/**
* Delete execution
*
* @param execution Execution id
*/
@Path("/executions/{executionId}")
@DELETE
@NoCache
public void removeExecution(@PathParam("executionId") String execution) {
auth.requireManage();
AuthenticationExecutionModel model = realm.getAuthenticationExecutionById(execution);
if (model == null) {
session.getTransaction().setRollbackOnly();
throw new NotFoundException("Illegal execution");
}
AuthenticationFlowModel parentFlow = getParentFlow(model);
if (parentFlow.isBuiltIn()) {
throw new BadRequestException("It is illegal to remove execution from a built in flow");
}
if (model.getFlowId() != null) {
AuthenticationFlowModel nonTopLevelFlow = realm.getAuthenticationFlowById(model.getFlowId());
realm.removeAuthenticationFlow(nonTopLevelFlow);
}
realm.removeAuthenticatorExecution(model);
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
}
/**
* Lower execution's priority
*
* @param execution Execution id
*/
@Path("/executions/{executionId}/lower-priority")
@POST
@NoCache
public void lowerPriority(@PathParam("executionId") String execution) {
auth.requireManage();
AuthenticationExecutionModel model = realm.getAuthenticationExecutionById(execution);
if (model == null) {
session.getTransaction().setRollbackOnly();
throw new NotFoundException("Illegal execution");
}
AuthenticationFlowModel parentFlow = getParentFlow(model);
if (parentFlow.isBuiltIn()) {
throw new BadRequestException("It is illegal to modify execution in a built in flow");
}
List<AuthenticationExecutionModel> executions = getSortedExecutions(parentFlow);
int i = 0;
for (i = 0; i < executions.size(); i++) {
if (executions.get(i).getId().equals(model.getId())) {
break;
}
}
if (i + 1 >= executions.size()) return;
AuthenticationExecutionModel next = executions.get(i + 1);
int tmp = model.getPriority();
model.setPriority(next.getPriority());
realm.updateAuthenticatorExecution(model);
next.setPriority(tmp);
realm.updateAuthenticatorExecution(next);
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).success();
}
/**
* Raise execution's priority
*
* @param execution Execution id
*/
@Path("/executions/{executionId}/raise-priority")
@POST
@NoCache
public void raisePriority(@PathParam("executionId") String execution) {
auth.requireManage();
AuthenticationExecutionModel model = realm.getAuthenticationExecutionById(execution);
if (model == null) {
session.getTransaction().setRollbackOnly();
throw new NotFoundException("Illegal execution");
}
AuthenticationFlowModel parentFlow = getParentFlow(model);
if (parentFlow.isBuiltIn()) {
throw new BadRequestException("It is illegal to modify execution in a built in flow");
}
List<AuthenticationExecutionModel> executions = getSortedExecutions(parentFlow);
AuthenticationExecutionModel previous = null;
for (AuthenticationExecutionModel exe : executions) {
if (exe.getId().equals(model.getId())) {
break;
}
previous = exe;
}
if (previous == null) return;
int tmp = previous.getPriority();
previous.setPriority(model.getPriority());
realm.updateAuthenticatorExecution(previous);
model.setPriority(tmp);
realm.updateAuthenticatorExecution(model);
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).success();
}
/**
* Delete an authentication flow
*
* @param id Flow id
*/
@Path("/flows/{id}")
@DELETE
@NoCache
public void deleteFlow(@PathParam("id") String id) {
auth.requireManage();
AuthenticationFlowModel flow = realm.getAuthenticationFlowById(id);
if (flow == null) {
throw new NotFoundException("Could not find flow with id");
}
if (flow.isBuiltIn()) {
throw new BadRequestException("Can't delete built in flow");
}
List<AuthenticationExecutionModel> executions = realm.getAuthenticationExecutions(id);
for (AuthenticationExecutionModel execution : executions) {
if (execution.getFlowId() != null) {
AuthenticationFlowModel nonTopLevelFlow =
realm.getAuthenticationFlowById(execution.getFlowId());
realm.removeAuthenticationFlow(nonTopLevelFlow);
}
realm.removeAuthenticatorExecution(execution);
}
realm.removeAuthenticationFlow(flow);
// Use just one event for top-level flow. Using separate events won't work properly for flows of
// depth 2 or bigger
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
}
/**
* Add new authentication execution to a flow
*
* @param flowAlias Alias of parent flow
* @param data New execution JSON data containing 'provider' attribute
*/
@Path("/flows/{flowAlias}/executions/execution")
@POST
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
public void addExecution(@PathParam("flowAlias") String flowAlias, Map<String, String> data) {
auth.requireManage();
AuthenticationFlowModel parentFlow = realm.getFlowByAlias(flowAlias);
if (parentFlow == null) {
throw new BadRequestException("Parent flow doesn't exists");
}
if (parentFlow.isBuiltIn()) {
throw new BadRequestException("It is illegal to add execution to a built in flow");
}
String provider = data.get("provider");
// make sure provider is one of the registered providers
ProviderFactory f;
if (parentFlow.getProviderId().equals(AuthenticationFlow.CLIENT_FLOW)) {
f =
session
.getKeycloakSessionFactory()
.getProviderFactory(ClientAuthenticator.class, provider);
} else if (parentFlow.getProviderId().equals(AuthenticationFlow.FORM_FLOW)) {
f = session.getKeycloakSessionFactory().getProviderFactory(FormAction.class, provider);
} else {
f = session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, provider);
}
if (f == null) {
throw new BadRequestException("No authentication provider found for id: " + provider);
}
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
execution.setParentFlow(parentFlow.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
execution.setAuthenticatorFlow(false);
execution.setAuthenticator(provider);
execution.setPriority(getNextPriority(parentFlow));
execution = realm.addAuthenticatorExecution(execution);
data.put("id", execution.getId());
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(data).success();
}
/**
* Add new authentication execution
*
* @param execution JSON model describing authentication execution
*/
@Path("/executions")
@POST
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
public Response addExecution(AuthenticationExecutionRepresentation execution) {
auth.requireManage();
AuthenticationExecutionModel model = RepresentationToModel.toModel(realm, execution);
AuthenticationFlowModel parentFlow = getParentFlow(model);
if (parentFlow.isBuiltIn()) {
throw new BadRequestException("It is illegal to add execution to a built in flow");
}
model.setPriority(getNextPriority(parentFlow));
model = realm.addAuthenticatorExecution(model);
adminEvent
.operation(OperationType.CREATE)
.resourcePath(uriInfo, model.getId())
.representation(execution)
.success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
}