Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (realm.isBruteForceProtected()) {
- // if (session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, user)) {
- // event.error(Errors.USER_TEMPORARILY_DISABLED);
- // return ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, Messages.ACCOUNT_DISABLED);
- // }
- // some logic
- import org.jboss.logging.Logger;
- import org.keycloak.authentication.AuthenticationFlowContext;
- import org.keycloak.authentication.AuthenticationFlowError;
- import org.keycloak.authentication.Authenticator;
- import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
- import org.keycloak.events.Details;
- import org.keycloak.events.Errors;
- import org.keycloak.forms.login.LoginFormsProvider;
- import org.keycloak.models.GroupModel;
- import org.keycloak.models.KeycloakSession;
- import org.keycloak.models.RealmModel;
- import org.keycloak.models.UserModel;
- import org.keycloak.models.utils.KeycloakModelUtils;
- import org.keycloak.services.managers.AuthenticationManager;
- import org.keycloak.services.messages.Messages;
- import org.open.keycloak.authenticator.api.HttpResult;
- import org.open.keycloak.authenticator.rest.AuthenticationRestAdapter;
- import org.keycloak.services.managers.BruteForceProtector;
- import java.util.List;
- import javax.ws.rs.core.MultivaluedMap;
- import javax.ws.rs.core.Response;
- import static javax.servlet.http.HttpServletResponse.SC_OK;
- import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
- import static javax.servlet.http.HttpServletResponse.SC_NOT_FOUND;
- import static javax.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
- public class CustomAuthenticator implements Authenticator {
- private static final Logger logger = Logger.getLogger(CustomAuthenticator.class);
- @Override
- public void action(AuthenticationFlowContext context) {
- MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
- if (!authenticateUser(context, formData)) {
- return;
- }
- setUserToContext(context, formData);
- context.success();
- }
- @Override
- public void authenticate(AuthenticationFlowContext context) {
- LoginFormsProvider forms = context.form();
- Response challenge = forms.createLogin();
- context.challenge(challenge);
- }
- /**
- * @param context Used to store detailed explanation about authentication process and results.
- * @param formData Form fields mapped by field names.
- * @return True if user is successfully authenticated, false if not.
- */
- private boolean authenticateUser(AuthenticationFlowContext context, MultivaluedMap<String, String> formData) {
- String username = formData.getFirst(AuthenticationManager.FORM_USERNAME);
- if (username == null || "".equals(username)) {
- context.getEvent().error(Errors.USERNAME_MISSING);
- Response challenge = context.form()
- .setError(Messages.MISSING_USERNAME)
- .createLogin();
- context.forceChallenge(challenge);
- return false;
- }
- String password = formData.getFirst("password");
- if (password == null || "".equals(password)) {
- context.getEvent().error(Errors.PASSWORD_MISSING);
- Response challenge = context.form()
- .setError(Messages.MISSING_PASSWORD)
- .createLogin();
- context.forceChallenge(challenge);
- return false;
- }
- KeycloakSession session = context.getSession();
- RealmModel realm = session.realms().getRealmByName("open");
- if (realm.isBruteForceProtected()) {
- // if (session.getProvider(BruteForceProtector.class).isTemporarilyDisabled(session, realm, user)) {
- // event.error(Errors.USER_TEMPORARILY_DISABLED);
- // return ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, Messages.ACCOUNT_DISABLED);
- // }
- // some logic
- }
- private void setUserToContext(AuthenticationFlowContext context, MultivaluedMap<String, String> formData) {
- String username = formData.getFirst("username");
- UserModel user = KeycloakModelUtils.findUserByNameOrEmail(
- context.getSession(),
- context.getRealm(),
- username
- );
- if (user == null) {
- KeycloakSession session = context.getSession();
- RealmModel realm = session.realms().getRealmByName("open");
- user = session.users().addUser(realm, username);
- user.setEmail(username);
- user.setEnabled(true);
- user.setEmailVerified(true);
- List<GroupModel> groups = realm.getGroups();
- for (GroupModel group: groups) {
- user.joinGroup(group);
- }
- }
- context.setUser(user);
- }
- }
Add Comment
Please, Sign In to add comment