AuthenticationFlowDescriptor (Shibboleth IdP :: Authentication API 3.4.0 API)

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
  - - net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
    - - net.shibboleth.idp.authn.AuthenticationFlowDescriptor

All Implemented Interfaces:

com.google.common.base.Predicate<ProfileRequestContext>, PrincipalSupportingComponent, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent, StorageSerializer<AuthenticationResult>
```
public class AuthenticationFlowDescriptor
extends AbstractIdentifiableInitializableComponent
implements PrincipalSupportingComponent, com.google.common.base.Predicate<ProfileRequestContext>, StorageSerializer<AuthenticationResult>
```
A descriptor for an authentication flow.
A flow models a sequence of profile actions that performs authentication in a particular way and satisfies various constraints that may apply to an authentication request. Some of these constraints are directly exposed as properties of the flow, and others can be found by examining the list of extended Principals that the flow exposes.

Field Summary

Fields
Modifier and Type	Field and Description
`private com.google.common.base.Predicate<ProfileRequestContext>`	`activationCondition` Predicate that must be true for this flow to be usable for a given request.
`static String`	`FLOW_ID_PREFIX` Prefix convention for flow IDs.
`private long`	`inactivityTimeout` Maximum amount of time in milliseconds, since last usage, a flow should be considered active.
`private long`	`lifetime` Maximum amount of time in milliseconds, since first usage, a flow should be considered active.
`private StorageSerializer<AuthenticationResult>`	`resultSerializer` Custom serializer for the results generated by this flow.
`private com.google.common.base.Predicate<ProfileRequestContext>`	`reuseCondition` Whether this flow allows reuse of its results.
`static long`	`STORAGE_EXPIRATION_OFFSET` Additional allowance for storage of result records to avoid race conditions during use.
`private Subject`	`supportedPrincipals` Supported principals, indexed by type, that the flow can produce.
`private boolean`	`supportsForced` Whether this flow supports forced authentication.
`private boolean`	`supportsNonBrowser` Whether this flow supports non-browser clients.
`private boolean`	`supportsPassive` Whether this flow supports passive authentication.

Constructor Summary

Constructors
Constructor and Description

AuthenticationFlowDescriptor()
Constructor.

Constructors
Constructor and Description
`AuthenticationFlowDescriptor()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`apply(ProfileRequestContext input)`
`AuthenticationResult`	`deserialize(long version, String context, String key, String value, Long expiration)`
`protected void`	`doInitialize()`
`boolean`	`equals(Object obj)`
`long`	`getInactivityTimeout()` Get the maximum amount of time in milliseconds, since the last usage, a flow should be considered active.
`long`	`getLifetime()` Get the maximum amount of time in milliseconds, since first usage, a flow should be considered active.
`com.google.common.base.Predicate<ProfileRequestContext>`	`getReuseCondition()` Get condition controlling whether results from this flow should be reused for SSO.
`Collection<Principal>`	`getSupportedPrincipals()` Get a collection of supported non-user-specific principals that the flow may produce when it operates.
`<T extends Principal> Set<T>`	`getSupportedPrincipals(Class<T> c)` Get an immutable set of supported custom principals that the component produces, supports, contains, etc.
`int`	`hashCode()`
`boolean`	`isForcedAuthenticationSupported()` Get whether this flow supports forced authentication.
`boolean`	`isNonBrowserSupported()` Get whether this flow supports non-browser clients.
`boolean`	`isPassiveAuthenticationSupported()` Get whether this flow supports passive authentication.
`boolean`	`isResultActive(AuthenticationResult result)` Check if a result generated by this flow is still active.
`String`	`serialize(AuthenticationResult instance)`
`void`	`setActivationCondition(com.google.common.base.Predicate<ProfileRequestContext> condition)` Set the activation condition in the form of a `Predicate` such that iff the condition evaluates to true should the corresponding flow be allowed/possible.
`void`	`setForcedAuthenticationSupported(boolean isSupported)` Set whether this flow supports forced authentication.
`void`	`setInactivityTimeout(long timeout)` Set the maximum amount of time in milliseconds, since the last usage, a flow should be considered active.
`void`	`setLifetime(long flowLifetime)` Set the maximum amount of time in milliseconds, since first usage, a flow should be considered active.
`void`	`setNonBrowserSupported(boolean isSupported)` Set whether this flow supports non-browser clients.
`void`	`setPassiveAuthenticationSupported(boolean isSupported)` Set whether this flow supports passive authentication.
`void`	`setResultSerializer(StorageSerializer<AuthenticationResult> serializer)` Set a custom serializer for results produced by this flow.
`void`	`setReuseCondition(com.google.common.base.Predicate<ProfileRequestContext> condition)` Set condition controlling whether results from this flow should be reused for SSO.
`<T extends Principal> void`	`setSupportedPrincipals(Collection<T> principals)` Set supported non-user-specific principals that the flow may produce when it operates.
`String`	`toString()`

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
setId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
getId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent
getId

- Field Detail
  - FLOW_ID_PREFIX
```
@Nonnull
@NotEmpty
public static final String FLOW_ID_PREFIX
```
    Prefix convention for flow IDs.
    
