Package org.opensaml.saml.saml2.profile.impl

Class AddProxyRestrictionToAssertions

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
org.opensaml.saml.saml2.profile.impl.AddProxyRestrictionToAssertions
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction
public class AddProxyRestrictionToAssertions extends AbstractConditionalProfileAction
Action adds an ProxyRestriction to every Assertion contained in a SAML 2 response, with the audiences and count obtained from a lookup function. If the containing Conditions is not present, it will be created.
Event:
EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX

  • Field Details

  • Constructor Details

    • AddProxyRestrictionToAssertions

      public AddProxyRestrictionToAssertions()
      Constructor.

  • Method Details

    • setResponseLookupStrategy

      public void setResponseLookupStrategy(@Nonnull Function<ProfileRequestContext,Response> strategy)
      Set the strategy used to locate the Response to operate on.
      Parameters:
      strategy - lookup strategy

    • setProxyRestrictionLookupStrategy

      public void setProxyRestrictionLookupStrategy(@Nonnull Function<ProfileRequestContext,Pair<Integer,Set<String>>> strategy)
      Set the strategy used to obtain the proxy restrictions to apply.
      Parameters:
      strategy - lookup strategy

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractInitializableComponent
      Throws:
      ComponentInitializationException

    • doPreExecute

      protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
      Called prior to execution, actions may override this method to perform pre-processing for a request.

      If false is returned, execution will not proceed, and the action should attach an EventContext to the context tree to signal how to continue with overall workflow processing.

      If returning successfully, the last step should be to return the result of the superclass version of this method.

      Overrides:
      doPreExecute in class AbstractConditionalProfileAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      Returns:
      true iff execution should proceed

    • doExecute

      protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
      Performs this action. Actions must override this method to perform their work.
      Overrides:
      doExecute in class AbstractProfileAction
      Parameters:
      profileRequestContext - the current IdP profile request context

    • addProxyRestriction

      private void addProxyRestriction(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull Conditions conditions)
      Add the audiences obtained from a lookup function to the ProxyRestriction. If no ProxyRestriction exists on the given Conditions one is created and added.
      Parameters:
      profileRequestContext - current profile request context
      conditions - condition that has, or will receive the created, ProxyRestriction

    • getProxyRestriction

      @Nonnull private ProxyRestriction getProxyRestriction(@Nonnull Conditions conditions)
      Get the ProxyRestriction to which audiences will be added.
      Parameters:
      conditions - existing set of conditions
      Returns:
      the condition to which audiences will be added