Package net.shibboleth.idp.authn

Class AbstractCredentialValidator

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
net.shibboleth.idp.authn.AbstractCredentialValidator
All Implemented Interfaces:
CredentialValidator, PrincipalSupportingComponent, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
Direct Known Subclasses:
AbstractUsernamePasswordCredentialValidator
public abstract class AbstractCredentialValidator
extends AbstractIdentifiedInitializableComponent
implements CredentialValidator, PrincipalSupportingComponent
An abstract CredentialValidator that handles some common behavior.
Since:
4.0.0

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • activationCondition

      @Nonnull private Predicate<ProfileRequestContext> activationCondition
      Activation condition.

    • logPrefix

      @Nullable private String logPrefix
      Cached log prefix.

    • customPrincipals

      @Nullable private Subject customPrincipals
      Container that carries additional Principal objects.

  • Constructor Details

    • AbstractCredentialValidator

      public AbstractCredentialValidator()
      Constructor.

  • Method Details

    • setId

      public void setId​(String id)
      Specified by:
      setId in interface IdentifiableComponent
      Overrides:
      setId in class AbstractIdentifiedInitializableComponent

    • setActivationCondition

      public void setActivationCondition​(@Nonnull Predicate<ProfileRequestContext> condition)
      Set the activation condition controlling use of validator.
      Parameters:
      condition - condition to use

    • getSupportedPrincipals

      @Nonnull @NonnullElements @Unmodifiable @NotLive public <T extends Principal> Set<T> getSupportedPrincipals​(@Nonnull Class<T> c)
      Get an immutable set of supported custom principals that the component produces, supports, contains, etc.
      Specified by:
      getSupportedPrincipals in interface PrincipalSupportingComponent
      Type Parameters:
      T - type of Principal to inquire on
      Parameters:
      c - type of Principal to inquire on
      Returns:
      a set of matching principals

    • setSupportedPrincipals

      public void setSupportedPrincipals​(@Nullable @NonnullElements Collection<Principal> principals)
      Set supported non-user-specific principals that the validator will include in the subjects it generates.
      Parameters:
      principals - supported principals to include

    • validate

      public Subject validate​(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nullable CredentialValidator.WarningHandler warningHandler, @Nullable CredentialValidator.ErrorHandler errorHandler) throws Exception
      Validate any credentials found in a supported form within the input context tree and produce a Subject as the outcome.

      A null result is used to signal that validation was not attempted.

      Specified by:
      validate in interface CredentialValidator
      Parameters:
      profileRequestContext - profile request context
      authenticationContext - authentication context
      warningHandler - optional warning handler interface
      errorHandler - optional error handler interface
      Returns:
      result of a successful validation, or null
      Throws:
      Exception - when validation is unsuccessful due to a failed attempt

    • doValidate

      @Nullable protected abstract Subject doValidate​(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nullable CredentialValidator.WarningHandler warningHandler, @Nullable CredentialValidator.ErrorHandler errorHandler) throws Exception
      Override method for subclasses to use to perform the actual validation.
      Parameters:
      profileRequestContext - profile request context
      authenticationContext - authentication context
      warningHandler - optional warning handler interface
      errorHandler - optional error handler interface
      Returns:
      the validated result, or null if inapplicable
      Throws:
      Exception - if an error occurs

    • populateSubject

      @Nonnull protected Subject populateSubject​(@Nonnull Subject subject)
      Decorate the subject with custom principals if needed.
      Parameters:
      subject - the subject being returned
      Returns:
      the decorated subject

    • getLogPrefix

      @Nonnull @NotEmpty protected String getLogPrefix()
      Return a prefix for logging messages for this component.
      Returns:
      a string for insertion at the beginning of any log messages

    • isAcceptable

      protected boolean isAcceptable​(@Nullable RequestedPrincipalContext requestedPrincipalCtx, @Nullable Subject subject, @Nonnull @NotEmpty String configName)
      Checks a particular request and principal collection for suitability.
      Parameters:
      requestedPrincipalCtx - the relevant context
      subject - collection of custom principals to check, embedded in a subject
      configName - name for logging
      Returns:
      true iff the request does not specify requirements or the principal collection is empty or the combination is acceptable