Package net.shibboleth.idp.authn.impl
Class ValidateUserAgentAddress
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.profile.action.AbstractConditionalProfileAction
-
- net.shibboleth.idp.profile.AbstractProfileAction
-
- net.shibboleth.idp.authn.AbstractAuthenticationAction
-
- net.shibboleth.idp.authn.AbstractValidationAction
-
- net.shibboleth.idp.authn.impl.ValidateUserAgentAddress
-
- All Implemented Interfaces:
PrincipalSupportingComponent,Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
public class ValidateUserAgentAddress extends AbstractValidationAction
An action that ensures that a user-agent address found within aUserAgentContextis within a given range and generates anAuthenticationResult.- Event:
EventIds.PROCEED_EVENT_ID,AuthnEventIds.NO_CREDENTIALS,AuthnEventIds.INVALID_CREDENTIALS- Precondition:
ProfileRequestContext.getSubcontext(AuthenticationContext.class, false).getAttemptedFlow() != null
- Postcondition:
- If AuthenticationContext.getSubcontext(UserAgentContext.class, false) != null, and the content of getAddress()
satisfies a configured address range, an
AuthenticationResultis saved to theAuthenticationContext.
-
-
Field Summary
Fields Modifier and Type Field Description private static StringDEFAULT_METRIC_NAMEDefault prefix for metrics.private org.slf4j.LoggerlogClass logger.private Map<String,Collection<IPRange>>mappingsMap of IP ranges to principal names.private StringprincipalNameThe principal name established by the action, if any.private UserAgentContextuaContextUser Agent context containing address to evaluate.
-
Constructor Summary
Constructors Constructor Description ValidateUserAgentAddress()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voiddoExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)protected booleandoPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)private booleanisAuthenticated(InetAddress address, Collection<IPRange> ranges)Checks whether the given IP address meets a set of IP range requirements.protected SubjectpopulateSubject(Subject subject)voidsetMappings(Map<String,Collection<IPRange>> newMappings)Set the IP range(s) to authenticate as particular principals.-
Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction
addDefaultPrincipals, buildAuthenticationResult, getClassifiedErrors, getCleanupHook, getMetricName, getRequesterLookupStrategy, getResponderLookupStrategy, getResultCachingPredicate, getSubject, getSupportedPrincipals, handleError, handleError, handleWarning, recordFailure, recordFailure, recordSuccess, recordSuccess, setAddDefaultPrincipals, setClassifiedMessages, setCleanupHook, setMetricName, setRequesterLookupStrategy, setResponderLookupStrategy, setResultCachingPredicate, setSupportedPrincipals
-
Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategy
-
Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy
-
Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition
-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
DEFAULT_METRIC_NAME
@Nonnull @NotEmpty private static final String DEFAULT_METRIC_NAME
Default prefix for metrics.- See Also:
- Constant Field Values
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
mappings
@Nonnull @NonnullElements private Map<String,Collection<IPRange>> mappings
Map of IP ranges to principal names.
-
uaContext
@Nullable private UserAgentContext uaContext
User Agent context containing address to evaluate.
-
principalName
@Nullable private String principalName
The principal name established by the action, if any.
-
-
Method Detail
-
setMappings
public void setMappings(@Nullable @NonnullElements Map<String,Collection<IPRange>> newMappings)
Set the IP range(s) to authenticate as particular principals.- Parameters:
newMappings- the IP range(s) to authenticate as particular principals
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)- Overrides:
doPreExecutein classAbstractValidationAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)- Overrides:
doExecutein classAbstractAuthenticationAction
-
isAuthenticated
private boolean isAuthenticated(@Nonnull InetAddress address, @Nonnull @NonnullElements Collection<IPRange> ranges)Checks whether the given IP address meets a set of IP range requirements.- Parameters:
address- the IP address to checkranges- the ranges to check- Returns:
- true if the given IP address meets this stage's IP range requirements, false otherwise
-
populateSubject
@Nonnull protected Subject populateSubject(@Nonnull Subject subject)
- Specified by:
populateSubjectin classAbstractValidationAction
-
-