Package org.opensaml.saml.metadata.resolver.filter.impl

Class EntityRoleFilter

  • All Implemented Interfaces:
    MetadataFilter
    public class EntityRoleFilter
extends Object
implements MetadataFilter
    A filter that removes roles from an entity descriptor. For those roles specified within the SAML metadata specification the role element QName is used to identify the role. For other roles, those that appear as <RoleDescriptor xsi:type="someRoleType"> the role schema type is used to identify the role. If the entity descriptor does not contain any roles after filter it may, optionally be removed as well. If the root element of the metadata document is an entity descriptor it will never be removed, regardless of of whether it still contains roles. If and entities descriptor does not contains any entity descriptors after filter it may, optionally, be removed as well. If the root element of the metadata document is an entities descriptor it will never be removed, regardless of of whether it still contains entity descriptors.

    • Field Detail

      • log

        @Nonnull
private final org.slf4j.Logger log
        Class logger.

      • roleWhiteList

        @Nonnull
@NonnullElements
private List<QName> roleWhiteList
        List of roles that are NOT removed by this filter.

      • removeRolelessEntityDescriptors

        private boolean removeRolelessEntityDescriptors
        Whether to keep entity descriptors that contain no roles; default value: true.

      • removeEmptyEntitiesDescriptors

        private boolean removeEmptyEntitiesDescriptors
        Whether to keep entities descriptors that contain no entity descriptors; default value: true.

      • extRoleDescriptor

        @Nonnull
private final QName extRoleDescriptor
        QName of extension role element.

    • Constructor Detail

      • EntityRoleFilter

        public EntityRoleFilter​(@Nullable @ParameterName(name="keptRoles")
                        List<QName> keptRoles)
        Constructor.
        Parameters:
        keptRoles - list of roles NOT removed by this filter

    • Method Detail

      • getRoleWhiteList

        @Nonnull
@NonnullElements
@Unmodifiable
@NotLive
public List<QName> getRoleWhiteList()
        Get the unmodifiable list of roles that are NOT removed by this filter.
        Returns:
        unmodifiable list of roles that are NOT removed by this filter

      • getRemoveRolelessEntityDescriptors

        public boolean getRemoveRolelessEntityDescriptors()
        Get whether to remove an entity descriptor if it does not contain any roles after filtering.
        Returns:
        whether to remove an entity descriptor if it does not contain any roles after filtering

      • setRemoveRolelessEntityDescriptors

        public void setRemoveRolelessEntityDescriptors​(boolean remove)
        Set whether to remove an entity descriptor if it does not contain any roles after filtering.
        Parameters:
        remove - whether to remove an entity descriptor if it does not contain any roles after filtering

      • getRemoveEmptyEntitiesDescriptors

        public boolean getRemoveEmptyEntitiesDescriptors()
        Get whether to remove an entities descriptor if it does not contain any entity descriptor or entities descriptors.
        Returns:
        whether to remove an entities descriptor if it does not contain any entity descriptor or entities descriptors

      • setRemoveEmptyEntitiesDescriptors

        public void setRemoveEmptyEntitiesDescriptors​(boolean remove)
        Set whether to remove an entities descriptor if it does not contain any entity descriptor or entities descriptors.
        Parameters:
        remove - whether to remove an entities descriptor if it does not contain any entity descriptor or entities descriptors

      • filterEntityDescriptor

        protected void filterEntityDescriptor​(@Nonnull
                                      EntityDescriptor descriptor)
                               throws FilterException
        Filters entity descriptor roles.
        Parameters:
        descriptor - entity descriptor to filter
        Throws:
        FilterException - thrown if an effective role name can not be determined

      • getRoleName

        protected QName getRoleName​(@Nonnull
                            RoleDescriptor role)
                     throws FilterException
        Gets the effective name for the role. This is either the element QName for roles defined within the SAML metadata specification or the element schema type QName for those that are not.
        Parameters:
        role - role to get the effective name for
        Returns:
        effective name of the role
        Throws:
        FilterException - thrown if the effective role name can not be determined