PicketLink Federation Common Server Bindings for Apache Tomcat 2.1.6.Final-redhat-2

org.picketlink.identity.federation.bindings.tomcat
Class AbstractPicketLinkAuthenticator

java.lang.Object
  extended by org.apache.catalina.valves.ValveBase
      extended by org.apache.catalina.authenticator.AuthenticatorBase
          extended by org.picketlink.identity.federation.bindings.tomcat.AbstractPicketLinkAuthenticator
All Implemented Interfaces:
MBeanRegistration, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.Lifecycle, org.apache.catalina.Valve

public abstract class AbstractPicketLinkAuthenticator
extends org.apache.catalina.authenticator.AuthenticatorBase

An authenticator that delegates actual authentication to a realm, and in turn to a security manager, by presenting a "conventional" identity. The security manager must accept the conventional identity and generate the real identity for the authenticated principal.

Subclasses should override some methods to provide especific implementation according with the binding/environment.

Author:
Ovidiu Feodorov, Anil.Saldhana@redhat.com, Pedro Silva

Field Summary
protected  String authMethod
          This is the auth method used in the register method
protected static PicketLinkLogger logger
           
protected  boolean needSubjectPrincipalSubstitution
          The authenticator may not be aware of the user name until after the underlying security exercise is complete.
protected  SubjectSecurityInteraction subjectInteraction
           
protected  String subjectInteractionClassName
           
 
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
algorithm, cache, changeSessionIdOnAuthentication, context, DEFAULT_ALGORITHM, digest, disableProxyCaching, entropy, info, lifecycle, random, randomClass, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started
 
Fields inherited from class org.apache.catalina.valves.ValveBase
container, containerLog, controller, domain, mserver, next, oname
 
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
Constructor Summary
AbstractPicketLinkAuthenticator()
           
 
Method Summary
protected abstract  void doRegister(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, Principal principal, String password)
          Subclasses should override this method to register an authenticated Principal.
protected  Principal getSubjectPrincipal()
           
protected  boolean performAuthentication(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig loginConfig)
          Actually performs the authentication.
 void setAuthMethod(String authMethod)
          Set the auth method via WEB-INF/context.xml (JBoss AS)
 void setNeedSubjectPrincipalSubstitution(String needSubjectPrincipalSubstitutionVal)
           
 void setSubjectInteractionClassName(String subjectRetrieverClassName)
          Set this if you want to override the default SubjectSecurityInteraction
 
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
addLifecycleListener, associate, authenticate, findLifecycleListeners, generateSessionId, getAlgorithm, getCache, getChangeSessionIdOnAuthentication, getContainer, getDigest, getDisableProxyCaching, getEntropy, getInfo, getRandom, getRandomClass, getSecurePagesWithPragma, invoke, reauthenticateFromSSO, register, removeLifecycleListener, setAlgorithm, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setEntropy, setRandomClass, setSecurePagesWithPragma, start, stop
 
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

logger

protected static final PicketLinkLogger logger

authMethod

protected String authMethod
This is the auth method used in the register method


needSubjectPrincipalSubstitution

protected boolean needSubjectPrincipalSubstitution
The authenticator may not be aware of the user name until after the underlying security exercise is complete. The Subject will have the proper user name. Hence we may need to perform an additional authentication now with the user name we have obtained.


subjectInteraction

protected SubjectSecurityInteraction subjectInteraction

subjectInteractionClassName

protected String subjectInteractionClassName
Constructor Detail

AbstractPicketLinkAuthenticator

public AbstractPicketLinkAuthenticator()
Method Detail

setAuthMethod

public void setAuthMethod(String authMethod)
Set the auth method via WEB-INF/context.xml (JBoss AS)

Parameters:
authMethod -

setNeedSubjectPrincipalSubstitution

public void setNeedSubjectPrincipalSubstitution(String needSubjectPrincipalSubstitutionVal)

setSubjectInteractionClassName

public void setSubjectInteractionClassName(String subjectRetrieverClassName)
Set this if you want to override the default SubjectSecurityInteraction

Parameters:
subjectRetrieverClassName -

performAuthentication

protected boolean performAuthentication(org.apache.catalina.connector.Request request,
                                        org.apache.catalina.connector.Response response,
                                        org.apache.catalina.deploy.LoginConfig loginConfig)
                                 throws IOException

Actually performs the authentication. Subclasses should call this method when implementing the AuthenticatorBase.authenticate method.

This method was created to allow different signatures for the AuthenticatorBase.authenticate method according with the catalina version.

Parameters:
request -
response -
loginConfig -
Returns:
Throws:
IOException

doRegister

protected abstract void doRegister(org.apache.catalina.connector.Request request,
                                   org.apache.catalina.connector.Response response,
                                   Principal principal,
                                   String password)

Subclasses should override this method to register an authenticated Principal.

Parameters:
request -
response -
principal -
password -

getSubjectPrincipal

protected Principal getSubjectPrincipal()

PicketLink Federation Common Server Bindings for Apache Tomcat 2.1.6.Final-redhat-2

Copyright © 2013 JBoss by Red Hat. All Rights Reserved.