Package org.opensaml.saml.common.profile.impl

Class AddAudienceRestrictionToAssertions

java.lang.Object

net.shibboleth.shared.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction

public class AddAudienceRestrictionToAssertions
extends AbstractConditionalProfileAction

Action adds an audience restriction condition to every assertion contained in a SAML 1/2 response, with the audiences obtained from a lookup function. If the containing Conditions is not present, it will be created.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_MSG_CTX

Field Summary

Fields

Modifier and Type	Field	Description
private boolean	addingAudiencesToExistingRestriction	Whether, if an assertion already contains an audience restriction, this action will add its audiences to that restriction or create another one.
private Function<ProfileRequestContext,Collection<String>>	audienceRestrictionsLookupStrategy	Strategy used to obtain the audiences to add.
private Collection<String>	audiences	Audiences to add.
private final org.slf4j.Logger	log	Class logger.
private SAMLObject	response	Response to modify.
private Function<ProfileRequestContext,SAMLObject>	responseLookupStrategy	Strategy used to locate the Response to operate on.

Constructor Summary

Constructors

Constructor	Description
AddAudienceRestrictionToAssertions()	Constructor.

Method Summary

Modifier and Type	Method	Description
private void	addAudienceRestriction(ProfileRequestContext profileRequestContext, Conditions conditions)	Add the audiences obtained from a lookup function to the AudienceRestrictionCondition.
private void	addAudienceRestriction(ProfileRequestContext profileRequestContext, Conditions conditions)	Add the audiences obtained from a lookup function to the AudienceRestriction.
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
private AudienceRestriction	getAudienceRestriction(Conditions conditions)	Get the AudienceRestriction to which audiences will be added.
private AudienceRestrictionCondition	getAudienceRestrictionCondition(Conditions conditions)	Get the AudienceRestrictionCondition to which audiences will be added.
void	setAddingAudiencesToExistingRestriction(boolean addingToExistingRestriction)	Set whether, if an assertion already contains an audience restriction, this action will add its audiences to that restriction or create another one.
void	setAudienceRestrictionsLookupStrategy(Function<ProfileRequestContext,Collection<String>> strategy)	Set the strategy used to obtain the audience restrictions to apply.
void	setResponseLookupStrategy(Function<ProfileRequestContext,SAMLObject> strategy)	Set the strategy used to locate the Response to operate on.

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, ensureHttpServletRequest, ensureHttpServletResponse, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, isPreExecuteCalled, setHttpServletRequestSupplier, setHttpServletResponseSupplier

Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent

checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.shared.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

addingAudiencesToExistingRestriction

private boolean addingAudiencesToExistingRestriction

Whether, if an assertion already contains an audience restriction, this action will add its audiences to that restriction or create another one.

responseLookupStrategy

@Nonnull
private Function<ProfileRequestContext,SAMLObject> responseLookupStrategy

Strategy used to locate the Response to operate on.

audienceRestrictionsLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,Collection<String>> audienceRestrictionsLookupStrategy

Strategy used to obtain the audiences to add.

response

@NonnullBeforeExec
private SAMLObject response

Response to modify.

audiences

@NonnullBeforeExec
private Collection<String> audiences

Audiences to add.

Constructor Details

AddAudienceRestrictionToAssertions

public AddAudienceRestrictionToAssertions()

Constructor.

Method Details

setResponseLookupStrategy

public void setResponseLookupStrategy(@Nonnull
 Function<ProfileRequestContext,SAMLObject> strategy)

Set the strategy used to locate the Response to operate on.

Parameters:

strategy - lookup strategy

setAddingAudiencesToExistingRestriction

public void setAddingAudiencesToExistingRestriction(boolean addingToExistingRestriction)

Set whether, if an assertion already contains an audience restriction, this action will add its audiences to that restriction or create another one.

Parameters:

addingToExistingRestriction - whether this action will add its audiences to that restriction or create another one

setAudienceRestrictionsLookupStrategy

public void setAudienceRestrictionsLookupStrategy(@Nonnull
 Function<ProfileRequestContext,Collection<String>> strategy)

Set the strategy used to obtain the audience restrictions to apply.

Parameters:

strategy - lookup strategy

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction

addAudienceRestriction

private void addAudienceRestriction(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nonnull
 Conditions conditions)

Add the audiences obtained from a lookup function to the AudienceRestrictionCondition. If no AudienceRestrictionCondition exists on the given Conditions one is created and added.

Parameters:

profileRequestContext - current profile request context

conditions - condition that has, or will receive the created, AudienceRestrictionCondition

addAudienceRestriction

private void addAudienceRestriction(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nonnull
 Conditions conditions)

Add the audiences obtained from a lookup function to the AudienceRestriction. If no AudienceRestriction exists on the given Conditions one is created and added.

Parameters:

profileRequestContext - current profile request context

conditions - condition that has, or will receive the created, AudienceRestriction

getAudienceRestrictionCondition

@Nonnull
private AudienceRestrictionCondition getAudienceRestrictionCondition(@Nonnull
 Conditions conditions)

Get the AudienceRestrictionCondition to which audiences will be added.

Parameters:

conditions - existing set of conditions

Returns:

the condition to which audiences will be added

getAudienceRestriction

@Nonnull
private AudienceRestriction getAudienceRestriction(@Nonnull
 Conditions conditions)

Get the AudienceRestriction to which audiences will be added.

Parameters:

conditions - existing set of conditions

Returns:

the condition to which audiences will be added