Package org.opensaml.saml.metadata.resolver.impl

Class PredicateRoleDescriptorResolver

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.IdentifiedComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, net.shibboleth.utilities.java.support.resolver.Resolver<org.opensaml.saml.saml2.metadata.RoleDescriptor,​net.shibboleth.utilities.java.support.resolver.CriteriaSet>, org.opensaml.saml.metadata.resolver.RoleDescriptorResolver
    public class PredicateRoleDescriptorResolver
extends net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
implements org.opensaml.saml.metadata.resolver.RoleDescriptorResolver
    Implementation of RoleDescriptorResolver which wraps an instance of MetadataResolver to support basic EntityDescriptor resolution, and then performs further role-related filtering over the returned EntityDescriptor.

    This implementation passes the input CriteriaSet through to the wrapped metadata resolver as-is.

    This implementation also supports applying arbitrary predicates to the returned role descriptors, either passed directly as instances of EvaluableRoleDescriptorCriterion in the criteria, or resolved dynamically from other criteria via an instance of CriterionPredicateRegistry.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<org.opensaml.saml.saml2.metadata.RoleDescriptor> criterionPredicateRegistry
      Registry used in resolving predicates from criteria.
      private org.opensaml.saml.metadata.resolver.MetadataResolver entityDescriptorResolver
      Resolver of EntityDescriptors.
      private static Predicate<org.opensaml.core.xml.XMLObject> IS_VALID_PREDICATE
      Predicate for evaluating whether a TimeboundSAMLObject is valid.
      private org.slf4j.Logger log
      Logger.
      private boolean requireValidMetadata
      Whether metadata is required to be valid.
      private boolean resolveViaPredicatesOnly
      Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.
      private boolean satisfyAnyPredicates
      Flag which determines whether predicates used in filtering are connected by a logical 'OR' (true) or by logical 'AND' (false).
      private boolean useDefaultPredicateRegistry
      Flag which determines whether the default predicate registry will be used if no one is supplied explicitly.

    • Constructor Summary

      Constructors 
      Constructor Description
      PredicateRoleDescriptorResolver​(org.opensaml.saml.metadata.resolver.MetadataResolver mdResolver)
      Constructor.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void doInitialize()
      Subclasses should override this method to perform any initialization logic necessary.
      protected Iterable<org.opensaml.saml.saml2.metadata.RoleDescriptor> getAllCandidates​(Iterable<org.opensaml.saml.saml2.metadata.EntityDescriptor> entityDescriptors)
      Obtain all role descriptors contained by the input entity descriptors.
      protected Iterable<org.opensaml.saml.saml2.metadata.RoleDescriptor> getCandidatesByRoleAndProtocol​(Iterable<org.opensaml.saml.saml2.metadata.EntityDescriptor> entityDescriptors, net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
      Obtain the role descriptors contained by the input entity descriptors which match the specified role and protocol criteria.
      net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<org.opensaml.saml.saml2.metadata.RoleDescriptor> getCriterionPredicateRegistry()
      Get the registry used in resolving predicates from criteria.
      protected boolean haveRoleCriteria​(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
      Determine if have entity role criteria.
      boolean isRequireValidMetadata()
      boolean isResolveViaPredicatesOnly()
      Get the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.
      boolean isSatisfyAnyPredicates()
      Get the flag indicating whether resolved credentials may satisfy any predicates (i.e.
      boolean isUseDefaultPredicateRegistry()
      Get the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.
      protected Iterable<org.opensaml.saml.saml2.metadata.RoleDescriptor> predicateFilterCandidates​(Iterable<org.opensaml.saml.saml2.metadata.RoleDescriptor> candidates, net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, boolean onEmptyPredicatesReturnEmpty)
      Filter the supplied candidates by resolving predicates from the supplied criteria and applying the predicates to return a filtered Iterable.
      Iterable<org.opensaml.saml.saml2.metadata.RoleDescriptor> resolve​(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
      org.opensaml.saml.saml2.metadata.RoleDescriptor resolveSingle​(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
      void setCriterionPredicateRegistry​(net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<org.opensaml.saml.saml2.metadata.RoleDescriptor> registry)
      Set the registry used in resolving predicates from criteria.
      void setRequireValidMetadata​(boolean require)
      void setResolveViaPredicatesOnly​(boolean flag)
      Set the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.
      void setSatisfyAnyPredicates​(boolean flag)
      Set the flag indicating whether resolved credentials may satisfy any predicates (i.e.
      void setUseDefaultPredicateRegistry​(boolean flag)
      Set the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.

      • Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

        getId, setId

      • Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

        destroy, doDestroy, initialize, isDestroyed, isInitialized

      • Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

        getId

    • Field Detail

      • IS_VALID_PREDICATE

        private static final Predicate<org.opensaml.core.xml.XMLObject> IS_VALID_PREDICATE
        Predicate for evaluating whether a TimeboundSAMLObject is valid.

      • log

        private org.slf4j.Logger log
        Logger.

      • requireValidMetadata

        private boolean requireValidMetadata
        Whether metadata is required to be valid.

      • entityDescriptorResolver

        private org.opensaml.saml.metadata.resolver.MetadataResolver entityDescriptorResolver
        Resolver of EntityDescriptors.

      • satisfyAnyPredicates

        private boolean satisfyAnyPredicates
        Flag which determines whether predicates used in filtering are connected by a logical 'OR' (true) or by logical 'AND' (false). Defaults to false.

      • criterionPredicateRegistry

        private net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<org.opensaml.saml.saml2.metadata.RoleDescriptor> criterionPredicateRegistry
        Registry used in resolving predicates from criteria.

      • useDefaultPredicateRegistry

        private boolean useDefaultPredicateRegistry
        Flag which determines whether the default predicate registry will be used if no one is supplied explicitly. Defaults to true.

      • resolveViaPredicatesOnly

        private boolean resolveViaPredicatesOnly
        Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection. Defaults to false.

    • Constructor Detail

      • PredicateRoleDescriptorResolver

        public PredicateRoleDescriptorResolver​(@Nonnull @ParameterName(name="mdResolver")
                                       org.opensaml.saml.metadata.resolver.MetadataResolver mdResolver)
        Constructor.
        Parameters:
        mdResolver - the resolver of EntityDescriptors

    • Method Detail

      • isRequireValidMetadata

        public boolean isRequireValidMetadata()
        Specified by:
        isRequireValidMetadata in interface org.opensaml.saml.metadata.resolver.RoleDescriptorResolver

      • setRequireValidMetadata

        public void setRequireValidMetadata​(boolean require)
        Specified by:
        setRequireValidMetadata in interface org.opensaml.saml.metadata.resolver.RoleDescriptorResolver

      • isSatisfyAnyPredicates

        public boolean isSatisfyAnyPredicates()
        Get the flag indicating whether resolved credentials may satisfy any predicates (i.e. connected by logical 'OR') or all predicates (connected by logical 'AND').

        Defaults to false.

        Returns:
        true if must satisfy all, false otherwise

      • setSatisfyAnyPredicates

        public void setSatisfyAnyPredicates​(boolean flag)
        Set the flag indicating whether resolved credentials may satisfy any predicates (i.e. connected by logical 'OR') or all predicates (connected by logical 'AND').

        Defaults to false.

        Parameters:
        flag - true if must satisfy all, false otherwise

      • getCriterionPredicateRegistry

        @NonnullAfterInit
public net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<org.opensaml.saml.saml2.metadata.RoleDescriptor> getCriterionPredicateRegistry()
        Get the registry used in resolving predicates from criteria.
        Returns:
        the effective registry instance used

      • setCriterionPredicateRegistry

        public void setCriterionPredicateRegistry​(@Nullable
                                          net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<org.opensaml.saml.saml2.metadata.RoleDescriptor> registry)
        Set the registry used in resolving predicates from criteria.
        Parameters:
        registry - the registry instance to use

      • isUseDefaultPredicateRegistry

        public boolean isUseDefaultPredicateRegistry()
        Get the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.

        Defaults to true.

        Returns:
        true if should use default registry, false otherwise

      • setUseDefaultPredicateRegistry

        public void setUseDefaultPredicateRegistry​(boolean flag)
        Set the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.

        Defaults to true.

