestamp Access codes must be included in form action callbacks as a query parameter.URI
getActionTokenUrl(String tokenString)
Get the action URL for the action token executor.URI
getActionUrl(String code)
Get the action URL for the required action.List<AuthenticationSelectionOption>
getAuthenticationSelections()
AuthenticationSessionModel
getAuthenticationSession()
AuthenticationSessionModel attached to this flowAuthenticator
getAuthenticator()
AuthenticatorConfigModel
getAuthenticatorConfig()
Get any configuration associated with the current executionAuthenticationExecutionModel.Requirement
getCategoryRequirementFromCurrentFlow(String authenticatorCategory)
javax.ws.rs.core.Response
getChallenge()
ClientModel
getClient()
Current client attached to this flow.Map<String,String>
getClientAuthAttributes()
Return the map where the authenticators can put some additional state related to authenticated client and the context how was client authenticated (ie.ClientAuthenticator
getClientAuthenticator()
ClientConnection
getConnection()
Information about the IP address from the connecting HTTP client.AuthenticationFlowError
getError()
Get the error condition of a failed execution.FormMessage
getErrorMessage()
EventBuilder
getEvent()
Current event builder being usedString
getEventDetails()
Get details of the event that caused an errorAuthenticationExecutionModel
getExecution()
The current execution in the flowString
getFlowPath()
FormMessage
getForwardedErrorMessage()
This could be an error message forwarded from another authenticator that is restarting or continuing the flo.FormMessage
getForwardedInfoMessage()
This could be an info message forwarded from another authenticator.FormMessage
getForwardedSuccessMessage()
This could be an success message forwarded from another authenticator that is restarting or continuing the flow.HttpRequest
getHttpRequest()
BruteForceProtector
getProtector()
RealmModel
getRealm()
Current realmURI
getRefreshExecutionUrl()
Get the refresh URL for the required action.URI
getRefreshUrl(boolean authSessionIdParam)
Get the refresh URL for the flow.KeycloakSession
getSession()
Current sessionFlowStatus
getStatus()
Get the current status of the current execution.FormMessage
getSuccessMessage()
javax.ws.rs.core.UriInfo
getUriInfo()
UriInfo of the current requestUserModel
getUser()
Current user attached to this flow.String
getUserErrorMessage()
A custom error message that can be displayed to the userEventBuilder
newEvent()
Create a refresh new EventBuilder to use within this contextvoid
resetFlow()
Reset the current flow to the beginning and restarts it.void
resetFlow(Runnable afterResetListener)
Reset the current flow to the beginning and restarts it.void
setAuthenticationSelections(List<AuthenticationSelectionOption> authenticationSelections)
void
setClient(ClientModel client)
Attach a specific client to this flow.void
setForwardedInfoMessage(String message, Object... parameters)
void
setUser(UserModel user)
Attach a specific user to this flow.void
success()
Mark the current execution as successful.
-
-
-
Method Detail
-
newEvent
public EventBuilder newEvent()
Description copied from interface:AbstractAuthenticationFlowContext
Create a refresh new EventBuilder to use within this context- Specified by:
newEvent
in interfaceAbstractAuthenticationFlowContext
- Returns:
-
getCategoryRequirementFromCurrentFlow
public AuthenticationExecutionModel.Requirement getCategoryRequirementFromCurrentFlow(String authenticatorCategory)
- Specified by:
getCategoryRequirementFromCurrentFlow
in interfaceAbstractAuthenticationFlowContext
-
getExecution
public AuthenticationExecutionModel getExecution()
Description copied from interface:AbstractAuthenticationFlowContext
The current execution in the flow- Specified by:
getExecution
in interfaceAbstractAuthenticationFlowContext
- Returns:
-
getAuthenticatorConfig
public AuthenticatorConfigModel getAuthenticatorConfig()
Description copied from interface:AbstractAuthenticationFlowContext
Get any configuration associated with the current execution- Specified by:
getAuthenticatorConfig
in interfaceAbstractAuthenticationFlowContext
- Returns:
-
getAuthenticator
public Authenticator getAuthenticator()
-
getStatus
public FlowStatus getStatus()
Description copied from interface:AbstractAuthenticationFlowContext
Get the current status of the current execution.- Specified by:
getStatus
in interfaceAbstractAuthenticationFlowContext
- Returns:
- may return null if not set yet.
