public class EncryptNameIDs extends AbstractEncryptAction
NameIDs in a message obtained from a lookup strategy,
by default the outbound message context.
Specific formats may be excluded from encryption, by default excluding the "entity" format.
EventIds.PROCEED_EVENT_ID, EventIds.UNABLE_TO_ENCRYPTNameIDs in all locations have been replaced with encrypted versions.
It's possible for some to be replaced but others not if an error occurs.| Modifier and Type | Field and Description |
|---|---|
private Set<String> |
excludedFormats
Formats to exclude from encryption.
|
private Logger |
log
Class logger.
|
private SAMLObject |
message
The message to operate on.
|
private com.google.common.base.Function<ProfileRequestContext,SAMLObject> |
messageLookupStrategy
Strategy used to locate the message to operate on.
|
| Constructor and Description |
|---|
EncryptNameIDs()
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
doExecute(ProfileRequestContext profileRequestContext) |
protected boolean |
doPreExecute(ProfileRequestContext profileRequestContext) |
protected org.opensaml.xmlsec.EncryptionParameters |
getApplicableParameters(EncryptionContext ctx)
Return the right set of parameters for the operation to be performed, or none if no encryption should occur.
|
private void |
processAssertion(Assertion assertion)
Decrypt any
EncryptedID found in an assertion and replace it with the result. |
private void |
processLogoutRequest(LogoutRequest request)
Encrypt a
NameID found in a LogoutRequest and replace it with the result. |
private void |
processManageNameIDRequest(ManageNameIDRequest request)
Encrypt a
NameID found in a ManageNameIDRequest and replace it with the result. |
private void |
processNameIDMappingRequest(NameIDMappingRequest request)
Encrypt a
NameID found in a NameIDMappingRequest and replace it with the result. |
private void |
processNameIDMappingResponse(NameIDMappingResponse response)
Encrypt a
NameID found in a NameIDMappingResponse and replace it with the result. |
private void |
processSubject(Subject subject)
Encrypt any
NameIDs found in a subject and replace them with the result. |
void |
setExcludedFormats(Collection<String> formats)
Set the
NameID formats to ignore and leave unencrypted. |
void |
setMessageLookupStrategy(com.google.common.base.Function<ProfileRequestContext,SAMLObject> strategy)
Set the strategy used to locate the
Response to operate on. |
private boolean |
shouldEncrypt(NameID name)
Return true iff the NameID should be encrypted.
|
getEncrypter, setEncryptionContextLookupStrategy, setEncryptToSelf, setEncryptToSelfParametersStrategy, setKeyPlacementLookupStrategy, setRecipientLookupStrategy, setSelfRecipientLookupStrategygetActivationCondition, setActivationConditiondoPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponsedestroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized@Nonnull private com.google.common.base.Function<ProfileRequestContext,SAMLObject> messageLookupStrategy
@Nonnull @NonnullElements private Set<String> excludedFormats
@Nullable private SAMLObject message
public void setMessageLookupStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,SAMLObject> strategy)
Response to operate on.strategy - strategy used to locate the Response to operate onpublic void setExcludedFormats(@Nonnull@NonnullElements Collection<String> formats)
NameID formats to ignore and leave unencrypted.formats - formats to exclude@Nullable protected org.opensaml.xmlsec.EncryptionParameters getApplicableParameters(@Nullable EncryptionContext ctx)
getApplicableParameters in class AbstractEncryptActionctx - possibly null input context to pull parameters fromprotected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
doPreExecute in class AbstractEncryptActionprotected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
doExecute in class AbstractProfileActionprivate boolean shouldEncrypt(@Nullable NameID name)
name - NameID to checkprivate void processSubject(@Nullable Subject subject) throws org.opensaml.xmlsec.encryption.support.EncryptionException
NameIDs found in a subject and replace them with the result.subject - subject to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException - if an error occursprivate void processLogoutRequest(@Nonnull LogoutRequest request) throws org.opensaml.xmlsec.encryption.support.EncryptionException
NameID found in a LogoutRequest and replace it with the result.request - request to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException - if an error occursprivate void processManageNameIDRequest(@Nonnull ManageNameIDRequest request) throws org.opensaml.xmlsec.encryption.support.EncryptionException
NameID found in a ManageNameIDRequest and replace it with the result.request - request to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException - if an error occursprivate void processNameIDMappingRequest(@Nonnull NameIDMappingRequest request) throws org.opensaml.xmlsec.encryption.support.EncryptionException
NameID found in a NameIDMappingRequest and replace it with the result.request - request to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException - if an error occursprivate void processNameIDMappingResponse(@Nonnull NameIDMappingResponse response) throws org.opensaml.xmlsec.encryption.support.EncryptionException
NameID found in a NameIDMappingResponse and replace it with the result.response - response to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException - if an error occursprivate void processAssertion(@Nonnull Assertion assertion) throws org.opensaml.xmlsec.encryption.support.EncryptionException
EncryptedID found in an assertion and replace it with the result.assertion - assertion to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException - if an error occursCopyright © 1999–2020 Shibboleth Consortium. All rights reserved.