Skip to content

Commit

Permalink
brute force refactr, mv protocol
Browse files Browse the repository at this point in the history
  • Loading branch information
@patriot1burke
patriot1burke committed Jan 16, 2016
1 parent 5017d71 commit 007e953
Show file tree
Hide file tree
Showing 33 changed files with 159 additions and 88 deletions.
4 changes: 2 additions & 2 deletions saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocolFactory.java
View file
Expand Up @@ -32,8 +32,8 @@
public class SamlProtocolFactory extends AbstractLoginProtocolFactory { public class SamlProtocolFactory extends AbstractLoginProtocolFactory {


@Override @Override
public Object createProtocolEndpoint(RealmModel realm, EventBuilder event, AuthenticationManager authManager) { public Object createProtocolEndpoint(RealmModel realm, EventBuilder event) {
return new SamlService(realm, event, authManager); return new SamlService(realm, event);
} }


@Override @Override
Expand Down
6 changes: 3 additions & 3 deletions saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
View file
Expand Up @@ -61,8 +61,8 @@ public class SamlService extends AuthorizationEndpointBase {


protected static final Logger logger = Logger.getLogger(SamlService.class); protected static final Logger logger = Logger.getLogger(SamlService.class);


public SamlService(RealmModel realm, EventBuilder event, AuthenticationManager authManager) { public SamlService(RealmModel realm, EventBuilder event) {
super(realm, event, authManager); super(realm, event);
} }


public abstract class BindingProtocol { public abstract class BindingProtocol {
Expand Down Expand Up @@ -556,7 +556,7 @@ public Response idpInitiatedSSO(@PathParam("client") String clientUrlName, @Quer
@POST @POST
@Consumes("application/soap+xml") @Consumes("application/soap+xml")
public Response soapBinding(InputStream inputStream) { public Response soapBinding(InputStream inputStream) {
SamlEcpProfileService bindingService = new SamlEcpProfileService(realm, event, authManager); SamlEcpProfileService bindingService = new SamlEcpProfileService(realm, event);


ResteasyProviderFactory.getInstance().injectProperties(bindingService); ResteasyProviderFactory.getInstance().injectProperties(bindingService);


Expand Down
4 changes: 2 additions & 2 deletions ...-protocol/src/main/java/org/keycloak/protocol/saml/profile/ecp/SamlEcpProfileService.java
View file
Expand Up @@ -36,8 +36,8 @@ public class SamlEcpProfileService extends SamlService {
private static final String NS_PREFIX_SAML_PROTOCOL = "samlp"; private static final String NS_PREFIX_SAML_PROTOCOL = "samlp";
private static final String NS_PREFIX_SAML_ASSERTION = "saml"; private static final String NS_PREFIX_SAML_ASSERTION = "saml";


public SamlEcpProfileService(RealmModel realm, EventBuilder event, AuthenticationManager authManager) { public SamlEcpProfileService(RealmModel realm, EventBuilder event) {
super(realm, event, authManager); super(realm, event);
} }


public Response authenticate(InputStream inputStream) { public Response authenticate(InputStream inputStream) {
Expand Down
0 ...rotocol/AbstractLoginProtocolFactory.java → ...rotocol/AbstractLoginProtocolFactory.java
View file
File renamed without changes.
0 .../protocol/ClientInstallationProvider.java → .../protocol/ClientInstallationProvider.java
View file
File renamed without changes.
0 ...cloak/protocol/ClientInstallationSpi.java → ...cloak/protocol/ClientInstallationSpi.java
View file
File renamed without changes.
0 .../org/keycloak/protocol/LoginProtocol.java → .../org/keycloak/protocol/LoginProtocol.java
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...ycloak/protocol/LoginProtocolFactory.java → ...ycloak/protocol/LoginProtocolFactory.java
View file
Expand Up @@ -30,7 +30,7 @@ public interface LoginProtocolFactory extends ProviderFactory<LoginProtocol> {
*/ */
List<ProtocolMapperModel> getDefaultBuiltinMappers(); List<ProtocolMapperModel> getDefaultBuiltinMappers();


Object createProtocolEndpoint(RealmModel realm, EventBuilder event, AuthenticationManager authManager); Object createProtocolEndpoint(RealmModel realm, EventBuilder event);


