Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
84f5c09
commit 7209a95
Showing
106 changed files
with
1,579 additions
and
1,368 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
117 changes: 117 additions & 0 deletions
117
...r/src/main/java/org/keycloak/examples/authenticator/SecretQuestionCredentialProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,117 @@ | |||
/* | |||
* Copyright 2016 Red Hat, Inc. and/or its affiliates | |||
* and other contributors as indicated by the @author tags. | |||
* | |||
* Licensed under the Apache License, Version 2.0 (the "License"); | |||
* you may not use this file except in compliance with the License. | |||
* You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, software | |||
* distributed under the License is distributed on an "AS IS" BASIS, | |||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||
* See the License for the specific language governing permissions and | |||
* limitations under the License. | |||
*/ | |||
package org.keycloak.examples.authenticator; | |||
|
|||
import org.keycloak.common.util.Time; | |||
import org.keycloak.credential.CredentialInput; | |||
import org.keycloak.credential.CredentialInputUpdater; | |||
import org.keycloak.credential.CredentialInputValidator; | |||
import org.keycloak.credential.CredentialModel; | |||
import org.keycloak.credential.CredentialProvider; | |||
import org.keycloak.credential.PasswordCredentialProvider; | |||
import org.keycloak.models.KeycloakSession; | |||
import org.keycloak.models.RealmModel; | |||
import org.keycloak.models.UserCredentialModel; | |||
import org.keycloak.models.UserModel; | |||
import org.keycloak.models.cache.CachedUserModel; | |||
import org.keycloak.models.cache.OnUserCache; | |||
|
|||
import java.util.List; | |||
|
|||
/** | |||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> | |||
* @version $Revision: 1 $ | |||
*/ | |||
public class SecretQuestionCredentialProvider implements CredentialProvider, CredentialInputValidator, CredentialInputUpdater, OnUserCache { | |||
public static final String SECRET_QUESTION = "SECRET_QUESTION"; | |||
public static final String CACHE_KEY = SecretQuestionCredentialProvider.class.getName() + "." + SECRET_QUESTION; | |||
|
|||
protected KeycloakSession session; | |||
|
|||
public SecretQuestionCredentialProvider(KeycloakSession session) { | |||
this.session = session; | |||
} | |||
|
|||
public CredentialModel getSecret(RealmModel realm, UserModel user) { | |||
CredentialModel secret = null; | |||
if (user instanceof CachedUserModel) { | |||
CachedUserModel cached = (CachedUserModel)user; | |||
secret = (CredentialModel)cached.getCachedWith().get(CACHE_KEY); | |||
|
|||
} else { | |||
List<CredentialModel> creds = session.userCredentialManager().getStoredCredentialsByType(realm, user, SECRET_QUESTION); | |||
if (!creds.isEmpty()) secret = creds.get(0); | |||
} | |||
return secret; | |||
} | |||
|
|||
|
|||
@Override | |||
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) { | |||
if (!SECRET_QUESTION.equals(input.getType())) return false; | |||
if (!(input instanceof UserCredentialModel)) return false; | |||
UserCredentialModel credInput = (UserCredentialModel) input; | |||
List<CredentialModel> creds = session.userCredentialManager().getStoredCredentialsByType(realm, user, SECRET_QUESTION); | |||
if (creds.isEmpty()) { | |||
CredentialModel secret = new CredentialModel(); | |||
secret.setType(SECRET_QUESTION); | |||
secret.setValue(credInput.getValue()); | |||
secret.setCreatedDate(Time.toMillis(Time.currentTime())); | |||
session.userCredentialManager().createCredential(realm ,user, secret); | |||
} else { | |||
creds.get(0).setValue(credInput.getValue()); | |||
session.userCredentialManager().updateCredential(realm, user, creds.get(0)); | |||
} | |||
session.getUserCache().evict(realm, user); | |||
return true; | |||
} | |||
|
|||
@Override | |||
public void disableCredentialType(RealmModel realm, UserModel user, String credentialType) { | |||
if (!SECRET_QUESTION.equals(credentialType)) return; | |||
session.userCredentialManager().disableCredential(realm, user, credentialType); | |||
session.getUserCache().evict(realm, user); | |||
|
|||
} | |||
|
|||
@Override | |||
public boolean supportsCredentialType(String credentialType) { | |||
return SECRET_QUESTION.equals(credentialType); | |||
} | |||
|
|||
@Override | |||
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType) { | |||
if (!SECRET_QUESTION.equals(credentialType)) return false; | |||
return getSecret(realm, user) != null; | |||
} | |||
|
|||
@Override | |||
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input) { | |||
if (!SECRET_QUESTION.equals(input.getType())) return false; | |||
if (!(input instanceof UserCredentialModel)) return false; | |||
|
|||
String secret = getSecret(realm, user).getValue(); | |||
|
|||
return secret != null && ((UserCredentialModel)input).getValue().equals(secret); | |||
} | |||
|
|||
@Override | |||
public void onCache(RealmModel realm, CachedUserModel user) { | |||
List<CredentialModel> creds = session.userCredentialManager().getStoredCredentialsByType(realm, user, SECRET_QUESTION); | |||
if (!creds.isEmpty()) user.getCachedWith().put(CACHE_KEY, creds.get(0)); | |||
} | |||
} |
37 changes: 37 additions & 0 deletions
37
...ain/java/org/keycloak/examples/authenticator/SecretQuestionCredentialProviderFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,37 @@ | |||
/* | |||
* Copyright 2016 Red Hat, Inc. and/or its affiliates | |||
* and other contributors as indicated by the @author tags. | |||
* | |||
* Licensed under the Apache License, Version 2.0 (the "License"); | |||
* you may not use this file except in compliance with the License. | |||
* You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, software | |||
* distributed under the License is distributed on an "AS IS" BASIS, | |||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||
* See the License for the specific language governing permissions and | |||
* limitations under the License. | |||
*/ | |||
package org.keycloak.examples.authenticator; | |||
|
|||
import org.keycloak.credential.CredentialProvider; | |||
import org.keycloak.credential.CredentialProviderFactory; | |||
import org.keycloak.models.KeycloakSession; | |||
|
|||
/** | |||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> | |||
* @version $Revision: 1 $ | |||
*/ | |||
public class SecretQuestionCredentialProviderFactory implements CredentialProviderFactory<SecretQuestionCredentialProvider> { | |||
@Override | |||
public String getId() { | |||
return "secret-question"; | |||
} | |||
|
|||
@Override | |||
public CredentialProvider create(KeycloakSession session) { | |||
return new SecretQuestionCredentialProvider(session); | |||
} | |||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
...or/src/main/resources/META-INF/services/org.keycloak.credential.CredentialProviderFactory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1 @@ | |||
org.keycloak.examples.authenticator.SecretQuestionCredentialProviderFactory |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.