net.shibboleth.idp.authn.impl

Class ValidateUsernamePasswordAgainstJAAS

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>

org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.profile.AbstractProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.authn.AbstractAuthenticationAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.authn.AbstractValidationAction

net.shibboleth.idp.authn.AbstractUsernamePasswordValidationAction

net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstJAAS

All Implemented Interfaces:

PrincipalSupportingComponent, Component, DestructableComponent, InitializableComponent, ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action

public class ValidateUsernamePasswordAgainstJAAS
extends AbstractUsernamePasswordValidationAction

An action that checks for a UsernamePasswordContext and directly produces an AuthenticationResult based on that identity by invoking a JAAS configuration.

Various optional properties are supported to control the JAAS configuration process.

Event:

EventIds.PROCEED_EVENT_ID, AuthnEventIds.NO_CREDENTIALS, AuthnEventIds.INVALID_CREDENTIALS, AuthnEventIds.REQUEST_UNSUPPORTED

Precondition:

ProfileRequestContext.getSubcontext(AuthenticationContext.class).getAttemptedFlow() != null

Postcondition:

If AuthenticationContext.getSubcontext(UsernamePasswordContext.class) != null, then an AuthenticationResult is saved to the AuthenticationContext on a successful login. On a failed login, the AbstractValidationAction.handleError(ProfileRequestContext, AuthenticationContext, Exception, String) method is called.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected class	ValidateUsernamePasswordAgainstJAAS.SimpleCallbackHandler A callback handler that provides static name and password data to a JAAS login process.

Field Summary

Fields

Modifier and Type	Field and Description
private String	currentLoginConfigName Tracker for current login config for reporting.
private static String	DEFAULT_METRIC_NAME Default prefix for metrics.
private Subject	derivedSubject Tracks any principals derived from the login configuration to add to the Subject.
private org.slf4j.Logger	log Class logger.
private Configuration.Parameters	loginConfigParameters Type-specific configuration parameters.
private com.google.common.base.Function<ProfileRequestContext,Collection<Pair<String,Subject>>>	loginConfigStrategy Strategy function to dynamically derive the login config(s) to use.
private String	loginConfigType Type of JAAS Configuration to instantiate.
private Collection<Pair<String,Subject>>	loginConfigurations Application name(s) in JAAS configuration to use.
private RequestedPrincipalContext	requestedPrincipalCtx Saved off context.

Constructor Summary

Constructors

Constructor and Description
ValidateUsernamePasswordAgainstJAAS() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
private void	authenticate(String loginConfigName) Create a JAAS configuration and attempt a login with it.
protected void	doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
Configuration.Parameters	getLoginConfigParameters() Get the type-specific parameters of the JAAS Configuration to use.
String	getLoginConfigType() Get the type of JAAS Configuration to use.
String	getMetricName()
private boolean	isAcceptable(AuthenticationContext authenticationContext, String configName, Subject subject) Checks a particular JAAS configuration and principal collection for suitability.
protected Subject	populateSubject(Subject subject)
void	setLoginConfigNames(Collection<String> names) Set the JAAS application name(s) to use.
void	setLoginConfigParameters(Configuration.Parameters params) Set the type-specific parameters of the JAAS Configuration to use.
void	setLoginConfigStrategy(com.google.common.base.Function<ProfileRequestContext,Collection<Pair<String,Subject>>> strategy) Set the strategy function to use to obtain the JAAS application configuration(s) to use.
void	setLoginConfigType(String type) Set the type of JAAS Configuration to use.
void	setLoginConfigurations(Collection<Pair<String,Collection<Principal>>> configs) Set the JAAS application name(s) to use, along with an optional collection of custom principals to apply to the result.

Methods inherited from class net.shibboleth.idp.authn.AbstractUsernamePasswordValidationAction

getLockoutManager, getUsernamePasswordContext, recordFailure, recordSuccess, removeContextAfterValidation, savePasswordToCredentialSet, setLockoutManager, setMatchExpression, setRemoveContextAfterValidation, setSavePasswordToCredentialSet

Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction

addDefaultPrincipals, buildAuthenticationResult, getClassifiedErrors, getResultCachingPredicate, getSubject, getSupportedPrincipals, handleError, handleError, handleWarning, recordFailure, recordSuccess, setAddDefaultPrincipals, setClassifiedMessages, setMetricName, setRequesterLookupStrategy, setResponderLookupStrategy, setResultCachingPredicate, setSupportedPrincipals

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

DEFAULT_METRIC_NAME

@Nonnull
@NotEmpty
private static final String DEFAULT_METRIC_NAME

Default prefix for metrics.