-
getClientAuthenticator
public ClientAuthenticator getClientAuthenticator()
-
success
public void success()
Description copied from interface:AbstractAuthenticationFlowContext
Mark the current execution as successful. The flow will then continue- Specified by:
success
in interfaceAbstractAuthenticationFlowContext
-
failure
public void failure(AuthenticationFlowError error)
Description copied from interface:AbstractAuthenticationFlowContext
Aborts the current flow- Specified by:
failure
in interfaceAbstractAuthenticationFlowContext
-
challenge
public void challenge(javax.ws.rs.core.Response challenge)
Description copied from interface:AbstractAuthenticationFlowContext
Sends a challenge response back to the HTTP client. If the current execution requirement is optional, this response will not be sent. If the current execution requirement is alternative, then this challenge will be sent if no other alternative execution was successful.- Specified by:
challenge
in interfaceAbstractAuthenticationFlowContext
-
forceChallenge
public void forceChallenge(javax.ws.rs.core.Response challenge)
Description copied from interface:AbstractAuthenticationFlowContext
Sends the challenge back to the HTTP client irregardless of the current executionr requirement- Specified by:
forceChallenge
in interfaceAbstractAuthenticationFlowContext
-
failureChallenge
public void failureChallenge(AuthenticationFlowError error, javax.ws.rs.core.Response challenge)
Description copied from interface:AbstractAuthenticationFlowContext
Same behavior as forceChallenge(), but the error count in brute force attack detection will be incremented. For example, if a user enters in a bad password, the user is directed to try again, but Keycloak will keep track of how many failures have happened.- Specified by:
failureChallenge
in interfaceAbstractAuthenticationFlowContext
-
failure
public void failure(AuthenticationFlowError error, javax.ws.rs.core.Response challenge)
Description copied from interface:AbstractAuthenticationFlowContext
Aborts the current flow.- Specified by:
failure
in interfaceAbstractAuthenticationFlowContext
challenge
- Response that will be sent back to HTTP client
-
failure
public void failure(AuthenticationFlowError error, javax.ws.rs.core.Response challenge, String eventDetails, String userErrorMessage)
Description copied from interface:AbstractAuthenticationFlowContext
Aborts the current flow.- Specified by:
failure
in interfaceAbstractAuthenticationFlowContext
challenge
- Response that will be sent back to HTTP clienteventDetails
- Details about the error eventuserErrorMessage
- A message describing the error to the user
-
attempted
public void attempted()
Description copied from interface:AbstractAuthenticationFlowContext
There was no failure or challenge. The authenticator was attempted, but not fulfilled. If the current execution requirement is alternative or optional, then this status is ignored by the flow.- Specified by:
attempted
in interfaceAbstractAuthenticationFlowContext
-
getUser
public UserModel getUser()
Description copied from interface:AuthenticationFlowContext
Current user attached to this flow. It can return null if no user has been identified yet- Specified by:
getUser
in interfaceAuthenticationFlowContext
- Returns:
-
setUser
public void setUser(UserModel user)
Description copied from interface:AuthenticationFlowContext
Attach a specific user to this flow.- Specified by:
setUser
in interfaceAuthenticationFlowContext
-
getAuthenticationSelections
public List<AuthenticationSelectionOption> getAuthenticationSelections()
- Specified by:
getAuthenticationSelections
in interfaceAuthenticationFlowContext
-
setAuthenticationSelections
public void setAuthenticationSelections(List<AuthenticationSelectionOption> authenticationSelections)
- Specified by:
setAuthenticationSelections
in interfaceAuthenticationFlowContext
-
clearUser
public void clearUser()
Description copied from interface:AuthenticationFlowContext
Clear the user from the flow.- Specified by:
clearUser
in interfaceAuthenticationFlowContext
-
getRealm
public RealmModel getRealm()
Description copied from interface:AbstractAuthenticationFlowContext
Current realm- Specified by:
getRealm
in interfaceAbstractAuthenticationFlowContext
- Returns:
-
getClient
public ClientModel getClient()
Description copied from interface:ClientAuthenticationFlowContext
Current client attached to this flow. It can return null if no client has been identified yet- Specified by:
getClient
in interfaceClientAuthenticationFlowContext
- Returns:
-
setClient
public void setClient(ClientModel client)
Description copied from interface:ClientAuthenticationFlowContext
Attach a specific client to this flow.- Specified by:
setClient
in interfaceClientAuthenticationFlowContext
-
getClientAuthAttributes
public Map<String,String> getClientAuthAttributes()
Description copied from interface:ClientAuthenticationFlowContext
