Package org.opensaml.saml.common.profile.impl

Class AddAudienceRestrictionToAssertions

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction
public class AddAudienceRestrictionToAssertions extends AbstractConditionalProfileAction
Action adds an audience restriction condition to every assertion contained in a SAML 1/2 response, with the audiences obtained from a lookup function. If the containing Conditions is not present, it will be created.
Event:
EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • addingAudiencesToExistingRestriction

      private boolean addingAudiencesToExistingRestriction
      Whether, if an assertion already contains an audience restriction, this action will add its audiences to that restriction or create another one.

    • responseLookupStrategy

      @Nonnull private Function<ProfileRequestContext,SAMLObject> responseLookupStrategy
      Strategy used to locate the Response to operate on.

    • audienceRestrictionsLookupStrategy

      @NonnullAfterInit private Function<ProfileRequestContext,Collection<String>> audienceRestrictionsLookupStrategy
      Strategy used to obtain the audiences to add.

    • response

      @NonnullBeforeExec private SAMLObject response
      Response to modify.

    • audiences

      @NonnullBeforeExec private Collection<String> audiences
      Audiences to add.

  • Constructor Details

    • AddAudienceRestrictionToAssertions

      public AddAudienceRestrictionToAssertions()
      Constructor.

  • Method Details

    • setResponseLookupStrategy

      public void setResponseLookupStrategy(@Nonnull Function<ProfileRequestContext,SAMLObject> strategy)
      Set the strategy used to locate the Response to operate on.
      Parameters:
      strategy - lookup strategy

    • setAddingAudiencesToExistingRestriction

      public void setAddingAudiencesToExistingRestriction(boolean addingToExistingRestriction)
      Set whether, if an assertion already contains an audience restriction, this action will add its audiences to that restriction or create another one.
      Parameters:
      addingToExistingRestriction - whether this action will add its audiences to that restriction or create another one

    • setAudienceRestrictionsLookupStrategy

      public void setAudienceRestrictionsLookupStrategy(@Nonnull Function<ProfileRequestContext,Collection<String>> strategy)
      Set the strategy used to obtain the audience restrictions to apply.
      Parameters:
      strategy - lookup strategy

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractInitializableComponent
      Throws:
      ComponentInitializationException

    • doPreExecute

      protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
      Called prior to execution, actions may override this method to perform pre-processing for a request.

      If false is returned, execution will not proceed, and the action should attach an EventContext to the context tree to signal how to continue with overall workflow processing.

      If returning successfully, the last step should be to return the result of the superclass version of this method.

      Overrides:
      doPreExecute in class AbstractConditionalProfileAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      Returns:
      true iff execution should proceed

    • doExecute

      protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
      Performs this action. Actions must override this method to perform their work.
      Overrides:
      doExecute in class AbstractProfileAction
      Parameters:
      profileRequestContext - the current IdP profile request context

    • addAudienceRestriction

      private void addAudienceRestriction(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull Conditions conditions)
      Add the audiences obtained from a lookup function to the AudienceRestrictionCondition. If no AudienceRestrictionCondition exists on the given Conditions one is created and added.
      Parameters:
      profileRequestContext - current profile request context
      conditions - condition that has, or will receive the created, AudienceRestrictionCondition

    • addAudienceRestriction

      private void addAudienceRestriction(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull Conditions conditions)
      Add the audiences obtained from a lookup function to the AudienceRestriction. If no AudienceRestriction exists on the given Conditions one is created and added.
      Parameters:
      profileRequestContext - current profile request context
      conditions - condition that has, or will receive the created, AudienceRestriction

    • getAudienceRestrictionCondition

      @Nonnull private AudienceRestrictionCondition getAudienceRestrictionCondition(@Nonnull Conditions conditions)
      Get the AudienceRestrictionCondition to which audiences will be added.
      Parameters:
      conditions - existing set of conditions
      Returns:
      the condition to which audiences will be added

    • getAudienceRestriction

      @Nonnull private AudienceRestriction getAudienceRestriction(@Nonnull Conditions conditions)
      Get the AudienceRestriction to which audiences will be added.
      Parameters:
      conditions - existing set of conditions
      Returns:
      the condition to which audiences will be added