AbstractUsernamePasswordValidationAction (Shibboleth IdP

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>
  - - org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>
    - - net.shibboleth.idp.profile.AbstractProfileAction<InboundMessageType,OutboundMessageType>
      - net.shibboleth.idp.authn.AbstractAuthenticationAction<InboundMessageType,OutboundMessageType>
        
        net.shibboleth.idp.authn.AbstractValidationAction
        
        net.shibboleth.idp.authn.AbstractUsernamePasswordValidationAction

All Implemented Interfaces:

PrincipalSupportingComponent, Component, DestructableComponent, InitializableComponent, ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action
```
public abstract class AbstractUsernamePasswordValidationAction
extends AbstractValidationAction
```
An abstract action that checks for a UsernamePasswordContext and produces an AuthenticationResult based on that identity by invoking a subclass method.
Lockout behavior can be enabled by injecting an AccountLockoutManager

Event:

EventIds.PROCEED_EVENT_ID, AuthnEventIds.INVALID_CREDENTIALS, AuthnEventIds.NO_CREDENTIALS, AuthnEventIds.ACCOUNT_LOCKED

Postcondition:

If AuthenticationContext.getSubcontext(UsernamePasswordContext.class) != null, then an AuthenticationResult is saved to the AuthenticationContext on a successful login. On a failed login, the AbstractValidationAction.handleError(ProfileRequestContext, AuthenticationContext, Exception, String) method is called.

Field Summary

Fields
Modifier and Type	Field and Description
`private static String`	`DEFAULT_METRIC_NAME` Default prefix for metrics.
`private AccountLockoutManager`	`lockoutManager` Optional lockout management interface.
`private org.slf4j.Logger`	`log` Class logger.
`private Pattern`	`matchExpression` A regular expression to apply for acceptance testing.
`private boolean`	`removeContextAfterValidation` Whether to remove the `UsernamePasswordContext` after successful validation.
`private boolean`	`savePasswordToCredentialSet` Whether to save the password in the Java Subject's private credentials.
`private UsernamePasswordContext`	`upContext` UsernamePasswordContext containing the credentials to validate.

Constructor Summary

Constructors
Constructor and Description

AbstractUsernamePasswordValidationAction()
Constructor.

Constructors
Constructor and Description
`AbstractUsernamePasswordValidationAction()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected boolean`	`doPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)` Performs this authentication action's pre-execute step.
`AccountLockoutManager`	`getLockoutManager()` Get an account lockout management component.
`UsernamePasswordContext`	`getUsernamePasswordContext()` Get the `UsernamePasswordContext` to validate.
`protected Subject`	`populateSubject(Subject subject)` Subclasses must override this method to complete the population of the `Subject` with `Principal` and credential information based on the validation they perform.
`protected void`	`recordFailure(ProfileRequestContext profileRequestContext, boolean inc)` Record a failed authentication attempt against the configured counter, optionally incrementing the account lockout counter.
`protected void`	`recordSuccess(ProfileRequestContext profileRequestContext)` Record a successful authentication attempt against the configured counter, optionally clearing account lockout state.
`boolean`	`removeContextAfterValidation()` Get whether to remove the `UsernamePasswordContext` after it's successfully validated.
`boolean`	`savePasswordToCredentialSet()` Get whether to save the password in the private credential set.
`void`	`setLockoutManager(AccountLockoutManager manager)` Set an account lockout management component.
`void`	`setMatchExpression(Pattern expression)` Set a matching expression to apply to the username for acceptance.
`void`	`setRemoveContextAfterValidation(boolean flag)` Set whether to remove the `UsernamePasswordContext` after it's successfully validated.
`void`	`setSavePasswordToCredentialSet(boolean flag)` Set whether to save the password in the private credential set.

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doExecute, doPreExecute, setLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

- Field Detail
  - DEFAULT_METRIC_NAME
```
@Nonnull
@NotEmpty
private static final String DEFAULT_METRIC_NAME
```
    Default prefix for metrics.
    
