edu.internet2.middleware.shibboleth.idp.authn.provider
Class IPAddressLoginHandler

java.lang.Object
  extended by edu.internet2.middleware.shibboleth.idp.authn.provider.AbstractLoginHandler
      extended by edu.internet2.middleware.shibboleth.idp.authn.provider.IPAddressLoginHandler
All Implemented Interfaces:
LoginHandler

public class IPAddressLoginHandler
extends AbstractLoginHandler

IP Address authentication handler. This "authenticates" a user based on their IP address. It operates in either default deny or default allow mode, and evaluates a given request against a list of blocked or permitted IPs. It supports both IPv4 and IPv6. If an Authentication Context Class or DeclRef URI is not specified, it will default to "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol".


Nested Class Summary
protected  class IPAddressLoginHandler.IPEntry
          Encapsulates a network address and a netmask on ipList.
 
Field Summary
 
Fields inherited from interface edu.internet2.middleware.shibboleth.idp.authn.LoginHandler
AUTHENTICATION_ERROR_KEY, AUTHENTICATION_METHOD_KEY, PRINCIPAL_KEY, PRINCIPAL_NAME_KEY, SUBJECT_KEY
 
Constructor Summary
IPAddressLoginHandler()
           
 
Method Summary
protected  BitSet byteArrayToBitSet(byte[] bytes)
          Converts a byte array to a BitSet.
 String getUsername()
          Get the username for all IP-address authenticated users.
protected  void handleDefaultAllow(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
           
protected  void handleDefaultDeny(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
           
 void login(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
          Authenticate the user making the request.
 void setEntries(List<String> entries, boolean defaultDeny)
          Set the permitted IP addresses.
 void setUsername(String name)
          Set the username to use for all IP-address authenticated users.
 boolean supportsForceAuthentication()
          Returns if this handler supports the ability to force a user to (re-)authenticate.
 boolean supportsPassive()
          Gets whether this handler supports passive authentication.
 
Methods inherited from class edu.internet2.middleware.shibboleth.idp.authn.provider.AbstractLoginHandler
getAuthenticationDuration, getSupportedAuthenticationMethods, setAuthenticationDuration, setAuthenticationDurection, setSupportsForceAuthentication, setSupportsPassive
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

IPAddressLoginHandler

public IPAddressLoginHandler()
Method Detail

setEntries

public void setEntries(List<String> entries,
                       boolean defaultDeny)
Set the permitted IP addresses. If defaultDeny is true then only the IP addresses in ipList will be "authenticated." If defaultDeny is false, then all IP addresses except those in ipList will be authenticated.

Parameters:
entries - A list of IP addresses (with CIDR masks).
defaultDeny - Does ipList contain a deny or permit list.

supportsPassive

public boolean supportsPassive()
Gets whether this handler supports passive authentication.

Specified by:
supportsPassive in interface LoginHandler
Overrides:
supportsPassive in class AbstractLoginHandler
Returns:
whether this handler supports passive authentication

supportsForceAuthentication

public boolean supportsForceAuthentication()
Returns if this handler supports the ability to force a user to (re-)authenticate.

Specified by:
supportsForceAuthentication in interface LoginHandler
Overrides:
supportsForceAuthentication in class AbstractLoginHandler
Returns:
if this handler can force a user to (re-)authenticate.

getUsername

public String getUsername()
Get the username for all IP-address authenticated users.

Returns:
The username for IP-address authenticated users.

setUsername

public void setUsername(String name)
Set the username to use for all IP-address authenticated users.

Parameters:
name - The username for IP-address authenticated users.

login

public void login(javax.servlet.http.HttpServletRequest httpRequest,
                  javax.servlet.http.HttpServletResponse httpResponse)
Authenticate the user making the request.

Parameters:
httpRequest - user request
httpResponse - response to user

handleDefaultDeny

protected void handleDefaultDeny(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response)

handleDefaultAllow

protected void handleDefaultAllow(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response)

byteArrayToBitSet

protected BitSet byteArrayToBitSet(byte[] bytes)
Converts a byte array to a BitSet. The supplied byte array is assumed to have the most signifigant bit in element 0.

Parameters:
bytes - the byte array with most signifigant bit in element 0.
Returns:
the BitSet


Copyright © 2006-2008 Internet2. All Rights Reserved.