Return the map where the authenticators can put some additional state related to authenticated client and the context how was client authenticated (ie. attributes from client certificate etc). Map is writable, so you can add/remove items from it as needed. After successful authentication will be those state data put into UserSession notes. This allows you to configure UserSessionNote protocol mapper for your client, which will allow to map those state data into the access token available in the application- Specified by:
getClientAuthAttributes
in interfaceClientAuthenticationFlowContext
- Returns:
-
getAuthenticationSession
public AuthenticationSessionModel getAuthenticationSession()
Description copied from interface:AuthenticationFlowContext
AuthenticationSessionModel attached to this flow- Specified by:
getAuthenticationSession
in interfaceAuthenticationFlowContext
- Returns:
-
getFlowPath
public String getFlowPath()
- Specified by:
getFlowPath
in interfaceAuthenticationFlowContext
- Returns:
- current flow path (EG. authenticate, reset-credentials)
-
getConnection
public ClientConnection getConnection()
Description copied from interface:AbstractAuthenticationFlowContext
Information about the IP address from the connecting HTTP client.- Specified by:
getConnection
in interfaceAbstractAuthenticationFlowContext
- Returns:
-
getUriInfo
public javax.ws.rs.core.UriInfo getUriInfo()
Description copied from interface:AbstractAuthenticationFlowContext
UriInfo of the current request- Specified by:
getUriInfo
in interfaceAbstractAuthenticationFlowContext
- Returns:
-
getSession
public KeycloakSession getSession()
Description copied from interface:AbstractAuthenticationFlowContext
Current session- Specified by:
getSession
in interfaceAbstractAuthenticationFlowContext
- Returns:
-
getHttpRequest
public HttpRequest getHttpRequest()
- Specified by:
getHttpRequest
in interfaceAbstractAuthenticationFlowContext
-
attachUserSession
public void attachUserSession(UserSessionModel userSession)
- Specified by:
attachUserSession
in interfaceAuthenticationFlowContext
-
getProtector
public BruteForceProtector getProtector()
- Specified by:
getProtector
in interfaceAbstractAuthenticationFlowContext
-
getEvent
public EventBuilder getEvent()
Description copied from interface:AbstractAuthenticationFlowContext
Current event builder being used- Specified by:
getEvent
in interfaceAbstractAuthenticationFlowContext
- Returns:
-
getForwardedErrorMessage
public FormMessage getForwardedErrorMessage()
Description copied from interface:AbstractAuthenticationFlowContext
This could be an error message forwarded from another authenticator that is restarting or continuing the flo. For example the brokering API sends this when the broker failed authentication and we want to continue authentication locally. forwardedErrorMessage can then be displayed by whatever form is challenging.- Specified by:
getForwardedErrorMessage
in interfaceAbstractAuthenticationFlowContext
-
generateAccessCode
public String generateAccessCode()
Description copied from interface:AbstractAuthenticationFlowContext
Generates access code and updates clientsession timestamp Access codes must be included in form action callbacks as a query parameter.- Specified by:
generateAccessCode
in interfaceAbstractAuthenticationFlowContext
- Returns:
-
getChallenge
public javax.ws.rs.core.Response getChallenge()
-
getError
public AuthenticationFlowError getError()
Description copied from interface:AbstractAuthenticationFlowContext
Get the error condition of a failed execution.- Specified by:
getError
in interfaceAbstractAuthenticationFlowContext
- Returns:
- may return null if there was no error
-
form
public LoginFormsProvider form()
Description copied from interface:AuthenticationFlowContext
Create a Freemarker form builder that presets the user, action URI, and a generated access code- Specified by:
form
in interfaceAuthenticationFlowContext
- Returns:
-
getActionUrl
public URI getActionUrl(String code)
Description copied from interface:AuthenticationFlowContext
Get the action URL for the required action.- Specified by:
getActionUrl
in interfaceAuthenticationFlowContext
- Parameters:
code
- authentication session access code- Returns:
-
getActionTokenUrl
public URI getActionTokenUrl(String tokenString)
Description copied from interface:AuthenticationFlowContext
Get the action URL for the action token executor.- Specified by:
getActionTokenUrl
in interfaceAuthenticationFlowContext
- Parameters:
tokenString
- String representation (JWT) of action token- Returns:
-
getRefreshExecutionUrl
public URI getRefreshExecutionUrl()
Description copied from interface:AuthenticationFlowContext
Get the refresh URL for the required action.- Specified by:
getRefreshExecutionUrl
in interfaceAuthenticationFlowContext
- Returns:
-
getRefreshUrl
public URI getRefreshUrl(boolean authSessionIdParam)