    See Also:
    Constant Field Values
  - log
```
@Nonnull
private final org.slf4j.Logger log
```
    Class logger.
  - savePasswordToCredentialSet
```
private boolean savePasswordToCredentialSet
```
    Whether to save the password in the Java Subject's private credentials.
  - removeContextAfterValidation
```
private boolean removeContextAfterValidation
```
    Whether to remove the UsernamePasswordContext after successful validation.
  - matchExpression
```
@Nullable
private Pattern matchExpression
```
    A regular expression to apply for acceptance testing.
  - lockoutManager
```
@Nullable
private AccountLockoutManager lockoutManager
```
    Optional lockout management interface.
  - upContext
```
@Nullable
private UsernamePasswordContext upContext
```
    UsernamePasswordContext containing the credentials to validate.
- Constructor Detail
  - AbstractUsernamePasswordValidationAction
```
public AbstractUsernamePasswordValidationAction()
```
    Constructor.
- Method Detail
  - savePasswordToCredentialSet
```
public boolean savePasswordToCredentialSet()
```
    Get whether to save the password in the private credential set.
    
    Returns:
    whether to save the password in the private credential set
  - setSavePasswordToCredentialSet
```
public void setSavePasswordToCredentialSet(boolean flag)
```
    Set whether to save the password in the private credential set.
    
    Parameters:
    flag - flag to set
  - removeContextAfterValidation
```
public boolean removeContextAfterValidation()
```
    Get whether to remove the UsernamePasswordContext after it's successfully validated.
    Defaults to true
    
    Returns:
    whether to remove the context after successful validation
    Since:
    
    3.3.0
  - setRemoveContextAfterValidation
```
public void setRemoveContextAfterValidation(boolean flag)
```
    Set whether to remove the UsernamePasswordContext after it's successfully validated.
    
    Parameters:
    flag - flag to set
    Since:
    
    3.3.0
  - setMatchExpression
```
public void setMatchExpression(@Nullable
                      Pattern expression)
```
    Set a matching expression to apply to the username for acceptance.
    
    Parameters:
    expression - a matching expression
  - getLockoutManager
```
@Nullable
public AccountLockoutManager getLockoutManager()
```
    Get an account lockout management component.
    
    Returns:
    lockout manager
  - setLockoutManager
```
public void setLockoutManager(@Nullable
                     AccountLockoutManager manager)
```
    Set an account lockout management component.
    
    Parameters:
    manager - lockout manager
  - getUsernamePasswordContext
```
@Nullable
public UsernamePasswordContext getUsernamePasswordContext()
```
    Get the UsernamePasswordContext to validate.
    
    Returns:
    context to validate
  - doPreExecute
```
protected boolean doPreExecute(@Nonnull
                   ProfileRequestContext profileRequestContext,
                   @Nonnull
                   AuthenticationContext authenticationContext)
```
    Performs this authentication action's pre-execute step. Default implementation just returns true.
    
    Overrides:
    
    doPreExecute in class AbstractValidationAction
    
    Parameters:
    profileRequestContext - the current IdP profile request context
    authenticationContext - the current authentication context
    
    Returns:
    true iff execution should continue
  - populateSubject
```
@Nonnull
protected Subject populateSubject(@Nonnull
                              Subject subject)
```
    Subclasses must override this method to complete the population of the Subject with Principal and credential information based on the validation they perform.
    Typically this will include attaching a UsernamePrincipal, but this is not a requirement if other components are suitably overridden.
    
    Specified by:
    
    populateSubject in class AbstractValidationAction
    
    Parameters:
    subject - subject to populate
    
    Returns:
    the input subject
  - recordSuccess
```
protected void recordSuccess(@Nonnull
                 ProfileRequestContext profileRequestContext)
```
    Record a successful authentication attempt against the configured counter, optionally clearing account lockout state.
    
    Parameters:
    profileRequestContext - current profile request context
    Since:
    
    3.3.0
  - recordFailure
```
protected void recordFailure(@Nonnull
                 ProfileRequestContext profileRequestContext,
                 boolean inc)
```
    Record a failed authentication attempt against the configured counter, optionally incrementing the account lockout counter.
    
    Parameters:
    profileRequestContext - current profile request context
    inc - true iff lockout counter should be incremented
    Since:
    
    3.3.0

Class AbstractUsernamePasswordValidationAction

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

Field Detail

DEFAULT_METRIC_NAME

log

savePasswordToCredentialSet

removeContextAfterValidation

matchExpression

lockoutManager

upContext

Constructor Detail

AbstractUsernamePasswordValidationAction

Method Detail

savePasswordToCredentialSet

setSavePasswordToCredentialSet

removeContextAfterValidation

setRemoveContextAfterValidation

setMatchExpression

getLockoutManager

setLockoutManager

getUsernamePasswordContext

doPreExecute

populateSubject

recordSuccess

recordFailure