Пример #1
0
 boolean verifyCode(String code, String requiredAction, String alternativeRequiredAction) {
   if (!verifyCode(code)) {
     return false;
   } else if (!(clientCode.isValidAction(requiredAction)
       || clientCode.isValidAction(alternativeRequiredAction))) {
     event.client(clientCode.getClientSession().getClient());
     event.error(Errors.INVALID_CODE);
     response = ErrorPage.error(session, Messages.INVALID_CODE);
     return false;
   } else if (!(clientCode.isActionActive(requiredAction)
       || clientCode.isActionActive(alternativeRequiredAction))) {
     event.client(clientCode.getClientSession().getClient());
     event.clone().error(Errors.EXPIRED_CODE);
     if (clientCode
         .getClientSession()
         .getAction()
         .equals(ClientSessionModel.Action.AUTHENTICATE.name())) {
       AuthenticationProcessor.resetFlow(clientCode.getClientSession());
       response =
           processAuthentication(null, clientCode.getClientSession(), Messages.LOGIN_TIMEOUT);
     } else {
       if (clientCode.getClientSession().getUserSession() == null) {
         session.sessions().removeClientSession(realm, clientCode.getClientSession());
       }
       response = ErrorPage.error(session, Messages.EXPIRED_CODE);
     }
     return false;
   } else {
     return true;
   }
 }
Пример #2
0
  protected Response processFlow(
      String execution,
      ClientSessionModel clientSession,
      String flowPath,
      AuthenticationFlowModel flow,
      String errorMessage) {
    AuthenticationProcessor processor = new AuthenticationProcessor();
    processor
        .setClientSession(clientSession)
        .setFlowPath(flowPath)
        .setFlowId(flow.getId())
        .setConnection(clientConnection)
        .setEventBuilder(event)
        .setProtector(authManager.getProtector())
        .setRealm(realm)
        .setSession(session)
        .setUriInfo(uriInfo)
        .setRequest(request);
    if (errorMessage != null)
      processor.setForwardedErrorMessage(new FormMessage(null, errorMessage));

    try {
      if (execution != null) {
        return processor.authenticationAction(execution);
      } else {
        return processor.authenticate();
      }
    } catch (Exception e) {
      return processor.handleBrowserException(e);
    }
  }