Package net.shibboleth.idp.authn

Class AbstractUsernamePasswordCredentialValidator

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
net.shibboleth.idp.authn.AbstractCredentialValidator
net.shibboleth.idp.authn.AbstractUsernamePasswordCredentialValidator
All Implemented Interfaces:
CredentialValidator, PrincipalSupportingComponent, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
Direct Known Subclasses:
HTPasswdCredentialValidator, JAASCredentialValidator, KerberosCredentialValidator, LDAPCredentialValidator
@ThreadSafeAfterInit public abstract class AbstractUsernamePasswordCredentialValidator extends AbstractCredentialValidator
An abstract CredentialValidator that checks for a UsernamePasswordContext and delegates to subclasses to produce a result.
Since:
4.0.0

  • Field Details

    • DEFAULT_METRIC_NAME

      @Nonnull @NotEmpty private static final String DEFAULT_METRIC_NAME
      Default prefix for metrics.
      See Also:

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • usernamePasswordContextLookupStrategy

      @Nonnull private Function<AuthenticationContext,UsernamePasswordContext> usernamePasswordContextLookupStrategy
      Lookup strategy for UP context.

    • savePasswordToCredentialSet

      private boolean savePasswordToCredentialSet
      Whether to save the password in the Java Subject's private credentials.

    • removeContextAfterValidation

      private boolean removeContextAfterValidation
      Whether to remove the UsernamePasswordContext after successful validation.

    • matchExpression

      @Nullable private Pattern matchExpression
      A regular expression to apply for acceptance testing.

    • transforms

      @Nonnull @NonnullElements private List<Pair<Pattern,String>> transforms
      Match patterns and replacement strings to apply prior to use.

    • uppercase

      private boolean uppercase
      Convert username to uppercase prior to transforms?

    • lowercase

      private boolean lowercase
      Convert username to lowercase prior to transforms?

    • trim

      private boolean trim
      Trim username prior to transforms?

  • Constructor Details

    • AbstractUsernamePasswordCredentialValidator

      public AbstractUsernamePasswordCredentialValidator()
      Constructor.

  • Method Details

    • setUsernamePasswordContextLookupStrategy

      public void setUsernamePasswordContextLookupStrategy(@Nonnull Function<AuthenticationContext,UsernamePasswordContext> strategy)
      Set the lookup strategy to locate the UsernamePasswordContext.
      Parameters:
      strategy - lookup strategy

    • savePasswordToCredentialSet

      public boolean savePasswordToCredentialSet()
      Get whether to save the password in the private credential set.
      Returns:
      whether to save the password in the private credential set

    • setSavePasswordToCredentialSet

      public void setSavePasswordToCredentialSet(boolean flag)
      Set whether to save the password in the private credential set.
      Parameters:
      flag - flag to set

    • removeContextAfterValidation

      @Deprecated(since="4.1.0", forRemoval=true) public boolean removeContextAfterValidation()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Get whether to remove the UsernamePasswordContext after it's successfully validated.

      Defaults to true

      Returns:
      whether to remove the context after successful validation

    • setRemoveContextAfterValidation

      @Deprecated(since="4.1.0", forRemoval=true) public void setRemoveContextAfterValidation(boolean flag)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Set whether to remove the UsernamePasswordContext after it's successfully validated.
      Parameters:
      flag - flag to set

    • setMatchExpression

      public void setMatchExpression(@Nullable Pattern expression)
      Set a matching expression to apply to the username for acceptance.
      Parameters:
      expression - a matching expression

    • setTransforms

      public void setTransforms(@Nullable @NonnullElements Collection<Pair<String,String>> newTransforms)
      A collection of regular expression and replacement pairs.
      Parameters:
      newTransforms - collection of replacement transforms

    • setUppercase

      public void setUppercase(boolean flag)
      Controls conversion to uppercase prior to applying any transforms.
      Parameters:
      flag - uppercase flag

    • setLowercase

      public void setLowercase(boolean flag)
      Controls conversion to lowercase prior to applying any transforms.
      Parameters:
      flag - lowercase flag

    • setTrim

      public void setTrim(boolean flag)
      Controls whitespace trimming prior to applying any transforms.
      Parameters:
      flag - trim flag

    • doValidate

      protected Subject doValidate(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nullable CredentialValidator.WarningHandler warningHandler, @Nullable CredentialValidator.ErrorHandler errorHandler) throws Exception
      Override method for subclasses to use to perform the actual validation.
      Specified by:
      doValidate in class AbstractCredentialValidator
      Parameters:
      profileRequestContext - profile request context
      authenticationContext - authentication context
      warningHandler - optional warning handler interface
      errorHandler - optional error handler interface
      Returns:
      the validated result, or null if inapplicable
      Throws:
      Exception - if an error occurs

    • doValidate

      @Nullable protected abstract Subject doValidate(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nonnull UsernamePasswordContext usernamePasswordContext, @Nullable CredentialValidator.WarningHandler warningHandler, @Nullable CredentialValidator.ErrorHandler errorHandler) throws Exception
      Override method for subclasses to use to perform the actual validation.

      Any configured transforms will have been applied to populate the context with a transformed username prior to this method call.

      Parameters:
      profileRequestContext - profile request context
      authenticationContext - authentication context
      usernamePasswordContext - the username/password to validate
      warningHandler - optional warning handler interface
      errorHandler - optional error handler interface
      Returns:
      the validated result, or null if inapplicable
      Throws:
      Exception - if an error occurs

    • populateSubject

      @Nonnull protected Subject populateSubject(@Nonnull Subject subject, @Nonnull UsernamePasswordContext usernamePasswordContext)
      Decorate the subject with "standard" content from the validation and clean up as instructed.
      Parameters:
      subject - the subject being returned
      usernamePasswordContext - the username/password validated
      Returns:
      the decorated subject

    • applyTransforms

      @Nonnull @NotEmpty protected String applyTransforms(@Nonnull @NotEmpty String input)
      Apply any configured regular expression replacements to an input value and return the result.
      Parameters:
      input - the input string
      Returns:
      the result of applying the expressions