Package net.shibboleth.idp.session.impl
Class DetectIdentitySwitch
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.profile.action.AbstractConditionalProfileAction
-
- net.shibboleth.idp.profile.AbstractProfileAction
-
- net.shibboleth.idp.authn.AbstractAuthenticationAction
-
- net.shibboleth.idp.session.impl.DetectIdentitySwitch
-
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
public class DetectIdentitySwitch extends AbstractAuthenticationAction
An authentication action that checks for a mismatch between an existing session's identity and the result of a newly canonicalized subject (from aSubjectCanonicalizationContext).On a mismatch it destroys a pre-existing session and clears
AuthenticationContextandSessionContextstate such that no trace of its impact on the contexts remains, and signals the event.An error interacting with the session layer will result in an
EventIds.IO_ERRORevent.- Event:
EventIds.PROCEED_EVENT_ID,EventIds.INVALID_PROFILE_CTX,EventIds.IO_ERROR,AuthnEventIds.IDENTITY_SWITCH- Postcondition:
- If an identity switch is detected, SessionContext.getIdPSession() == null && AuthenticationContext.getActiveResults().isEmpty()
-
-
Field Summary
Fields Modifier and Type Field Description private Function<ProfileRequestContext,SubjectCanonicalizationContext>c14nContextLookupStrategyLookup function for SubjectCanonicalizationContext.private org.slf4j.LoggerlogClass logger.private StringnewPrincipalNameA newly established principal name to check.private Function<ProfileRequestContext,SessionContext>sessionContextLookupStrategyLookup function for SessionContext.private SessionContextsessionCtxSessionContext to operate on.private SessionManagersessionManagerSessionManager.
-
Constructor Summary
Constructors Constructor Description DetectIdentitySwitch()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voiddoExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)protected voiddoInitialize()protected booleandoPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)voidsetSessionContextLookupStrategy(Function<ProfileRequestContext,SessionContext> strategy)Set the lookup strategy for the SessionContext to access.voidsetSessionManager(SessionManager manager)Set theSessionManagerto use.voidsetSubjectCanonicalizationContextLookupStrategy(Function<ProfileRequestContext,SubjectCanonicalizationContext> strategy)Set the lookup strategy for the SubjectCanonicalizationContext to access.-
Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategy
-
Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy
-
Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition
-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
sessionManager
@NonnullAfterInit private SessionManager sessionManager
SessionManager.
-
sessionContextLookupStrategy
@Nonnull private Function<ProfileRequestContext,SessionContext> sessionContextLookupStrategy
Lookup function for SessionContext.
-
c14nContextLookupStrategy
@Nonnull private Function<ProfileRequestContext,SubjectCanonicalizationContext> c14nContextLookupStrategy
Lookup function for SubjectCanonicalizationContext.
-
sessionCtx
@Nullable private SessionContext sessionCtx
SessionContext to operate on.
-
newPrincipalName
@Nullable private String newPrincipalName
A newly established principal name to check.
-
-
Method Detail
-
setSessionManager
public void setSessionManager(@Nonnull SessionManager manager)Set theSessionManagerto use.- Parameters:
manager- session manager to use
-
setSessionContextLookupStrategy
public void setSessionContextLookupStrategy(@Nonnull Function<ProfileRequestContext,SessionContext> strategy)Set the lookup strategy for the SessionContext to access.- Parameters:
strategy- lookup strategy
-
setSubjectCanonicalizationContextLookupStrategy
public void setSubjectCanonicalizationContextLookupStrategy(@Nonnull Function<ProfileRequestContext,SubjectCanonicalizationContext> strategy)Set the lookup strategy for the SubjectCanonicalizationContext to access.- Parameters:
strategy- lookup strategy
-
doInitialize
protected void doInitialize() throws ComponentInitializationException- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)- Overrides:
doPreExecutein classAbstractAuthenticationAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)- Overrides:
doExecutein classAbstractAuthenticationAction
-
-