edu.internet2.middleware.shibboleth.idp.authn.provider
Class IPAddressLoginHandler

java.lang.Object
  extended by edu.internet2.middleware.shibboleth.idp.authn.provider.AbstractLoginHandler
      extended by edu.internet2.middleware.shibboleth.idp.authn.provider.IPAddressLoginHandler
All Implemented Interfaces:
LoginHandler

public class IPAddressLoginHandler
extends AbstractLoginHandler

IP Address authentication handler. This "authenticates" a user based on their IP address. It operates in either default deny or default allow mode, and evaluates a given request against a list of blocked or permitted IPs. It supports both IPv4 and IPv6.


Field Summary
 
Fields inherited from interface edu.internet2.middleware.shibboleth.idp.authn.LoginHandler
AUTHENTICATION_ERROR_KEY, AUTHENTICATION_EXCEPTION_KEY, AUTHENTICATION_METHOD_KEY, PRINCIPAL_KEY, PRINCIPAL_NAME_KEY, SUBJECT_KEY
 
Constructor Summary
IPAddressLoginHandler(String user, List<IPRange> ranges, boolean ipInRangeIsAuthenticated)
           
 
Method Summary
protected  boolean authenticate(InetAddress clientAddress)
          Authenticates the client address.
 void login(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
          Authenticate the user making the request.
 boolean supportsForceAuthentication()
          Returns if this handler supports the ability to force a user to (re-)authenticate.
 boolean supportsPassive()
          Gets whether this handler supports passive authentication.
 
Methods inherited from class edu.internet2.middleware.shibboleth.idp.authn.provider.AbstractLoginHandler
getAuthenticationDuration, getSupportedAuthenticationMethods, setAuthenticationDuration, setAuthenticationDurection, setSupportsForceAuthentication, setSupportsPassive
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

IPAddressLoginHandler

public IPAddressLoginHandler(String user,
                             List<IPRange> ranges,
                             boolean ipInRangeIsAuthenticated)
Method Detail

supportsPassive

public boolean supportsPassive()
Gets whether this handler supports passive authentication.

Specified by:
supportsPassive in interface LoginHandler
Overrides:
supportsPassive in class AbstractLoginHandler
Returns:
whether this handler supports passive authentication

supportsForceAuthentication

public boolean supportsForceAuthentication()
Returns if this handler supports the ability to force a user to (re-)authenticate.

Specified by:
supportsForceAuthentication in interface LoginHandler
Overrides:
supportsForceAuthentication in class AbstractLoginHandler
Returns:
if this handler can force a user to (re-)authenticate.

login

public void login(javax.servlet.http.HttpServletRequest httpRequest,
                  javax.servlet.http.HttpServletResponse httpResponse)
Authenticate the user making the request.

Parameters:
httpRequest - user request
httpResponse - response to user

authenticate

protected boolean authenticate(InetAddress clientAddress)
Authenticates the client address.

Parameters:
clientAddress - the client address
Returns:
true if the client address is authenticated, false it not


Copyright © 2006-2009 Internet2. All Rights Reserved.