auth spi initialization

keycloak · May 27, 2015 · a1f7cfa · a1f7cfa
1 parent f5e301f
commit a1f7cfa
Show file tree

Hide file tree

Showing 6 changed files with 262 additions and 53 deletions.
diff --git a/model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java b/model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java
@@ -1,6 +1,7 @@
 package org.keycloak.migration;
 
 import org.jboss.logging.Logger;
+import org.keycloak.migration.migrators.MigrateTo1_3_0_Beta1;
 import org.keycloak.migration.migrators.MigrationTo1_2_0_CR1;
 import org.keycloak.models.KeycloakSession;
 
@@ -24,6 +25,12 @@ public static void migrate(KeycloakSession session) {
             }
             new MigrationTo1_2_0_CR1().migrate(session);
         }
+        if (stored == null || stored.lessThan(MigrateTo1_3_0_Beta1.VERSION)) {
+            if (stored != null) {
+                logger.debug("Migrating older model to 1.3.0.Beta1 updates");
+            }
+            new MigrateTo1_3_0_Beta1().migrate(session);
+        }
 
         model.setStoredVersion(MigrationModel.LATEST_VERSION);
     }

diff --git a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java
@@ -0,0 +1,27 @@
+package org.keycloak.migration.migrators;
+
+import org.keycloak.migration.ModelVersion;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.utils.DefaultAuthenticationFlows;
+
+import java.util.List;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class MigrateTo1_3_0_Beta1 {
+    public static final ModelVersion VERSION = new ModelVersion("1.3.0.Beta1");
+
+
+    public void migrate(KeycloakSession session) {
+        List<RealmModel> realms = session.realms().getRealms();
+        for (RealmModel realm : realms) {
+            if (realm.getAuthenticationFlows().size() == 0) {
+                DefaultAuthenticationFlows.addFlows(realm);
+            }
+        }
+
+    }
+}
diff --git a/model/api/src/main/java/org/keycloak/models/AuthenticationExecutionModel.java b/model/api/src/main/java/org/keycloak/models/AuthenticationExecutionModel.java
@@ -78,6 +78,23 @@ public void setAutheticatorFlow(boolean autheticatorFlow) {
     public enum Requirement {
         REQUIRED,
         OPTIONAL,
-        ALTERNATIVE
+        ALTERNATIVE,
+        DISABLED
+    }
+
+    public boolean isRequired() {
+        return requirement == Requirement.REQUIRED;
+    }
+    public boolean isOptional() {
+        return requirement == Requirement.OPTIONAL;
+    }
+    public boolean isAlternative() {
+        return requirement == Requirement.ALTERNATIVE;
+    }
+    public boolean isDisabled() {
+        return requirement == Requirement.DISABLED;
+    }
+    public boolean isEnabled() {
+        return requirement != Requirement.DISABLED;
     }
 }
diff --git a/model/api/src/main/java/org/keycloak/models/utils/DefaultAuthenticationFlows.java b/model/api/src/main/java/org/keycloak/models/utils/DefaultAuthenticationFlows.java
@@ -0,0 +1,92 @@
+package org.keycloak.models.utils;
+
+import org.keycloak.models.AuthenticationExecutionModel;
+import org.keycloak.models.AuthenticationFlowModel;
+import org.keycloak.models.AuthenticatorModel;
+import org.keycloak.models.RealmModel;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class DefaultAuthenticationFlows {
+    public static void addFlows(RealmModel realm) {
+        AuthenticatorModel model = new AuthenticatorModel();
+        model.setProviderId("auth-cookie");
+        model.setAlias("Cookie");
+        AuthenticatorModel cookieAuth = realm.addAuthenticator(model);
+        model = new AuthenticatorModel();
+        model.setProviderId("auth-login-form-otp");
+        model.setAlias("Login Form OTP");
+        AuthenticatorModel loginFormOtp = realm.addAuthenticator(model);
+        model = new AuthenticatorModel();
+        model.setProviderId("auth-login-form-password");
+        model.setAlias("Login Form Password");
+        AuthenticatorModel password = realm.addAuthenticator(model);
+        model = new AuthenticatorModel();
+        model.setProviderId("auth-login-form-username");
+        model.setAlias("Login Form Username");
+        AuthenticatorModel username = realm.addAuthenticator(model);
+        model = new AuthenticatorModel();
+        model.setProviderId("auth-otp-form");
+        model.setAlias("Single OTP Form");
+        AuthenticatorModel otp = realm.addAuthenticator(model);
+
+        AuthenticationFlowModel browser = new AuthenticationFlowModel();
+        browser.setAlias("browser");
+        browser.setDescription("browser based authentication");
+        browser = realm.addAuthenticationFlow(browser);
+        AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
+        execution.setParentFlow(browser.getId());
+        execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
+        execution.setAuthenticator(cookieAuth.getId());
+        execution.setPriority(0);
+        execution.setUserSetupAllowed(false);
+        execution.setAutheticatorFlow(false);
+        realm.addAuthenticatorExecution(execution);
+        AuthenticationFlowModel forms = new AuthenticationFlowModel();
+        forms.setAlias("forms");
+        forms.setDescription("Username, password, otp and other auth forms.");
+        forms = realm.addAuthenticationFlow(forms);
+        execution = new AuthenticationExecutionModel();
+        execution.setParentFlow(browser.getId());
+        execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
+        execution.setAuthenticator(forms.getId());
+        execution.setPriority(1);
+        execution.setUserSetupAllowed(false);
+        execution.setAutheticatorFlow(true);
+        realm.addAuthenticatorExecution(execution);
+
+        // forms
+        // Username processing
+        execution = new AuthenticationExecutionModel();
+        execution.setParentFlow(forms.getId());
+        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
+        execution.setAuthenticator(username.getId());
+        execution.setPriority(10);
+        execution.setUserSetupAllowed(false);
+        execution.setAutheticatorFlow(false);
+        realm.addAuthenticatorExecution(execution);
+
+        // password processing
+        execution = new AuthenticationExecutionModel();
+        execution.setParentFlow(forms.getId());
+        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
+        execution.setAuthenticator(password.getId());
+        execution.setPriority(11);
+        execution.setUserSetupAllowed(false);
+        execution.setAutheticatorFlow(false);
+        realm.addAuthenticatorExecution(execution);
+
+        // otp processing
+        execution = new AuthenticationExecutionModel();
+        execution.setParentFlow(forms.getId());
+        execution.setRequirement(AuthenticationExecutionModel.Requirement.OPTIONAL);
+        execution.setAuthenticator(otp.getId());
+        execution.setPriority(12);
+        execution.setUserSetupAllowed(true);
+        execution.setAutheticatorFlow(false);
+        realm.addAuthenticatorExecution(execution);
+
+    }
+}