Package org.opensaml.saml.common.binding
Class AbstractEndpointResolver<EndpointType extends Endpoint>
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
-
- org.opensaml.saml.common.binding.AbstractEndpointResolver<EndpointType>
-
- Type Parameters:
EndpointType
- type of endpoint
- All Implemented Interfaces:
net.shibboleth.utilities.java.support.component.Component
,net.shibboleth.utilities.java.support.component.DestructableComponent
,net.shibboleth.utilities.java.support.component.IdentifiedComponent
,net.shibboleth.utilities.java.support.component.InitializableComponent
,net.shibboleth.utilities.java.support.resolver.Resolver<EndpointType,net.shibboleth.utilities.java.support.resolver.CriteriaSet>
,EndpointResolver<EndpointType>
public abstract class AbstractEndpointResolver<EndpointType extends Endpoint> extends net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent implements EndpointResolver<EndpointType>
Base implementation that resolves and validates protocol/profile endpoints using a combination of supplied parameters and SAML metadata.SAML metadata rules are followed for deriving candidate endpoints to evaluate. The base class implements only a subset of required functionality, then extracts a set of candidates from metadata if present, and delegates to a subclass to actually evaluate each one for acceptability.
The supported
Criterion
types and their use follows:EndpointCriterion
(required)- Contains a "template" for the eventual
Endpoint
(s) to resolve that identifies at minimum the type of endpoint object (via schema type or element name) to resolve. It MAY contain other attributes that will be used in matching candidate endpoints for suitability, such as index, binding, location, etc. If so marked, it may also be resolved as a trusted endpoint without additional verification required. RoleDescriptorCriterion
- If present, provides access to the candidate endpoint(s) to attempt resolution against. Strictly optional,
but if absent, the supplied endpoint (from
EndpointCriterion
) is returned as the sole result, whatever its completeness/usability, allowing for subclass validation.
Subclasses should override the {
doCheckEndpoint(CriteriaSet, Endpoint)
method to implement further criteria.
-
-
Field Summary
Fields Modifier and Type Field Description private org.slf4j.Logger
log
Class logger.
-
Constructor Summary
Constructors Constructor Description AbstractEndpointResolver()
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private boolean
canUseRequestedEndpoint(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Optimize the case of resolving a single endpoint if a populated endpoint is supplied via criteria, and validation is unnecessary due to a signed request.protected boolean
doCheckEndpoint(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, EndpointType endpoint)
Apply the supplied criteria to a candidate endpoint to determine its suitability.private List<EndpointType>
getCandidatesFromMetadata(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Get a mutable list of endpoints of a given type found in the metadata role contained in aRoleDescriptorCriterion
(or an empty list if no metadata exists).protected String
getLogPrefix()
Return a prefix for logging messages for this component.Iterable<EndpointType>
resolve(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
EndpointType
resolveSingle(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
private List<EndpointType>
sortCandidates(List<Endpoint> candidates)
Copy and sort the endpoints such that the default endpoint by SAML rules comes first.private void
validateCriteria(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Verify that the requiredEndpointCriterion
is present.-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
doInitialize, getId, setId
-
-
-
-
Method Detail
-
resolve
@Nonnull @NonnullElements public Iterable<EndpointType> resolve(@Nullable net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) throws net.shibboleth.utilities.java.support.resolver.ResolverException
- Specified by:
resolve
in interfacenet.shibboleth.utilities.java.support.resolver.Resolver<EndpointType extends Endpoint,net.shibboleth.utilities.java.support.resolver.CriteriaSet>
- Throws:
net.shibboleth.utilities.java.support.resolver.ResolverException
-
resolveSingle
@Nullable public EndpointType resolveSingle(@Nullable net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) throws net.shibboleth.utilities.java.support.resolver.ResolverException
- Specified by:
resolveSingle
in interfacenet.shibboleth.utilities.java.support.resolver.Resolver<EndpointType extends Endpoint,net.shibboleth.utilities.java.support.resolver.CriteriaSet>
- Throws:
net.shibboleth.utilities.java.support.resolver.ResolverException
-
doCheckEndpoint
protected boolean doCheckEndpoint(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull EndpointType endpoint)
Apply the supplied criteria to a candidate endpoint to determine its suitability.- Parameters:
criteria
- input criteria setendpoint
- candidate endpoint- Returns:
- true iff the endpoint meets the supplied criteria
-
validateCriteria
private void validateCriteria(@Nullable net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) throws net.shibboleth.utilities.java.support.resolver.ResolverException
Verify that the requiredEndpointCriterion
is present.- Parameters:
criteria
- input criteria set- Throws:
net.shibboleth.utilities.java.support.resolver.ResolverException
- if the input set is null or noEndpointCriterion
is present
-
canUseRequestedEndpoint
private boolean canUseRequestedEndpoint(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Optimize the case of resolving a single endpoint if a populated endpoint is supplied via criteria, and validation is unnecessary due to a signed request. Note that this endpoint may turn out to be unusable by the caller, but that's immaterial because the requester must have dictated the binding and location, so we're not allowed to ignore that.- Parameters:
criteria
- input criteria set- Returns:
- true iff the supplied endpoint via
EndpointCriterion
should be returned
-
getCandidatesFromMetadata
@Nonnull @NonnullElements private List<EndpointType> getCandidatesFromMetadata(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Get a mutable list of endpoints of a given type found in the metadata role contained in aRoleDescriptorCriterion
(or an empty list if no metadata exists).The endpoint type to extract is based on the candidate endpoint in an
EndpointCriterion
. If the endpoints are indexed, the first list entry will contain the default endpoint to use in the absence of other limiting criteria.- Parameters:
criteria
- input criteria set- Returns:
- mutable list of endpoints from the metadata
-
sortCandidates
@Nonnull @NonnullElements private List<EndpointType> sortCandidates(@Nonnull @NonnullElements List<Endpoint> candidates)
Copy and sort the endpoints such that the default endpoint by SAML rules comes first.- Parameters:
candidates
- input list of endpoints- Returns:
- a new list containing the endpoints such that the default is first
-
getLogPrefix
@Nonnull protected String getLogPrefix()
Return a prefix for logging messages for this component.- Returns:
- a string for insertion at the beginning of any log messages
-
-