Package net.shibboleth.idp.authn.impl

Class JAASCredentialValidator

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

net.shibboleth.idp.authn.AbstractCredentialValidator

net.shibboleth.idp.authn.AbstractUsernamePasswordCredentialValidator

net.shibboleth.idp.authn.impl.JAASCredentialValidator

All Implemented Interfaces:

CredentialValidator, PrincipalSupportingComponent, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent

@ThreadSafeAfterInit
public class JAASCredentialValidator
extends AbstractUsernamePasswordCredentialValidator

A password validator that authenticates against JAAS.

Support for complex chaining of JAAS modules remains supported but should be avoided in favor of the new support for chaining validators in most cases.

Since:

4.0.0

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
protected class	JAASCredentialValidator.SimpleCallbackHandler	A callback handler that provides name and password data to a JAAS login process, along with other miscellany.

Nested classes/interfaces inherited from interface net.shibboleth.idp.authn.CredentialValidator

CredentialValidator.ErrorHandler, CredentialValidator.WarningHandler

Field Summary

Fields

Modifier and Type	Field	Description
private org.slf4j.Logger	log	Class logger.
private Collection<String>	loginConfigNames	Holder for simple configurations defined by name.
private Configuration.Parameters	loginConfigParameters	Type-specific configuration parameters.
private Resource	loginConfigResource	JAAS configuration resource.
private Function<ProfileRequestContext,Collection<Pair<String,Subject>>>	loginConfigStrategy	Strategy function to dynamically derive the login config(s) to use.
private String	loginConfigType	Type of JAAS Configuration to instantiate.
private Collection<Pair<String,Subject>>	loginConfigurations	Application name(s) in JAAS configuration to use.

Constructor Summary

Constructors

Constructor	Description
JAASCredentialValidator()	Constructor.

Method Summary

Modifier and Type	Method	Description
private Subject	authenticate(String loginConfigName, UsernamePasswordContext usernamePasswordContext)	Create a JAAS configuration and attempt a login with it.
protected void	doInitialize()
protected Subject	doValidate(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext, UsernamePasswordContext usernamePasswordContext, CredentialValidator.WarningHandler warningHandler, CredentialValidator.ErrorHandler errorHandler)
Configuration.Parameters	getLoginConfigParameters()	Get the type-specific parameters of the JAAS Configuration to use.
String	getLoginConfigType()	Get the type of JAAS Configuration to use.
protected Subject	populateSubject(Subject subject, Subject derivedSubject, UsernamePasswordContext usernamePasswordContext)	Finish decorating the result.
void	setLoginConfigNames(Collection<String> names)	Set the JAAS application name(s) to use.
void	setLoginConfigParameters(URI uri)	Set a URI to use as a JAAS configuration parameter.
void	setLoginConfigResource(Resource resource)	Set a login configuration resource to use.
void	setLoginConfigStrategy(Function<ProfileRequestContext,Collection<Pair<String,Subject>>> strategy)	Set the strategy function to use to obtain the JAAS application configuration(s) to use.
void	setLoginConfigType(String type)	Set the type of JAAS Configuration to use.
void	setLoginConfigurations(Collection<Pair<String,Collection<Principal>>> configs)	Set the JAAS application name(s) to use, along with an optional collection of custom principals to apply to the result.

Methods inherited from class net.shibboleth.idp.authn.AbstractUsernamePasswordCredentialValidator

applyTransforms, doValidate, populateSubject, removeContextAfterValidation, savePasswordToCredentialSet, setLowercase, setMatchExpression, setRemoveContextAfterValidation, setSavePasswordToCredentialSet, setTransforms, setTrim, setUppercase, setUsernamePasswordContextLookupStrategy

Methods inherited from class net.shibboleth.idp.authn.AbstractCredentialValidator

getLogPrefix, getSupportedPrincipals, isAcceptable, populateSubject, setActivationCondition, setId, setSupportedPrincipals, validate

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

getId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

loginConfigType

@Nullable
private String loginConfigType

Type of JAAS Configuration to instantiate.

