net.shibboleth.idp.authn.impl

Class RemoteUserAuthServlet

java.lang.Object

javax.servlet.GenericServlet

javax.servlet.http.HttpServlet

net.shibboleth.idp.authn.impl.RemoteUserAuthServlet

All Implemented Interfaces:

Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public class RemoteUserAuthServlet
extends javax.servlet.http.HttpServlet

Extracts authentication information from the request and returns it via the IdP's external authentication interface.

Common usage allows for extraction of REMOTE_USER or a username from request attributes or headers.

More advanced features include the ability to directly consume a Subject from a request attribute (in which case it is returned sight unseen directly to the IdP as the external result) and the ability to check a header for strings containing authentication method identifiers which can be mapped back into custom Principal objects (in which case they are attached to a newly constructed Subject to return).

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
private static String	AUTHN_AUTHORITY_HEADER_PARAM Init parameter identifying a header to check for one or more proxied authenticating authority strings.
private static String	AUTHN_METHOD_HEADER_PARAM Init parameter identifying a header to check for one or more authentication method strings.
private String	authnAuthorityHeader Header to check for proxied authenticating authority strings.
private String	authnMethodHeader Header to check for authentication method strings.
private static String	CHECK_ATTRIBUTES_PARAM Init parameter controlling what attributes to check.
private static String	CHECK_HEADERS_PARAM Init parameter controlling what headers to check.
private static String	CHECK_REMOTE_USER_PARAM Init parameter controlling whether to check for REMOTE_USER.
private Collection<String>	checkAttributes List of request attributes to check for an identity.
private Collection<String>	checkHeaders List of request headers to check for an identity.
private boolean	checkRemoteUser Whether to check REMOTE_USER for an identity.
private org.slf4j.Logger	log Class logger.
private static long	serialVersionUID Serial UID.
private static String	SUBJECT_ATTRIBUTE_PARAM Init parameter identifying an attribute to check for a Subject.
private String	subjectAttribute Request attribute to check for a Subject.

Constructor Summary

Constructors

Constructor and Description
RemoteUserAuthServlet() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
AuthenticationFlowDescriptor	getAuthenticationFlowDescriptor(String key, javax.servlet.http.HttpServletRequest httpRequest) Get the executing AuthenticationFlowDescriptor.
Principal	getPrincipal(AuthenticationFlowDescriptor descriptor, String method) Locate a custom Principal matching a string, supported by the flow descriptor.
void	init(javax.servlet.ServletConfig config)
protected void	service(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
void	setAuthnAuthorityHeader(String header) Set the name of a request header to check for authenticating authority strings.
void	setAuthnMethodHeader(String header) Set the name of a request header to check for authentication method strings.
void	setCheckAttributes(Collection<String> attributes) Set the list of request attributes to check for an identity.
void	setCheckHeaders(Collection<String> headers) Set the list of request headers to check for an identity.
void	setCheckRemoteUser(boolean flag) Set whether to check REMOTE_USER for an identity.
void	setSubjectAttribute(String attribute) Set the name of a request attribute to check for a Subject.

Methods inherited from class javax.servlet.http.HttpServlet

doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

serialVersionUID

private static final long serialVersionUID

Serial UID.

See Also:

Constant Field Values

CHECK_REMOTE_USER_PARAM

@Nonnull
@NotEmpty
private static final String CHECK_REMOTE_USER_PARAM

Init parameter controlling whether to check for REMOTE_USER.

See Also:

Constant Field Values

CHECK_ATTRIBUTES_PARAM

@Nonnull
@NotEmpty
private static final String CHECK_ATTRIBUTES_PARAM

Init parameter controlling what attributes to check.

See Also:

Constant Field Values

CHECK_HEADERS_PARAM

@Nonnull
@NotEmpty
private static final String CHECK_HEADERS_PARAM

Init parameter controlling what headers to check.

See Also:

Constant Field Values

SUBJECT_ATTRIBUTE_PARAM

@Nonnull
@NotEmpty
private static final String SUBJECT_ATTRIBUTE_PARAM

Init parameter identifying an attribute to check for a Subject.

