/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FSAuthnDecisionHandler.java,v 1.4 2008/06/25 05:46:53 qcheng Exp $
*
*/
/**
* Used by <code>IDP</code> to decide which authentication to use to meet the
* need of requested authentication context.
*/
public class FSAuthnDecisionHandler {
static {
}
/**
* Constructs a new <code>FSAuthnDecisionHandler</code> object. It handles
* authentication decision based on the configuration per identity provider.
* @param realm The realm under which the entity resides.
* @param entityID hosted identity provider entity ID
* @param request http servlet request
*/
public FSAuthnDecisionHandler(
{
+ "with entityID" + entityID);
}
}
}
if (metaManager == null) {
return;
}
try {
if (entityConfig == null) {
return;
}
idpAuthContextMap = new HashMap();
try {
} catch (FSException fe) {
"FSAuthContextHandler.getIDPAuthContextInfo: " +
}
continue;
}
}
}
} catch (IDFFMetaException e) {
"FSAuthContextHandler.getIDPAuthContextInfo: ", e);
}
}
}
/**
* Finds higher level authentication context.
*/
private FSIDPAuthenticationContextInfo
{
"FSAuthnDecisionHandler::getHigherAuthContext called.");
{
return returnObj;
}
}
"FSAuthnDecisionHandler::getHigherAuthContext returning null");
return null;
}
/**
* Finds highest authentication context lower than current one.
*/
private FSIDPAuthenticationContextInfo
{
"FSAuthnDecisionHandler::getHigherAuthContext called.");
{
{
}
}
}
return returnObj;
}
/**
* Decides if present authentication context is sufficient comparing to
* the requested authentication context.
* @param authContextRef requested authentication contexts
* @param presentAuthContext present authentication context
* @param authType authentication context comparison type. The possible
* values are <code>exact</code>, <code>minimum</code>,
* <code>better</code>, and <code>maximum</code>.
* @return <code>FSAuthContextResult</code> object with login url set if
* the present authentication context is not sufficient; login url set to
* <code>null</code> if the present authentication context is sufficient.
* Return <code>null</code> if it cannot be decided or appropriate
* authentication context cannot be obtained.
*/
{
+ "decideAuthnContext called with list. " + authContextRef
+ " and authComparisonType " + authType);
}
}
if (authContextRef != null) {
// by default, compAuthType is set to 0, which is EXACT
compAuthType = 1;
compAuthType = 2;
compAuthType = 3;
}
// either present is sufficient, or new one is created
return returnObj;
} // else cannot decide
}
}
return returnObj;
}
/**
* Finds authentication context result based on the request authentication
* context and comparison type.
* @param authContextClassRef list of requested authentication context
* class references
* @param authType requested authentication context comparison type.
* Possible values are <code>exact</code>, <code>minimum</code>,
* <code>better</code>, and <code>maximum</code>
* @return <code>FSAuthContextResult</code> object
*/
{
+ "getURLForAuthnContext called with list. "
+ " and authComparisonType " + authType);
}
}
// compAuthType was set to 0 which is EXACT.
compAuthType = 1;
compAuthType = 2;
compAuthType = 3;
}
return returnObj;
}
}
}
return returnObj;
}
/**
* Finds authentication context result based on the request authentication
* context. Comparison type is set to minimum.
* @param authContextClassRef list of requested authentication context
* class references
* @return <code>FSAuthContextResult</code> object
*/
}
/**
* Searches for the login page URL corresponding to the request
* authentication context class reference using the comparison type set
* in the class previously.
* @param authContextRef request authentication context class reference
* @return FSAuthContextResult object which contains the Login page URL
* and the corresponding AuthContext.
*/
{
"FSAuthDecisionHandler::getURLForAuthContext. Entered method");
"FSAuthnDecisionHandler::getURLForAuthnContext "
+"in auth context checking for "
+ authContextRef);
}
moduleIndicator != null)
{
+ moduleIndicator ;
} else {
}
return authResult;
} else {
+ "getURLForAuthnContext."
+ "login url is null, or auth info is not found");
}
} else {
+ "getURLForAuthnContext. Could not get any authcontext");
}
} else {
+ "getURLForAuthContext. Method called with"
+ "authContextMinRef null");
}
}
return null;
}
/**
* Decides if present authentication context is sufficient comparing to
* the requested authentication context using the comparison type set
* previously.
* @param authContextMinRef requested authentication context
* @param presentAuthContext present authentication context
* @return <code>FSAuthContextResult</code> object with login url set if
* the present authentication context is not sufficient; login url set to
* <code>null</code> if the present authentication context is sufficient.
* Return <code>null</code> if it cannot be decided or appropriate
* authentication context cannot be obtained.
*/
{
"FSAuthnDecisionHandler::decideAuthnContext. Entered method");
+ "decideAuthnContext.Present Auth Level"
+ " higher than needed.");
}
return new FSAuthContextResult();
} else {
return getURLForAuthnContext(authContextMinRef);
}
} else {
+" Not Supported AuthContext");
return null;
}
} else {
"FSAuthnDecisionHandler::decideAuthnContext."
+ " Method called with authContextMinRef null");
}
return null;
}
}
}