java.lang.Object
- org.keycloak.policy.BlacklistPasswordPolicyProviderFactory

All Implemented Interfaces:

PasswordPolicyProviderFactory, ProviderFactory<PasswordPolicyProvider>
```
public class BlacklistPasswordPolicyProviderFactory
extends Object
implements PasswordPolicyProviderFactory
```
Creates BlacklistPasswordPolicyProvider instances.
Password blacklists are simple text files where every line is a blacklisted password delimited by \n. Blacklist files are discovered and registered at startup.
Blacklists can be configured via the Authentication: Password Policy section in the admin-console. A blacklist-file is referred to by its name in the policy configuration.
Users can provide custom blacklists by adding a blacklist password file to the configured blacklist folder.

The location of the password-blacklists folder is derived as follows
1. the value of the System property keycloak.password.blacklists.path if configured - fails if folder is missing
2. the value of the SPI config property: blacklistsPath when explicitly configured - fails if folder is missing
3. otherwise ${jboss.server.data.dir}/password-blacklists/ if nothing else is configured - the folder is created automatically if not present
Note that the preferred way for configuration is to copy the password file to the ${jboss.server.data.dir}/password-blacklists/ folder

To configure a password blacklist via the SPI configuration, run the following jboss-cli script:
```
 /subsystem=keycloak-server/spi=password-policy:add()
 /subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
 /subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsPath, value=/data/keycloak/blacklists/)
 
```
A password blacklist with the filename 10_million_password_list_top_1000000-password-blacklist.txt that is located beneath /data/keycloak/blacklists/ can be referred to as 10_million_password_list_top_1000000-password-blacklist.txt in the Authentication: Password Policy configuration.
Author:

Thomas Darimont

Nested Class Summary

Nested Classes
Modifier and Type	Class	Description
`static class`	`BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist`	A `BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist` uses password-blacklist files as to construct a `BlacklistPasswordPolicyProviderFactory.PasswordBlacklist`.
`static interface`	`BlacklistPasswordPolicyProviderFactory.PasswordBlacklist`	A `BlacklistPasswordPolicyProviderFactory.PasswordBlacklist` describes a list of too easy to guess or potentially leaked passwords that users should not be able to use.

Field Summary

Fields
Modifier and Type	Field	Description
`static String`	`BLACKLISTS_PATH_PROPERTY`
`static String`	`ID`
`static String`	`JBOSS_SERVER_DATA_DIR`
`static String`	`PASSWORD_BLACKLISTS_FOLDER`
`static String`	`SYSTEM_PROPERTY`

Constructor Summary

Constructors
Constructor Description

BlacklistPasswordPolicyProviderFactory()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`close()`	This is called when the server shuts down.
`PasswordPolicyProvider`	`create(KeycloakSession session)`
`String`	`getConfigType()`
`String`	`getDefaultBlacklistsBasePath()`	Method to obtain the default location for the list folder.
`String`	`getDefaultConfigValue()`
`String`	`getDisplayName()`
`String`	`getId()`
`void`	`init(Config.Scope config)`	Only called once when the factory is first created.
`boolean`	`isMultiplSupported()`
`void`	`postInit(KeycloakSessionFactory factory)`	Called after all provider factories have been initialized
`BlacklistPasswordPolicyProviderFactory.PasswordBlacklist`	`resolvePasswordBlacklist(String blacklistName)`	Resolves and potentially registers a `BlacklistPasswordPolicyProviderFactory.PasswordBlacklist` for the given `blacklistName`.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.provider.ProviderFactory
getConfigMetadata, order

- Field Detail
  - ID
```
public static final String ID
```
    See Also:
    
    Constant Field Values
  - SYSTEM_PROPERTY
```
public static final String SYSTEM_PROPERTY
```
    See Also:
    
    Constant Field Values
  - BLACKLISTS_PATH_PROPERTY
```
public static final String BLACKLISTS_PATH_PROPERTY
```
    See Also:
    
    Constant Field Values
  - JBOSS_SERVER_DATA_DIR
```
public static final String JBOSS_SERVER_DATA_DIR
```
    See Also:
    
    Constant Field Values
  - PASSWORD_BLACKLISTS_FOLDER
```
public static final String PASSWORD_BLACKLISTS_FOLDER
```
- Constructor Detail
  - BlacklistPasswordPolicyProviderFactory
```
public BlacklistPasswordPolicyProviderFactory()
```
- Method Detail
  - create
```
public PasswordPolicyProvider create(KeycloakSession session)
```
    Specified by:
    
    create in interface ProviderFactory<PasswordPolicyProvider>
  - init
```
public void init(Config.Scope config)
```
    Description copied from interface: ProviderFactory
    
    Only called once when the factory is first created. This config is pulled from keycloak_server.json
    
    Specified by:
    
    init in interface ProviderFactory<PasswordPolicyProvider>
  - postInit
```
public void postInit(KeycloakSessionFactory factory)
```
    Description copied from interface: ProviderFactory
    
    Called after all provider factories have been initialized
    
    Specified by:
    
    postInit in interface ProviderFactory<PasswordPolicyProvider>
  - close
```
public void close()
```
    Description copied from interface: ProviderFactory
    
    This is called when the server shuts down.
    
    Specified by:
    
    close in interface ProviderFactory<PasswordPolicyProvider>
  - getDisplayName
```
public String getDisplayName()
```
    Specified by:
    
    getDisplayName in interface PasswordPolicyProviderFactory
  - getConfigType
```
public String getConfigType()
```
    Specified by:
    
    getConfigType in interface PasswordPolicyProviderFactory
  - getDefaultConfigValue
```
public String getDefaultConfigValue()
```
    Specified by:
    
    getDefaultConfigValue in interface PasswordPolicyProviderFactory
  - isMultiplSupported
```
public boolean isMultiplSupported()
```
    Specified by:
    
    isMultiplSupported in interface PasswordPolicyProviderFactory
  - getId
```
public String getId()
```
    Specified by:
    
    getId in interface ProviderFactory<PasswordPolicyProvider>
  - getDefaultBlacklistsBasePath
```
public String getDefaultBlacklistsBasePath()
```
    Method to obtain the default location for the list folder. The method will return the data directory of the installation concatenated with /password-blacklists/.
    
    Returns:
    
    The default path used by the provider to lookup the lists when no other configuration is in place.
  - resolvePasswordBlacklist
```
public BlacklistPasswordPolicyProviderFactory.PasswordBlacklist resolvePasswordBlacklist(String blacklistName)
```
    Resolves and potentially registers a BlacklistPasswordPolicyProviderFactory.PasswordBlacklist for the given blacklistName.
    
    Parameters:
    
    blacklistName -
    
    Returns:

Class BlacklistPasswordPolicyProviderFactory

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface org.keycloak.provider.ProviderFactory

Field Detail

ID

SYSTEM_PROPERTY

BLACKLISTS_PATH_PROPERTY

JBOSS_SERVER_DATA_DIR

PASSWORD_BLACKLISTS_FOLDER

Constructor Detail

BlacklistPasswordPolicyProviderFactory

Method Detail

create

init

postInit

close

getDisplayName

getConfigType

getDefaultConfigValue

isMultiplSupported

getId

getDefaultBlacklistsBasePath

resolvePasswordBlacklist