org.apereo.cas.adaptors.x509.authentication.principal

Class X509SubjectPrincipalResolver

java.lang.Object

org.apereo.cas.authentication.principal.PersonDirectoryPrincipalResolver

org.apereo.cas.adaptors.x509.authentication.principal.AbstractX509PrincipalResolver

org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectPrincipalResolver

All Implemented Interfaces:

org.apereo.cas.authentication.principal.PrincipalResolver

@RefreshScope
 @Component(value="x509SubjectPrincipalResolver")
public class X509SubjectPrincipalResolver
extends AbstractX509PrincipalResolver

Credential to principal resolver that extracts one or more attribute values from the certificate subject DN and combines them with intervening delimiters.

Since:

3.4.4

Field Summary

Fields inherited from class org.apereo.cas.authentication.principal.PersonDirectoryPrincipalResolver

attributeRepository, logger, principalAttributeName, principalFactory, returnNullIfNoAttributes

Constructor Summary

Constructors

Constructor and Description
X509SubjectPrincipalResolver()

Method Summary

Modifier and Type	Method and Description
protected java.lang.String	resolvePrincipalInternal(java.security.cert.X509Certificate certificate) Replaces placeholders in the descriptor with values extracted from attribute values in relative distinguished name components of the DN.
void	setDescriptor(java.lang.String s) Sets the descriptor that describes for format of the principal ID to create from X.509 subject DN attributes.

Methods inherited from class org.apereo.cas.adaptors.x509.authentication.principal.AbstractX509PrincipalResolver

extractPrincipalId, supports

Methods inherited from class org.apereo.cas.authentication.principal.PersonDirectoryPrincipalResolver

convertPersonAttributesToPrincipal, resolve, retrievePersonAttributes, setAttributeRepository, setPrincipalAttributeName, setPrincipalFactory, setReturnNullIfNoAttributes

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509SubjectPrincipalResolver

public X509SubjectPrincipalResolver()

Method Detail

setDescriptor

@Autowired
public void setDescriptor(@Value(value="${cas.x509.authn.principal.descriptor:}")
                                      java.lang.String s)

Sets the descriptor that describes for format of the principal ID to create from X.509 subject DN attributes. The descriptor is made up of common X.509 attribute names prefixed by "$", which are replaced by attribute values extracted from DN attribute values.

EXAMPLE:

{@code <bean class="X509SubjectPrincipalResolver" p:descriptor="$UID@$DC.$DC" /> }

The above bean when applied to a certificate with the DN

DC=edu, DC=vt/UID=jacky, CN=Jascarnella Ellagwonto

produces the principal jacky@vt.edu.

Parameters:

s - Descriptor string where attribute names are prefixed with "$" to identify replacement by real attribute values from the subject DN. Valid attributes include common X.509 DN attributes such as the following:

• C
• CN
• DC
• EMAILADDRESS
• L
• O
• OU
• SERIALNUMBER
• ST
• UID
• UNIQUEIDENTIFIER

For a complete list of supported attributes, see StandardAttributeType.

resolvePrincipalInternal

protected java.lang.String resolvePrincipalInternal(java.security.cert.X509Certificate certificate)

Replaces placeholders in the descriptor with values extracted from attribute values in relative distinguished name components of the DN.

Specified by:

resolvePrincipalInternal in class AbstractX509PrincipalResolver

Parameters:

certificate - X.509 certificate credential.

Returns:

Resolved principal ID.

See Also:

AbstractX509PrincipalResolver.resolvePrincipalInternal(java.security.cert.X509Certificate)