Description copied from interface:AuthenticationFlowContext
Get the refresh URL for the flow.- Specified by:
getRefreshUrl
in interfaceAuthenticationFlowContext
- Parameters:
authSessionIdParam
- will include auth_session query param for clients that don't process cookies- Returns:
-
cancelLogin
public void cancelLogin()
Description copied from interface:AuthenticationFlowContext
End the flow and redirect browser based on protocol specific respones. This should only be executed in browser-based flows.- Specified by:
cancelLogin
in interfaceAuthenticationFlowContext
-
resetFlow
public void resetFlow()
Description copied from interface:AuthenticationFlowContext
Reset the current flow to the beginning and restarts it.- Specified by:
resetFlow
in interfaceAuthenticationFlowContext
-
resetFlow
public void resetFlow(Runnable afterResetListener)
Description copied from interface:AuthenticationFlowContext
Reset the current flow to the beginning and restarts it. Allows to add additional listener, which is triggered after flow restarted- Specified by:
resetFlow
in interfaceAuthenticationFlowContext
-
fork
public void fork()
Description copied from interface:AuthenticationFlowContext
Fork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email. It sends an email linking to the current flow and redirects the browser to a new browser login flow.- Specified by:
fork
in interfaceAuthenticationFlowContext
-
forkWithSuccessMessage
public void forkWithSuccessMessage(FormMessage message)
Description copied from interface:AuthenticationFlowContext
Fork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email. It sends an email linking to the current flow and redirects the browser to a new browser login flow. This method will set up a success message that will be displayed in the first page of the new flow- Specified by:
forkWithSuccessMessage
in interfaceAuthenticationFlowContext
- Parameters:
message
- Corresponds to raw text or a message property defined in a message bundle
-
forkWithErrorMessage
public void forkWithErrorMessage(FormMessage message)
Description copied from interface:AuthenticationFlowContext
Fork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email. It sends an email linking to the current flow and redirects the browser to a new browser login flow. This method will set up an error message that will be displayed in the first page of the new flow- Specified by:
forkWithErrorMessage
in interfaceAuthenticationFlowContext
- Parameters:
message
- Corresponds to raw text or a message property defined in a message bundle
-
getForwardedSuccessMessage
public FormMessage getForwardedSuccessMessage()
Description copied from interface:AbstractAuthenticationFlowContext
This could be an success message forwarded from another authenticator that is restarting or continuing the flow. For example a reset password sends an email, then resets the flow with a success message. forwardedSuccessMessage can then be displayed by whatever form is challenging.- Specified by:
getForwardedSuccessMessage
in interfaceAbstractAuthenticationFlowContext
-
setForwardedInfoMessage
public void setForwardedInfoMessage(String message, Object... parameters)
- Specified by:
setForwardedInfoMessage
in interfaceAbstractAuthenticationFlowContext
- Parameters:
message
- to be forwardedparameters
- parameters of the message if any- See Also:
AbstractAuthenticationFlowContext.getForwardedInfoMessage()
-
getForwardedInfoMessage
public FormMessage getForwardedInfoMessage()
Description copied from interface:AbstractAuthenticationFlowContext
This could be an info message forwarded from another authenticator. This info message will be usually displayed only once on the first screen shown to the user during authentication. The authenticator forwarding the info message does not know which the screen would be. For example during user re-authentication, the user should see info message like "Please re-authenticate", but at the beginning of the authentication, it is not 100% clear which screen will be the first shown screen where this message should be displayed- Specified by:
getForwardedInfoMessage
in interfaceAbstractAuthenticationFlowContext
-
getErrorMessage
public FormMessage getErrorMessage()
-
getSuccessMessage
public FormMessage getSuccessMessage()
-
getEventDetails
public String getEventDetails()
Description copied from interface:AbstractAuthenticationFlowContext
Get details of the event that caused an error- Specified by:
getEventDetails
in interfaceAbstractAuthenticationFlowContext
- Returns:
- may return null if not set
-
getUserErrorMessage
public String getUserErrorMessage()
Description copied from interface:AbstractAuthenticationFlowContext
A custom error message that can be displayed to the user- Specified by:
getUserErrorMessage
in interfaceAbstractAuthenticationFlowContext
- Returns:
- Optional error message
-
-