public abstract class KeycloakLoginModule extends FileLoginModule implements Loggable
callbackHandler, ENCRYPTED_DATA_SEP, groupFile, loginFile, subject, tenantFile
Constructor and Description |
---|
KeycloakLoginModule()
Creates a new instance of KeycloakLoginModule
|
Modifier and Type | Method and Description |
---|---|
boolean |
abort()
Aborts the login operation
|
boolean |
commit() |
protected abstract String |
getKeycloakConfigFileName()
Retrieves Keycloak configuration file name.
|
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
Initialize this
KeycloakLoginModule . |
boolean |
login()
Authenticate the user by getting the username and password from the
CallbackHandler.
|
boolean |
logout()
Logs out the user and invalidates Keycloak access tokens
|
protected void |
parseAccessTokenResponse(org.keycloak.representations.AccessToken accessToken,
String tokenString)
Parses the verified tokens and extract the user principal and roles
|
checkGroupFile, checkLoginFile, checkTenantFile, getConfiguredDomains, getGroupFileName, getLoginFileName, getPrivateKey, getTenantFileName, groupMembershipFromFile, isLegacyPasswordEncryption, logUser, removeOldFailedAttempts, resetFailedAttempt, retryInHowManyMinutes, storeFailedAttempt, tenantMembershipFromFile, tooManyFailedAttempts
public KeycloakLoginModule()
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
KeycloakLoginModule
.
initialize
in interface LoginModule
initialize
in class FileLoginModule
subject
- the Subject
not to be authenticated.
callbackHandler
- a CallbackHandler
to get the credentials of the
user, must work with NoCallback
callbacks.
sharedState
- State shared with other configured LoginModules. options
- Options specified in the login
Configuration
for this particular
KeycloakLoginModule
.LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
public boolean login() throws LoginException
login
in interface LoginModule
login
in class FileLoginModule
LoginException
- if this KeycloakLoginModule is unable to
perform the authentication.LoginModule.login()
protected void parseAccessTokenResponse(org.keycloak.representations.AccessToken accessToken, String tokenString)
accessToken
- Token to be parsedtokenString
- Token in raw (JSON) formatpublic boolean commit()
commit
in interface LoginModule
commit
in class FileLoginModule
LoginModule.commit()
public boolean abort()
abort
in interface LoginModule
abort
in class FileLoginModule
LoginModule.abort()
public boolean logout()
logout
in interface LoginModule
logout
in class FileLoginModule
LoginModule.logout()
protected abstract String getKeycloakConfigFileName()