Package net.shibboleth.idp.plugin.oidc.op.authn.impl

Class ExtractClientAuthenticationFromRequest

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.authn.AbstractAuthenticationAction

net.shibboleth.idp.authn.AbstractExtractionAction

net.shibboleth.idp.plugin.oidc.op.authn.impl.ExtractClientAuthenticationFromRequest

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ExtractClientAuthenticationFromRequest
extends net.shibboleth.idp.authn.AbstractExtractionAction

Extracts OAuth 2 client authentication details from a request and stores them in an OAuth2ClientAuthenticationContext beneath the AuthenticationContext for subsequent validation.

Depending on the form of authentication, additional child contexts may be created to store extracted credentials, and they may undergo configured transformations. For example, password-based methods will result in a UsernamePasswordContext, certificate-based in an CertificateContext, etc.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX, AuthnEventIds.NO_CREDENTIALS

Precondition:

ProfileRequestContext.getSubcontext(AuthenticationContext.class) != null

Postcondition:

AuthenticationContext.getSubcontext(OAuth2ClientAuthenticationContext.class) ! null along with other contexts as appropriate

Field Summary

Fields

Modifier and Type	Field	Description
private Function<ProfileRequestContext,Set<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod>>	clientAuthMethodsLookupStrategy	Lookup strategy for enabled client authentication methods.
private org.slf4j.Logger	log	Class logger.
private com.nimbusds.oauth2.sdk.AbstractOptionallyAuthenticatedRequest	request	Message to extract credentials from.

Constructor Summary

Constructors

Constructor	Description
ExtractClientAuthenticationFromRequest()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext, net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext)
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext, net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext)
void	setClientAuthMethodsLookupStrategy(Function<ProfileRequestContext,Set<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod>> strategy)	Set the lookup strategy for enabled client authentication methods.

Methods inherited from class net.shibboleth.idp.authn.AbstractExtractionAction

applyTransforms, setLowercase, setTransforms, setTrim, setUppercase

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

clientAuthMethodsLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,Set<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod>> clientAuthMethodsLookupStrategy

Lookup strategy for enabled client authentication methods.

request

@Nullable
private com.nimbusds.oauth2.sdk.AbstractOptionallyAuthenticatedRequest request

Message to extract credentials from.

Constructor Detail

ExtractClientAuthenticationFromRequest

public ExtractClientAuthenticationFromRequest()

Constructor.

Method Detail

setClientAuthMethodsLookupStrategy

public void setClientAuthMethodsLookupStrategy(@Nonnull
                                               Function<ProfileRequestContext,Set<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod>> strategy)

Set the lookup strategy for enabled client authentication methods.

Parameters:

strategy - What to set.

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext,
                               @Nonnull
                               net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext)

Overrides:

doPreExecute in class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext,
                         @Nonnull
                         net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext)

Overrides:

doExecute in class net.shibboleth.idp.authn.AbstractAuthenticationAction