Package net.shibboleth.idp.authn.impl

Class JAASCredentialValidator

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent
net.shibboleth.idp.authn.AbstractCredentialValidator
net.shibboleth.idp.authn.AbstractUsernamePasswordCredentialValidator
net.shibboleth.idp.authn.impl.JAASCredentialValidator
All Implemented Interfaces:
CredentialValidator, PrincipalSupportingComponent, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
@ThreadSafeAfterInit public class JAASCredentialValidator extends AbstractUsernamePasswordCredentialValidator
A password validator that authenticates against JAAS.

Support for complex chaining of JAAS modules remains supported but should be avoided in favor of the new support for chaining validators in most cases.

Since:
4.0.0

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • loginConfigType

      @Nullable private String loginConfigType
      Type of JAAS Configuration to instantiate.

    • loginConfigResource

      @Nullable private Resource loginConfigResource
      JAAS configuration resource.

    • loginConfigParameters

      @Nullable private Configuration.Parameters loginConfigParameters
      Type-specific configuration parameters.

    • loginConfigNames

      @Nonnull private Collection<String> loginConfigNames
      Holder for simple configurations defined by name.

    • loginConfigurations

      @Nonnull private Collection<Pair<String,Subject>> loginConfigurations
      Application name(s) in JAAS configuration to use.

    • loginConfigStrategy

      @Nullable private Function<ProfileRequestContext,Collection<Pair<String,Subject>>> loginConfigStrategy
      Strategy function to dynamically derive the login config(s) to use.

  • Constructor Details

    • JAASCredentialValidator

      public JAASCredentialValidator()
      Constructor.

  • Method Details

    • getLoginConfigType

      @Nullable public String getLoginConfigType()
      Get the type of JAAS Configuration to use.
      Returns:
      the type of JAAS configuration to use

    • setLoginConfigType

      public void setLoginConfigType(@Nullable String type)
      Set the type of JAAS Configuration to use.
      Parameters:
      type - the type of JAAS configuration to use

    • getLoginConfigParameters

      @Nullable public Configuration.Parameters getLoginConfigParameters()
      Get the type-specific parameters of the JAAS Configuration to use.
      Returns:
      the JAAS configuration parameters to use

    • setLoginConfigParameters

      public void setLoginConfigParameters(@Nullable URI uri)
      Set a URI to use as a JAAS configuration parameter.
      Parameters:
      uri - the JAAS configuration URI parameters to use

    • setLoginConfigResource

      public void setLoginConfigResource(@Nullable Resource resource)
      Set a login configuration resource to use.
      Parameters:
      resource - resource to use
      Since:
      4.1.0

    • setLoginConfigurations

      public void setLoginConfigurations(@Nullable Collection<Pair<String,Collection<Principal>>> configs)
      Set the JAAS application name(s) to use, along with an optional collection of custom principals to apply to the result.
      Parameters:
      configs - list of JAAS application names and custom principals to use

    • setLoginConfigNames

      public void setLoginConfigNames(@Nullable Collection<String> names)
      Set the JAAS application name(s) to use.
      Parameters:
      names - list of JAAS application names to use

    • setLoginConfigStrategy

      public void setLoginConfigStrategy(@Nullable Function<ProfileRequestContext,Collection<Pair<String,Subject>>> strategy)
      Set the strategy function to use to obtain the JAAS application configuration(s) to use.
      Parameters:
      strategy - strategy function

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractIdentifiedInitializableComponent
      Throws:
      ComponentInitializationException

    • doValidate

      @Nullable protected Subject doValidate(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nonnull UsernamePasswordContext usernamePasswordContext, @Nullable CredentialValidator.WarningHandler warningHandler, @Nullable CredentialValidator.ErrorHandler errorHandler) throws Exception
      Override method for subclasses to use to perform the actual validation.

      Any configured transforms will have been applied to populate the context with a transformed username prior to this method call.

      Specified by:
      doValidate in class AbstractUsernamePasswordCredentialValidator
      Parameters:
      profileRequestContext - profile request context
      authenticationContext - authentication context
      usernamePasswordContext - the username/password to validate
      warningHandler - optional warning handler interface
      errorHandler - optional error handler interface
      Returns:
      the validated result, or null if inapplicable
      Throws:
      Exception - if an error occurs

    • authenticate

      @Nonnull private Subject authenticate(@Nonnull @NotEmpty String loginConfigName, @Nonnull UsernamePasswordContext usernamePasswordContext) throws LoginException, NoSuchAlgorithmException
      Create a JAAS configuration and attempt a login with it.
      Parameters:
      loginConfigName - the application name to use
      usernamePasswordContext - input context
      Returns:
      the JAAS result
      Throws:
      LoginException - if the JAAS login process fails
      NoSuchAlgorithmException - if a JAAS configuration cannot be created

    • populateSubject

      @Nonnull protected Subject populateSubject(@Nonnull Subject subject, @Nullable Subject derivedSubject, @Nonnull UsernamePasswordContext usernamePasswordContext)
      Finish decorating the result.
      Parameters:
      subject - the JAAS result
      derivedSubject - container for additional principals
      usernamePasswordContext - input context
      Returns:
      final result