Class PasswordlessCookieManager

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
net.shibboleth.idp.plugin.authn.duo.PasswordlessCookieManager
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent

public class PasswordlessCookieManager extends AbstractInitializableComponent
Wrapper for managing the passwordless guard cookie, allowing read/write with less explicit code, error handling, etc.

The component can be wired up without the necessary components, but then all operations do nothing. This is allowed for the case where deployers disable the shared key feature of the IdP, though very rare.

Since:
2.1.0
  • Field Details

    • NEGATIVE_VALUE

      @Nonnull @NotEmpty public static final String NEGATIVE_VALUE
      A negative signal to allow caching opt-out.
      See Also:
    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.
    • cookieName

      @Nullable @NotEmpty private String cookieName
      Passwordless cookie name.
    • cookieManager

      @Nullable private CookieManager cookieManager
      Optional cookie manager to use.
    • dataSealer

      @Nullable private DataSealer dataSealer
      Optional data sealer to use.
    • active

      private boolean active
      Flags whether the component is active or should no-op.
  • Constructor Details

    • PasswordlessCookieManager

      public PasswordlessCookieManager()
  • Method Details

    • setCookieName

      public void setCookieName(@Nullable String name)
      Set cookie name to use for "authorizing" passwordless use.
      Parameters:
      name - cookie name
    • setCookieManager

      public void setCookieManager(@Nullable CookieManager manager)
      Sets CookieManager to use.
      Parameters:
      manager - cookie manager
    • setDataSealer

      public void setDataSealer(@Nullable DataSealer sealer)
      Sets DataSealer to use.
      Parameters:
      sealer - data sealer
    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractInitializableComponent
      Throws:
      ComponentInitializationException
    • isOptOut

      public boolean isOptOut()
      Tests whether the cookie's value indicates a cached negative response.
      Returns:
      true iff the input value corresponds to the "opt-out" constant
    • readCookie

      @Nullable @NotEmpty public String readCookie()
      Read back existing cookie and return the username embedded in it, if any.

      A null is returned in the event of various decoding errors or if the cookie contains the "negative" magic value.

      Returns:
      username from sealed cookie, or null
    • writeCookie

      public boolean writeCookie(@Nullable String username)
      Creates a fresh cookie for a given username (or a placeholder if null to indicate the negative).
      Parameters:
      username - username or null
      Returns:
      true iff the operation succeeded
    • refreshCookie

      public boolean refreshCookie()
      For a non-negative cookie, this recreates the cookie using the current default key to ensure it can continue to be read.
      Returns:
      true iff the operation succeeded
    • clearCookie

      public void clearCookie()
      Unset the cookie.