edu.internet2.middleware.shibboleth.idp.authn
Interface LoginHandler

All Known Implementing Classes:
AbstractLoginHandler, IPAddressLoginHandler, PreviousSessionLoginHandler, RemoteUserLoginHandler, UsernamePasswordLoginHandler

public interface LoginHandler

Authentication handlers authenticate a user in an implementation specific manner. Some examples of this might be by collecting a user name and password and validating it against an LDAP directory, validating a client certificate, or validating one-time password. When a login handler is invoked the user's Session is bound to the HttpSession under the attribute with the name Session.HTTP_SESSION_BINDING_ATTRIBUTE. After a successful authentication has been completed the handler MUST either:

The handler MAY also: Finally, the handler must return control to the authentication engine by invoking AuthenticationEngine.returnToAuthenticationEngine(HttpServletRequest, HttpServletResponse). After which the authentication handler must immediately return. Handlers MUST NOT change or add any data to the user's HttpSession that persists past the process of authenticating the user, that is no additional session data may be added and no existing session data may be changed when the handler returns control to the authentication engine.


Field Summary
static String AUTHENTICATION_ERROR_KEY
          Request attribute to which an error message may be bound.
static String AUTHENTICATION_EXCEPTION_KEY
          Request attribute to which an AuthenticationException may be bound.
static String AUTHENTICATION_METHOD_KEY
          Request attribute to which an authentication method URI may be bound.
static String PRINCIPAL_KEY
          Request attribute to which user's principal should be bound.
static String PRINCIPAL_NAME_KEY
          Request attribute to which user's principal name should be bound.
static String SUBJECT_KEY
          Request attribute to which user's subject should be bound.
 
Method Summary
 long getAuthenticationDuration()
          Gets the length of time, in milliseconds, after which a user authenticated by this handler should be re-authenticated.
 List<String> getSupportedAuthenticationMethods()
          Gets the list of authentication methods this handler supports.
 void login(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
          Authenticate the user making the request.
 boolean supportsForceAuthentication()
          Returns if this handler supports the ability to force a user to (re-)authenticate.
 boolean supportsPassive()
          Gets whether this handler supports passive authentication.
 

Field Detail

PRINCIPAL_KEY

static final String PRINCIPAL_KEY
Request attribute to which user's principal should be bound.

See Also:
Constant Field Values

PRINCIPAL_NAME_KEY

static final String PRINCIPAL_NAME_KEY
Request attribute to which user's principal name should be bound.

See Also:
Constant Field Values

SUBJECT_KEY

static final String SUBJECT_KEY
Request attribute to which user's subject should be bound.

See Also:
Constant Field Values

AUTHENTICATION_METHOD_KEY

static final String AUTHENTICATION_METHOD_KEY
Request attribute to which an authentication method URI may be bound.

See Also:
Constant Field Values

AUTHENTICATION_ERROR_KEY

static final String AUTHENTICATION_ERROR_KEY
Request attribute to which an error message may be bound.

See Also:
Constant Field Values

AUTHENTICATION_EXCEPTION_KEY

static final String AUTHENTICATION_EXCEPTION_KEY
Request attribute to which an AuthenticationException may be bound.

See Also:
Constant Field Values
Method Detail

getSupportedAuthenticationMethods

List<String> getSupportedAuthenticationMethods()
Gets the list of authentication methods this handler supports.

Returns:
authentication methods this handler supports

getAuthenticationDuration

long getAuthenticationDuration()
Gets the length of time, in milliseconds, after which a user authenticated by this handler should be re-authenticated.

Returns:
length of time, in milliseconds, after which a user should be re-authenticated

supportsPassive

boolean supportsPassive()
Gets whether this handler supports passive authentication.

Returns:
whether this handler supports passive authentication

supportsForceAuthentication

boolean supportsForceAuthentication()
Returns if this handler supports the ability to force a user to (re-)authenticate.

Returns:
if this handler can force a user to (re-)authenticate.

login

void login(javax.servlet.http.HttpServletRequest httpRequest,
           javax.servlet.http.HttpServletResponse httpResponse)
Authenticate the user making the request.

Parameters:
httpRequest - user request
httpResponse - response to user


Copyright © 2006-2009 Internet2. All Rights Reserved.