Package net.shibboleth.idp.authn.impl

Class ValidateCredentials

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.authn.AbstractAuthenticationAction

net.shibboleth.idp.authn.AbstractValidationAction

net.shibboleth.idp.authn.impl.ValidateCredentials

All Implemented Interfaces:

CredentialValidator.ErrorHandler, CredentialValidator.WarningHandler, PrincipalSupportingComponent, Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ValidateCredentials
extends AbstractValidationAction
implements CredentialValidator.WarningHandler, CredentialValidator.ErrorHandler

An action that processes a list of CredentialValidator objects to produce an AuthenticationResult.

Since:

4.0.0

Event:

EventIds.PROCEED_EVENT_ID, others on error

Precondition:

ProfileRequestContext.getSubcontext(AuthenticationContext.class).getAttemptedFlow() != null

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	ValidateCredentials.UsernamePasswordCleanupHook	A default cleanup hook that removes the UsernamePasswordContext from the tree.

Field Summary

Fields

Modifier and Type	Field	Description
private List<CredentialValidator>	credentialValidators	Ordered list of validators.
private CredentialValidator	currentValidator	Currently executing validator.
private static String	DEFAULT_METRIC_NAME	Default prefix for metrics.
private boolean	errorSignaled	Tracks whether an error event was signaled.
private AccountLockoutManager	lockoutManager	Optional lockout management interface.
private org.slf4j.Logger	log	Class logger.
private boolean	requireAll	Whether all validators must succeed.
private Collection<Subject>	results	Results from successful validators.
private boolean	warningSignaled	Tracks whether a warning event was signaled.

Constructor Summary

Constructors

Constructor	Description
ValidateCredentials()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
String	getMetricName()
void	handleError(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext, Exception e, String eventId)
void	handleError(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext, String message, String eventId)
void	handleWarning(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext, String message, String eventId)
protected Subject	populateSubject(Subject subject)
protected void	recordSuccess(ProfileRequestContext profileRequestContext)	Record a successful authentication attempt against the configured counter, optionally clearing account lockout state.
void	setLockoutManager(AccountLockoutManager manager)	Set an account lockout management component.
void	setRequireAll(boolean flag)	Set whether to execute and require success from all configured validators, or stop at the first successful result.
void	setValidators(List<CredentialValidator> validators)	Set the list of validators to use.

Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction

addDefaultPrincipals, buildAuthenticationResult, doPreExecute, getClassifiedErrors, getCleanupHook, getRequesterLookupStrategy, getResponderLookupStrategy, getResultCachingPredicate, getSubject, getSupportedPrincipals, recordFailure, recordFailure, recordSuccess, setAddDefaultPrincipals, setClassifiedMessages, setCleanupHook, setMetricName, setRequesterLookupStrategy, setResponderLookupStrategy, setResultCachingPredicate, setSupportedPrincipals

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

DEFAULT_METRIC_NAME

@Nonnull
@NotEmpty
private static final String DEFAULT_METRIC_NAME

Default prefix for metrics.

See Also:

Constant Field Values

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

credentialValidators

@Nonnull
@NonnullElements
private List<CredentialValidator> credentialValidators

Ordered list of validators.

requireAll

private boolean requireAll

Whether all validators must succeed.

lockoutManager

@Nullable
private AccountLockoutManager lockoutManager

Optional lockout management interface.

results

@Nonnull
@NonnullElements
private Collection<Subject> results

Results from successful validators.

currentValidator

@Nullable
private CredentialValidator currentValidator

Currently executing validator.

warningSignaled

private boolean warningSignaled

Tracks whether a warning event was signaled.

errorSignaled

private boolean errorSignaled

Tracks whether an error event was signaled.

Constructor Detail

ValidateCredentials

public ValidateCredentials()

Constructor.

Method Detail

setLockoutManager

public void setLockoutManager(@Nullable
                              AccountLockoutManager manager)

Set an account lockout management component.

Parameters:

manager - lockout manager

setValidators

public void setValidators(@Nullable @NonnullElements
                          List<CredentialValidator> validators)

Set the list of validators to use.

Parameters:

validators - validators to use

setRequireAll

public void setRequireAll(boolean flag)

Set whether to execute and require success from all configured validators, or stop at the first successful result.

Parameters:

flag - flag to set

getMetricName

@Nonnull
@NotEmpty
public String getMetricName()

Overrides:

getMetricName in class AbstractValidationAction

handleWarning

public void handleWarning(@Nonnull
                          ProfileRequestContext profileRequestContext,
                          @Nonnull
                          AuthenticationContext authenticationContext,
                          @Nullable
                          String message,
                          @Nonnull @NotEmpty
                          String eventId)

Specified by:

handleWarning in interface CredentialValidator.WarningHandler

Overrides:

handleWarning in class AbstractValidationAction

handleError

public void handleError(@Nonnull
                        ProfileRequestContext profileRequestContext,
                        @Nonnull
                        AuthenticationContext authenticationContext,
                        @Nullable
                        String message,
                        @Nonnull @NotEmpty
                        String eventId)

Specified by:

handleError in interface CredentialValidator.ErrorHandler

Overrides:

handleError in class AbstractValidationAction

handleError

public void handleError(@Nonnull
                        ProfileRequestContext profileRequestContext,
                        @Nonnull
                        AuthenticationContext authenticationContext,
                        @Nonnull
                        Exception e,
                        @Nonnull @NotEmpty
                        String eventId)

Specified by:

handleError in interface CredentialValidator.ErrorHandler

Overrides:

handleError in class AbstractValidationAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext,
                         @Nonnull
                         AuthenticationContext authenticationContext)

Overrides:

doExecute in class AbstractAuthenticationAction

populateSubject

@Nonnull
protected Subject populateSubject(@Nonnull
                                  Subject subject)

Specified by:

populateSubject in class AbstractValidationAction

recordSuccess

protected void recordSuccess(@Nonnull
                             ProfileRequestContext profileRequestContext)

Record a successful authentication attempt against the configured counter, optionally clearing account lockout state.

Overrides:

recordSuccess in class AbstractValidationAction

Parameters:

profileRequestContext - current profile request context