|
PicketLink Federation Server Bindings for Apache Tomcat 5/6 2.1.1.Final-redhat-1 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.authenticator.FormAuthenticator
org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
public abstract class BaseFormAuthenticator
Base Class for Service Provider Form Authenticators
Field Summary | |
---|---|
protected String |
canonicalizationMethod
|
protected SAML2HandlerChain |
chain
|
protected Map<String,Object> |
chainConfigOptions
|
protected Lock |
chainLock
A Lock for Handler operations in the chain |
protected String |
configFile
|
protected SAMLConfigurationProvider |
configProvider
The user can inject a fully qualified name of a SAMLConfigurationProvider |
protected String |
identityURL
|
protected String |
idpAddress
|
protected X509Certificate |
idpCertificate
If the service provider is configured with an IDP metadata file, then this certificate can be picked up from the metadata |
protected String |
issuerID
|
protected TrustKeyManager |
keyManager
|
protected static org.apache.log4j.Logger |
log
|
protected String |
logOutPage
|
protected PicketLinkType |
picketLinkConfiguration
|
protected String |
samlHandlerChainClass
|
protected boolean |
saveRestoreRequest
|
protected String |
serviceURL
|
protected SPType |
spConfiguration
|
protected boolean |
trace
|
Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator |
---|
characterEncoding, info, landingPage |
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase |
---|
AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, lifecycle, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started |
Fields inherited from class org.apache.catalina.valves.ValveBase |
---|
container, controller, domain, mserver, next, oname |
Fields inherited from interface org.apache.catalina.Lifecycle |
---|
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT |
Constructor Summary | |
---|---|
BaseFormAuthenticator()
|
Method Summary | |
---|---|
protected boolean |
doSupportSignature()
Indicates if digital signatures/validation of SAML assertions are enabled. |
protected abstract String |
getBinding()
Return the SAML Binding that this authenticator supports |
String |
getConfigFile()
|
SPType |
getConfiguration()
|
String |
getIdentityURL()
Get the Identity URL |
X509Certificate |
getIdpCertificate()
Get the X509Certificate of the IDP if provided via the IDP metadata file |
protected IDPSSODescriptorType |
getIDPSSODescriptor(EntitiesDescriptorType entities)
|
protected IDPSSODescriptorType |
handleMetadata(EntitiesDescriptorType entities)
|
protected IDPSSODescriptorType |
handleMetadata(EntityDescriptorType entityDescriptor)
|
protected void |
initializeHandlerChain()
|
protected abstract void |
initKeyProvider(org.apache.catalina.Context context)
|
protected boolean |
localAuthentication(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
org.apache.catalina.deploy.LoginConfig loginConfig)
Fall back on local authentication at the service provider side |
protected void |
populateChainConfig()
|
protected void |
processConfiguration()
Process the configuration from the configuration file |
protected void |
processIDPMetadataFile(String idpMetadataFile)
Attempt to process a metadata file available locally |
protected void |
processStart()
|
protected void |
register(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
Principal principal,
String arg3,
String arg4,
String arg5)
This method is a hack!!! Tomcat on account of Servlet3 changed their authenticator method signatures We utilize Java Reflection to identify the super register method on the first call and save it. |
protected void |
sendToLogoutPage(org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response,
org.apache.catalina.Session session)
|
void |
setConfigFile(String configFile)
|
void |
setConfigProvider(String cp)
|
void |
setIdpAddress(String idpAddress)
If the request.getRemoteAddr is not exactly the IDP address that you have keyed in your deployment descriptor for keystore alias, you can set it here explicitly |
void |
setIssuerID(String issuerID)
Set a separate issuer id |
void |
setLogOutPage(String logOutPage)
|
void |
setSamlHandlerChainClass(String samlHandlerChainClass)
|
void |
setSaveRestoreRequest(boolean saveRestoreRequest)
|
void |
setServiceURL(String serviceURL)
|
void |
start()
|
void |
testStart()
|
protected boolean |
validate(org.apache.catalina.connector.Request request)
Perform validation os the request object |
Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator |
---|
authenticate, forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, getLandingPage, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage |
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase |
---|
addLifecycleListener, associate, authenticate, findLifecycleListeners, generateSessionId, getCache, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, invoke, isChangeSessionIdOnAuthentication, login, logout, reauthenticateFromSSO, register, removeLifecycleListener, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, stop, unregister |
Methods inherited from class org.apache.catalina.valves.ValveBase |
---|
backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
protected static org.apache.log4j.Logger log
protected final boolean trace
protected TrustKeyManager keyManager
protected SPType spConfiguration
protected PicketLinkType picketLinkConfiguration
protected String serviceURL
protected String identityURL
protected String issuerID
protected String configFile
protected transient X509Certificate idpCertificate
protected transient SAML2HandlerChain chain
protected transient String samlHandlerChainClass
protected Map<String,Object> chainConfigOptions
protected boolean saveRestoreRequest
protected Lock chainLock
protected String canonicalizationMethod
protected String logOutPage
protected SAMLConfigurationProvider configProvider
SAMLConfigurationProvider
protected String idpAddress
Constructor Detail |
---|
public BaseFormAuthenticator()
Method Detail |
---|
public void setIdpAddress(String idpAddress)
public String getConfigFile()
public void setConfigFile(String configFile)
public void setSamlHandlerChainClass(String samlHandlerChainClass)
public void setServiceURL(String serviceURL)
public void setSaveRestoreRequest(boolean saveRestoreRequest)
public void setConfigProvider(String cp)
public SPType getConfiguration()
public void setIssuerID(String issuerID)
issuerID
- public void setLogOutPage(String logOutPage)
protected boolean validate(org.apache.catalina.connector.Request request)
request
-
IOException
GeneralSecurityException
public void start() throws org.apache.catalina.LifecycleException
start
in interface org.apache.catalina.Lifecycle
start
in class org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.LifecycleException
public String getIdentityURL()
public X509Certificate getIdpCertificate()
X509Certificate
of the IDP if provided via the IDP metadata file
X509Certificate
or nullprotected void register(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, Principal principal, String arg3, String arg4, String arg5)
Method
org.apache.catalina.authenticator.AuthenticatorBase#register(org.apache.catalina.connector.Request,
org.apache.catalina.connector.Response, java.security.Principal, java.lang.String, java.lang.String,
java.lang.String)
protected boolean localAuthentication(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig loginConfig) throws IOException
request
- response
- loginConfig
-
IOException
protected abstract String getBinding()
JBossSAMLURIConstants#SAML_HTTP_POST_BINDING}
,
JBossSAMLURIConstants#SAML_HTTP_REDIRECT_BINDING}
protected void processIDPMetadataFile(String idpMetadataFile)
protected void processConfiguration()
protected IDPSSODescriptorType handleMetadata(EntitiesDescriptorType entities)
protected IDPSSODescriptorType handleMetadata(EntityDescriptorType entityDescriptor)
protected IDPSSODescriptorType getIDPSSODescriptor(EntitiesDescriptorType entities)
protected void initializeHandlerChain() throws ConfigurationException, ProcessingException
ConfigurationException
ProcessingException
protected void populateChainConfig() throws ConfigurationException, ProcessingException
ConfigurationException
ProcessingException
protected void sendToLogoutPage(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.Session session) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
public void testStart() throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
protected void processStart() throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
protected boolean doSupportSignature()
Indicates if digital signatures/validation of SAML assertions are enabled. Subclasses that supports signature should override this method.
protected abstract void initKeyProvider(org.apache.catalina.Context context) throws org.apache.catalina.LifecycleException
org.apache.catalina.LifecycleException
|
PicketLink Federation Server Bindings for Apache Tomcat 5/6 2.1.1.Final-redhat-1 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |