|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectjavax.servlet.GenericServlet
javax.servlet.http.HttpServlet
edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine
public class AuthenticationEngine
Manager responsible for handling authentication requests.
Field Summary | |
---|---|
static String |
IDP_SESSION_COOKIE_NAME
Name of the IdP Cookie containing the IdP session ID. |
static String |
LOGIN_CONTEXT_KEY_NAME
Name of the key under which to bind the storage service key for a login context. |
static String |
LOGIN_CONTEXT_LIFETIME_INIT_PARAM_NAME
Name of the Servlet config init parameter that holds lifetime of a login context in the storage service. |
static String |
LOGIN_CONTEXT_PARTITION_NAME_INIT_PARAM_NAME
Name of the Servlet config init parameter that holds the partition name for login contexts. |
static String |
RETAIN_PRIVATE_CREDENTIALS
Name of the Servlet config init parameter that indicates whether the private credentials of a Subject are
retained after authentication. |
static String |
RETAIN_PUBLIC_CREDENTIALS
Name of the Servlet config init parameter that indicates whether the public credentials of a Subject are
retained after authentication. |
Constructor Summary | |
---|---|
AuthenticationEngine()
|
Method Summary | |
---|---|
protected void |
addSessionCookie(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse,
Session userSession)
Adds an IdP session cookie to the outbound response. |
protected void |
completeAuthentication(LoginContext loginContext,
javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Completes the authentication process. |
protected Map<String,LoginHandler> |
determinePossibleLoginHandlers(Session idpSession,
LoginContext loginContext)
Determines which configured login handlers will support the requested authentication methods. |
protected void |
filterByForceAuthentication(Session idpSession,
LoginContext loginContext,
Map<String,LoginHandler> loginHandlers)
Filters out any login handler based on the requirement for forced authentication. |
protected void |
filterByPassiveAuthentication(Session idpSession,
LoginContext loginContext,
Map<String,LoginHandler> loginHandlers)
Filters out any login handler that doesn't support passive authentication if the login context indicates passive authentication is required. |
protected static void |
forwardRequest(String forwardPath,
javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Forwards a request to the given path. |
protected Subject |
getLoginHandlerSubject(javax.servlet.http.HttpServletRequest httpRequest)
Gets the subject from the request coming back from the login handler. |
void |
init(javax.servlet.ServletConfig config)
|
protected Subject |
mergeSubjects(Subject subject1,
Subject subject2)
Merges the two Subject s in to a new Subject . |
static void |
returnToAuthenticationEngine(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Returns control back to the authentication engine. |
static void |
returnToProfileHandler(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Returns control back to the profile handler that invoked the authentication engine. |
protected LoginHandler |
selectLoginHandler(Map<String,LoginHandler> possibleLoginHandlers,
LoginContext loginContext,
Session idpSession)
Selects a login handler from a list of possible login handlers that could be used for the request. |
protected void |
service(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
|
protected void |
startUserAuthentication(LoginContext loginContext,
javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Begins the authentication process. |
protected void |
updateUserSession(LoginContext loginContext,
Subject authenticationSubject,
String authenticationMethod,
javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Updates the user's Shibboleth session with authentication information. |
protected void |
validateForcedReauthentication(Session idpSession,
String authnMethod,
Subject subject)
If forced authentication was required this method checks to ensure that the re-authenticated subject contains a principal name that is equal to the principal name associated with the authentication method. |
protected void |
validateSuccessfulAuthentication(LoginContext loginContext,
javax.servlet.http.HttpServletRequest httpRequest,
String authenticationMethod)
Validates that the authentication was successfully performed by the login handler. |
Methods inherited from class javax.servlet.http.HttpServlet |
---|
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service |
Methods inherited from class javax.servlet.GenericServlet |
---|
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String RETAIN_PUBLIC_CREDENTIALS
Subject
are
retained after authentication.
public static final String RETAIN_PRIVATE_CREDENTIALS
Subject
are
retained after authentication.
public static final String LOGIN_CONTEXT_PARTITION_NAME_INIT_PARAM_NAME
public static final String LOGIN_CONTEXT_LIFETIME_INIT_PARAM_NAME
public static final String IDP_SESSION_COOKIE_NAME
public static final String LOGIN_CONTEXT_KEY_NAME
Constructor Detail |
---|
public AuthenticationEngine()
Method Detail |
---|
public void init(javax.servlet.ServletConfig config) throws javax.servlet.ServletException
init
in interface javax.servlet.Servlet
init
in class javax.servlet.GenericServlet
javax.servlet.ServletException
public static void returnToAuthenticationEngine(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
httpRequest
- current HTTP requesthttpResponse
- current HTTP responsepublic static void returnToProfileHandler(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
httpRequest
- current HTTP requesthttpResponse
- current HTTP responseprotected static void forwardRequest(String forwardPath, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
forwardPath
- path to forward the request tohttpRequest
- current HTTP requesthttpResponse
- current HTTP responseprotected void service(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) throws javax.servlet.ServletException, IOException
service
in class javax.servlet.http.HttpServlet
javax.servlet.ServletException
IOException
protected void startUserAuthentication(LoginContext loginContext, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
loginContext
- current login contexthttpRequest
- current HTTP requesthttpResponse
- current HTTP responseprotected LoginHandler selectLoginHandler(Map<String,LoginHandler> possibleLoginHandlers, LoginContext loginContext, Session idpSession) throws AuthenticationException
possibleLoginHandlers
- list of possible login handlers that could be used for the requestloginContext
- current login contextidpSession
- current IdP session, if one exists
AuthenticationException
- thrown if no handler can be used for this requestprotected Map<String,LoginHandler> determinePossibleLoginHandlers(Session idpSession, LoginContext loginContext) throws AuthenticationException
loginContext
- current login contextidpSession
- current user's session, or null if they don't have one
AuthenticationException
- thrown if no login handler meets the given requirementsprotected void filterByForceAuthentication(Session idpSession, LoginContext loginContext, Map<String,LoginHandler> loginHandlers) throws ForceAuthenticationException
idpSession
- user's current IdP sessionloginContext
- current login contextloginHandlers
- login handlers to filter
ForceAuthenticationException
- thrown if no handlers remain after filteringprotected void filterByPassiveAuthentication(Session idpSession, LoginContext loginContext, Map<String,LoginHandler> loginHandlers) throws PassiveAuthenticationException
idpSession
- user's current IdP sessionloginContext
- current login contextloginHandlers
- login handlers to filter
PassiveAuthenticationException
- thrown if no handlers remain after filteringprotected void completeAuthentication(LoginContext loginContext, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
loginContext
- current login contexthttpRequest
- current HTTP requesthttpResponse
- current HTTP responseprotected void validateSuccessfulAuthentication(LoginContext loginContext, javax.servlet.http.HttpServletRequest httpRequest, String authenticationMethod) throws AuthenticationException
LoginHandler.AUTHENTICATION_ERROR_KEY
and there is a value for at least one of the following request attributes: LoginHandler.SUBJECT_KEY
,
LoginHandler.PRINCIPAL_KEY
, or LoginHandler.PRINCIPAL_NAME_KEY
.
loginContext
- current login contexthttpRequest
- current HTTP requestauthenticationMethod
- the authentication method used to authenticate the user
AuthenticationException
- thrown if the authentication was not successfulprotected Subject getLoginHandlerSubject(javax.servlet.http.HttpServletRequest httpRequest) throws AuthenticationException
httpRequest
- request coming back from the login handler
Subject
created from the request
AuthenticationException
- thrown if no subject can be retrieved from the requestprotected void validateForcedReauthentication(Session idpSession, String authnMethod, Subject subject) throws AuthenticationException
idpSession
- user's IdP sessionauthnMethod
- method used to authenticate the usersubject
- subject that was authenticated
AuthenticationException
- thrown if this check failsprotected void updateUserSession(LoginContext loginContext, Subject authenticationSubject, String authenticationMethod, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
loginContext
- current login contextauthenticationSubject
- subject created from the authentication methodauthenticationMethod
- the method used to authenticate the subjecthttpRequest
- current HTTP requesthttpResponse
- current HTTP responseprotected Subject mergeSubjects(Subject subject1, Subject subject2)
Subject
s in to a new Subject
. The new subjects contains all the Principal
s
from both subjects. If retainSubjectsPrivateCredentials
is true then the new subject will contain all
the private credentials from both subjects, if not the new subject will not contain private credentials. If
retainSubjectsPublicCredentials
is true then the new subject will contain all the public credentials
from both subjects, if not the new subject will not contain public credentials.
subject1
- first subject to merge, may be nullsubject2
- second subject to merge, may be null
protected void addSessionCookie(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, Session userSession)
httpRequest
- current requesthttpResponse
- current responseuserSession
- user's session
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |