1 /*
2 * Copyright 2006 University Corporation for Advanced Internet Development, Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package edu.internet2.middleware.shibboleth.idp.authn;
18
19 import java.io.Serializable;
20 import java.util.ArrayList;
21 import java.util.List;
22 import java.util.Map;
23 import java.util.concurrent.ConcurrentHashMap;
24
25 import org.joda.time.DateTime;
26
27 import edu.internet2.middleware.shibboleth.idp.session.AuthenticationMethodInformation;
28
29 /**
30 * Login context created by a profile handler and interpreted by the authentication package.
31 *
32 * Two properties are tracked by default:
33 * <ul>
34 * <li><code>forceAuth</code> - Should user authentication be forced (default value: false).</li>
35 * <li><code>passiveAuth</code> - Should user authentication not control the UI (default value: false).</li>
36 * </ul>
37 *
38 * A {@link Map}<String, Object> is provided to store other properties. Alternatively, a profile handler may
39 * create a subclass of LoginContext with extra fields.
40 *
41 * LoginContexts should be created by a profile handler when authentication is needed. Once control has returned to the
42 * profile handler, it should remove the LoginContext from the HttpSession.
43 *
44 * The {@link AuthenticationEngine} should set the {@link LoginContext#setAuthenticationAttempted()},
45 * {@link LoginContext#setPrincipalAuthenticated(boolean)},
46 * {@link LoginContext#setAuthenticationFailure(AuthenticationException)}, appropriately.
47 */
48 public class LoginContext implements Serializable {
49
50 /** the key in a HttpSession where login contexts are stored. */
51 public static final String LOGIN_CONTEXT_KEY = "shib2.logincontext";
52
53 /** Serial version UID. */
54 private static final long serialVersionUID = -8764003758734956911L;
55
56 /** Entity ID of the relying party. */
57 private String relyingPartyId;
58
59 /** Should user authentication be forced. */
60 private boolean forceAuth;
61
62 /** Must authentication not interact with the UI. */
63 private boolean passiveAuth;
64
65 /** A catch-all map for other properties. */
66 private Map<String, Serializable> propsMap = new ConcurrentHashMap<String, Serializable>();
67
68 /** The ProfileHandler URL. */
69 private String profileHandlerURL;
70
71 /** The authentication engine's URL. */
72 private String authnEngineURL;
73
74 /** Whether authentication been attempted yet. */
75 private boolean authnAttempted;
76
77 /** Attempted user authentication method. */
78 private String attemptedAuthnMethod;
79
80 /** Did authentication succeed? */
81 private boolean principalAuthenticated;
82
83 /** Exception that occurred during authentication. */
84 private AuthenticationException authnException;
85
86 /** The session id. */
87 private String sessionID;
88
89 /** List of request authentication methods. */
90 private ArrayList<String> requestAuthenticationMethods;
91
92 /** Information about the authentication method. */
93 private AuthenticationMethodInformation authenticationMethodInformation;
94
95 /** Creates a new instance of LoginContext. */
96 public LoginContext() {
97 requestAuthenticationMethods = new ArrayList<String>();
98 }
99
100 /**
101 * Creates a new instance of LoginContext.
102 *
103 * @param force if the authentication manager must re-authenticate the user.
104 * @param passive if the authentication manager must not interact with the users UI.
105 */
106 public LoginContext(boolean force, boolean passive) {
107 forceAuth = force;
108 passiveAuth = passive;
109 requestAuthenticationMethods = new ArrayList<String>();
110 }
111
112 /**
113 * Gets the authentication method that was used when attempting to authenticate the user. Note, this may be
114 * different than the authentication method reported within {@link #getAuthenticationMethodInformation()}.
115 *
116 * @return authentication method that was used when attempting to authenticate the user
117 */
118 public synchronized String getAttemptedAuthnMethod() {
119 return attemptedAuthnMethod;
120 }
121
122 /**
123 * Returns if authentication has been attempted for this user.