/** /**
* Setup default values for new clients. This expects that the representation has already set up the client * Setup default values for new clients. This expects that the representation has already set up the client
Expand Down
0 ...g/keycloak/protocol/LoginProtocolSpi.java → ...g/keycloak/protocol/LoginProtocolSpi.java
View file
File renamed without changes.
0 ...org/keycloak/protocol/ProtocolMapper.java → ...org/keycloak/protocol/ProtocolMapper.java
View file
File renamed without changes.
0 .../keycloak/protocol/ProtocolMapperSpi.java → .../keycloak/protocol/ProtocolMapperSpi.java
View file
File renamed without changes.
16 changes: 16 additions & 0 deletions server-spi/src/main/java/org/keycloak/services/managers/BruteForceProtector.java
View file
@@ -0,0 +1,16 @@
package org.keycloak.services.managers;

import org.keycloak.common.ClientConnection;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.Provider;

/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface BruteForceProtector extends Provider {
void failedLogin(RealmModel realm, String username, ClientConnection clientConnection);

boolean isTemporarilyDisabled(KeycloakSession session, RealmModel realm, String username);
}
10 changes: 10 additions & 0 deletions server-spi/src/main/java/org/keycloak/services/managers/BruteForceProtectorFactory.java
View file
@@ -0,0 +1,10 @@
package org.keycloak.services.managers;

import org.keycloak.provider.ProviderFactory;

/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface BruteForceProtectorFactory extends ProviderFactory<BruteForceProtector> {
}
34 changes: 34 additions & 0 deletions server-spi/src/main/java/org/keycloak/services/managers/BruteForceProtectorSpi.java
View file
@@ -0,0 +1,34 @@
package org.keycloak.services.managers;

import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderFactory;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.Spi;

/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class BruteForceProtectorSpi implements Spi {

@Override
public boolean isInternal() {
return true;
}

@Override
public String getName() {
return "bruteForceProtector";
}

@Override
public Class<? extends Provider> getProviderClass() {
return BruteForceProtector.class;
}

@Override
public Class<? extends ProviderFactory> getProviderFactoryClass() {
return BruteForceProtectorFactory.class;
}

}
0 .../services/managers/ClientSessionCode.java → .../services/managers/ClientSessionCode.java
View file
File renamed without changes.
5 changes: 5 additions & 0 deletions server-spi/src/main/resources/META-INF/services/org.keycloak.provider.Spi
View file
Expand Up @@ -11,3 +11,8 @@ org.keycloak.events.EventStoreSpi
org.keycloak.exportimport.ExportSpi org.keycloak.exportimport.ExportSpi
org.keycloak.exportimport.ImportSpi org.keycloak.exportimport.ImportSpi
org.keycloak.timer.TimerSpi org.keycloak.timer.TimerSpi
org.keycloak.services.managers.BruteForceProtectorSpi
org.keycloak.protocol.ClientInstallationSpi
org.keycloak.protocol.LoginProtocolSpi
org.keycloak.protocol.ProtocolMapperSpi

15 changes: 8 additions & 7 deletions services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
View file
Expand Up @@ -84,6 +84,13 @@ public AuthenticationProcessor setBrowserFlow(boolean browserFlow) {
return this; return this;
} }


public BruteForceProtector getBruteForceProtector() {
if (protector == null) {
protector = session.getProvider(BruteForceProtector.class);
}
return protector;
}

public RealmModel getRealm() { public RealmModel getRealm() {
return realm; return realm;
} }
Expand Down Expand Up @@ -149,11 +156,6 @@ public AuthenticationProcessor setSession(KeycloakSession session) {
return this; return this;
} }


public AuthenticationProcessor setProtector(BruteForceProtector protector) {
this.protector = protector;
return this;
}

public AuthenticationProcessor setEventBuilder(EventBuilder eventBuilder) { public AuthenticationProcessor setEventBuilder(EventBuilder eventBuilder) {
this.event = eventBuilder; this.event = eventBuilder;
return this; return this;
Expand Down Expand Up @@ -405,7 +407,7 @@ public void attachUserSession(UserSessionModel userSession) {


