Package net.shibboleth.idp.authn.impl
Class ValidateRemoteUser
- java.lang.Object
-
- All Implemented Interfaces:
PrincipalSupportingComponent,Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
public class ValidateRemoteUser extends AbstractValidationAction
An action that checks for aUsernameContextand directly produces anAuthenticationResultbased on that identity.Various optional properties are supported to control the validation process.
- Event:
EventIds.PROCEED_EVENT_ID,AuthnEventIds.INVALID_CREDENTIALS,AuthnEventIds.NO_CREDENTIALS- Precondition:
ProfileRequestContext.getSubcontext(AuthenticationContext.class, false).getAttemptedFlow() != null
- Postcondition:
- If AuthenticationContext.getSubcontext(UsernameContext.class, false).getUsername() != null, then
an
AuthenticationResultis saved to theAuthenticationContext.
-
-
Field Summary
Fields Modifier and Type Field Description private Set<String>allowedUsernamesUsernames to accept.private static StringDEFAULT_METRIC_NAMEDefault prefix for metrics.private Set<String>deniedUsernamesUsernames to deny.private org.slf4j.LoggerlogClass logger.private PatternmatchExpressionA regular expression to apply for acceptance testing.private UsernameContextusernameContextUsername context identifying identity to validate.
-
Constructor Summary
Constructors Constructor Description ValidateRemoteUser()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voiddoExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)protected booleandoPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)private booleanisAuthenticated(String username)Check whitelist, blacklist, and matching expression for acceptance.protected SubjectpopulateSubject(Subject subject)voidsetAllowedUsernames(Collection<String> allowed)Set the allowed usernames.voidsetDeniedUsernames(Collection<String> denied)Set the denied usernames.voidsetMatchExpression(Pattern expression)Set a matching expression to apply for acceptance.-
Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction
addDefaultPrincipals, buildAuthenticationResult, getClassifiedErrors, getCleanupHook, getMetricName, getRequesterLookupStrategy, getResponderLookupStrategy, getResultCachingPredicate, getSubject, getSupportedPrincipals, handleError, handleError, handleWarning, recordFailure, recordFailure, recordSuccess, recordSuccess, setAddDefaultPrincipals, setClassifiedMessages, setCleanupHook, setMetricName, setRequesterLookupStrategy, setResponderLookupStrategy, setResultCachingPredicate, setSupportedPrincipals
-
Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategy
-
Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy
-
Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition
-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
DEFAULT_METRIC_NAME
@Nonnull @NotEmpty private static final String DEFAULT_METRIC_NAME
Default prefix for metrics.- See Also:
- Constant Field Values
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
allowedUsernames
@Nonnull @NonnullElements private Set<String> allowedUsernames
Usernames to accept.
-
deniedUsernames
@Nonnull @NonnullElements private Set<String> deniedUsernames
Usernames to deny.
-
matchExpression
@Nullable private Pattern matchExpression
A regular expression to apply for acceptance testing.
-
usernameContext
@Nullable private UsernameContext usernameContext
Username context identifying identity to validate.
-
-
Method Detail
-
setAllowedUsernames
public void setAllowedUsernames(@Nullable @NonnullElements Collection<String> allowed)
Set the allowed usernames.- Parameters:
allowed- usernames to allow
-
setDeniedUsernames
public void setDeniedUsernames(@Nullable @NonnullElements Collection<String> denied)
Set the denied usernames.- Parameters:
denied- usernames to deny
-
setMatchExpression
public void setMatchExpression(@Nullable Pattern expression)Set a matching expression to apply for acceptance.- Parameters:
expression- a matching expression
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)- Overrides:
doPreExecutein classAbstractValidationAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)- Overrides:
doExecutein classAbstractAuthenticationAction
-
isAuthenticated
private boolean isAuthenticated(@Nonnull @NotEmpty String username)
Check whitelist, blacklist, and matching expression for acceptance.- Parameters:
username- the username to evaluate- Returns:
- true iff the username is acceptable
-
populateSubject
@Nonnull protected Subject populateSubject(@Nonnull Subject subject)
- Specified by:
populateSubjectin classAbstractValidationAction
-
-