See Also:

Constant Field Values

AUTHN_METHOD_HEADER_PARAM

@Nonnull
@NotEmpty
private static final String AUTHN_METHOD_HEADER_PARAM

Init parameter identifying a header to check for one or more authentication method strings.

See Also:

Constant Field Values

AUTHN_AUTHORITY_HEADER_PARAM

@Nonnull
@NotEmpty
private static final String AUTHN_AUTHORITY_HEADER_PARAM

Init parameter identifying a header to check for one or more proxied authenticating authority strings.

See Also:

Constant Field Values

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

checkRemoteUser

private boolean checkRemoteUser

Whether to check REMOTE_USER for an identity. Defaults to true.

checkAttributes

@Nonnull
@NonnullElements
private Collection<String> checkAttributes

List of request attributes to check for an identity.

checkHeaders

@Nonnull
@NonnullElements
private Collection<String> checkHeaders

List of request headers to check for an identity.

subjectAttribute

@Nullable
@NotEmpty
private String subjectAttribute

Request attribute to check for a Subject.

authnMethodHeader

@Nullable
@NotEmpty
private String authnMethodHeader

Header to check for authentication method strings.

authnAuthorityHeader

@Nullable
@NotEmpty
private String authnAuthorityHeader

Header to check for proxied authenticating authority strings.

Constructor Detail

RemoteUserAuthServlet

public RemoteUserAuthServlet()

Constructor.

Method Detail

setCheckRemoteUser

public void setCheckRemoteUser(boolean flag)

Set whether to check REMOTE_USER for an identity.

Parameters:

flag - value to set

setCheckAttributes

public void setCheckAttributes(@Nonnull@NonnullElements
                      Collection<String> attributes)

Set the list of request attributes to check for an identity.

Parameters:

attributes - list of request attributes to check

setCheckHeaders

public void setCheckHeaders(@Nonnull@NonnullElements
                   Collection<String> headers)

Set the list of request headers to check for an identity.

Parameters:

headers - list of request headers to check

setSubjectAttribute

public void setSubjectAttribute(@Nullable@NotEmpty
                       String attribute)

Set the name of a request attribute to check for a Subject.

Parameters:

attribute - request attribute name

setAuthnMethodHeader

public void setAuthnMethodHeader(@Nullable@NotEmpty
                        String header)

Set the name of a request header to check for authentication method strings.

Parameters:

header - request header name

setAuthnAuthorityHeader

public void setAuthnAuthorityHeader(@Nullable@NotEmpty
                           String header)

Set the name of a request header to check for authenticating authority strings.

Parameters:

header - request header name

Since:

3.4.0

init

public void init(javax.servlet.ServletConfig config)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Servlet

Overrides:

init in class javax.servlet.GenericServlet

Throws:

javax.servlet.ServletException

service

protected void service(javax.servlet.http.HttpServletRequest httpRequest,
           javax.servlet.http.HttpServletResponse httpResponse)
                throws javax.servlet.ServletException,
                       IOException

Overrides:

service in class javax.servlet.http.HttpServlet

Throws:

javax.servlet.ServletException

IOException

getAuthenticationFlowDescriptor

@Nullable
public AuthenticationFlowDescriptor getAuthenticationFlowDescriptor(@Nonnull@NotEmpty
                                                                    String key,
                                                                    @Nonnull
                                                                    javax.servlet.http.HttpServletRequest httpRequest)
                                                             throws ExternalAuthenticationException

Get the executing AuthenticationFlowDescriptor.

Parameters:

key - external authentication key

httpRequest - servlet request

Returns:

active descriptor, or null

Throws:

ExternalAuthenticationException - if unable to access the profile context

getPrincipal

@Nullable
public Principal getPrincipal(@Nonnull
                              AuthenticationFlowDescriptor descriptor,
                              @Nonnull@NotEmpty
                              String method)

Locate a custom Principal matching a string, supported by the flow descriptor.

Parameters:

descriptor - flow descriptor

method - method string

Returns:

a custom Principal or null