    See Also:
    Constant Field Values
  - STORAGE_EXPIRATION_OFFSET
```
public static final long STORAGE_EXPIRATION_OFFSET
```
    Additional allowance for storage of result records to avoid race conditions during use.
  - supportsNonBrowser
```
private boolean supportsNonBrowser
```
    Whether this flow supports non-browser clients.
  - supportsPassive
```
private boolean supportsPassive
```
    Whether this flow supports passive authentication.
  - supportsForced
```
private boolean supportsForced
```
    Whether this flow supports forced authentication.
  - reuseCondition
```
@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> reuseCondition
```
    Whether this flow allows reuse of its results.
  - lifetime
```
@Duration
@NonNegative
private long lifetime
```
    Maximum amount of time in milliseconds, since first usage, a flow should be considered active.
  - inactivityTimeout
```
@Duration
@Positive
private long inactivityTimeout
```
    Maximum amount of time in milliseconds, since last usage, a flow should be considered active.
  - supportedPrincipals
```
@Nonnull
private Subject supportedPrincipals
```
    Supported principals, indexed by type, that the flow can produce. Implemented for the moment using the Subject class for convenience to allow for class-based lookup in the getSupportedPrincipals(java.lang.Class<T>) method.
  - activationCondition
```
@Nonnull
private com.google.common.base.Predicate<ProfileRequestContext> activationCondition
```
    Predicate that must be true for this flow to be usable for a given request.
  - resultSerializer
```
@Nullable
private StorageSerializer<AuthenticationResult> resultSerializer
```
    Custom serializer for the results generated by this flow.
- Constructor Detail
  - AuthenticationFlowDescriptor
```
public AuthenticationFlowDescriptor()
```
    Constructor.
- Method Detail
  - isNonBrowserSupported
```
public boolean isNonBrowserSupported()
```
    Get whether this flow supports non-browser clients.
    
    Returns:
    whether this flow supports non-browser clients
  - setNonBrowserSupported
```
public void setNonBrowserSupported(boolean isSupported)
```
    Set whether this flow supports non-browser clients.
    
    Parameters:
    isSupported - whether this flow supports non-browser clients
  - isPassiveAuthenticationSupported
```
public boolean isPassiveAuthenticationSupported()
```
    Get whether this flow supports passive authentication.
    
    Returns:
    whether this flow supports passive authentication
  - setPassiveAuthenticationSupported
```
public void setPassiveAuthenticationSupported(boolean isSupported)
```
    Set whether this flow supports passive authentication.
    
    Parameters:
    isSupported - whether this flow supports passive authentication
  - isForcedAuthenticationSupported
```
public boolean isForcedAuthenticationSupported()
```
    Get whether this flow supports forced authentication.
    
    Returns:
    whether this flow supports forced authentication
  - setForcedAuthenticationSupported
```
public void setForcedAuthenticationSupported(boolean isSupported)
```
    Set whether this flow supports forced authentication.
    
    Parameters:
    isSupported - whether this flow supports forced authentication.
  - getReuseCondition
```
@Nonnull
public com.google.common.base.Predicate<ProfileRequestContext> getReuseCondition()
```
    Get condition controlling whether results from this flow should be reused for SSO.
    
    Returns:
    whether results from this flow should be reused for SSO
    Since:
    
    3.4.0
  - setReuseCondition
```
public void setReuseCondition(@Nonnull
                     com.google.common.base.Predicate<ProfileRequestContext> condition)
```
    Set condition controlling whether results from this flow should be reused for SSO.
    Defaults to Predicates.alwaysTrue().
    
    Parameters:
    condition - condition to set
    Since:
    
    3.4.0
  - getLifetime
```
@NonNegative
@Duration
public long getLifetime()
```
    Get the maximum amount of time in milliseconds, since first usage, a flow should be considered active. A value of 0 indicates that there is no upper limit on the lifetime on an active flow.
    
    Returns:
    maximum amount of time in milliseconds a flow should be considered active, never less than 0
  - setLifetime
```
@Duration
public void setLifetime(@Duration@NonNegative
                        long flowLifetime)
```
    Set the maximum amount of time in milliseconds, since first usage, a flow should be considered active. A value of 0 indicates that there is no upper limit on the lifetime on an active flow.
    
    Parameters:
    flowLifetime - the lifetime for the flow, must be 0 or greater
  - getInactivityTimeout
```
@Duration
@Positive
public long getInactivityTimeout()
```
    Get the maximum amount of time in milliseconds, since the last usage, a flow should be considered active.
    Defaults to 30 minutes.
    
