Package net.shibboleth.idp.authn.impl

Class RemoteUserAuthServlet

  • All Implemented Interfaces:
    Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
    public class RemoteUserAuthServlet
extends javax.servlet.http.HttpServlet
    Extracts authentication information from the request and returns it via the IdP's external authentication interface.

    Common usage allows for extraction of REMOTE_USER or a username from request attributes or headers.

    More advanced features include the ability to directly consume a Subject from a request attribute (in which case it is returned sight unseen directly to the IdP as the external result) and the ability to check a header for strings containing authentication method identifiers which can be mapped back into custom Principal objects (in which case they are attached to a newly constructed Subject to return).

    See Also:
    Serialized Form

    • Field Detail

      • serialVersionUID

        private static final long serialVersionUID
        Serial UID.
        See Also:
        Constant Field Values

      • CHECK_REMOTE_USER_PARAM

        @Nonnull
@NotEmpty
private static final String CHECK_REMOTE_USER_PARAM
        Init parameter controlling whether to check for REMOTE_USER.
        See Also:
        Constant Field Values

      • CHECK_ATTRIBUTES_PARAM

        @Nonnull
@NotEmpty
private static final String CHECK_ATTRIBUTES_PARAM
        Init parameter controlling what attributes to check.
        See Also:
        Constant Field Values

      • SUBJECT_ATTRIBUTE_PARAM

        @Nonnull
@NotEmpty
private static final String SUBJECT_ATTRIBUTE_PARAM
        Init parameter identifying an attribute to check for a Subject.
        See Also:
        Constant Field Values

      • AUTHN_METHOD_HEADER_PARAM

        @Nonnull
@NotEmpty
private static final String AUTHN_METHOD_HEADER_PARAM
        Init parameter identifying a header to check for one or more authentication method strings.
        See Also:
        Constant Field Values

      • AUTHN_AUTHORITY_HEADER_PARAM

        @Nonnull
@NotEmpty
private static final String AUTHN_AUTHORITY_HEADER_PARAM
        Init parameter identifying a header to check for one or more proxied authenticating authority strings.
        See Also:
        Constant Field Values

      • log

        @Nonnull
private final org.slf4j.Logger log
        Class logger.

      • checkRemoteUser

        private boolean checkRemoteUser
        Whether to check REMOTE_USER for an identity. Defaults to true.

      • subjectAttribute

        @Nullable
@NotEmpty
private String subjectAttribute
        Request attribute to check for a Subject.

      • authnMethodHeader

        @Nullable
@NotEmpty
private String authnMethodHeader
        Header to check for authentication method strings.

      • authnAuthorityHeader

        @Nullable
@NotEmpty
private String authnAuthorityHeader
        Header to check for proxied authenticating authority strings.

    • Constructor Detail

      • RemoteUserAuthServlet

        public RemoteUserAuthServlet()
        Constructor.

    • Method Detail

      • setCheckRemoteUser

        public void setCheckRemoteUser​(boolean flag)
        Set whether to check REMOTE_USER for an identity.
        Parameters:
        flag - value to set

      • setCheckAttributes

        public void setCheckAttributes​(@Nonnull @NonnullElements
                               Collection<String> attributes)
        Set the list of request attributes to check for an identity.
        Parameters:
        attributes - list of request attributes to check

      • setCheckHeaders

        public void setCheckHeaders​(@Nonnull @NonnullElements
                            Collection<String> headers)
        Set the list of request headers to check for an identity.
        Parameters:
        headers - list of request headers to check

      • setSubjectAttribute

        public void setSubjectAttribute​(@Nullable @NotEmpty
                                String attribute)
        Set the name of a request attribute to check for a Subject.
        Parameters:
        attribute - request attribute name

      • setAuthnMethodHeader

        public void setAuthnMethodHeader​(@Nullable @NotEmpty
                                 String header)
        Set the name of a request header to check for authentication method strings.
        Parameters:
        header - request header name

      • setAuthnAuthorityHeader

        public void setAuthnAuthorityHeader​(@Nullable @NotEmpty
                                    String header)
        Set the name of a request header to check for authenticating authority strings.
        Parameters:
        header - request header name
        Since:
        3.4.0

      • init

        public void init​(javax.servlet.ServletConfig config)
          throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Servlet
        Overrides:
        init in class javax.servlet.GenericServlet
        Throws:
        javax.servlet.ServletException

      • service

        protected void service​(javax.servlet.http.HttpServletRequest httpRequest,
                       javax.servlet.http.HttpServletResponse httpResponse)
                throws javax.servlet.ServletException,
                       IOException
        Overrides:
        service in class javax.servlet.http.HttpServlet
        Throws:
        javax.servlet.ServletException
        IOException