Package net.shibboleth.idp.authn.impl

Class ValidateExternalAuthentication

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.authn.AbstractAuthenticationAction

net.shibboleth.idp.authn.AbstractValidationAction

net.shibboleth.idp.authn.impl.ValidateExternalAuthentication

All Implemented Interfaces:

PrincipalSupportingComponent, Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ValidateExternalAuthentication
extends AbstractValidationAction

An action that checks for an ExternalAuthenticationContext and directly produces an AuthenticationResult or records error state based on the contents.

Event:

EventIds.PROCEED_EVENT_ID, AuthnEventIds.INVALID_AUTHN_CTX, AuthnEventIds.AUTHN_EXCEPTION, AuthnEventIds.NO_CREDENTIALS

Precondition:

ProfileRequestContext.getSubcontext(AuthenticationContext.class).getAttemptedFlow() != null

Postcondition:

If AuthenticationContext.getSubcontext(ExternalAuthenticationContext.class) != null, then an AuthenticationResult is saved to the AuthenticationContext on a successful login. On a failed login, the AbstractValidationAction.handleError(ProfileRequestContext, AuthenticationContext, Exception, String) method is called.

Field Summary

Fields

Modifier and Type	Field	Description
private AttributeContext	attributeContext	Context for externally supplied inbound attributes.
private ReloadableService<AttributeFilter>	attributeFilterService	Service used to get the engine used to filter attributes.
private static String	DEFAULT_METRIC_NAME	Default prefix for metrics.
private ExternalAuthenticationContext	extContext	Context containing the result to validate.
private org.slf4j.Logger	log	Class logger.
private Pattern	matchExpression	A regular expression to apply for acceptance testing.
private MetadataResolver	metadataResolver	Optional supplemental metadata source for filtering.

Constructor Summary

Constructors

Constructor	Description
ValidateExternalAuthentication()	Constructor.
ValidateExternalAuthentication(ReloadableService<AttributeFilter> filterService)	Constructor.

Method Summary

Modifier and Type	Method	Description
private boolean	checkUsername(Subject subject)	Validate the username if necessary.
protected void	doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
private void	filterAttributes()	Check for inbound attributes and apply filtering.
private void	populateFilterContext(AttributeFilterContext filterContext)	Fill in the filter context data.
protected Subject	populateSubject(Subject subject)
void	setMatchExpression(Pattern expression)	Set a matching expression to apply for username acceptance.
void	setMetadataResolver(MetadataResolver resolver)	Set a metadata source to use during filtering.

Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction

addDefaultPrincipals, buildAuthenticationResult, getClassifiedErrors, getCleanupHook, getMetricName, getRequesterLookupStrategy, getResponderLookupStrategy, getResultCachingPredicate, getSubject, getSupportedPrincipals, handleError, handleError, handleWarning, recordFailure, recordFailure, recordSuccess, recordSuccess, setAddDefaultPrincipals, setClassifiedMessages, setCleanupHook, setMetricName, setRequesterLookupStrategy, setResponderLookupStrategy, setResultCachingPredicate, setSupportedPrincipals

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

DEFAULT_METRIC_NAME

@Nonnull
@NotEmpty
private static final String DEFAULT_METRIC_NAME

Default prefix for metrics.

See Also:

Constant Field Values

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

attributeFilterService

@Nullable
private ReloadableService<AttributeFilter> attributeFilterService

Service used to get the engine used to filter attributes.

metadataResolver

@Nullable
private MetadataResolver metadataResolver

Optional supplemental metadata source for filtering.

matchExpression

@Nullable
private Pattern matchExpression

A regular expression to apply for acceptance testing.

extContext

@Nullable
private ExternalAuthenticationContext extContext

Context containing the result to validate.

attributeContext

@Nullable
private AttributeContext attributeContext

Context for externally supplied inbound attributes.

Constructor Detail

ValidateExternalAuthentication

public ValidateExternalAuthentication()

Constructor.

ValidateExternalAuthentication

public ValidateExternalAuthentication(@Nullable
                                      ReloadableService<AttributeFilter> filterService)

Constructor.

Parameters:

filterService - optional filter service for inbound attributes

Since:

4.0.0

Method Detail

setMatchExpression

public void setMatchExpression(@Nullable
                               Pattern expression)

Set a matching expression to apply for username acceptance.

Parameters:

expression - a matching expression

setMetadataResolver

public void setMetadataResolver(@Nullable
                                MetadataResolver resolver)

Set a metadata source to use during filtering.

Parameters:

resolver - metadata resolver

Since:

4.0.0

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext,
                               @Nonnull
                               AuthenticationContext authenticationContext)

Overrides:

doPreExecute in class AbstractValidationAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext,
                         @Nonnull
                         AuthenticationContext authenticationContext)

Overrides:

doExecute in class AbstractAuthenticationAction

populateSubject

@Nonnull
protected Subject populateSubject(@Nonnull
                                  Subject subject)

Specified by:

populateSubject in class AbstractValidationAction

checkUsername

private boolean checkUsername(@Nonnull
                              Subject subject)

Validate the username if necessary.

Parameters:

subject - subject containing a UsernamePrincipal to check

Returns:

true iff the username is acceptable

filterAttributes

private void filterAttributes()

Check for inbound attributes and apply filtering.

populateFilterContext

private void populateFilterContext(@Nonnull
                                   AttributeFilterContext filterContext)

Fill in the filter context data.

This is a very minimally populated context with nothing much set except possibly issuer, based on the AuthenticationAuthorities data.

Parameters:

filterContext - context to populate