Interface CredentialValidator

All Superinterfaces:
Component, IdentifiableComponent, IdentifiedComponent
All Known Implementing Classes:
AbstractCredentialValidator, AbstractUsernamePasswordCredentialValidator, HTPasswdCredentialValidator, JAASCredentialValidator, KerberosCredentialValidator, LDAPCredentialValidator, X509CertificateCredentialValidator

@ThreadSafe public interface CredentialValidator extends IdentifiableComponent
High-level API for validating credentials and producing a Java Subject as a result.

This is more or less what JAAS does but with a simpler interface adapted better to the IdP's needs. Predominantly for password validation scenarios but the interface is not specific to that use case.

Instances of this interface must be stateless.

  • Method Details

    • validate

      @Nullable Subject validate(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nullable CredentialValidator.WarningHandler warningHandler, @Nullable CredentialValidator.ErrorHandler errorHandler) throws Exception
      Validate any credentials found in a supported form within the input context tree and produce a Subject as the outcome.

      A null result is used to signal that validation was not attempted.

      profileRequestContext - profile request context
      authenticationContext - authentication context
      warningHandler - optional warning handler interface
      errorHandler - optional error handler interface
      result of a successful validation, or null
      Exception - when validation is unsuccessful due to a failed attempt