IPAddressLoginHandler (Shibboleth Identity Provider 2.1.0 Java API.)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.shibboleth.idp.authn.provider
Class IPAddressLoginHandler

java.lang.Object
  edu.internet2.middleware.shibboleth.idp.authn.provider.AbstractLoginHandler
      edu.internet2.middleware.shibboleth.idp.authn.provider.IPAddressLoginHandler

All Implemented Interfaces:: LoginHandler

public class IPAddressLoginHandler
extends AbstractLoginHandler
extends AbstractLoginHandler

IP Address authentication handler. This "authenticates" a user based on their IP address. It operates in either default deny or default allow mode, and evaluates a given request against a list of blocked or permitted IPs. It supports both IPv4 and IPv6. If an Authentication Context Class or DeclRef URI is not specified, it will default to "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol".

Nested Class Summary
`protected class`	`IPAddressLoginHandler.IPEntry` Encapsulates a network address and a netmask on ipList.

Field Summary

Fields inherited from interface edu.internet2.middleware.shibboleth.idp.authn.LoginHandler
`AUTHENTICATION_ERROR_KEY, AUTHENTICATION_METHOD_KEY, PRINCIPAL_KEY, PRINCIPAL_NAME_KEY, SUBJECT_KEY`

Constructor Summary
`IPAddressLoginHandler()`

Method Summary
`protected BitSet`	`byteArrayToBitSet(byte[] bytes)` Converts a byte array to a BitSet.
`String`	`getUsername()` Get the username for all IP-address authenticated users.
`protected void`	`handleDefaultAllow(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`
`protected void`	`handleDefaultDeny(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`
`void`	`login(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)` Authenticate the user making the request.
`void`	`setEntries(List<String> entries, boolean defaultDeny)` Set the permitted IP addresses.
`void`	`setUsername(String name)` Set the username to use for all IP-address authenticated users.
`boolean`	`supportsForceAuthentication()` Returns if this handler supports the ability to force a user to (re-)authenticate.
`boolean`	`supportsPassive()` Gets whether this handler supports passive authentication.

Methods inherited from class edu.internet2.middleware.shibboleth.idp.authn.provider.AbstractLoginHandler
`getAuthenticationDuration, getSupportedAuthenticationMethods, setAuthenticationDuration, setAuthenticationDurection, setSupportsForceAuthentication, setSupportsPassive`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

IPAddressLoginHandler

public IPAddressLoginHandler()

Method Detail

setEntries

public void setEntries(List<String> entries,
                       boolean defaultDeny)

Set the permitted IP addresses. If defaultDeny is true then only the IP addresses in ipList will be "authenticated." If defaultDeny is false, then all IP addresses except those in ipList will be authenticated.

Parameters:: entries - A list of IP addresses (with CIDR masks).; defaultDeny - Does ipList contain a deny or permit list.

supportsPassive

public boolean supportsPassive()

Gets whether this handler supports passive authentication.

Specified by:: supportsPassive in interface LoginHandler
Overrides:: supportsPassive in class AbstractLoginHandler

Returns:: whether this handler supports passive authentication

supportsForceAuthentication

public boolean supportsForceAuthentication()

Returns if this handler supports the ability to force a user to (re-)authenticate.

Specified by:: supportsForceAuthentication in interface LoginHandler
Overrides:: supportsForceAuthentication in class AbstractLoginHandler

Returns:: if this handler can force a user to (re-)authenticate.

getUsername

public String getUsername()

Get the username for all IP-address authenticated users.

Returns:: The username for IP-address authenticated users.

setUsername

public void setUsername(String name)

Set the username to use for all IP-address authenticated users.

Parameters:: name - The username for IP-address authenticated users.

login

public void login(javax.servlet.http.HttpServletRequest httpRequest,
                  javax.servlet.http.HttpServletResponse httpResponse)

Authenticate the user making the request.

Parameters:: httpRequest - user request; httpResponse - response to user

handleDefaultDeny

protected void handleDefaultDeny(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response)

handleDefaultAllow

protected void handleDefaultAllow(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response)

byteArrayToBitSet

protected BitSet byteArrayToBitSet(byte[] bytes)

Converts a byte array to a BitSet. The supplied byte array is assumed to have the most signifigant bit in element 0.

Parameters:: bytes - the byte array with most signifigant bit in element 0.
Returns:: the BitSet