Package net.shibboleth.idp.authn.impl

Class AbstractAuditingValidationAction

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.authn.AbstractAuthenticationAction
net.shibboleth.idp.authn.AbstractValidationAction
net.shibboleth.idp.authn.impl.AbstractAuditingValidationAction
All Implemented Interfaces:
PrincipalSupportingComponent, Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
Direct Known Subclasses:
ValidateCredentials, ValidateExternalAuthentication, ValidateFunctionResult, ValidateRemoteUser, ValidateUserAgentAddress
public abstract class AbstractAuditingValidationAction extends AbstractValidationAction
Base class for validation actions that includes new audit logging support.

This is not great design, but embedding the existing audit action classes as fields is by far the simplest way to reuse that logic without getting caught up in the vagaries of the individual validator's logic.

Since:
4.3.0

  • Field Details

    • auditContextCreationStrategy

      @Nonnull private Function<ProfileRequestContext,AuditContext> auditContextCreationStrategy
      Strategy used to locate or create the AuditContext to populate.

    • populateAuditContextAction

      @Nullable private PopulateAuditContext populateAuditContextAction
      Optional audit extraction action.

    • writeAuditLogAction

      @Nullable private WriteAuditLog writeAuditLogAction
      Optional audit output action.

    • requestContext

      @Nullable private RequestContext requestContext
      The Spring RequestContext to operate on.

  • Constructor Details

    • AbstractAuditingValidationAction

      public AbstractAuditingValidationAction()
      Constructor.

  • Method Details

    • setAuditContextCreationStrategy

      public void setAuditContextCreationStrategy(@Nonnull Function<ProfileRequestContext,AuditContext> strategy)
      Set the strategy used to locate the AuditContext associated with a given ProfileRequestContext.
      Parameters:
      strategy - lookup strategy

    • setPopulateAuditContextAction

      public void setPopulateAuditContextAction(@Nullable PopulateAuditContext action)
      Sets an audit context population action to run.
      Parameters:
      action - optional action to use to populate audit context
      Since:
      4.3.0

    • setWriteAuditLogAction

      public void setWriteAuditLogAction(@Nullable WriteAuditLog action)
      Sets an audit output action to run.
      Parameters:
      action - optional action to use to write to audit log
      Since:
      4.3.0

    • doExecute

      protected Event doExecute(@Nonnull RequestContext springRequestContext, @Nonnull ProfileRequestContext profileRequestContext)
      Spring-aware actions can override this method to fully control the execution of an Action by the Web Flow engine.

      Alternatively they may override AbstractProfileAction.doExecute(ProfileRequestContext) and access Spring information via a SpringRequestContext attached to the profile request context.

      The default implementation attaches the Spring Web Flow request context to the profile request context tree to "narrow" the execution signature to the basic OpenSAML ProfileAction interface. After execution, an EventContext is sought, and used to return a result back to the Web Flow engine. If no context exists, a "proceed" event is signaled.

      Overrides:
      doExecute in class AbstractProfileAction
      Parameters:
      springRequestContext - the Spring request context
      profileRequestContext - a profile request context
      Returns:
      a Web Flow event produced by the action

    • recordSuccess

      protected void recordSuccess(@Nonnull ProfileRequestContext profileRequestContext)
      Record a successful authentication attempt against the configured counter. Records nothing if the metrics registry is not installed into the runtime.
      Overrides:
      recordSuccess in class AbstractValidationAction
      Parameters:
      profileRequestContext - profile request context

    • recordFailure

      protected void recordFailure(@Nonnull ProfileRequestContext profileRequestContext)
      Record a failed authentication attempt against the configured counter. Records nothing if the metrics registry is not installed into the runtime.
      Overrides:
      recordFailure in class AbstractValidationAction
      Parameters:
      profileRequestContext - profile request context

    • getAuditContext

      @Nullable protected AuditContext getAuditContext(@Nonnull ProfileRequestContext profileRequestContext)
      Create or locate the AuditContext via the defined strategy.
      Parameters:
      profileRequestContext - profile request context
      Returns:
      the audit context

    • doAudit

      protected void doAudit(@Nonnull ProfileRequestContext profileRequestContext, boolean success)
      Do audit extraction and output.
      Parameters:
      profileRequestContext - profile request context
      success - true iff this is an audit of successful validation

    • getAuditFields

      @Nullable @Unmodifiable @NotLive protected Map<String,String> getAuditFields(@Nonnull ProfileRequestContext profileRequestContext)
      Subclasses can override this method to supply additional audit fields to store.
      Parameters:
      profileRequestContext - profile request context
      Returns:
      audit fields