    Returns:
    the duration
  - setInactivityTimeout
```
@Duration
public void setInactivityTimeout(@Duration@Positive
                                 long timeout)
```
    Set the maximum amount of time in milliseconds, since the last usage, a flow should be considered active.
    
    Parameters:
    timeout - the flow inactivity timeout, must be greater than zero
  - isResultActive
```
public boolean isResultActive(@Nonnull
                     AuthenticationResult result)
```
    Check if a result generated by this flow is still active.
    
    Parameters:
    result - AuthenticationResult to check
    
    Returns:
    true iff the result remains valid
  - getSupportedPrincipals
```
@Nonnull
@NonnullElements
@Unmodifiable
public <T extends Principal> Set<T> getSupportedPrincipals(@Nonnull
                                                                                       Class<T> c)
```
    Get an immutable set of supported custom principals that the component produces, supports, contains, etc.
    
    Specified by:
    
    getSupportedPrincipals in interface PrincipalSupportingComponent
    
    Type Parameters:
    T - type of Principal to inquire on
    Parameters:
    c - type of Principal to inquire on
    
    Returns:
    a set of matching principals
  - getSupportedPrincipals
```
@Nonnull
@NonnullElements
public Collection<Principal> getSupportedPrincipals()
```
    Get a collection of supported non-user-specific principals that the flow may produce when it operates.
    The Collection.remove(java.lang.Object) method is not supported.
    
    Returns:
    a live collection of supported principals
  - setSupportedPrincipals
```
public <T extends Principal> void setSupportedPrincipals(@Nonnull@NonnullElements
                                                Collection<T> principals)
```
    Set supported non-user-specific principals that the flow may produce when it operates.
    
    Type Parameters:
    T - a type of principal to add, if not generic
    Parameters:
    principals - supported principals to add
  - setActivationCondition
```
public void setActivationCondition(@Nonnull
                          com.google.common.base.Predicate<ProfileRequestContext> condition)
```
    Set the activation condition in the form of a Predicate such that iff the condition evaluates to true should the corresponding flow be allowed/possible.
    
    Parameters:
    condition - predicate that controls activation of the flow
  - apply
```
public boolean apply(@Nullable
            ProfileRequestContext input)
```
    Specified by:
    
    apply in interface com.google.common.base.Predicate<ProfileRequestContext>
  - setResultSerializer
```
public void setResultSerializer(@Nonnull
                       StorageSerializer<AuthenticationResult> serializer)
```
    Set a custom serializer for results produced by this flow.
    
    Parameters:
    serializer - the custom serializer
  - doInitialize
```
protected void doInitialize()
                     throws ComponentInitializationException
```
    Overrides:
    
    doInitialize in class AbstractIdentifiedInitializableComponent
    
    Throws:
    
    ComponentInitializationException
  - serialize
```
@Nonnull
@NotEmpty
public String serialize(@Nonnull
                                AuthenticationResult instance)
                 throws IOException
```
    Specified by:
    
    serialize in interface StorageSerializer<AuthenticationResult>
    
    Throws:
    
    IOException
  - deserialize
```
@Nonnull
public AuthenticationResult deserialize(long version,
                                       @Nonnull@NotEmpty
                                       String context,
                                       @Nonnull@NotEmpty
                                       String key,
                                       @Nonnull@NotEmpty
                                       String value,
                                       @Nonnull
                                       Long expiration)
                                 throws IOException
```
    Specified by:
    
    deserialize in interface StorageSerializer<AuthenticationResult>
    
    Throws:
    
    IOException
  - hashCode
```
public int hashCode()
```
    Overrides:
    
    hashCode in class Object
  - equals
```
public boolean equals(Object obj)
```
    Specified by:
    
    equals in interface com.google.common.base.Predicate<ProfileRequestContext>
    
    Overrides:
    
    equals in class Object
  - toString
```
public String toString()
```
    Overrides:
    
    toString in class Object

Class AuthenticationFlowDescriptor

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

Field Detail

FLOW_ID_PREFIX

STORAGE_EXPIRATION_OFFSET

supportsNonBrowser

supportsPassive

supportsForced

reuseCondition

lifetime

inactivityTimeout

supportedPrincipals

activationCondition

resultSerializer

Constructor Detail

AuthenticationFlowDescriptor

Method Detail

isNonBrowserSupported

setNonBrowserSupported

isPassiveAuthenticationSupported

setPassiveAuthenticationSupported

isForcedAuthenticationSupported

setForcedAuthenticationSupported

getReuseCondition

setReuseCondition

getLifetime

setLifetime

getInactivityTimeout

setInactivityTimeout

isResultActive

getSupportedPrincipals

getSupportedPrincipals

setSupportedPrincipals

setActivationCondition

apply

setResultSerializer

doInitialize

serialize

deserialize

hashCode

equals

toString