|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectjavax.servlet.GenericServlet
javax.servlet.http.HttpServlet
edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine
public class AuthenticationEngine
Manager responsible for handling authentication requests.
Field Summary | |
---|---|
static String |
IDP_SESSION_COOKIE_NAME
Name of the IdP Cookie containing the IdP session ID. |
static String |
LOGIN_CONTEXT_KEY_NAME
Name of the key under which to bind the storage service key for a login context. |
static String |
LOGIN_CONTEXT_LIFETIME_INIT_PARAM_NAME
Name of the Servlet config init parameter that holds lifetime of a login context in the storage service. |
static String |
LOGIN_CONTEXT_PARTITION_NAME_INIT_PARAM_NAME
Name of the Servlet config init parameter that holds the partition name for login contexts. |
Constructor Summary | |
---|---|
AuthenticationEngine()
|
Method Summary | |
---|---|
protected void |
addSessionCookie(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse,
Session userSession)
Adds an IdP session cookie to the outbound response. |
protected void |
completeAuthentication(LoginContext loginContext,
javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Completes the authentication process. |
protected Map<String,LoginHandler> |
determinePossibleLoginHandlers(LoginContext loginContext)
Determines which configured login handlers will support the requested authentication methods. |
protected void |
filterByForceAuthentication(Session idpSession,
LoginContext loginContext,
Map<String,LoginHandler> loginHandlers)
Filters out any login handler based on the requirement for forced authentication. |
protected void |
filterByPassiveAuthentication(Session idpSession,
LoginContext loginContext,
Map<String,LoginHandler> loginHandlers)
Filters out any login handler that doesn't support passive authentication if the login context indicates passive authentication is required. |
protected static void |
forwardRequest(String forwardPath,
javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Forwards a request to the given path. |
protected Subject |
getLoginHandlerSubject(javax.servlet.http.HttpServletRequest httpRequest)
Gets the subject from the request coming back from the login handler. |
void |
init(javax.servlet.ServletConfig config)
|
protected Subject |
mergeSubjects(Subject subject1,
Subject subject2)
Merges the principals and public and private credentials from two subjects into a new subject. |
protected static LoginContext |
retrieveLoginContext(javax.servlet.http.HttpServletRequest httpRequest,
boolean removeFromStorageService)
Retrieves a login context. |
static void |
returnToAuthenticationEngine(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Returns control back to the authentication engine. |
static void |
returnToProfileHandler(LoginContext loginContext,
javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Returns control back to the profile handler that invoked the authentication engine. |
protected void |
service(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
|
protected void |
startUserAuthentication(LoginContext loginContext,
javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Begins the authentication process. |
protected void |
storeLoginContext(LoginContext loginContext,
javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Stores the login context in the storage service. |
protected void |
updateUserSession(LoginContext loginContext,
Subject authenticationSubject,
String authenticationMethod,
javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Updates the user's Shibboleth session with authentication information. |
protected void |
validateForcedReauthentication(Session idpSession,
String authnMethod,
Subject subject)
If forced authentication was required this method checks to ensure that the re-authenticated subject contains a principal name that is equal to the principal name associated with the authentication method. |
protected void |
validateSuccessfulAuthentication(LoginContext loginContext,
javax.servlet.http.HttpServletRequest httpRequest)
Validates that the authentication was successfully performed by the login handler. |
Methods inherited from class javax.servlet.http.HttpServlet |
---|
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service |
Methods inherited from class javax.servlet.GenericServlet |
---|
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String LOGIN_CONTEXT_PARTITION_NAME_INIT_PARAM_NAME
public static final String LOGIN_CONTEXT_LIFETIME_INIT_PARAM_NAME
public static final String IDP_SESSION_COOKIE_NAME
public static final String LOGIN_CONTEXT_KEY_NAME
Constructor Detail |
---|
public AuthenticationEngine()
Method Detail |
---|
public void init(javax.servlet.ServletConfig config) throws javax.servlet.ServletException