        Parameters:
        flag - true if should use default registry, false otherwise

      • isResolveViaPredicatesOnly

        public boolean isResolveViaPredicatesOnly()
        Get the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.
        Returns:
        true if resolution may be attempted solely via predicates, false if not

      • setResolveViaPredicatesOnly

        public void setResolveViaPredicatesOnly​(boolean flag)
        Set the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.
        Parameters:
        flag - true if resolution may be attempted solely via predicates, false if not

      • doInitialize

        protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
        Subclasses should override this method to perform any initialization logic necessary. Default implementation is a no-op.
        Overrides:
        doInitialize in class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
        Throws:
        net.shibboleth.utilities.java.support.component.ComponentInitializationException - thrown if there is a problem initializing the provider

      • resolveSingle

        @Nullable
public org.opensaml.saml.saml2.metadata.RoleDescriptor resolveSingle​(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
                                                              throws net.shibboleth.utilities.java.support.resolver.ResolverException
        Specified by:
        resolveSingle in interface net.shibboleth.utilities.java.support.resolver.Resolver<org.opensaml.saml.saml2.metadata.RoleDescriptor,​net.shibboleth.utilities.java.support.resolver.CriteriaSet>
        Throws:
        net.shibboleth.utilities.java.support.resolver.ResolverException

      • resolve

        @Nonnull
public Iterable<org.opensaml.saml.saml2.metadata.RoleDescriptor> resolve​(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
                                                                  throws net.shibboleth.utilities.java.support.resolver.ResolverException
        Specified by:
        resolve in interface net.shibboleth.utilities.java.support.resolver.Resolver<org.opensaml.saml.saml2.metadata.RoleDescriptor,​net.shibboleth.utilities.java.support.resolver.CriteriaSet>
        Throws:
        net.shibboleth.utilities.java.support.resolver.ResolverException

      • haveRoleCriteria

        protected boolean haveRoleCriteria​(@Nonnull
                                   net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
        Determine if have entity role criteria.
        Parameters:
        criteria - the current criteria set
        Returns:
        true if have role criteria, false otherwise

      • getCandidatesByRoleAndProtocol

        protected Iterable<org.opensaml.saml.saml2.metadata.RoleDescriptor> getCandidatesByRoleAndProtocol​(@Nonnull
                                                                                                   Iterable<org.opensaml.saml.saml2.metadata.EntityDescriptor> entityDescriptors,
                                                                                                   @Nonnull
                                                                                                   net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
        Obtain the role descriptors contained by the input entity descriptors which match the specified role and protocol criteria.

        This method should only be called if haveRoleCriteria(CriteriaSet) evaluates to true.

        Parameters:
        entityDescriptors - the entity descriptors on which to operate
        criteria - the current criteria set
        Returns:
        the role descriptors corresponding to the input entity role and protocol

      • getAllCandidates

        protected Iterable<org.opensaml.saml.saml2.metadata.RoleDescriptor> getAllCandidates​(@Nonnull
                                                                                     Iterable<org.opensaml.saml.saml2.metadata.EntityDescriptor> entityDescriptors)
        Obtain all role descriptors contained by the input entity descriptors.
        Parameters:
        entityDescriptors - the entity descriptors on which to operate
        Returns:
        all role descriptors contained by the input entity descriptors

      • predicateFilterCandidates

        protected Iterable<org.opensaml.saml.saml2.metadata.RoleDescriptor> predicateFilterCandidates​(@Nonnull
                                                                                              Iterable<org.opensaml.saml.saml2.metadata.RoleDescriptor> candidates,
                                                                                              @Nonnull
                                                                                              net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                                                                              boolean onEmptyPredicatesReturnEmpty)
                                                                                       throws net.shibboleth.utilities.java.support.resolver.ResolverException
        Filter the supplied candidates by resolving predicates from the supplied criteria and applying the predicates to return a filtered Iterable.
        Parameters:
        candidates - the candidates to evaluate
        criteria - the criteria set to evaluate
        onEmptyPredicatesReturnEmpty - if true and no predicates are supplied, then return an empty iterable; otherwise return the original input candidates
        Returns:
        an iterable of the candidates filtered by the resolved predicates
        Throws:
        net.shibboleth.utilities.java.support.resolver.ResolverException - if there is a fatal error during resolution