org.opensaml.saml.saml2.profile.impl

Class AbstractDecryptAction

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.saml.saml2.profile.impl.AbstractDecryptAction

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, ProfileAction

Direct Known Subclasses:

DecryptAssertions, DecryptAttributes, DecryptNameIDs

public abstract class AbstractDecryptAction
extends AbstractProfileAction

Abstract base class for actions that perform SAML decryption.

The actual message to handle is obtained via strategy function, by default the inbound message.

The SecurityParametersContext governing the decryption process is located by a lookup strategy, by default a child of the inbound message context.

Field Summary

Fields

Modifier and Type	Field and Description
private Decrypter	decrypter The decryption object.
private com.google.common.base.Predicate<net.shibboleth.utilities.java.support.collection.Pair<ProfileRequestContext,EncryptedElementType>>	decryptionPredicate Predicate determining whether to attempt decryption.
private boolean	errorFatal Are decryption failures a fatal condition?
private org.slf4j.Logger	log Class logger.
private SAMLObject	message Message to operate on.
private com.google.common.base.Function<ProfileRequestContext,java.lang.Object>	messageLookupStrategy Strategy used to locate the SAML message to operate on.
private com.google.common.base.Function<ProfileRequestContext,SecurityParametersContext>	securityParamsLookupStrategy Strategy used to locate the SecurityParametersContext.

Constructor Summary

Constructors

Constructor and Description
AbstractDecryptAction() Constructor.

Method Summary

Modifier and Type	Method and Description
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext) Called prior to execution, actions may override this method to perform pre-processing for a request.
Decrypter	getDecrypter() Get the decrypter.
com.google.common.base.Predicate<net.shibboleth.utilities.java.support.collection.Pair<ProfileRequestContext,EncryptedElementType>>	getDecryptionPredicate() Get the predicate used to determine whether to attempt decryption.
SAMLObject	getSAMLObject() Get the object to act on.
boolean	isErrorFatal() Get whether decryption failure should be treated as an error or ignored.
void	setDecryptionPredicate(com.google.common.base.Predicate<net.shibboleth.utilities.java.support.collection.Pair<ProfileRequestContext,EncryptedElementType>> predicate) Set the predicate used to determine whether to attempt decryption.
void	setErrorFatal(boolean flag) Set whether decryption failure should be treated as an error or ignored.
void	setMessageLookupStrategy(com.google.common.base.Function<ProfileRequestContext,java.lang.Object> strategy) Set the strategy used to locate the SAMLObject to operate on.
void	setSecurityParametersContextLookupStrategy(com.google.common.base.Function<ProfileRequestContext,SecurityParametersContext> strategy) Set the strategy used to locate the SecurityParametersContext associated with a given ProfileRequestContext.

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doExecute, doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

errorFatal

private boolean errorFatal

Are decryption failures a fatal condition?

securityParamsLookupStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,SecurityParametersContext> securityParamsLookupStrategy

Strategy used to locate the SecurityParametersContext.

messageLookupStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,java.lang.Object> messageLookupStrategy

Strategy used to locate the SAML message to operate on.

decryptionPredicate

@Nonnull
private com.google.common.base.Predicate<net.shibboleth.utilities.java.support.collection.Pair<ProfileRequestContext,EncryptedElementType>> decryptionPredicate

Predicate determining whether to attempt decryption.

decrypter

@Nullable
private Decrypter decrypter

The decryption object.

message

@Nullable
private SAMLObject message

Message to operate on.

Constructor Detail

AbstractDecryptAction

public AbstractDecryptAction()

Constructor.

Method Detail

isErrorFatal

public boolean isErrorFatal()

Get whether decryption failure should be treated as an error or ignored.

Returns:

whether decryption failure should be treated as an error or ignored

setErrorFatal

public void setErrorFatal(boolean flag)

Set whether decryption failure should be treated as an error or ignored.

Parameters:

flag - true iff decryption failure should be fatal

setSecurityParametersContextLookupStrategy

public void setSecurityParametersContextLookupStrategy(@Nonnull
                                                       com.google.common.base.Function<ProfileRequestContext,SecurityParametersContext> strategy)

Set the strategy used to locate the SecurityParametersContext associated with a given ProfileRequestContext.

Parameters:

strategy - strategy used to locate the SecurityParametersContext associated with a given ProfileRequestContext

setMessageLookupStrategy

public void setMessageLookupStrategy(@Nonnull
                                     com.google.common.base.Function<ProfileRequestContext,java.lang.Object> strategy)

Set the strategy used to locate the SAMLObject to operate on.

Parameters:

strategy - strategy used to locate the SAMLObject to operate on

getDecryptionPredicate

@Nonnull
public com.google.common.base.Predicate<net.shibboleth.utilities.java.support.collection.Pair<ProfileRequestContext,EncryptedElementType>> getDecryptionPredicate()

Get the predicate used to determine whether to attempt decryption.

Returns:

the predicate

setDecryptionPredicate

public void setDecryptionPredicate(@Nonnull
                                   com.google.common.base.Predicate<net.shibboleth.utilities.java.support.collection.Pair<ProfileRequestContext,EncryptedElementType>> predicate)

Set the predicate used to determine whether to attempt decryption.

Parameters:

predicate - predicate to use

getDecrypter

@Nullable
public Decrypter getDecrypter()

Get the decrypter.

Returns:

the decrypter

getSAMLObject

@Nullable
public SAMLObject getSAMLObject()

Get the object to act on.

Returns:

the object to act on

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Called prior to execution, actions may override this method to perform pre-processing for a request.

If false is returned, execution will not proceed, and the action should attach an EventContext to the context tree to signal how to continue with overall workflow processing.

If returning successfully, the last step should be to return the result of the superclass version of this method.

Overrides:

doPreExecute in class AbstractProfileAction

Parameters:

profileRequestContext - the current IdP profile request context

Returns:

true iff execution should proceed