124 *
125 * @return if authentication has been attempted for this user
126 */
127 public synchronized boolean getAuthenticationAttempted() {
128 return authnAttempted;
129 }
130
131 /**
132 * Gets the duration of authentication.
133 *
134 * @return The duration of authentication, or zero if none was set.
135 */
136 public synchronized long getAuthenticationDuration() {
137 return authenticationMethodInformation.getAuthenticationDuration();
138 }
139
140 /**
141 * Gets the authentication engine's URL.
142 *
143 * @return the URL of the authentication engine
144 */
145 public synchronized String getAuthenticationEngineURL() {
146 return authnEngineURL;
147 }
148
149 /**
150 * Gets the error that occurred during authentication.
151 *
152 * @return error that occurred during authentication
153 */
154 public synchronized AuthenticationException getAuthenticationFailure() {
155 return authnException;
156 }
157
158 /**
159 * Gets the authentication instant.
160 *
161 * @return The instant of authentication, or <code>null</code> if none was set.
162 */
163 public synchronized DateTime getAuthenticationInstant() {
164 return authenticationMethodInformation.getAuthenticationInstant();
165 }
166
167 /**
168 * Gets the method used to authenticate the user.
169 *
170 * @return The method used to authenticate the user.
171 */
172 public synchronized String getAuthenticationMethod() {
173 return authenticationMethodInformation.getAuthenticationMethod();
174 }
175
176 /**
177 * Gets information about the authentication event.
178 *
179 * @return information about the authentication event.
180 */
181 public synchronized AuthenticationMethodInformation getAuthenticationMethodInformation() {
182 return authenticationMethodInformation;
183 }
184
185 /**
186 * Returns the ID of the authenticated user.
187 *
188 * @return the ID of the user, or <code>null</code> if authentication failed.
189 */
190 public synchronized String getPrincipalName() {
191 return authenticationMethodInformation.getAuthenticationPrincipal().getName();
192 }
193
194 /**
195 * Gets the ProfileHandler URL.
196 *
197 * @return the URL of the profile handler that is invoking the Authentication Manager.
198 */
199 public synchronized String getProfileHandlerURL() {
200 return profileHandlerURL;
201 }
202
203 /**
204 * Get an optional property object.
205 *
206 * @param key The key in the properties Map.
207 *
208 * @return The object, or <code>null</code> is no object exists for the key.
209 */
210 public synchronized Object getProperty(String key) {
211 return propsMap.get(key);
212 }
213
214 /**
215 * Gets the entity ID of the relying party.
216 *
217 * @return entity ID of the relying party
218 */
219 public synchronized String getRelyingPartyId() {
220 return relyingPartyId;
221 }
222
223 /**
224 * Return the acceptable authentication handler URIs, in preference order, for authenticating this user. If no
225 * authentication methods are preferred the resultant list will be empty.
226 *
227 * @return an list of authentication method identifiers
228 */
229 public synchronized List<String> getRequestedAuthenticationMethods() {
230 return requestAuthenticationMethods;
231 }
232
233 /**
234 * Gets the {@link edu.internet2.middleware.shibboleth.idp.session.Session} ID.
235 *
236 * @return the Session id
237 */
238 public synchronized String getSessionID() {
239 return sessionID;
240 }
241
242 /**
243 * Returns if authentication must be forced.
244 *
245 * @return <code>true</code> if the authentication manager must re-authenticate the user.
246 */
247 public synchronized boolean isForceAuthRequired() {
248 return forceAuth;
249 }
250
251 /**
252 * Returns if authentication must be passive.
253 *
254 * @return <code>true</code> if the authentication manager must not interact with the users UI.
255 */
256 public synchronized boolean isPassiveAuthRequired() {
257 return passiveAuth;
258 }
259
260 /**
261 * Returns if authentication succeeded.
262 *
263 * @return <code>true</code> is the user was successfully authenticated.
264 */
265 public synchronized boolean isPrincipalAuthenticated() {
266 return principalAuthenticated;
267 }
268
269 /**
270 * Sets the authentication method that was used when attempting to authenticate the user.
