Package net.shibboleth.idp.authn

Class AuthenticationResult

java.lang.Object
net.shibboleth.idp.authn.AuthenticationResult
All Implemented Interfaces:
Predicate<ProfileRequestContext>, PrincipalSupportingComponent
public class AuthenticationResult extends Object implements PrincipalSupportingComponent, Predicate<ProfileRequestContext>
Describes an act of authentication.

Any authentication flow that succeeds must produce a single instance of this object. It may be composite, in the sense that it may represent a combination of separate exchanges that make up a single overall result, but the IdP always acts on a single result as the product of a given request for a login.

  • Field Details

    • subject

      @Nonnull private final Subject subject
      The Subject established by the authentication result.

    • authenticationFlowId

      @Nonnull @NotEmpty private final String authenticationFlowId
      The identifier of the flow used to produce this result.

    • authenticationInstant

      @Nonnull private Instant authenticationInstant
      The time that the authentication completed.

    • lastActivityInstant

      @Nonnull private Instant lastActivityInstant
      The last time this result was used to bypass authentication.

    • previousResult

      private boolean previousResult
      Tracks whether a result was loaded from a previous session or created as part of the current request.

    • additionalData

      @Nonnull @NonnullElements private final Map<String,String> additionalData
      A map of additional data to associate with the result.

    • reuseCondition

      @Nonnull private Predicate<ProfileRequestContext> reuseCondition
      Whether this result can be reused.

    • revocationCondition

      @Nonnull private BiPredicate<ProfileRequestContext,AuthenticationResult> revocationCondition
      Whether this result should be considered revoked.

  • Constructor Details

    • AuthenticationResult

      public AuthenticationResult(@Nonnull @NotEmpty String flowId, @Nonnull Subject newSubject)
      Constructor.

      Sets the authentication instant to the current time.

      Parameters:
      flowId - the workflow used to authenticate the subject
      newSubject - a Subject identifying the authenticated entity

    • AuthenticationResult

      public AuthenticationResult(@Nonnull @NotEmpty String flowId, @Nonnull Principal principal)
      Constructor.

      Sets the authentication instant to the current time.

      Parameters:
      flowId - the workflow used to authenticate the subject
      principal - a Principal identifying the authenticated entity

  • Method Details

    • getReuseCondition

      @Nonnull public Predicate<ProfileRequestContext> getReuseCondition()
      Gets condition controlling whether this result should be reused for SSO.
      Returns:
      condition controlling whether result should be reused for SSO
      Since:
      4.0.0

    • setReuseCondition

      public void setReuseCondition(@Nonnull Predicate<ProfileRequestContext> condition)
      Sets condition controlling whether this result should be reused for SSO.
      Parameters:
      condition - condition to set
      Since:
      4.0.0

    • setRevocationCondition

      public void setRevocationCondition(@Nullable BiPredicate<ProfileRequestContext,AuthenticationResult> condition)
      Sets condition controlling whether this result has been revoked subsequent to creation.
      Parameters:
      condition - condition to set
      Since:
      4.3.0

    • test

      public boolean test(@Nullable ProfileRequestContext input)
      Specified by:
      test in interface Predicate<ProfileRequestContext>

    • getSubject

      @Nonnull public Subject getSubject()
      Gets the Subject identifying the authenticated entity.
      Returns:
      a Subject identifying the authenticated entity

    • getSupportedPrincipals

      @Nonnull @NonnullElements @Unmodifiable @NotLive public <T extends Principal> Set<T> getSupportedPrincipals(@Nonnull Class<T> c)
      Get an immutable set of supported custom principals that the component produces, supports, contains, etc.
      Specified by:
      getSupportedPrincipals in interface PrincipalSupportingComponent
      Type Parameters:
      T - type of Principal to inquire on
      Parameters:
      c - type of Principal to inquire on
      Returns:
      a set of matching principals

    • getAuthenticationFlowId

      @Nonnull @NotEmpty public String getAuthenticationFlowId()
      Get the flow used to authenticate the principal.
      Returns:
      flow used to authenticate the principal

    • getAuthenticationInstant

      @Nonnull public Instant getAuthenticationInstant()
      Get the time that the authentication completed.
      Returns:
      time that the authentication completed

    • setAuthenticationInstant

      public void setAuthenticationInstant(@Nonnull Instant instant)
      Set the time that the authentication completed.
      Parameters:
      instant - time that the authentication completed, never non-positive

    • getLastActivityInstant

      @Nonnull public Instant getLastActivityInstant()
      Get the last time this result was used for authentication.
      Returns:
      last time this result was used for authentication

    • setLastActivityInstant

      public void setLastActivityInstant(@Nonnull Instant instant)
      Set the last time result was used for authentication.
      Parameters:
      instant - last time result was used to bypass authentication

    • setLastActivityInstantToNow

      public void setLastActivityInstantToNow()
      Set the last activity instant for this result to the current time.

    • isPreviousResult

      public boolean isPreviousResult()
      Get whether this result was loaded from a session as the product of a previous request.
      Returns:
      true iff this result was produced as part of an earlier request
      Since:
      3.3.0

    • setPreviousResult

      public void setPreviousResult(boolean flag)
      Set whether this result was loaded from a session as the product of a previous request.
      Parameters:
      flag - flag to set
      Since:
      3.3.0

    • getAdditionalData

      @Nonnull @NonnullElements @Live public Map<String,String> getAdditionalData()
      Gets a mutable map of additional name/value string properties to associate with and store with the result.

      Note that the implementation may or may not explicitly break on null keys or values but using them is not intended to work and the behavior in such cases is unspecified.

      Returns:
      a mutable map
      Since:
      4.0.0

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • getSubjectName

      @Nullable private String getSubjectName()
      Get a suitable principal name for logging/debugging use.
      Returns:
      a principal name for logging/debugging