org.opensaml.saml.saml2.profile.impl

Class AddProxyRestrictionToAssertions

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>

org.opensaml.profile.action.AbstractConditionalProfileAction

org.opensaml.saml.saml2.profile.impl.AddProxyRestrictionToAssertions

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, ProfileAction

public class AddProxyRestrictionToAssertions
extends AbstractConditionalProfileAction

Action adds an ProxyRestriction to every Assertion contained in a SAML 2 response, with the audiences and count obtained from a lookup function. If the containing Conditions is not present, it will be created.

Field Summary

Fields

Modifier and Type	Field and Description
private java.util.Collection<java.lang.String>	audiences Audiences to add.
private org.slf4j.Logger	log Class logger.
private com.google.common.base.Function<ProfileRequestContext,java.util.Collection<java.lang.String>>	proxyAudiencesLookupStrategy Strategy used to obtain the audiences to add.
private com.google.common.base.Function<ProfileRequestContext,java.lang.Long>	proxyCountLookupStrategy Strategy used to obtain the proxy count to add.
private Response	response Response to modify.
private com.google.common.base.Function<ProfileRequestContext,Response>	responseLookupStrategy Strategy used to locate the Response to operate on.

Constructor Summary

Constructors

Constructor and Description
AddProxyRestrictionToAssertions() Constructor.

Method Summary

Modifier and Type	Method and Description
private void	addProxyRestriction(ProfileRequestContext profileRequestContext, Conditions conditions) Add the audiences obtained from a lookup function to the ProxyRestriction.
protected void	doExecute(ProfileRequestContext profileRequestContext) Performs this action.
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext) Called prior to execution, actions may override this method to perform pre-processing for a request.
private ProxyRestriction	getProxyRestriction(Conditions conditions) Get the ProxyRestriction to which audiences will be added.
void	setProxyAudiencesLookupStrategy(com.google.common.base.Function<ProfileRequestContext,java.util.Collection<java.lang.String>> strategy) Set the strategy used to obtain the proxy restrictions to apply.
void	setProxyCountLookupStrategy(com.google.common.base.Function<ProfileRequestContext,java.lang.Long> strategy) Set the strategy used to obtain the proxy count to apply.
void	setResponseLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Response> strategy) Set the strategy used to locate the Response to operate on.

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

responseLookupStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,Response> responseLookupStrategy

Strategy used to locate the Response to operate on.

proxyAudiencesLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,java.util.Collection<java.lang.String>> proxyAudiencesLookupStrategy

Strategy used to obtain the audiences to add.

proxyCountLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,java.lang.Long> proxyCountLookupStrategy

Strategy used to obtain the proxy count to add.

response

@Nullable
private Response response

Response to modify.

audiences

@Nullable
private java.util.Collection<java.lang.String> audiences

Audiences to add.

Constructor Detail

AddProxyRestrictionToAssertions

public AddProxyRestrictionToAssertions()

Constructor.

Method Detail

setResponseLookupStrategy

public void setResponseLookupStrategy(@Nonnull
                                      com.google.common.base.Function<ProfileRequestContext,Response> strategy)

Set the strategy used to locate the Response to operate on.

Parameters:

strategy - lookup strategy

setProxyAudiencesLookupStrategy

public void setProxyAudiencesLookupStrategy(@Nonnull
                                            com.google.common.base.Function<ProfileRequestContext,java.util.Collection<java.lang.String>> strategy)

Set the strategy used to obtain the proxy restrictions to apply.

Parameters:

strategy - lookup strategy

setProxyCountLookupStrategy

public void setProxyCountLookupStrategy(@Nonnull
                                        com.google.common.base.Function<ProfileRequestContext,java.lang.Long> strategy)

Set the strategy used to obtain the proxy count to apply.

Parameters:

strategy - lookup strategy

doInitialize

protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException

Overrides:

doInitialize in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Throws:

net.shibboleth.utilities.java.support.component.ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Called prior to execution, actions may override this method to perform pre-processing for a request.

If false is returned, execution will not proceed, and the action should attach an EventContext to the context tree to signal how to continue with overall workflow processing.

If returning successfully, the last step should be to return the result of the superclass version of this method.

Overrides:

doPreExecute in class AbstractConditionalProfileAction

Parameters:

profileRequestContext - the current IdP profile request context

Returns:

true iff execution should proceed

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Performs this action. Actions must override this method to perform their work.

Overrides:

doExecute in class AbstractProfileAction

Parameters:

profileRequestContext - the current IdP profile request context

addProxyRestriction

private void addProxyRestriction(@Nonnull
                                 ProfileRequestContext profileRequestContext,
                                 @Nonnull
                                 Conditions conditions)

Add the audiences obtained from a lookup function to the ProxyRestriction. If no ProxyRestriction exists on the given Conditions one is created and added.

Parameters:

profileRequestContext - current profile request context

conditions - condition that has, or will receive the created, ProxyRestriction

getProxyRestriction

@Nonnull
private ProxyRestriction getProxyRestriction(@Nonnull
                                                      Conditions conditions)

Get the ProxyRestriction to which audiences will be added.

Parameters:

conditions - existing set of conditions

Returns:

the condition to which audiences will be added