org.opensaml.saml.saml2.profile.impl

Class AddSubjectConfirmationToSubjects

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, ProfileAction

public class AddSubjectConfirmationToSubjects
extends AbstractProfileAction

Action that builds SubjectConfirmation and adds it to the Subject of all the assertions found in a Response. The message to update is returned by a lookup strategy, by default the message returned by InOutOperationContext.getOutboundMessageContext().

No assertions will be created by this action, but if no Subject exists in the assertions found, it will be cretaed.

An associated SubjectConfirmationData will be built to spec based on a set of lookup functions that optionally provide various attributes. They have appropriate defaults for the simple use case of a bearer SSO assertion but need to be overridden for other cases.

Field Summary

Fields

Modifier and Type	Field and Description
private com.google.common.base.Function<ProfileRequestContext,java.lang.String>	addressLookupStrategy Optional strategy to obtain value for SubjectConfirmationData.getAddress().
private SAMLObjectBuilder<SubjectConfirmation>	confirmationBuilder Builder for SubjectConfirmation objects.
private SAMLObjectBuilder<SubjectConfirmationData>	confirmationDataBuilder Builder for SubjectConfirmation objects.
private java.lang.String	confirmationMethod Method to add.
private com.google.common.base.Function<ProfileRequestContext,java.lang.String>	inResponseToLookupStrategy Optional strategy to obtain value for SubjectConfirmationData.getInResponseTo().
private com.google.common.base.Function<ProfileRequestContext,java.lang.Long>	lifetimeLookupStrategy Optional strategy to obtain value for SubjectConfirmationData.getNotOnOrAfter().
private org.slf4j.Logger	log Class logger.
private boolean	overwriteExisting Flag controlling whether to overwrite existing confirmations.
private com.google.common.base.Function<ProfileRequestContext,java.lang.String>	recipientLookupStrategy Optional strategy to obtain value for SubjectConfirmationData.getRecipient().
private Response	response Response to modify.
private com.google.common.base.Function<ProfileRequestContext,Response>	responseLookupStrategy Strategy used to locate the Response to operate on.
private SAMLObjectBuilder<Subject>	subjectBuilder Builder for Subject objects.

Constructor Summary

Constructors

Constructor and Description
AddSubjectConfirmationToSubjects() Constructor.

Method Summary

Modifier and Type	Method and Description
private SubjectConfirmation	cloneConfirmation(SubjectConfirmation confirmation) Create an efficient field-wise copy of a SubjectConfirmation.
protected void	doExecute(ProfileRequestContext profileRequestContext) Performs this action.
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext) Called prior to execution, actions may override this method to perform pre-processing for a request.
private Subject	getAssertionSubject(Assertion assertion) Get the subject to which the confirmation will be added.
void	setAddressLookupStrategy(com.google.common.base.Function<ProfileRequestContext,java.lang.String> strategy) Set the strategy used to obtain value for SubjectConfirmationData.getAddress().
void	setInResponseToLookupStrategy(com.google.common.base.Function<ProfileRequestContext,java.lang.String> strategy) Set the strategy used to obtain value for SubjectConfirmationData.getInResponseTo().
void	setLifetimeLookupStrategy(com.google.common.base.Function<ProfileRequestContext,java.lang.Long> strategy) Set the strategy used to obtain value for SubjectConfirmationData.getNotOnOrAfter().
void	setMethod(java.lang.String method) Set the confirmation method to use.
void	setOverwriteExisting(boolean flag) Set whether to overwrite any existing SubjectConfirmation objects found.
void	setRecipientLookupStrategy(com.google.common.base.Function<ProfileRequestContext,java.lang.String> strategy) Set the strategy used to obtain value for SubjectConfirmationData.getRecipient().
void	setResponseLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Response> strategy) Set the strategy used to locate the Response to operate on.