init
in interface javax.servlet.Servlet
init
in class javax.servlet.GenericServlet
javax.servlet.ServletException
protected static LoginContext retrieveLoginContext(javax.servlet.http.HttpServletRequest httpRequest, boolean removeFromStorageService)
httpRequest
- current HTTP requestremoveFromStorageService
- whether the login context should be removed from the storage service as it is
retrieved
public static void returnToAuthenticationEngine(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
httpRequest
- current HTTP requesthttpResponse
- current HTTP responsepublic static void returnToProfileHandler(LoginContext loginContext, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
loginContext
- current login contexthttpRequest
- current HTTP requesthttpResponse
- current HTTP responseprotected static void forwardRequest(String forwardPath, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
forwardPath
- path to forward the request tohttpRequest
- current HTTP requesthttpResponse
- current HTTP responseprotected void service(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) throws javax.servlet.ServletException, IOException
service
in class javax.servlet.http.HttpServlet
javax.servlet.ServletException
IOException
protected void startUserAuthentication(LoginContext loginContext, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
loginContext
- current login contexthttpRequest
- current HTTP requesthttpResponse
- current HTTP responseprotected Map<String,LoginHandler> determinePossibleLoginHandlers(LoginContext loginContext) throws AuthenticationException
loginContext
- current login context
AuthenticationException
- thrown if no login handler meets the given requirementsprotected void filterByForceAuthentication(Session idpSession, LoginContext loginContext, Map<String,LoginHandler> loginHandlers) throws ForceAuthenticationException
idpSession
- user's current IdP sessionloginContext
- current login contextloginHandlers
- login handlers to filter
ForceAuthenticationException
- thrown if no handlers remain after filteringprotected void filterByPassiveAuthentication(Session idpSession, LoginContext loginContext, Map<String,LoginHandler> loginHandlers) throws PassiveAuthenticationException
idpSession
- user's current IdP sessionloginContext
- current login contextloginHandlers
- login handlers to filter
PassiveAuthenticationException
- thrown if no handlers remain after filteringprotected void storeLoginContext(LoginContext loginContext, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
loginContext
- login context to storehttpRequest
- current HTTP requesthttpResponse
- current HTTP responseprotected void completeAuthentication(LoginContext loginContext, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
loginContext
- current login contexthttpRequest
- current HTTP requesthttpResponse
- current HTTP responseprotected void validateSuccessfulAuthentication(LoginContext loginContext, javax.servlet.http.HttpServletRequest httpRequest) throws AuthenticationException
LoginHandler.AUTHENTICATION_ERROR_KEY
and there is a value for at least one of the following request attributes: LoginHandler.SUBJECT_KEY
,
LoginHandler.PRINCIPAL_KEY
, or LoginHandler.PRINCIPAL_NAME_KEY
.
loginContext
- current login contexthttpRequest
- current HTTP request
AuthenticationException
- thrown if the authentication was not successfulprotected Subject getLoginHandlerSubject(javax.servlet.http.HttpServletRequest httpRequest) throws AuthenticationException
httpRequest
- request coming back from the login handler
Subject
created from the request
AuthenticationException
- thrown if no subject can be retrieved from the requestprotected void validateForcedReauthentication(Session idpSession, String authnMethod, Subject subject) throws AuthenticationException
idpSession
- user's IdP sessionauthnMethod
- method used to authenticate the usersubject
- subject that was authenticated
AuthenticationException
- thrown if this check failsprotected void updateUserSession(LoginContext loginContext, Subject authenticationSubject, String authenticationMethod, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
loginContext
- current login contextauthenticationSubject
- subject created from the authentication methodauthenticationMethod
- the method used to authenticate the subjecthttpRequest
- current HTTP requesthttpResponse
- current HTTP responseprotected Subject mergeSubjects(Subject subject1, Subject subject2)
subject1
- first subject to merge, may be nullsubject2
- second subject to merge, may be null
protected void addSessionCookie(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, Session userSession)
httpRequest
- current requesthttpResponse
- current responseuserSession
- user's session
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |