|
PicketLink Federation Common Server Bindings for Apache Tomcat 2.1.6.Final-redhat-2 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.authenticator.FormAuthenticator
org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
public abstract class BaseFormAuthenticator
Base Class for Service Provider Form Authenticators
Field Summary | |
---|---|
protected PicketLinkAuditHelper |
auditHelper
|
protected String |
canonicalizationMethod
|
protected SAML2HandlerChain |
chain
|
protected Map<String,Object> |
chainConfigOptions
|
protected Lock |
chainLock
A Lock for Handler operations in the chain |
protected String |
configFile
|
protected SAMLConfigurationProvider |
configProvider
The user can inject a fully qualified name of a SAMLConfigurationProvider |
protected boolean |
enableAudit
|
protected String |
identityURL
|
protected String |
idpAddress
|
protected X509Certificate |
idpCertificate
If the service provider is configured with an IDP metadata file, then this certificate can be picked up from the metadata |
protected String |
issuerID
|
protected TrustKeyManager |
keyManager
|
protected static PicketLinkLogger |
logger
|
protected PicketLinkType |
picketLinkConfiguration
|
protected String |
samlHandlerChainClass
|
protected boolean |
saveRestoreRequest
|
protected String |
serviceURL
|
protected SPType |
spConfiguration
|
Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator |
---|
characterEncoding, info |
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase |
---|
algorithm, cache, changeSessionIdOnAuthentication, context, DEFAULT_ALGORITHM, digest, disableProxyCaching, entropy, lifecycle, random, randomClass, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started |
Fields inherited from class org.apache.catalina.valves.ValveBase |
---|
container, containerLog, controller, domain, mserver, next, oname |
Fields inherited from interface org.apache.catalina.Lifecycle |
---|
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT |
Constructor Summary | |
---|---|
BaseFormAuthenticator()
|
Method Summary | |
---|---|
protected boolean |
doSupportSignature()
Indicates if digital signatures/validation of SAML assertions are enabled. |
protected abstract String |
getBinding()
Return the SAML Binding that this authenticator supports |
String |
getConfigFile()
Get the name of the configuration file |
SPType |
getConfiguration()
Get the SPType |
String |
getIdentityURL()
Get the Identity URL |
X509Certificate |
getIdpCertificate()
Get the X509Certificate of the IDP if provided via the IDP metadata file |
protected IDPSSODescriptorType |
getIDPSSODescriptor(EntitiesDescriptorType entities)
|
protected IDPSSODescriptorType |
handleMetadata(EntitiesDescriptorType entities)
|
protected IDPSSODescriptorType |
handleMetadata(EntityDescriptorType entityDescriptor)
|
protected void |
initializeHandlerChain()
|
protected abstract void |
initKeyProvider(org.apache.catalina.Context context)
|
protected boolean |
localAuthentication(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
org.apache.catalina.deploy.LoginConfig loginConfig)
Fall back on local authentication at the service provider side |
protected void |
populateChainConfig()
|
protected void |
processConfiguration()
Process the configuration from the configuration file |
protected void |
processIDPMetadataFile(String idpMetadataFile)
Attempt to process a metadata file available locally |
protected void |
register(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
Principal principal,
String arg3,
String arg4,
String arg5)
This method is a hack!!! Tomcat on account of Servlet3 changed their authenticator method signatures We utilize Java Reflection to identify the super register method on the first call and save it. |
protected void |
sendToLogoutPage(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
org.apache.catalina.Session session)
|
void |
setAuditHelper(PicketLinkAuditHelper auditHelper)
|
void |
setConfigFile(String configFile)
Set the name of the configuration file |
void |
setConfigProvider(SAMLConfigurationProvider configProvider)
Set an instance of the SAMLConfigurationProvider |
void |
setConfigProvider(String cp)
Set the SAMLConfigurationProvider fqn |
void |
setIdpAddress(String idpAddress)
If the request.getRemoteAddr is not exactly the IDP address that you have keyed in your deployment descriptor for keystore alias, you can set it here explicitly |
void |
setIssuerID(String issuerID)
Set a separate issuer id |
void |
setLogOutPage(String logOutPage)
Set the logout page |
void |
setSamlHandlerChainClass(String samlHandlerChainClass)
Set the SAML Handler Chain Class fqn |
void |
setSaveRestoreRequest(boolean saveRestoreRequest)
Set whether the authenticator saves/restores the request during form authentication |
void |
setServiceURL(String serviceURL)
Set the service URL |
protected void |
startPicketLink()
|
void |
testStart()
|