@Override @Override
public BruteForceProtector getProtector() { public BruteForceProtector getProtector() {
return AuthenticationProcessor.this.protector; return AuthenticationProcessor.this.getBruteForceProtector();
} }


@Override @Override
Expand Down Expand Up @@ -571,7 +573,6 @@ public Response handleBrowserException(Exception failure) {
.setForwardedSuccessMessage(reset.getSuccessMessage()) .setForwardedSuccessMessage(reset.getSuccessMessage())
.setConnection(connection) .setConnection(connection)
.setEventBuilder(event) .setEventBuilder(event)
.setProtector(protector)
.setRealm(realm) .setRealm(realm)
.setSession(session) .setSession(session)
.setUriInfo(uriInfo) .setUriInfo(uriInfo)
Expand Down
4 changes: 1 addition & 3 deletions services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java
View file
Expand Up @@ -48,10 +48,9 @@ public abstract class AuthorizationEndpointBase {
@Context @Context
protected ClientConnection clientConnection; protected ClientConnection clientConnection;


public AuthorizationEndpointBase(RealmModel realm, EventBuilder event, AuthenticationManager authManager) { public AuthorizationEndpointBase(RealmModel realm, EventBuilder event) {
this.realm = realm; this.realm = realm;
this.event = event; this.event = event;
this.authManager = authManager;
} }


protected AuthenticationProcessor createProcessor(ClientSessionModel clientSession, String flowId, String flowPath) { protected AuthenticationProcessor createProcessor(ClientSessionModel clientSession, String flowId, String flowPath) {
Expand All @@ -62,7 +61,6 @@ protected AuthenticationProcessor createProcessor(ClientSessionModel clientSessi
.setBrowserFlow(true) .setBrowserFlow(true)
.setConnection(clientConnection) .setConnection(clientConnection)
.setEventBuilder(event) .setEventBuilder(event)
.setProtector(authManager.getProtector())
.setRealm(realm) .setRealm(realm)
.setSession(session) .setSession(session)
.setUriInfo(uriInfo) .setUriInfo(uriInfo)
Expand Down
4 changes: 2 additions & 2 deletions services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
View file
Expand Up @@ -160,8 +160,8 @@ protected void addDefaults(ClientModel client) {
} }


@Override @Override
public Object createProtocolEndpoint(RealmModel realm, EventBuilder event, AuthenticationManager authManager) { public Object createProtocolEndpoint(RealmModel realm, EventBuilder event) {
return new OIDCLoginProtocolService(realm, event, authManager); return new OIDCLoginProtocolService(realm, event);
} }


@Override @Override
Expand Down
22 changes: 10 additions & 12 deletions services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java
View file
Expand Up @@ -45,7 +45,6 @@ public class OIDCLoginProtocolService {
private RealmModel realm; private RealmModel realm;
private TokenManager tokenManager; private TokenManager tokenManager;
private EventBuilder event; private EventBuilder event;
private AuthenticationManager authManager;


@Context @Context
private UriInfo uriInfo; private UriInfo uriInfo;
Expand All @@ -56,11 +55,10 @@ public class OIDCLoginProtocolService {
@Context @Context
private HttpHeaders headers; private HttpHeaders headers;


public OIDCLoginProtocolService(RealmModel realm, EventBuilder event, AuthenticationManager authManager) { public OIDCLoginProtocolService(RealmModel realm, EventBuilder event) {
this.realm = realm; this.realm = realm;
this.tokenManager = new TokenManager(); this.tokenManager = new TokenManager();
this.event = event; this.event = event;
this.authManager = authManager;
} }