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

subjectBuilder

@Nonnull
private final SAMLObjectBuilder<Subject> subjectBuilder

Builder for Subject objects.

confirmationBuilder

@Nonnull
private final SAMLObjectBuilder<SubjectConfirmation> confirmationBuilder

Builder for SubjectConfirmation objects.

confirmationDataBuilder

@Nonnull
private final SAMLObjectBuilder<SubjectConfirmationData> confirmationDataBuilder

Builder for SubjectConfirmation objects.

overwriteExisting

private boolean overwriteExisting

Flag controlling whether to overwrite existing confirmations.

responseLookupStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,Response> responseLookupStrategy

Strategy used to locate the Response to operate on.

addressLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,java.lang.String> addressLookupStrategy

Optional strategy to obtain value for SubjectConfirmationData.getAddress().

inResponseToLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,java.lang.String> inResponseToLookupStrategy

Optional strategy to obtain value for SubjectConfirmationData.getInResponseTo().

recipientLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,java.lang.String> recipientLookupStrategy

Optional strategy to obtain value for SubjectConfirmationData.getRecipient().

lifetimeLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,java.lang.Long> lifetimeLookupStrategy

Optional strategy to obtain value for SubjectConfirmationData.getNotOnOrAfter().

confirmationMethod

@NonnullAfterInit
private java.lang.String confirmationMethod

Method to add.

response

@Nullable
private Response response

Response to modify.

Constructor Detail

AddSubjectConfirmationToSubjects

public AddSubjectConfirmationToSubjects()

Constructor.

Method Detail

setOverwriteExisting

public void setOverwriteExisting(boolean flag)

Set whether to overwrite any existing SubjectConfirmation objects found.

Parameters:

flag - true iff the action should overwrite any existing objects

setResponseLookupStrategy

public void setResponseLookupStrategy(@Nonnull
                                      com.google.common.base.Function<ProfileRequestContext,Response> strategy)

Set the strategy used to locate the Response to operate on.

Parameters:

strategy - strategy used to locate the Response to operate on

setAddressLookupStrategy

public void setAddressLookupStrategy(@Nullable
                                     com.google.common.base.Function<ProfileRequestContext,java.lang.String> strategy)

Set the strategy used to obtain value for SubjectConfirmationData.getAddress().

Parameters:

strategy - lookup strategy

setInResponseToLookupStrategy

public void setInResponseToLookupStrategy(@Nullable
                                          com.google.common.base.Function<ProfileRequestContext,java.lang.String> strategy)

Set the strategy used to obtain value for SubjectConfirmationData.getInResponseTo().

Parameters:

strategy - lookup strategy

setRecipientLookupStrategy

public void setRecipientLookupStrategy(@Nullable
                                       com.google.common.base.Function<ProfileRequestContext,java.lang.String> strategy)

Set the strategy used to obtain value for SubjectConfirmationData.getRecipient().

Parameters:

strategy - lookup strategy

setLifetimeLookupStrategy

public void setLifetimeLookupStrategy(@Nullable
                                      com.google.common.base.Function<ProfileRequestContext,java.lang.Long> strategy)

Set the strategy used to obtain value for SubjectConfirmationData.getNotOnOrAfter().

Parameters:

strategy - lookup strategy

setMethod

public void setMethod(@Nonnull @NotEmpty
                      java.lang.String method)

Set the confirmation method to use.

Parameters:

method - confirmation method to use

doInitialize

protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException

Overrides:

doInitialize in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Throws:

net.shibboleth.utilities.java.support.component.ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Called prior to execution, actions may override this method to perform pre-processing for a request.

If false is returned, execution will not proceed, and the action should attach an EventContext to the context tree to signal how to continue with overall workflow processing.

If returning successfully, the last step should be to return the result of the superclass version of this method.

Overrides:

doPreExecute in class AbstractProfileAction

Parameters:

profileRequestContext - the current IdP profile request context

Returns:

true iff execution should proceed

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Performs this action. Actions must override this method to perform their work.

Overrides:

doExecute in class AbstractProfileAction

Parameters:

profileRequestContext - the current IdP profile request context

getAssertionSubject

@Nonnull
private Subject getAssertionSubject(@Nonnull
                                             Assertion assertion)

Get the subject to which the confirmation will be added.

Parameters:

assertion - the assertion being modified

Returns:

the subject to which the confirmation will be added

cloneConfirmation

@Nonnull
private SubjectConfirmation cloneConfirmation(@Nonnull
                                                       SubjectConfirmation confirmation)

Create an efficient field-wise copy of a SubjectConfirmation.

Parameters:

confirmation - the object to clone

Returns:

the copy