loginConfigResource

@Nullable
private Resource loginConfigResource

JAAS configuration resource.

loginConfigParameters

@Nullable
private Configuration.Parameters loginConfigParameters

Type-specific configuration parameters.

loginConfigNames

@Nullable
@NonnullElements
private Collection<String> loginConfigNames

Holder for simple configurations defined by name.

loginConfigurations

@Nonnull
@NonnullElements
private Collection<Pair<String,Subject>> loginConfigurations

Application name(s) in JAAS configuration to use.

loginConfigStrategy

@Nullable
private Function<ProfileRequestContext,Collection<Pair<String,Subject>>> loginConfigStrategy

Strategy function to dynamically derive the login config(s) to use.

Constructor Detail

JAASCredentialValidator

public JAASCredentialValidator()

Constructor.

Method Detail

getLoginConfigType

@Nullable
public String getLoginConfigType()

Get the type of JAAS Configuration to use.

Returns:

the type of JAAS configuration to use

setLoginConfigType

public void setLoginConfigType(@Nullable
                               String type)

Set the type of JAAS Configuration to use.

Parameters:

type - the type of JAAS configuration to use

getLoginConfigParameters

@Nullable
public Configuration.Parameters getLoginConfigParameters()

Get the type-specific parameters of the JAAS Configuration to use.

Returns:

the JAAS configuration parameters to use

setLoginConfigParameters

public void setLoginConfigParameters(@Nullable
                                     URI uri)

Set a URI to use as a JAAS configuration parameter.

Parameters:

uri - the JAAS configuration URI parameters to use

setLoginConfigResource

public void setLoginConfigResource(@Nullable
                                   Resource resource)

Set a login configuration resource to use.

Parameters:

resource - resource to use

Since:

4.1.0

setLoginConfigurations

public void setLoginConfigurations(@Nullable
                                   Collection<Pair<String,Collection<Principal>>> configs)

Set the JAAS application name(s) to use, along with an optional collection of custom principals to apply to the result.

Parameters:

configs - list of JAAS application names and custom principals to use

setLoginConfigNames

public void setLoginConfigNames(@Nullable @NonnullElements
                                Collection<String> names)

Set the JAAS application name(s) to use.

Parameters:

names - list of JAAS application names to use

setLoginConfigStrategy

public void setLoginConfigStrategy(@Nullable
                                   Function<ProfileRequestContext,Collection<Pair<String,Subject>>> strategy)

Set the strategy function to use to obtain the JAAS application configuration(s) to use.

Parameters:

strategy - strategy function

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractIdentifiedInitializableComponent

Throws:

ComponentInitializationException

doValidate

@Nullable
protected Subject doValidate(@Nonnull
                             ProfileRequestContext profileRequestContext,
                             @Nonnull
                             AuthenticationContext authenticationContext,
                             @Nonnull
                             UsernamePasswordContext usernamePasswordContext,
                             @Nullable
                             CredentialValidator.WarningHandler warningHandler,
                             @Nullable
                             CredentialValidator.ErrorHandler errorHandler)
                      throws Exception

Specified by:

doValidate in class AbstractUsernamePasswordCredentialValidator

Throws:

Exception

authenticate

@Nonnull
private Subject authenticate(@Nonnull @NotEmpty
                             String loginConfigName,
                             @Nonnull
                             UsernamePasswordContext usernamePasswordContext)
                      throws LoginException,
                             NoSuchAlgorithmException

Create a JAAS configuration and attempt a login with it.

Parameters:

loginConfigName - the application name to use

usernamePasswordContext - input context

Returns:

the JAAS result

Throws:

LoginException - if the JAAS login process fails

NoSuchAlgorithmException - if a JAAS configuration cannot be created

populateSubject

@Nonnull
protected Subject populateSubject(@Nonnull
                                  Subject subject,
                                  @Nullable
                                  Subject derivedSubject,
                                  @Nonnull
                                  UsernamePasswordContext usernamePasswordContext)

Finish decorating the result.

Parameters:

subject - the JAAS result

derivedSubject - container for additional principals

usernamePasswordContext - input context

Returns:

final result