Package org.opensaml.saml.saml2.profile.impl

Class AddProxyRestrictionToAssertions

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, org.opensaml.profile.action.ProfileAction
    public class AddProxyRestrictionToAssertions
extends org.opensaml.profile.action.AbstractConditionalProfileAction
    Action adds an ProxyRestriction to every Assertion contained in a SAML 2 response, with the audiences and count obtained from a lookup function. If the containing Conditions is not present, it will be created.
    Event:
    EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private Set<String> audiences
      Audiences to add.
      private org.slf4j.Logger log
      Class logger.
      private Integer proxyCount
      ProxyCount to add.
      private Function<org.opensaml.profile.context.ProfileRequestContext,​net.shibboleth.utilities.java.support.collection.Pair<Integer,​Set<String>>> proxyRestrictionLookupStrategy
      Strategy used to obtain the material to add.
      private org.opensaml.saml.saml2.core.Response response
      Response to modify.
      private Function<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Response> responseLookupStrategy
      Strategy used to locate the Response to operate on.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private void addProxyRestriction​(org.opensaml.profile.context.ProfileRequestContext profileRequestContext, org.opensaml.saml.saml2.core.Conditions conditions)
      Add the audiences obtained from a lookup function to the ProxyRestriction.
      protected void doExecute​(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
      protected void doInitialize()
      protected boolean doPreExecute​(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
      private org.opensaml.saml.saml2.core.ProxyRestriction getProxyRestriction​(org.opensaml.saml.saml2.core.Conditions conditions)
      Get the ProxyRestriction to which audiences will be added.
      void setProxyRestrictionLookupStrategy​(Function<org.opensaml.profile.context.ProfileRequestContext,​net.shibboleth.utilities.java.support.collection.Pair<Integer,​Set<String>>> strategy)
      Set the strategy used to obtain the proxy restrictions to apply.
      void setResponseLookupStrategy​(Function<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Response> strategy)
      Set the strategy used to locate the Response to operate on.

      • Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

        getActivationCondition, setActivationCondition

      • Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

        doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

      • Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

        destroy, doDestroy, initialize, isDestroyed, isInitialized

      • Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

        initialize, isInitialized

    • Field Detail

      • log

        @Nonnull
private final org.slf4j.Logger log
        Class logger.

      • responseLookupStrategy

        @Nonnull
private Function<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Response> responseLookupStrategy
        Strategy used to locate the Response to operate on.

      • proxyRestrictionLookupStrategy

        @Nullable
private Function<org.opensaml.profile.context.ProfileRequestContext,​net.shibboleth.utilities.java.support.collection.Pair<Integer,​Set<String>>> proxyRestrictionLookupStrategy
        Strategy used to obtain the material to add.

      • response

        @Nullable
private org.opensaml.saml.saml2.core.Response response
        Response to modify.

      • proxyCount

        @Nullable
private Integer proxyCount
        ProxyCount to add.

      • audiences

        @Nullable
private Set<String> audiences
        Audiences to add.

    • Constructor Detail

      • AddProxyRestrictionToAssertions

        public AddProxyRestrictionToAssertions()
        Constructor.

    • Method Detail

      • setResponseLookupStrategy

        public void setResponseLookupStrategy​(@Nonnull
                                      Function<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Response> strategy)
        Set the strategy used to locate the Response to operate on.
        Parameters:
        strategy - lookup strategy

      • setProxyRestrictionLookupStrategy

        public void setProxyRestrictionLookupStrategy​(@Nonnull
                                              Function<org.opensaml.profile.context.ProfileRequestContext,​net.shibboleth.utilities.java.support.collection.Pair<Integer,​Set<String>>> strategy)
        Set the strategy used to obtain the proxy restrictions to apply.
        Parameters:
        strategy - lookup strategy

      • doInitialize

        protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
        Overrides:
        doInitialize in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
        Throws:
        net.shibboleth.utilities.java.support.component.ComponentInitializationException

      • doPreExecute

        protected boolean doPreExecute​(@Nonnull
                               org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
        Overrides:
        doPreExecute in class org.opensaml.profile.action.AbstractConditionalProfileAction

      • doExecute

        protected void doExecute​(@Nonnull
                         org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
        Overrides:
        doExecute in class org.opensaml.profile.action.AbstractProfileAction

      • addProxyRestriction

        private void addProxyRestriction​(@Nonnull
                                 org.opensaml.profile.context.ProfileRequestContext profileRequestContext,
                                 @Nonnull
                                 org.opensaml.saml.saml2.core.Conditions conditions)
        Add the audiences obtained from a lookup function to the ProxyRestriction. If no ProxyRestriction exists on the given Conditions one is created and added.
        Parameters:
        profileRequestContext - current profile request context
        conditions - condition that has, or will receive the created, ProxyRestriction

      • getProxyRestriction

        @Nonnull
private org.opensaml.saml.saml2.core.ProxyRestriction getProxyRestriction​(@Nonnull
                                                                          org.opensaml.saml.saml2.core.Conditions conditions)
        Get the ProxyRestriction to which audiences will be added.
        Parameters:
        conditions - existing set of conditions
        Returns:
        the condition to which audiences will be added