Class ExtractUsernamePasswordFromBasicAuth

All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ExtractUsernamePasswordFromBasicAuth
extends AbstractExtractionAction
/** An action that extracts a username and password from the HTTP HttpHeaders.AUTHORIZATION header, creates a UsernamePasswordContext, and attaches it to the AuthenticationContext.
Event:
EventIds.PROCEED_EVENT_ID, AuthnEventIds.NO_CREDENTIALS, AuthnEventIds.INVALID_CREDENTIALS
Precondition:
ProfileRequestContext.getSubcontext(AuthenticationContext.class, false) != null
Postcondition:
If getHttpServletRequest() != null, the content of the HttpHeaders.AUTHORIZATION header is parsed and any correctly-encoded information will be attached via a UsernamePasswordContext.
  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.
  • Constructor Details

    • ExtractUsernamePasswordFromBasicAuth

      public ExtractUsernamePasswordFromBasicAuth()
  • Method Details

    • doExecute

      protected void doExecute​(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
      Performs this authentication action. Default implementation throws an exception.
      Overrides:
      doExecute in class AbstractAuthenticationAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      authenticationContext - the current authentication context
    • extractCredentials

      @Nullable protected String extractCredentials​(@Nonnull javax.servlet.http.HttpServletRequest httpRequest)
      Gets the encoded credentials passed in via the HttpHeaders.AUTHORIZATION header. This method checks to ensure that the authentication scheme is HttpServletRequest.BASIC_AUTH and then strips off and returns the follow on Base64-encoded credentials.
      Parameters:
      httpRequest - current HTTP request
      Returns:
      the Base64 encoded credentials, or null
    • decodeCredentials

      @Nullable protected Pair<String,​String> decodeCredentials​(@Nonnull @NotEmpty String encodedCredentials)
      Decodes the credential string provided in the HTTP header, splits it in to a username and password, and returns them.
      Parameters:
      encodedCredentials - the Base64 encoded credentials
      Returns:
      a pair containing the username and password, respectively, or null