protected boolean |
validate(org.apache.catalina.connector.Request request)
Perform validation os the request object |
Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator |
---|
authenticate, forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding |
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase |
---|
addLifecycleListener, associate, findLifecycleListeners, generateSessionId, getAlgorithm, getCache, getChangeSessionIdOnAuthentication, getContainer, getDigest, getDisableProxyCaching, getEntropy, getRandom, getRandomClass, getSecurePagesWithPragma, invoke, reauthenticateFromSSO, removeLifecycleListener, setAlgorithm, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setEntropy, setRandomClass, setSecurePagesWithPragma, start, stop |
Methods inherited from class org.apache.catalina.valves.ValveBase |
---|
backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
protected static final PicketLinkLogger logger
protected boolean enableAudit
protected PicketLinkAuditHelper auditHelper
protected TrustKeyManager keyManager
protected SPType spConfiguration
protected PicketLinkType picketLinkConfiguration
protected String serviceURL
protected String identityURL
protected String issuerID
protected String configFile
protected transient X509Certificate idpCertificate
protected transient SAML2HandlerChain chain
protected transient String samlHandlerChainClass
protected Map<String,Object> chainConfigOptions
protected boolean saveRestoreRequest
protected Lock chainLock
protected String canonicalizationMethod
protected SAMLConfigurationProvider configProvider
SAMLConfigurationProvider
protected String idpAddress
Constructor Detail |
---|
public BaseFormAuthenticator()
Method Detail |
---|
public void setIdpAddress(String idpAddress)
public String getConfigFile()
public void setConfigFile(String configFile)
configFile
- public void setSamlHandlerChainClass(String samlHandlerChainClass)
samlHandlerChainClass
- public void setServiceURL(String serviceURL)
serviceURL
- public void setSaveRestoreRequest(boolean saveRestoreRequest)
saveRestoreRequest
- public void setConfigProvider(String cp)
SAMLConfigurationProvider
fqn
cp
- fqn of a SAMLConfigurationProvider
public void setConfigProvider(SAMLConfigurationProvider configProvider)
SAMLConfigurationProvider
configProvider
- public SPType getConfiguration()
SPType
public void setIssuerID(String issuerID)
issuerID
- public void setLogOutPage(String logOutPage)
logOutPage
- protected boolean validate(org.apache.catalina.connector.Request request)
request
-
IOException
GeneralSecurityException
public String getIdentityURL()
public X509Certificate getIdpCertificate()
X509Certificate
of the IDP if provided via the IDP metadata file
X509Certificate
or nullprotected void register(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, Principal principal, String arg3, String arg4, String arg5)
Method
register
in class org.apache.catalina.authenticator.AuthenticatorBase
AuthenticatorBase.register(org.apache.catalina.connector.Request,
org.apache.catalina.connector.Response, java.security.Principal, java.lang.String, java.lang.String,
java.lang.String)
protected boolean localAuthentication(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig loginConfig) throws IOException
request
- response
- loginConfig
-
IOException
protected abstract String getBinding()
JBossSAMLURIConstants#SAML_HTTP_POST_BINDING}
,
JBossSAMLURIConstants#SAML_HTTP_REDIRECT_BINDING}
protected void processIDPMetadataFile(String idpMetadataFile)
protected void processConfiguration()
protected IDPSSODescriptorType handleMetadata(EntitiesDescriptorType entities)
protected IDPSSODescriptorType handleMetadata(EntityDescriptorType entityDescriptor)
protected IDPSSODescriptorType getIDPSSODescriptor(EntitiesDescriptorType entities)
protected void initializeHandlerChain() throws ConfigurationException, ProcessingException
ConfigurationException
ProcessingException
protected void populateChainConfig() throws ConfigurationException, ProcessingException
ConfigurationException
ProcessingException
protected void sendToLogoutPage(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.Session session) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
public void testStart() throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
protected void startPicketLink() throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
protected boolean doSupportSignature()
Indicates if digital signatures/validation of SAML assertions are enabled. Subclasses that supports signature should override this method.
protected abstract void initKeyProvider(org.apache.catalina.Context context) throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
public void setAuditHelper(PicketLinkAuditHelper auditHelper)
|
PicketLink Federation Common Server Bindings for Apache Tomcat 2.1.6.Final-redhat-2 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |