Package org.opensaml.saml.saml2.profile.impl

Class AddSubjectConfirmationToSubjects

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, org.opensaml.profile.action.ProfileAction
    public class AddSubjectConfirmationToSubjects
extends org.opensaml.profile.action.AbstractProfileAction
    Action that builds SubjectConfirmation and adds it to the Subject of all the assertions found in a Response. The message to update is returned by a lookup strategy, by default the message returned by InOutOperationContext.getOutboundMessageContext().

    No assertions will be created by this action, but if no Subject exists in the assertions found, it will be cretaed.

    An associated SubjectConfirmationData will be built to spec based on a set of lookup functions that optionally provide various attributes. They have appropriate defaults for the simple use case of a bearer SSO assertion but need to be overridden for other cases.

    Event:
    EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private Function<org.opensaml.profile.context.ProfileRequestContext,​String> addressLookupStrategy
      Optional strategy to obtain value for SubjectConfirmationData.getAddress().
      private org.opensaml.saml.common.SAMLObjectBuilder<org.opensaml.saml.saml2.core.SubjectConfirmation> confirmationBuilder
      Builder for SubjectConfirmation objects.
      private org.opensaml.saml.common.SAMLObjectBuilder<org.opensaml.saml.saml2.core.SubjectConfirmationData> confirmationDataBuilder
      Builder for SubjectConfirmation objects.
      private String confirmationMethod
      Method to add.
      private Function<org.opensaml.profile.context.ProfileRequestContext,​String> inResponseToLookupStrategy
      Optional strategy to obtain value for SubjectConfirmationData.getInResponseTo().
      private Function<org.opensaml.profile.context.ProfileRequestContext,​Long> lifetimeLookupStrategy
      Optional strategy to obtain value for SubjectConfirmationData.getNotOnOrAfter().
      private Logger log
      Class logger.
      private boolean overwriteExisting
      Flag controlling whether to overwrite existing confirmations.
      private Function<org.opensaml.profile.context.ProfileRequestContext,​String> recipientLookupStrategy
      Optional strategy to obtain value for SubjectConfirmationData.getRecipient().
      private org.opensaml.saml.saml2.core.Response response
      Response to modify.
      private Function<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Response> responseLookupStrategy
      Strategy used to locate the Response to operate on.
      private org.opensaml.saml.common.SAMLObjectBuilder<org.opensaml.saml.saml2.core.Subject> subjectBuilder
      Builder for Subject objects.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private org.opensaml.saml.saml2.core.SubjectConfirmation cloneConfirmation​(org.opensaml.saml.saml2.core.SubjectConfirmation confirmation)
      Create an efficient field-wise copy of a SubjectConfirmation.
      protected void doExecute​(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
      protected void doInitialize()
      protected boolean doPreExecute​(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
      private org.opensaml.saml.saml2.core.Subject getAssertionSubject​(org.opensaml.saml.saml2.core.Assertion assertion)
      Get the subject to which the confirmation will be added.
      void setAddressLookupStrategy​(Function<org.opensaml.profile.context.ProfileRequestContext,​String> strategy)
      Set the strategy used to obtain value for SubjectConfirmationData.getAddress().
      void setInResponseToLookupStrategy​(Function<org.opensaml.profile.context.ProfileRequestContext,​String> strategy)
      Set the strategy used to obtain value for SubjectConfirmationData.getInResponseTo().
      void setLifetimeLookupStrategy​(Function<org.opensaml.profile.context.ProfileRequestContext,​Long> strategy)
      Set the strategy used to obtain value for SubjectConfirmationData.getNotOnOrAfter().
      void setMethod​(String method)
      Set the confirmation method to use.
      void setOverwriteExisting​(boolean flag)
      Set whether to overwrite any existing SubjectConfirmation objects found.
      void setRecipientLookupStrategy​(Function<org.opensaml.profile.context.ProfileRequestContext,​String> strategy)
      Set the strategy used to obtain value for SubjectConfirmationData.getRecipient().
      void setResponseLookupStrategy​(Function<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Response> strategy)
      Set the strategy used to locate the Response to operate on.

      • Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

        doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

      • Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

        destroy, doDestroy, initialize, isDestroyed, isInitialized

      • Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

        initialize, isInitialized

    • Field Detail

      • log

        @Nonnull
private final Logger log
        Class logger.

      • subjectBuilder

        @Nonnull
private final org.opensaml.saml.common.SAMLObjectBuilder<org.opensaml.saml.saml2.core.Subject> subjectBuilder
        Builder for Subject objects.

      • confirmationBuilder

        @Nonnull
private final org.opensaml.saml.common.SAMLObjectBuilder<org.opensaml.saml.saml2.core.SubjectConfirmation> confirmationBuilder
        Builder for SubjectConfirmation objects.

      • confirmationDataBuilder

        @Nonnull
private final org.opensaml.saml.common.SAMLObjectBuilder<org.opensaml.saml.saml2.core.SubjectConfirmationData> confirmationDataBuilder
        Builder for SubjectConfirmation objects.

      • overwriteExisting

        private boolean overwriteExisting
        Flag controlling whether to overwrite existing confirmations.

      • responseLookupStrategy

        @Nonnull
private Function<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Response> responseLookupStrategy
        Strategy used to locate the Response to operate on.

      • addressLookupStrategy

        @Nullable
private Function<org.opensaml.profile.context.ProfileRequestContext,​String> addressLookupStrategy
        Optional strategy to obtain value for SubjectConfirmationData.getAddress().

      • inResponseToLookupStrategy

        @Nullable
private Function<org.opensaml.profile.context.ProfileRequestContext,​String> inResponseToLookupStrategy
        Optional strategy to obtain value for SubjectConfirmationData.getInResponseTo().

      • recipientLookupStrategy

        @Nullable
private Function<org.opensaml.profile.context.ProfileRequestContext,​String> recipientLookupStrategy
        Optional strategy to obtain value for SubjectConfirmationData.getRecipient().

      • lifetimeLookupStrategy

        @Nullable
private Function<org.opensaml.profile.context.ProfileRequestContext,​Long> lifetimeLookupStrategy
        Optional strategy to obtain value for SubjectConfirmationData.getNotOnOrAfter().

      • confirmationMethod

        @NonnullAfterInit
private String confirmationMethod
        Method to add.

      • response

        @Nullable
private org.opensaml.saml.saml2.core.Response response
        Response to modify.

    • Constructor Detail

      • AddSubjectConfirmationToSubjects

        public AddSubjectConfirmationToSubjects()
        Constructor.

    • Method Detail

      • setOverwriteExisting

        public void setOverwriteExisting​(boolean flag)
        Set whether to overwrite any existing SubjectConfirmation objects found.
        Parameters:
        flag - true iff the action should overwrite any existing objects

      • setResponseLookupStrategy

        public void setResponseLookupStrategy​(@Nonnull
                                      Function<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Response> strategy)
        Set the strategy used to locate the Response to operate on.
        Parameters:
        strategy - strategy used to locate the Response to operate on

      • setAddressLookupStrategy

        public void setAddressLookupStrategy​(@Nullable
                                     Function<org.opensaml.profile.context.ProfileRequestContext,​String> strategy)
        Set the strategy used to obtain value for SubjectConfirmationData.getAddress().
        Parameters:
        strategy - lookup strategy

      • setInResponseToLookupStrategy

        public void setInResponseToLookupStrategy​(@Nullable
                                          Function<org.opensaml.profile.context.ProfileRequestContext,​String> strategy)
        Set the strategy used to obtain value for SubjectConfirmationData.getInResponseTo().
        Parameters:
        strategy - lookup strategy

      • setRecipientLookupStrategy

        public void setRecipientLookupStrategy​(@Nullable
                                       Function<org.opensaml.profile.context.ProfileRequestContext,​String> strategy)
        Set the strategy used to obtain value for SubjectConfirmationData.getRecipient().
        Parameters:
        strategy - lookup strategy

      • setLifetimeLookupStrategy

        public void setLifetimeLookupStrategy​(@Nullable
                                      Function<org.opensaml.profile.context.ProfileRequestContext,​Long> strategy)
        Set the strategy used to obtain value for SubjectConfirmationData.getNotOnOrAfter().
        Parameters:
        strategy - lookup strategy

      • setMethod

        public void setMethod​(@Nonnull @NotEmpty
                      String method)
        Set the confirmation method to use.
        Parameters:
        method - confirmation method to use

      • doInitialize

        protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
        Overrides:
        doInitialize in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
        Throws:
        net.shibboleth.utilities.java.support.component.ComponentInitializationException

      • doPreExecute

        protected boolean doPreExecute​(@Nonnull
                               org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
        Overrides:
        doPreExecute in class org.opensaml.profile.action.AbstractProfileAction

      • doExecute

        protected void doExecute​(@Nonnull
                         org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
        Overrides:
        doExecute in class org.opensaml.profile.action.AbstractProfileAction

      • getAssertionSubject

        @Nonnull
private org.opensaml.saml.saml2.core.Subject getAssertionSubject​(@Nonnull
                                                                 org.opensaml.saml.saml2.core.Assertion assertion)
        Get the subject to which the confirmation will be added.
        Parameters:
        assertion - the assertion being modified
        Returns:
        the subject to which the confirmation will be added

      • cloneConfirmation

        @Nonnull
private org.opensaml.saml.saml2.core.SubjectConfirmation cloneConfirmation​(@Nonnull
                                                                           org.opensaml.saml.saml2.core.SubjectConfirmation confirmation)
        Create an efficient field-wise copy of a SubjectConfirmation.
        Parameters:
        confirmation - the object to clone
        Returns:
        the copy