Package net.shibboleth.idp.authn.impl

Class AttributeSourcedSubjectCanonicalization

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction

net.shibboleth.idp.authn.impl.AttributeSourcedSubjectCanonicalization

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class AttributeSourcedSubjectCanonicalization
extends AbstractSubjectCanonicalizationAction

An action that extracts a resolved IdPAttribute value from an AttributeContext child obtained via lookup function (by default a child of the SubjectCanonicalizationContext), and uses it as the result of subject canonicalization.

This action operates on a set of previously resolved attributes that are presumed to have been generated based in some fashion on the content of the SubjectCanonicalizationContext.

String and scoped attribute values are supported.

Event:

EventIds.PROCEED_EVENT_ID, AuthnEventIds.INVALID_SUBJECT

Precondition:

ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null

Postcondition:

SubjectCanonicalizationContext.getPrincipalName() != null
  || SubjectCanonicalizationContext.getException() != null

Field Summary

Fields

Modifier and Type	Field	Description
private Function<ProfileRequestContext,AttributeContext>	attributeContextLookupStrategy	Lookup strategy for AttributeContext to read from.
private AttributeContext	attributeCtx	The context to read from.
private List<String>	attributeSourceIds	Ordered list of attributes to look for and read from.
private char	delimiter	Delimiter to use for scoped attribute serialization.
private org.slf4j.Logger	log	Class logger.
private boolean	resolveFromSubject	Whether to also check the original Subject for IdPAttributePrincipals.
private Map<String,IdPAttribute>	subjectSourcedAttributes	Indexed attributes pulled from subject.

Constructor Summary

Constructors

Constructor	Description
AttributeSourcedSubjectCanonicalization()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext, SubjectCanonicalizationContext c14nContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext, SubjectCanonicalizationContext c14nContext)
private String	findValue(IdPAttribute attribute)	Check for a compatible value in the input attribute.
void	setAttributeContextLookupStrategy(Function<ProfileRequestContext,AttributeContext> strategy)	Set the lookup strategy for the AttributeContext to read from.
void	setAttributeSourceIds(List<String> ids)	Set the attribute IDs to read from in order of preference.
void	setResolveFromSubject(boolean flag)	Whether to include any IdPAttributePrincipal objects found in the input Subject when searching for a matching attribute ID.
void	setScopedDelimiter(char ch)	Set the delimiter to use for serializing scoped attribute values.

Methods inherited from class net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction

applyTransforms, doExecute, doPreExecute, setLookupStrategy, setLowercase, setTransforms, setTrim, setUppercase

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

delimiter

private char delimiter

Delimiter to use for scoped attribute serialization.

resolveFromSubject

private boolean resolveFromSubject

Whether to also check the original Subject for IdPAttributePrincipals.

subjectSourcedAttributes

@Nonnull
@NonnullElements
private Map<String,IdPAttribute> subjectSourcedAttributes

Indexed attributes pulled from subject.

attributeSourceIds

@Nonnull
@NonnullElements
private List<String> attributeSourceIds

Ordered list of attributes to look for and read from.

attributeContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,AttributeContext> attributeContextLookupStrategy

Lookup strategy for AttributeContext to read from.

attributeCtx

@Nullable
private AttributeContext attributeCtx

The context to read from.

Constructor Detail

AttributeSourcedSubjectCanonicalization

public AttributeSourcedSubjectCanonicalization()

Constructor.

Method Detail

setScopedDelimiter

public void setScopedDelimiter(char ch)

Set the delimiter to use for serializing scoped attribute values.

Parameters:

ch - delimiter to use

setResolveFromSubject

public void setResolveFromSubject(boolean flag)

Whether to include any IdPAttributePrincipal objects found in the input Subject when searching for a matching attribute ID.

Parameters:

flag - flag to set

Since:

4.1.0

setAttributeSourceIds

public void setAttributeSourceIds(@Nonnull @NonnullElements
                                  List<String> ids)

Set the attribute IDs to read from in order of preference.

Parameters:

ids - attribute IDs to read from

setAttributeContextLookupStrategy

public void setAttributeContextLookupStrategy(@Nonnull
                                              Function<ProfileRequestContext,AttributeContext> strategy)

Set the lookup strategy for the AttributeContext to read from.

Parameters:

strategy - lookup strategy

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext,
                               @Nonnull
                               SubjectCanonicalizationContext c14nContext)

Overrides:

doPreExecute in class AbstractSubjectCanonicalizationAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext,
                         @Nonnull
                         SubjectCanonicalizationContext c14nContext)

Overrides:

doExecute in class AbstractSubjectCanonicalizationAction

findValue

@Nullable
private String findValue(@Nonnull
                         IdPAttribute attribute)

Check for a compatible value in the input attribute.

Parameters:

attribute - input attribute

Returns:

value to use for result, or null