See Also:

Constant Field Values

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

loginConfigType

@Nullable
private String loginConfigType

Type of JAAS Configuration to instantiate.

loginConfigParameters

@Nullable
private Configuration.Parameters loginConfigParameters

Type-specific configuration parameters.

loginConfigurations

@Nonnull
private Collection<Pair<String,Subject>> loginConfigurations

Application name(s) in JAAS configuration to use.

loginConfigStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,Collection<Pair<String,Subject>>> loginConfigStrategy

Strategy function to dynamically derive the login config(s) to use.

requestedPrincipalCtx

@Nullable
private RequestedPrincipalContext requestedPrincipalCtx

Saved off context.

derivedSubject

@Nullable
private Subject derivedSubject

Tracks any principals derived from the login configuration to add to the Subject.

currentLoginConfigName

@Nullable
private String currentLoginConfigName

Tracker for current login config for reporting.

Constructor Detail

ValidateUsernamePasswordAgainstJAAS

public ValidateUsernamePasswordAgainstJAAS()

Constructor.

Method Detail

getLoginConfigType

@Nullable
public String getLoginConfigType()

Get the type of JAAS Configuration to use.

Returns:

the type of JAAS configuration to use

setLoginConfigType

public void setLoginConfigType(@Nullable
                      String type)

Set the type of JAAS Configuration to use.

Parameters:

type - the type of JAAS configuration to use

getLoginConfigParameters

@Nullable
public Configuration.Parameters getLoginConfigParameters()

Get the type-specific parameters of the JAAS Configuration to use.

Returns:

the JAAS configuration parameters to use

setLoginConfigParameters

public void setLoginConfigParameters(@Nullable
                            Configuration.Parameters params)

Set the type-specific parameters of the JAAS Configuration to use.

Parameters:

params - the JAAS configuration parameters to use

setLoginConfigurations

public void setLoginConfigurations(@Nullable
                          Collection<Pair<String,Collection<Principal>>> configs)

Set the JAAS application name(s) to use, along with an optional collection of custom principals to apply to the result.

Parameters:

configs - list of JAAS application names and custom principals to use

setLoginConfigNames

public void setLoginConfigNames(@Nullable@NonnullElements
                       Collection<String> names)

Set the JAAS application name(s) to use.

Parameters:

names - list of JAAS application names to use

setLoginConfigStrategy

public void setLoginConfigStrategy(@Nullable
                          com.google.common.base.Function<ProfileRequestContext,Collection<Pair<String,Subject>>> strategy)

Set the strategy function to use to obtain the JAAS application configuration(s) to use.

Parameters:

strategy - strategy function

doPreExecute

protected boolean doPreExecute(@Nonnull
                   ProfileRequestContext profileRequestContext,
                   @Nonnull
                   AuthenticationContext authenticationContext)

Overrides:

doPreExecute in class AbstractUsernamePasswordValidationAction

doExecute

protected void doExecute(@Nonnull
             ProfileRequestContext profileRequestContext,
             @Nonnull
             AuthenticationContext authenticationContext)

Overrides:

doExecute in class AbstractAuthenticationAction

isAcceptable

private boolean isAcceptable(@Nonnull
                   AuthenticationContext authenticationContext,
                   @Nonnull@NotEmpty
                   String configName,
                   @Nullable
                   Subject subject)

Checks a particular JAAS configuration and principal collection for suitability.

Parameters:

authenticationContext - the authentication context

configName - name of JAAS config

subject - collection of custom principals to check, embedded in a subject

Returns:

true iff the request does not specify requirements or the principal collection is empty or the combination is acceptable

authenticate

private void authenticate(@Nonnull@NotEmpty
                String loginConfigName)
                   throws LoginException,
                          NoSuchAlgorithmException

Create a JAAS configuration and attempt a login with it.

Parameters:

loginConfigName - the application name to use

Throws:

LoginException - if the JAAS login process fails

NoSuchAlgorithmException - if a JAAS configuration cannot be created

populateSubject

@Nonnull
protected Subject populateSubject(@Nonnull
                              Subject subject)

Overrides:

populateSubject in class AbstractUsernamePasswordValidationAction

getMetricName

@Nonnull
@NotEmpty
public String getMetricName()

Overrides:

getMetricName in class AbstractValidationAction