271 *
272 * @param method authentication method that was used when attempting to authenticate the user
273 */
274 public synchronized void setAttemptedAuthnMethod(String method) {
275 attemptedAuthnMethod = method;
276 }
277
278 /**
279 * Set if authentication has been attempted.
280 *
281 * This method should be called by an {@link LoginHandler} while processing a request.
282 */
283 public synchronized void setAuthenticationAttempted() {
284 authnAttempted = true;
285 }
286
287 /**
288 * Sets the duration of authentication.
289 *
290 * @param duration The duration of authentication.
291 *
292 * @deprecated this information is contained in the {@link AuthenticationMethodInformation}
293 */
294 public synchronized void setAuthenticationDuration(long duration) {
295 }
296
297 /**
298 * Sets the authentication engine's URL.
299 *
300 * @param url the URL of the authentication engine
301 */
302 public synchronized void setAuthenticationEngineURL(String url) {
303 authnEngineURL = url;
304 }
305
306 /**
307 * Sets the error that occurred during authentication.
308 *
309 * @param error error that occurred during authentication
310 */
311 public synchronized void setAuthenticationFailure(AuthenticationException error) {
312 authnException = error;
313 }
314
315 /**
316 * Sets the authentication instant.
317 *
318 * @param instant The instant of authentication.
319 *
320 * @deprecated this information is contained in the {@link AuthenticationMethodInformation}
321 */
322 public synchronized void setAuthenticationInstant(final DateTime instant) {
323 }
324
325 /**
326 * Sets the method used to authenticate the user.
327 *
328 * @param method The method used to authenticate the user.
329 *
330 * @deprecated this information is contained in the {@link AuthenticationMethodInformation}
331 */
332 public synchronized void setAuthenticationMethod(String method) {
333 }
334
335 /**
336 * Sets the information about the authentication event.
337 *
338 * @param info information about the authentication event
339 */
340 public synchronized void setAuthenticationMethodInformation(AuthenticationMethodInformation info) {
341 authenticationMethodInformation = info;
342 }
343
344 /**
345 * Sets if authentication must be forced.
346 *
347 * @param force if the authentication manager must re-authenticate the user.
348 */
349 public synchronized void setForceAuthRequired(boolean force) {
350 forceAuth = force;
351 }
352
353 /**
354 * Sets if authentication must be passive.
355 *
356 * @param passive if the authentication manager must not interact with the users UI.
357 */
358 public synchronized void setPassiveAuthRequired(boolean passive) {
359 passiveAuth = passive;
360 }
361
362 /**
363 * Sets if authentication succeeded.
364 *
365 * @param authnOK if authentication succeeded;
366 */
367 public synchronized void setPrincipalAuthenticated(boolean authnOK) {
368 this.principalAuthenticated = authnOK;
369 }
370
371 /**
372 * Sets the ID of the authenticated user.
373 *
374 * @param id The userid.
375 *
376 * @deprecated this information is contained in the {@link AuthenticationMethodInformation}
377 */
378 public synchronized void setPrincipalName(String id) {
379
380 }
381
382 /**
383 * Sets the ProfileHandler URL.
384 *
385 * @param url The URL of the profile handler that invoked the AuthenticationManager/
386 */
387 public synchronized void setProfileHandlerURL(String url) {
388 profileHandlerURL = url;
389 }
390
391 /**
392 * Sets an optional property object.
393 *
394 * If an object is already associated with key, it will be overwritten.
395 *
396 * @param key The key to set.
397 * @param obj The object to associate with key.
398 */
399 public synchronized void setProperty(String key, final Serializable obj) {
400 propsMap.put(key, obj);
401 }
402
403 /**
404 * Gets the entity ID of the relying party.
405 *
406 * @param id entity ID of the relying party
407 */
408 public synchronized void setRelyingParty(String id) {
409 relyingPartyId = id;
410 }
411
412 /**
413 * Sets the {@link edu.internet2.middleware.shibboleth.idp.session.Session} ID.
414 *
415 * @param id the Session ID
416 */
417 public synchronized void setSessionID(String id) {
418 sessionID = id;
419 }
420 }