net.shibboleth.idp.authn.impl.ValidateUserAgentAddress

All Implemented Interfaces:: PrincipalSupportingComponent, Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ValidateUserAgentAddress extends AbstractValidationAction

An action that ensures that a user-agent address found within a UserAgentContext is within a given range and generates an AuthenticationResult.

Event:

EventIds.PROCEED_EVENT_ID, AuthnEventIds.NO_CREDENTIALS, AuthnEventIds.INVALID_CREDENTIALS

Precondition:

ProfileRequestContext.getSubcontext(AuthenticationContext.class, false).getAttemptedFlow() != null

Postcondition:

If AuthenticationContext.getSubcontext(UserAgentContext.class, false) != null, and the content of getAddress() satisfies a configured address range, an AuthenticationResult is saved to the AuthenticationContext.

Field Summary

Fields

Modifier and Type

Field

Description

private static final String

DEFAULT_METRIC_NAME

Default prefix for metrics.

private final org.slf4j.Logger

log

Class logger.

private Map<String,Collection<IPRange>>

mappings

Map of IP ranges to principal names.

private String

principalName

The principal name established by the action, if any.

private UserAgentContext

uaContext

User Agent context containing address to evaluate.
Constructor Summary

Constructors

Constructor

Description

ValidateUserAgentAddress()

Constructor.
Method Summary

Modifier and Type

Method

Description

protected void

doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)

Performs this authentication action.

protected boolean

doPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)

Performs this authentication action's pre-execute step.

private boolean

isAuthenticated(InetAddress address, Collection<IPRange> ranges)

Checks whether the given IP address meets a set of IP range requirements.

protected Subject

populateSubject(Subject subject)

Subclasses must override this method to complete the population of the Subject with Principal and credential information based on the validation they perform.

void

setMappings(Map<String,Collection<IPRange>> newMappings)

Set the IP range(s) to authenticate as particular principals.

Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction
addDefaultPrincipals, buildAuthenticationResult, getClassifiedErrors, getCleanupHook, getMetricName, getRequesterLookupStrategy, getResponderLookupStrategy, getResultCachingPredicate, getSubject, getSupportedPrincipals, handleError, handleError, handleWarning, recordFailure, recordFailure, recordSuccess, recordSuccess, setAddDefaultPrincipals, setClassifiedMessages, setCleanupHook, setMetricName, setRequesterLookupStrategy, setResponderLookupStrategy, setResultCachingPredicate, setSupportedPrincipals

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Details
- DEFAULT_METRIC_NAME
  
  @Nonnull @NotEmpty private static final String DEFAULT_METRIC_NAME
  
  Default prefix for metrics.
  See Also:
  
  Constant Field Values
- log
  
  @Nonnull private final org.slf4j.Logger log
  
  Class logger.
- mappings
  
  @Nonnull @NonnullElements private Map<String,Collection<IPRange>> mappings
  
  Map of IP ranges to principal names.
- uaContext
  
  @Nullable private UserAgentContext uaContext
  
  User Agent context containing address to evaluate.
- principalName
  
  @Nullable private String principalName
  
  The principal name established by the action, if any.
Constructor Details
- ValidateUserAgentAddress
  
  public ValidateUserAgentAddress()
  
  Constructor.
Method Details
- setMappings
  
  public void setMappings(@Nullable @NonnullElements Map<String,Collection<IPRange>> newMappings)
  
  Set the IP range(s) to authenticate as particular principals.
  
  Parameters:
  
  newMappings - the IP range(s) to authenticate as particular principals
- doPreExecute
  
  protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
  
  Performs this authentication action's pre-execute step. Default implementation just returns true.
  
  Overrides:
  
  doPreExecute in class AbstractValidationAction
  
  Parameters:
  
  profileRequestContext - the current IdP profile request context
  
  authenticationContext - the current authentication context
  
  Returns:
  
  true iff execution should continue
- doExecute
  
  protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
  
  Performs this authentication action. Default implementation throws an exception.
  
  Overrides:
  
  doExecute in class AbstractAuthenticationAction
  
  Parameters:
  
  profileRequestContext - the current IdP profile request context
  
  authenticationContext - the current authentication context
- isAuthenticated
  
  private boolean isAuthenticated(@Nonnull InetAddress address, @Nonnull @NonnullElements Collection<IPRange> ranges)
  
  Checks whether the given IP address meets a set of IP range requirements.
  
  Parameters:
  
  address - the IP address to check
  
  ranges - the ranges to check
  
  Returns:
  
  true if the given IP address meets this stage's IP range requirements, false otherwise
- populateSubject
  
  @Nonnull protected Subject populateSubject(@Nonnull Subject subject)
  
  Subclasses must override this method to complete the population of the Subject with Principal and credential information based on the validation they perform.
  Typically this will include attaching a UsernamePrincipal, but this is not a requirement if other components are suitably overridden.
  
  Specified by:
  
  populateSubject in class AbstractValidationAction
  
  Parameters:
  
  subject - subject to populate
  
  Returns:
  
  the input subject

Class ValidateUserAgentAddress

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

Field Details

DEFAULT_METRIC_NAME

log

mappings

uaContext

principalName

Constructor Details

ValidateUserAgentAddress

Method Details

setMappings

doPreExecute

doExecute

isAuthenticated

populateSubject