Package net.shibboleth.idp.authn.impl

Class HTPasswdCredentialValidator

java.lang.Object

net.shibboleth.shared.component.AbstractInitializableComponent

net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent

net.shibboleth.idp.authn.AbstractCredentialValidator

net.shibboleth.idp.authn.AbstractUsernamePasswordCredentialValidator

net.shibboleth.idp.authn.impl.HTPasswdCredentialValidator

All Implemented Interfaces:

CredentialValidator, PrincipalSupportingComponent, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent

@ThreadSafeAfterInit
public class HTPasswdCredentialValidator
extends AbstractUsernamePasswordCredentialValidator

A password validator that authenticates against Apache htpasswd files.

Since:

4.0.0

Nested Class Summary

Nested classes/interfaces inherited from interface net.shibboleth.idp.authn.CredentialValidator

CredentialValidator.ErrorHandler, CredentialValidator.WarningHandler

Field Summary

Fields

Modifier and Type	Field	Description
private final Map<String,String>	credentialMap	In-memory copy of entries.
private StringDigester	digester	Digester for SHA-1.
private Resource	htPasswdResource	Source of information.
private long	lastModified	File timestamp.
private final org.slf4j.Logger	log	Class logger.

Constructor Summary

Constructors

Constructor	Description
HTPasswdCredentialValidator()	Constructor.

Method Summary

Modifier and Type	Method	Description
private boolean	authenticate(UsernamePasswordContext usernamePasswordContext, String storedPassword)	Compare input password to stored value.
protected void	doInitialize()
protected Subject	doValidate(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext, UsernamePasswordContext usernamePasswordContext, CredentialValidator.WarningHandler warningHandler, CredentialValidator.ErrorHandler errorHandler)	Override method for subclasses to use to perform the actual validation.
private String	getCredential(String username)	Check for file refresh and return the matching password.
private Map<String,String>	readCredentials(InputStream is)	Reads the credentials from stream.
void	setResource(Resource resource)	Set the resource to use.

Methods inherited from class net.shibboleth.idp.authn.AbstractUsernamePasswordCredentialValidator

applyTransforms, doValidate, populateSubject, savePasswordToCredentialSet, setLowercase, setMatchExpression, setSavePasswordToCredentialSet, setTransforms, setTrim, setUppercase, setUsernamePasswordContextLookupStrategy

Methods inherited from class net.shibboleth.idp.authn.AbstractCredentialValidator

getLogPrefix, getSupportedPrincipals, isAcceptable, populateSubject, setActivationCondition, setId, setSupportedPrincipals, validate

Methods inherited from class net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent

ensureId, getId, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException

Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent

checkComponentActive, checkSetterPreconditions, destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.shared.component.IdentifiedComponent

getId

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

digester

@NonnullAfterInit
private StringDigester digester

Digester for SHA-1.

htPasswdResource

@Nullable
private Resource htPasswdResource

Source of information.

lastModified

private long lastModified

File timestamp.

credentialMap

@Nonnull
private final Map<String,String> credentialMap

In-memory copy of entries.

Constructor Details

HTPasswdCredentialValidator

public HTPasswdCredentialValidator()

Constructor.

Method Details

setResource

public void setResource(@Nonnull
 Resource resource)

Set the resource to use.

Parameters:

resource - resource to use

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractIdentifiedInitializableComponent

Throws:

ComponentInitializationException

doValidate

@Nullable
protected Subject doValidate(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nonnull
 AuthenticationContext authenticationContext,
 @Nonnull
 UsernamePasswordContext usernamePasswordContext,
 @Nullable
 CredentialValidator.WarningHandler warningHandler,
 @Nullable
 CredentialValidator.ErrorHandler errorHandler)
                      throws Exception

Override method for subclasses to use to perform the actual validation.

Any configured transforms will have been applied to populate the context with a transformed username prior to this method call.

Specified by:

doValidate in class AbstractUsernamePasswordCredentialValidator

Parameters:

profileRequestContext - profile request context

authenticationContext - authentication context

usernamePasswordContext - the username/password to validate

warningHandler - optional warning handler interface

errorHandler - optional error handler interface

Returns:

the validated result, or null if inapplicable

Throws:

Exception - if an error occurs

authenticate

private boolean authenticate(@Nonnull
 UsernamePasswordContext usernamePasswordContext,
 @Nonnull
 String storedPassword)

Compare input password to stored value.

Parameters:

usernamePasswordContext - input context

storedPassword - the stored string

Returns:

true iff the password matches

getCredential

@Nullable
private String getCredential(@Nonnull
 String username)

Check for file refresh and return the matching password.

Parameters:

username - record to fetch

Returns:

matching password or null

readCredentials

@Nonnull
@Unmodifiable
@NotLive
private Map<String,String> readCredentials(@Nonnull
 InputStream is)

Reads the credentials from stream.

Parameters:

is - input stream

Returns:

map of credentials