Class AddNameIDToSubjects
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction
Action that builds a
NameID and adds it to the Subject of all the assertions
found in a Response. The message to update is returned by a lookup strategy, by default
the message returned by InOutOperationContext.getOutboundMessageContext().
If no Response exists, then an Assertion directly in the outbound message context will
be used or created by the default lookup strategy.
If no Subject exists in the assertions found, it will be cretaed.
The source of the NameID is one of a set of candidate SAML2NameIDGenerator
plugins injected into the action. The plugin(s) to attempt to use are derived from the Format value,
which is established by a lookup strategy.
In addition, the generation process is influenced by the requested NameIDPolicy, which
is evaluated using a pluggable predicate.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate classDefault strategy for obtaining assertions to modify.static classLookup function that returns theNameIDPolicyfrom anAuthnRequestmessage returned from a lookup function, by default the inbound message.static classLookup function that returnsRequestAbstractType.getIssuer()from a request message returned from a lookup function, by default the inbound message. -
Field Summary
FieldsModifier and TypeFieldDescriptionResponse to modify.private Function<ProfileRequestContext,List<Assertion>> Strategy used to locate theResponseto operate on.private Function<ProfileRequestContext,List<String>> Strategy used to determine the formats to try.Formats to try.private SAML2NameIDGeneratorGenerator to use.private IdentifierGenerationStrategyThe generator to use.Strategy used to locate theIdentifierGenerationStrategyto use.private StringEntityID to populate into Issuer element.private Function<ProfileRequestContext,String> Strategy used to obtain the response issuer value.private final org.slf4j.LoggerClass logger.private SAMLObjectBuilder<NameID>Builder for NameID objects.private Predicate<ProfileRequestContext>Predicate to validateNameIDPolicy.private booleanFlag controlling whether to overwrite an existing NameID.private AuthnRequestRequest to examine.private Function<ProfileRequestContext,AuthnRequest> Strategy used to locate theAuthnRequestto operate on, if any.private StringFormat required by requestedNameIDPolicy.private SAMLObjectBuilder<Subject>Builder for Subject objects. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate NameIDcloneNameID(NameID nameId) Create an efficient field-wise copy of aNameID.protected voiddoExecute(ProfileRequestContext profileRequestContext) Performs this action.protected voidprotected booleandoPreExecute(ProfileRequestContext profileRequestContext) Called prior to execution, actions may override this method to perform pre-processing for a request.private NameIDgenerateNameID(ProfileRequestContext profileRequestContext) Attempt to generate aNameIDusing each of the candidate Formats and plugins.private SubjectgetAssertionSubject(Assertion assertion) Get the subject to which the name identifier will be added.private StringgetRequiredFormat(ProfileRequestContext profileRequestContext) Extract a format required by the inbound request, if present.voidSet the strategy used to locate theAssertions to operate on.voidsetFormatLookupStrategy(Function<ProfileRequestContext, List<String>> strategy) Set the strategy function to use to obtain the formats to try.voidsetIdentifierGeneratorLookupStrategy(Function<ProfileRequestContext, IdentifierGenerationStrategy> strategy) Set the strategy used to locate theIdentifierGenerationStrategyto use.voidSet the strategy used to locate the issuer value to use.voidsetNameIDGenerator(SAML2NameIDGenerator theGenerator) Set the generator to use.voidsetNameIDPolicyPredicate(Predicate<ProfileRequestContext> predicate) Set the predicate used to evaluate theNameIDPolicy.voidsetOverwriteExisting(boolean flag) Set whether to overwrite any existingNameIDobjects found.voidSet the strategy used to locate theAuthnRequestto examine, if any.Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, ensureHttpServletRequest, ensureHttpServletResponse, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, isPreExecuteCalled, setHttpServletRequestSupplier, setHttpServletResponseSupplierMethods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.shared.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
subjectBuilder
Builder for Subject objects. -
nameIdBuilder
Builder for NameID objects. -
overwriteExisting
private boolean overwriteExistingFlag controlling whether to overwrite an existing NameID. -
requestLookupStrategy
Strategy used to locate theAuthnRequestto operate on, if any. -
assertionsLookupStrategy
Strategy used to locate theResponseto operate on. -
idGeneratorLookupStrategy
@Nonnull private Function<ProfileRequestContext,IdentifierGenerationStrategy> idGeneratorLookupStrategyStrategy used to locate theIdentifierGenerationStrategyto use. -
issuerLookupStrategy
Strategy used to obtain the response issuer value. -
nameIDPolicyPredicate
Predicate to validateNameIDPolicy. -
formatLookupStrategy
Strategy used to determine the formats to try. -
generator
Generator to use. -
formats
Formats to try. -
requiredFormat
Format required by requestedNameIDPolicy. -
request
Request to examine. -
assertions
Response to modify. -
idGenerator
The generator to use. -
issuerId
EntityID to populate into Issuer element.
-
-
Constructor Details
-
AddNameIDToSubjects
Constructor.- Throws:
ComponentInitializationException- if an error occurs initializing default predicate.
-
-
Method Details
-
setOverwriteExisting
public void setOverwriteExisting(boolean flag) Set whether to overwrite any existingNameIDobjects found.- Parameters:
flag- true iff the action should overwrite any existing objects
-
setRequestLookupStrategy
public void setRequestLookupStrategy(@Nonnull Function<ProfileRequestContext, AuthnRequest> strategy) Set the strategy used to locate theAuthnRequestto examine, if any.- Parameters:
strategy- strategy used to locate theAuthnRequest
-
setAssertionsLookupStrategy
public void setAssertionsLookupStrategy(@Nonnull Function<ProfileRequestContext, List<Assertion>> strategy) Set the strategy used to locate theAssertions to operate on.- Parameters:
strategy- lookup strategy
-
setIdentifierGeneratorLookupStrategy
public void setIdentifierGeneratorLookupStrategy(@Nonnull Function<ProfileRequestContext, IdentifierGenerationStrategy> strategy) Set the strategy used to locate theIdentifierGenerationStrategyto use.- Parameters:
strategy- lookup strategy
-
setIssuerLookupStrategy
Set the strategy used to locate the issuer value to use.- Parameters:
strategy- lookup strategy
-
setNameIDPolicyPredicate
Set the predicate used to evaluate theNameIDPolicy.- Parameters:
predicate- predicate used to evaluate theNameIDPolicy
-
setFormatLookupStrategy
Set the strategy function to use to obtain the formats to try.- Parameters:
strategy- format lookup strategy
-
setNameIDGenerator
Set the generator to use.- Parameters:
theGenerator- the generator to use
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
doPreExecute
Called prior to execution, actions may override this method to perform pre-processing for a request.If false is returned, execution will not proceed, and the action should attach an
EventContextto the context tree to signal how to continue with overall workflow processing.If returning successfully, the last step should be to return the result of the superclass version of this method.
- Overrides:
doPreExecutein classAbstractProfileAction- Parameters:
profileRequestContext- the current IdP profile request context- Returns:
- true iff execution should proceed
-
doExecute
Performs this action. Actions must override this method to perform their work.- Overrides:
doExecutein classAbstractProfileAction- Parameters:
profileRequestContext- the current IdP profile request context
-
getRequiredFormat
Extract a format required by the inbound request, if present.- Parameters:
profileRequestContext- current profile request context- Returns:
- a format dictated by the request, or null
-
generateNameID
Attempt to generate aNameIDusing each of the candidate Formats and plugins.- Parameters:
profileRequestContext- current profile request context- Returns:
- a generated
NameIDor null
-
getAssertionSubject
Get the subject to which the name identifier will be added.- Parameters:
assertion- the assertion being modified- Returns:
- the assertion to which the name identifier will be added
-
cloneNameID
Create an efficient field-wise copy of aNameID.- Parameters:
nameId- the object to clone- Returns:
- the copy
-