Package net.shibboleth.idp.authn.impl

Class ValidateFunctionResult

java.lang.Object

net.shibboleth.shared.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.authn.AbstractAuthenticationAction

net.shibboleth.idp.authn.AbstractValidationAction

net.shibboleth.idp.authn.impl.AbstractAuditingValidationAction

net.shibboleth.idp.authn.impl.ValidateFunctionResult

All Implemented Interfaces:

PrincipalSupportingComponent, Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ValidateFunctionResult
extends AbstractAuditingValidationAction

An action that executes a deployer-supplied function and produces an AuthenticationResult based on the function result.

Since:

3.4.0

Event:

EventIds.PROCEED_EVENT_ID, AuthnEventIds.INVALID_CREDENTIALS, AuthnEventIds.NO_CREDENTIALS

Precondition:

ProfileRequestContext.getSubcontext(AuthenticationContext.class).getAttemptedFlow() != null

Postcondition:

If the function returns a String, Principal, or Subject, an AuthenticationResult is saved to the AuthenticationContext.

Field Summary

Fields

Modifier and Type	Field	Description
private static final String	DEFAULT_METRIC_NAME	Default prefix for metrics.
private final org.slf4j.Logger	log	Class logger.
private Object	result	Authentication result.
private Function<ProfileRequestContext,?>	resultLookupStrategy	Function to evaluate.

Constructor Summary

Constructors

Constructor	Description
ValidateFunctionResult()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)	Performs this authentication action.
protected void	doInitialize()
protected Map<String,String>	getAuditFields(ProfileRequestContext profileRequestContext)	Subclasses can override this method to supply additional audit fields to store.
private String	getUsername(Subject subject)	Get the username from a UsernamePrincipal inside the subject.
protected Subject	populateSubject(Subject subject)	Subclasses must override this method to complete the population of the Subject with Principal and credential information based on the validation they perform.
void	setResultLookupStrategy(Function<ProfileRequestContext,?> strategy)	Set the function to execute to produce the authentication result.

Methods inherited from class net.shibboleth.idp.authn.impl.AbstractAuditingValidationAction

doAudit, doExecute, getAuditContext, recordFailure, recordSuccess, setAuditContextCreationStrategy, setPopulateAuditContextAction, setWriteAuditLogAction

Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction

addDefaultPrincipals, buildAuthenticationResult, doPreExecute, getClassifiedErrors, getCleanupHook, getMetricName, getRequesterLookupStrategy, getResponderLookupStrategy, getResultCachingPredicate, getSubject, getSupportedPrincipals, handleError, handleError, handleWarning, setAddDefaultPrincipals, setClassifiedMessages, setCleanupHook, setMetricName, setRequesterLookupStrategy, setResponderLookupStrategy, setResultCachingPredicate, setSupportedPrincipals

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, ensureHttpServletRequest, ensureHttpServletResponse, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, isPreExecuteCalled, setHttpServletRequestSupplier, setHttpServletResponseSupplier

Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent

checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.shared.component.InitializableComponent

initialize, isInitialized

Field Details

DEFAULT_METRIC_NAME

@Nonnull
@NotEmpty
private static final String DEFAULT_METRIC_NAME

Default prefix for metrics.

See Also:

• Constant Field Values

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

resultLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,?> resultLookupStrategy

Function to evaluate.

result

@Nullable
private Object result

Authentication result.

Constructor Details

ValidateFunctionResult

public ValidateFunctionResult()

Constructor.

Method Details

setResultLookupStrategy

public void setResultLookupStrategy(@Nonnull
 Function<ProfileRequestContext,?> strategy)

Set the function to execute to produce the authentication result.

The function can return a String, a Principal, or a Subject.

Parameters:

strategy - result strategy

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doExecute

protected void doExecute(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nonnull
 AuthenticationContext authenticationContext)

Performs this authentication action. Default implementation throws an exception.

Overrides:

doExecute in class AbstractAuthenticationAction

Parameters:

profileRequestContext - the current IdP profile request context

authenticationContext - the current authentication context

populateSubject

@Nonnull
protected Subject populateSubject(@Nonnull
 Subject subject)

Subclasses must override this method to complete the population of the Subject with Principal and credential information based on the validation they perform.

Typically this will include attaching a UsernamePrincipal, but this is not a requirement if other components are suitably overridden.

Specified by:

populateSubject in class AbstractValidationAction

Parameters:

subject - subject to populate

Returns:

the input subject

getAuditFields

@Nullable
@Unmodifiable
@NotLive
protected Map<String,String> getAuditFields(@Nonnull
 ProfileRequestContext profileRequestContext)

Subclasses can override this method to supply additional audit fields to store.

Overrides:

getAuditFields in class AbstractAuditingValidationAction

Parameters:

profileRequestContext - profile request context

Returns:

audit fields

getUsername

@Nullable
private String getUsername(@Nonnull
 Subject subject)

Get the username from a UsernamePrincipal inside the subject.

Parameters:

subject - input subject

Returns:

username, or null