org.picketlink.identity.federation.bindings.tomcat

Class PicketLinkAuthenticator

java.lang.Object

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.FormAuthenticator

org.picketlink.identity.federation.bindings.tomcat.PicketLinkAuthenticator

All Implemented Interfaces:

MBeanRegistration, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.Lifecycle, org.apache.catalina.Valve

public class PicketLinkAuthenticator
extends org.apache.catalina.authenticator.FormAuthenticator

An authenticator that delegates actual authentication to a realm, and in turn to a security manager, by presenting a "conventional" identity. The security manager must accept the conventional identity and generate the real identity for the authenticated principal.

Since:

Apr 11, 2011

Author:

Ovidiu Feodorov, Anil.Saldhana@redhat.com

Field Summary

Fields

Modifier and Type	Field and Description
protected String	authMethod This is the auth method used in the register method
protected static Logger	log
protected boolean	needSubjectPrincipalSubstitution The authenticator may not be aware of the user name until after the underlying security exercise is complete.
protected SubjectSecurityInteraction	subjectInteraction
protected String	subjectInteractionClassName
protected boolean	trace

Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator

characterEncoding, info, landingPage

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, lifecycle, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started

Fields inherited from class org.apache.catalina.valves.ValveBase

container, controller, domain, mserver, next, oname

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
PicketLinkAuthenticator()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	authenticate(HttpServletRequest request, HttpServletResponse response, org.apache.catalina.deploy.LoginConfig loginConfig)
boolean	authenticate(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig loginConfig)
protected Principal	getSubjectPrincipal()
void	setAuthMethod(String authMethod) Set the auth method via WEB-INF/context.xml (JBoss AS)
void	setNeedSubjectPrincipalSubstitution(String needSubjectPrincipalSubstitutionVal)
void	setSubjectInteractionClassName(String subjectRetrieverClassName) Set this if you want to override the default SubjectSecurityInteraction

Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator

authenticate, forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, getLandingPage, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

addLifecycleListener, associate, authenticate, findLifecycleListeners, generateSessionId, getCache, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, invoke, isChangeSessionIdOnAuthentication, login, logout, reauthenticateFromSSO, register, removeLifecycleListener, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, start, stop, unregister

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

log

protected static Logger log

trace

protected boolean trace

authMethod

protected String authMethod

This is the auth method used in the register method

needSubjectPrincipalSubstitution

protected boolean needSubjectPrincipalSubstitution

The authenticator may not be aware of the user name until after the underlying security exercise is complete. The Subject will have the proper user name. Hence we may need to perform an additional authentication now with the user name we have obtained.

subjectInteraction

protected SubjectSecurityInteraction subjectInteraction

subjectInteractionClassName

protected String subjectInteractionClassName

Constructor Detail

PicketLinkAuthenticator

public PicketLinkAuthenticator()

Method Detail

setAuthMethod

public void setAuthMethod(String authMethod)

Set the auth method via WEB-INF/context.xml (JBoss AS)

Parameters:

authMethod -

setNeedSubjectPrincipalSubstitution

public void setNeedSubjectPrincipalSubstitution(String needSubjectPrincipalSubstitutionVal)

setSubjectInteractionClassName

public void setSubjectInteractionClassName(String subjectRetrieverClassName)

Set this if you want to override the default SubjectSecurityInteraction

Parameters:

subjectRetrieverClassName -

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                   org.apache.catalina.connector.Response response,
                   org.apache.catalina.deploy.LoginConfig loginConfig)
                     throws IOException

Throws:

IOException

authenticate

public boolean authenticate(HttpServletRequest request,
                   HttpServletResponse response,
                   org.apache.catalina.deploy.LoginConfig loginConfig)
                     throws IOException

Throws:

IOException

getSubjectPrincipal

protected Principal getSubjectPrincipal()