/** * Add requested principal into context. * * @param ac the ac * @param principals the principals */ private void addRequestedPrincipalIntoContext(final AuthenticationContext ac, final List<Principal> principals) { final RequestedPrincipalContext rpc = new RequestedPrincipalContext(); rpc.setOperator("exact"); rpc.setRequestedPrincipals(principals); ac.addSubcontext(rpc, true); }
/** * Helper method that evaluates a {@link PrincipalSupportingComponent} against a * {@link RequestedPrincipalContext} child of this context, if present, to determine * if the input is compatible with it. * * @param component component to evaluate * * @return true iff the input is compatible with the requested authentication requirements or if * no such requirements have been imposed */ public boolean isAcceptable(@Nonnull final PrincipalSupportingComponent component) { final RequestedPrincipalContext rpCtx = getSubcontext(RequestedPrincipalContext.class); if (rpCtx != null) { return rpCtx.isAcceptable(component); } else { // No requirements so anything is acceptable. return true; } }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final SubjectContext input) { if (input != null) { return input.getPrincipalName(); } return null; }
private static Object getAuthenticationTokenCredentials(final ProfileRequestContext profileRequestContext) { final AuthenticationContext ctx = profileRequestContext.getSubcontext(AuthenticationContext.class); if (ctx != null && ctx.containsSubcontext(UsernamePasswordContext.class)) { final UsernamePasswordContext subcontext = ctx.getSubcontext(UsernamePasswordContext.class); return subcontext.getUsername(); } final SubjectContext sub = profileRequestContext.getSubcontext(SubjectContext.class); if (sub == null) { throw new OIDCException("Could not locate SubjectContext in the ProfileRequestContext"); } return sub.getPrincipalName(); }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final SubjectContext subjectCtx = new SubjectContext(); subjectCtx.setPrincipalName(canonicalPrincipalName); profileRequestContext.addSubcontext(subjectCtx, true); }
/** * Get whether one or more of the active results in this context satisfies the request. * * @return true iff at least one of the active results satisfies the request */ public boolean isAcceptable() { final AuthenticationContext authnContext = (AuthenticationContext) getParent(); if (authnContext != null) { for (final AuthenticationResult result : activeResults.values()) { // Only include Principals from fresh results or when forced authn is off. if (!(authnContext.isForceAuthn() && result.isPreviousResult())) { if (authnContext.isAcceptable(result)) { return true; } } } } return false; }
/** {@inheritDoc} */ @Override @Nullable public Boolean apply(@Nullable final AuthenticationContext input) { if (input != null && input.getAuthenticationResult() != null) { return input.getAuthenticationResult().isPreviousResult(); } else { return null; } }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { final Pair<String, String> usernamePassword = extractUsernamePassword(inboundMessage); if (usernamePassword == null) { log.debug("{} inbound message does not contain a username and password", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS); return; } authenticationContext.getSubcontext(UsernamePasswordContext.class, true) .setUsername(usernamePassword.getFirst()).setPassword(usernamePassword.getSecond()); }
/** * Set the registry of predicate factories for custom principal evaluation to inject into instances of * {@link RequestedPrincipalContext} created via the {@link #addRequestedPrincipalContext(String, List, boolean)} * helper method. * * <p>It also propagates this object into any existing {@link RequestedPrincipalContext} subcontext.</p> * * @param registry predicate factory registry * * @return this context */ @Nonnull public AuthenticationContext setPrincipalEvalPredicateFactoryRegistry( @Nullable final PrincipalEvalPredicateFactoryRegistry registry) { evalRegistry = registry; final RequestedPrincipalContext rpCtx = getSubcontext(RequestedPrincipalContext.class); if (rpCtx != null) { rpCtx.setPrincipalEvalPredicateFactoryRegistry(registry); } return this; }
/** * Get the registry of predicate factories for custom principal evaluation. * * <p>This object is only needed when evaluating a {@link RequestedPrincipalContext}, so the presence of it at * this level of the tree is solely for use by the {@link #addRequestedPrincipalContext(String, List, boolean)} * helper method.</p> * * @return predicate factory registry */ @Nonnull public PrincipalEvalPredicateFactoryRegistry getPrincipalEvalPredicateFactoryRegistry() { final RequestedPrincipalContext rpCtx = getSubcontext(RequestedPrincipalContext.class); if (rpCtx != null) { return rpCtx.getPrincipalEvalPredicateFactoryRegistry(); } else if (evalRegistry != null) { return evalRegistry; } else { return new PrincipalEvalPredicateFactoryRegistry(); } }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { if (!super.doPreExecute(profileRequestContext, authenticationContext)) { return false; } requestedPrincipalCtx = authenticationContext.getSubcontext(RequestedPrincipalContext.class); return true; }
/** {@inheritDoc} */ protected void doExecute(final ProfileRequestContext profileRequestContext) { profileRequestContext.removeSubcontext(SubjectCanonicalizationContext.class); final SubjectContext subjectContext = profileRequestContext.getSubcontext(SubjectContext.class, true); subjectContext.setPrincipalName(principalName); }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final SubjectContext input) { if (input != null) { return input.getImpersonatingPrincipalName(); } return null; }
/** * Helper method that evaluates a {@link Principal} object against this context * to determine if the input is compatible with it. * * @param <T> type of principal * @param principal principal to evaluate * * @return true iff the input is compatible with the requested authentication requirements */ public <T extends Principal> boolean isAcceptable(@Nonnull final T principal) { return isAcceptable(new PrincipalSupportingComponent() { public <TT extends Principal> Set<TT> getSupportedPrincipals(final Class<TT> c) { if (c.isAssignableFrom(principal.getClass())) { return Collections.singleton((TT) principal); } else { return Collections.emptySet(); } } }); }
/** {@inheritDoc} */ @Override @Nonnull protected Subject populateSubject(@Nonnull final Subject subject) { // Override supplied Subject with our own, after transferring over any custom Principals. extContext.getSubject().getPrincipals().addAll(subject.getPrincipals()); return extContext.getSubject(); }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { if (authenticationContext.getSignaledFlowId() != null) { doSelectSignaledFlow(profileRequestContext, authenticationContext); } else if (requestedPrincipalCtx == null) { doSelectNoRequestedPrincipals(profileRequestContext, authenticationContext); } else { doSelectRequestedPrincipals(profileRequestContext, authenticationContext); } }
/** * Helper method that evaluates a {@link Principal} object against a {@link RequestedPrincipalContext} child * of this context, if present, to determine if the input is compatible with it. * * @param <T> type of principal * @param principal principal to evaluate * * @return true iff the input is compatible with the requested authentication requirements or if * no such requirements have been imposed */ public <T extends Principal> boolean isAcceptable(@Nonnull final T principal) { final RequestedPrincipalContext rpCtx = getSubcontext(RequestedPrincipalContext.class); if (rpCtx != null) { return rpCtx.isAcceptable(principal); } else { // No requirements so anything is acceptable. return true; } }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final SubjectContext subjectCtx = new SubjectContext(); subjectCtx.setPrincipalName(principalName); profileRequestContext.addSubcontext(subjectCtx, true); }
@Override public String getName() { final SubjectContext principal = (SubjectContext) getPrincipal(); return principal.getPrincipalName(); }
/** * Helper method that evaluates {@link Principal} objects against a {@link RequestedPrincipalContext} child * of this context, if present, to determine if the input is compatible with them. * * @param principals principal(s) to evaluate * * @return true iff the input is compatible with the requested authentication requirements or if * no such requirements have been imposed */ public boolean isAcceptable(@Nonnull @NonnullElements final Collection<Principal> principals) { final RequestedPrincipalContext rpCtx = getSubcontext(RequestedPrincipalContext.class); if (rpCtx != null) { return rpCtx.isAcceptable(principals); } else { // No requirements so anything is acceptable. return true; } }