public static UriBuilder tokenServiceBaseUrl(UriInfo uriInfo) { public static UriBuilder tokenServiceBaseUrl(UriInfo uriInfo) {
Expand Down Expand Up @@ -117,7 +115,7 @@ public static UriBuilder logoutUrl(UriBuilder baseUriBuilder) {
*/ */
@Path("auth") @Path("auth")
public Object auth() { public Object auth() {
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event); AuthorizationEndpoint endpoint = new AuthorizationEndpoint(realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint; return endpoint;
} }
Expand All @@ -127,7 +125,7 @@ public Object auth() {
*/ */
@Path("registrations") @Path("registrations")
public Object registerPage() { public Object registerPage() {
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event); AuthorizationEndpoint endpoint = new AuthorizationEndpoint(realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.register(); return endpoint.register();
} }
Expand All @@ -137,7 +135,7 @@ public Object registerPage() {
*/ */
@Path("forgot-credentials") @Path("forgot-credentials")
public Object forgotCredentialsPage() { public Object forgotCredentialsPage() {
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event); AuthorizationEndpoint endpoint = new AuthorizationEndpoint(realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.forgotCredentials(); return endpoint.forgotCredentials();
} }
Expand All @@ -147,15 +145,15 @@ public Object forgotCredentialsPage() {
*/ */
@Path("token") @Path("token")
public Object token() { public Object token() {
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); TokenEndpoint endpoint = new TokenEndpoint(tokenManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint; return endpoint;
} }


@Path("login") @Path("login")
@Deprecated @Deprecated
public Object loginPage() { public Object loginPage() {
AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event); AuthorizationEndpoint endpoint = new AuthorizationEndpoint(realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.legacy(OIDCLoginProtocol.CODE_PARAM); return endpoint.legacy(OIDCLoginProtocol.CODE_PARAM);
} }
Expand All @@ -170,23 +168,23 @@ public Object getLoginStatusIframe() {
@Path("grants/access") @Path("grants/access")
@Deprecated @Deprecated
public Object grantAccessToken() { public Object grantAccessToken() {
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); TokenEndpoint endpoint = new TokenEndpoint(tokenManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.legacy(OAuth2Constants.PASSWORD); return endpoint.legacy(OAuth2Constants.PASSWORD);
} }


@Path("refresh") @Path("refresh")
@Deprecated @Deprecated
public Object refreshAccessToken() { public Object refreshAccessToken() {
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); TokenEndpoint endpoint = new TokenEndpoint(tokenManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.legacy(OAuth2Constants.REFRESH_TOKEN); return endpoint.legacy(OAuth2Constants.REFRESH_TOKEN);
} }


@Path("access/codes") @Path("access/codes")
@Deprecated @Deprecated
public Object accessCodeToToken() { public Object accessCodeToToken() {
TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); TokenEndpoint endpoint = new TokenEndpoint(tokenManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.legacy(OAuth2Constants.AUTHORIZATION_CODE); return endpoint.legacy(OAuth2Constants.AUTHORIZATION_CODE);
} }
Expand Down Expand Up @@ -225,7 +223,7 @@ public Object issueUserInfo() {


@Path("logout") @Path("logout")
public Object logout() { public Object logout() {
LogoutEndpoint endpoint = new LogoutEndpoint(tokenManager, authManager, realm, event); LogoutEndpoint endpoint = new LogoutEndpoint(tokenManager, realm, event);
ResteasyProviderFactory.getInstance().injectProperties(endpoint); ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint; return endpoint;
} }
Expand Down
4 changes: 2 additions & 2 deletions services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
View file
Expand Up @@ -63,8 +63,8 @@ private enum Action {


private String legacyResponseType; private String legacyResponseType;


public AuthorizationEndpoint(AuthenticationManager authManager, RealmModel realm, EventBuilder event) { public AuthorizationEndpoint(RealmModel realm, EventBuilder event) {
super(realm, event, authManager); super(realm, event);
event.event(EventType.LOGIN); event.event(EventType.LOGIN);
} }


Expand Down
10 changes: 4 additions & 6 deletions services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java
View file
Expand Up @@ -61,13 +61,11 @@ public class LogoutEndpoint {
private UriInfo uriInfo; private UriInfo uriInfo;


private TokenManager tokenManager; private TokenManager tokenManager;
private AuthenticationManager authManager;
private RealmModel realm; private RealmModel realm;
private EventBuilder event; private EventBuilder event;


public LogoutEndpoint(TokenManager tokenManager, AuthenticationManager authManager, RealmModel realm, EventBuilder event) { public LogoutEndpoint(TokenManager tokenManager, RealmModel realm, EventBuilder event) {
this.tokenManager = tokenManager; this.tokenManager = tokenManager;
this.authManager = authManager;
this.realm = realm; this.realm = realm;
this.event = event; this.event = event;
} }
Expand Down Expand Up @@ -117,7 +115,7 @@ public Response logout(@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String
} }


// authenticate identity cookie, but ignore an access token timeout as we're logging out anyways. // authenticate identity cookie, but ignore an access token timeout as we're logging out anyways.
AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, false); AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false);
if (authResult != null) { if (authResult != null) {
userSession = userSession != null ? userSession : authResult.getSession(); userSession = userSession != null ? userSession : authResult.getSession();
if (redirect != null) userSession.setNote(OIDCLoginProtocol.LOGOUT_REDIRECT_URI, redirect); if (redirect != null) userSession.setNote(OIDCLoginProtocol.LOGOUT_REDIRECT_URI, redirect);
Expand All @@ -129,7 +127,7 @@ public Response logout(@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String
return response; return response;
} else if (userSession != null) { // non browser logout } else if (userSession != null) { // non browser logout
event.event(EventType.LOGOUT); event.event(EventType.LOGOUT);
authManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true); AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true);
event.user(userSession.getUser()).session(userSession).success(); event.user(userSession.getUser()).session(userSession).success();
} }


Expand Down Expand Up @@ -185,7 +183,7 @@ public Response logoutToken(final @HeaderParam(HttpHeaders.AUTHORIZATION) String
} }


private void logout(UserSessionModel userSession) { private void logout(UserSessionModel userSession) {
authManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true); AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true);
event.user(userSession.getUser()).session(userSession).success(); event.user(userSession.getUser()).session(userSession).success();
} }


Expand Down
5 changes: 1 addition & 4 deletions services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
View file
Expand Up @@ -76,7 +76,6 @@ private enum Action {
private ClientConnection clientConnection; private ClientConnection clientConnection;


private final TokenManager tokenManager; private final TokenManager tokenManager;
private final AuthenticationManager authManager;
private final RealmModel realm; private final RealmModel realm;
private final EventBuilder event; private final EventBuilder event;


Expand All @@ -86,9 +85,8 @@ private enum Action {


private String legacyGrantType; private String legacyGrantType;


public TokenEndpoint(TokenManager tokenManager, AuthenticationManager authManager, RealmModel realm, EventBuilder event) { public TokenEndpoint(TokenManager tokenManager, RealmModel realm, EventBuilder event) {
this.tokenManager = tokenManager; this.tokenManager = tokenManager;
this.authManager = authManager;
this.realm = realm; this.realm = realm;
this.event = event; this.event = event;
} }
Expand Down Expand Up @@ -372,7 +370,6 @@ public Response buildResourceOwnerPasswordCredentialsGrant() {
.setFlowId(flowId) .setFlowId(flowId)
.setConnection(clientConnection) .setConnection(clientConnection)
.setEventBuilder(event) .setEventBuilder(event)
.setProtector(authManager.getProtector())
.setRealm(realm) .setRealm(realm)
.setSession(session) .setSession(session)
.setUriInfo(uriInfo) .setUriInfo(uriInfo)
Expand Down
5 changes: 0 additions & 5 deletions services/src/main/java/org/keycloak/services/listeners/KeycloakSessionDestroyListener.java
View file
@@ -1,7 +1,6 @@
package org.keycloak.services.listeners; package org.keycloak.services.listeners;


import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.services.managers.BruteForceProtector;


import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener; import javax.servlet.ServletContextListener;
Expand All @@ -17,10 +16,6 @@ public void contextInitialized(ServletContextEvent sce) {


@Override @Override
public void contextDestroyed(ServletContextEvent sce) { public void contextDestroyed(ServletContextEvent sce) {
BruteForceProtector protector = (BruteForceProtector) sce.getServletContext().getAttribute(BruteForceProtector.class.getName());
if (protector != null) {
protector.shutdown();
}
KeycloakSessionFactory sessionFactory = (KeycloakSessionFactory) sce.getServletContext().getAttribute(KeycloakSessionFactory.class.getName()); KeycloakSessionFactory sessionFactory = (KeycloakSessionFactory) sce.getServletContext().getAttribute(KeycloakSessionFactory.class.getName());
if (sessionFactory != null) { if (sessionFactory != null) {
sessionFactory.close(); sessionFactory.close();
Expand Down

0 comments on commit 007e953

Please sign in to comment.