edu.internet2.middleware.shibboleth.idp.authn.provider

Class UsernamePasswordLoginServlet

java.lang.Object

javax.servlet.GenericServlet

javax.servlet.http.HttpServlet

edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet

All Implemented Interfaces:

Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public class UsernamePasswordLoginServlet
extends javax.servlet.http.HttpServlet

This Servlet authenticates a user via JAAS. The user's credential is always added to the returned Subject as a UsernamePasswordCredential within the subject's private credentials. By default, this Servlet assumes that the authentication method urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport to be returned to the authentication engine. This can be override by setting the servlet configuration parameter authnMethod.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected class	UsernamePasswordLoginServlet.SimpleCallbackHandler A callback handler that provides static name and password data to a JAAS loging process.

Field Summary

Fields

Modifier and Type	Field and Description
private String	authenticationMethod The authentication method returned to the authentication engine.
private String	failureParam Parameter name to indicate login failure.
private String	jaasConfigName Name of JAAS configuration used to authenticate users.
private String	jaasInitParam init-param which can be passed to the servlet to override the default JAAS config.
private org.slf4j.Logger	log Class logger.
private String	loginPage Login page name.
private String	loginPageInitParam init-param which can be passed to the servlet to override the default login page.
private String	passwordAttribute HTTP request parameter containing the user's password.
private static long	serialVersionUID Serial version UID.
private String	usernameAttribute HTTP request parameter containing the user name.

Constructor Summary

Constructors

Constructor and Description
UsernamePasswordLoginServlet()

Method Summary

Methods

Modifier and Type	Method and Description
protected void	authenticateUser(javax.servlet.http.HttpServletRequest request, String username, String password) Authenticate a username and password against JAAS.
void	init(javax.servlet.ServletConfig config)
protected void	redirectToLoginPage(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Sends the user to the login page.
protected void	service(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)

Methods inherited from class javax.servlet.http.HttpServlet

doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

serialVersionUID

private static final long serialVersionUID

Serial version UID.

See Also:

Constant Field Values

log

private final org.slf4j.Logger log

Class logger.

authenticationMethod

private String authenticationMethod

The authentication method returned to the authentication engine.

jaasConfigName

private String jaasConfigName

Name of JAAS configuration used to authenticate users.

jaasInitParam

private final String jaasInitParam

init-param which can be passed to the servlet to override the default JAAS config.

See Also:

Constant Field Values

loginPage

private String loginPage

Login page name.

loginPageInitParam

private final String loginPageInitParam

init-param which can be passed to the servlet to override the default login page.

See Also:

Constant Field Values

failureParam

private final String failureParam

Parameter name to indicate login failure.

See Also:

Constant Field Values

usernameAttribute

private final String usernameAttribute

HTTP request parameter containing the user name.

See Also:

Constant Field Values

passwordAttribute

private final String passwordAttribute

HTTP request parameter containing the user's password.

See Also:

Constant Field Values

Constructor Detail

UsernamePasswordLoginServlet

public UsernamePasswordLoginServlet()

Method Detail

init

public void init(javax.servlet.ServletConfig config)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Servlet

Overrides:

init in class javax.servlet.GenericServlet

Throws:

javax.servlet.ServletException

service

protected void service(javax.servlet.http.HttpServletRequest request,
           javax.servlet.http.HttpServletResponse response)
                throws javax.servlet.ServletException,
                       IOException

Overrides:

service in class javax.servlet.http.HttpServlet

Throws:

javax.servlet.ServletException

IOException

redirectToLoginPage

protected void redirectToLoginPage(javax.servlet.http.HttpServletRequest request,
                       javax.servlet.http.HttpServletResponse response)

Sends the user to the login page.

Parameters:

request - current request

response - current response

authenticateUser

protected void authenticateUser(javax.servlet.http.HttpServletRequest request,
                    String username,
                    String password)
                         throws LoginException

Authenticate a username and password against JAAS. If authentication succeeds the name of the first principal, or the username if that is empty, and the subject are placed into the request in their respective attributes.

Parameters:

request - current authentication request

username - the principal name of the user to be authenticated

password - the password of the user to be authenticated

Throws:

LoginException - thrown if there is a problem authenticating the user