Class EntityRoleFilter
- java.lang.Object
-
- org.opensaml.saml.metadata.resolver.filter.impl.EntityRoleFilter
-
- All Implemented Interfaces:
MetadataFilter
public class EntityRoleFilter extends Object implements MetadataFilter
A filter that removes roles from an entity descriptor. For those roles specified within the SAML metadata specification the role element QName is used to identify the role. For other roles, those that appear as <RoleDescriptor xsi:type="someRoleType"> the role schema type is used to identify the role. If the entity descriptor does not contain any roles after filter it may, optionally be removed as well. If the root element of the metadata document is an entity descriptor it will never be removed, regardless of of whether it still contains roles. If and entities descriptor does not contains any entity descriptors after filter it may, optionally, be removed as well. If the root element of the metadata document is an entities descriptor it will never be removed, regardless of of whether it still contains entity descriptors.
-
-
Field Summary
Fields Modifier and Type Field Description private QName
extRoleDescriptor
QName of extension role element.private org.slf4j.Logger
log
Class logger.private boolean
removeEmptyEntitiesDescriptors
Whether to keep entities descriptors that contain no entity descriptors; default value: true.private boolean
removeRolelessEntityDescriptors
Whether to keep entity descriptors that contain no roles; default value: true.private List<QName>
roleWhiteList
List of roles that are NOT removed by this filter.
-
Constructor Summary
Constructors Constructor Description EntityRoleFilter(List<QName> keptRoles)
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description XMLObject
filter(XMLObject metadata, MetadataFilterContext context)
protected void
filterEntitiesDescriptor(EntitiesDescriptor descriptor)
FiltersEntitiesDescriptor
.protected void
filterEntityDescriptor(EntityDescriptor descriptor)
Filters entity descriptor roles.boolean
getRemoveEmptyEntitiesDescriptors()
Get whether to remove an entities descriptor if it does not contain any entity descriptor or entities descriptors.boolean
getRemoveRolelessEntityDescriptors()
Get whether to remove an entity descriptor if it does not contain any roles after filtering.protected QName
getRoleName(RoleDescriptor role)
Gets the effective name for the role.List<QName>
getRoleWhiteList()
Get the unmodifiable list of roles that are NOT removed by this filter.void
setRemoveEmptyEntitiesDescriptors(boolean remove)
Set whether to remove an entities descriptor if it does not contain any entity descriptor or entities descriptors.void
setRemoveRolelessEntityDescriptors(boolean remove)
Set whether to remove an entity descriptor if it does not contain any roles after filtering.
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
roleWhiteList
@Nonnull @NonnullElements private List<QName> roleWhiteList
List of roles that are NOT removed by this filter.
-
removeRolelessEntityDescriptors
private boolean removeRolelessEntityDescriptors
Whether to keep entity descriptors that contain no roles; default value: true.
-
removeEmptyEntitiesDescriptors
private boolean removeEmptyEntitiesDescriptors
Whether to keep entities descriptors that contain no entity descriptors; default value: true.
-
extRoleDescriptor
@Nonnull private final QName extRoleDescriptor
QName of extension role element.
-
-
Constructor Detail
-
EntityRoleFilter
public EntityRoleFilter(@Nullable @ParameterName(name="keptRoles") List<QName> keptRoles)
Constructor.- Parameters:
keptRoles
- list of roles NOT removed by this filter
-
-
Method Detail
-
getRoleWhiteList
@Nonnull @NonnullElements @Unmodifiable @NotLive public List<QName> getRoleWhiteList()
Get the unmodifiable list of roles that are NOT removed by this filter.- Returns:
- unmodifiable list of roles that are NOT removed by this filter
-
getRemoveRolelessEntityDescriptors
public boolean getRemoveRolelessEntityDescriptors()
Get whether to remove an entity descriptor if it does not contain any roles after filtering.- Returns:
- whether to remove an entity descriptor if it does not contain any roles after filtering
-
setRemoveRolelessEntityDescriptors
public void setRemoveRolelessEntityDescriptors(boolean remove)
Set whether to remove an entity descriptor if it does not contain any roles after filtering.- Parameters:
remove
- whether to remove an entity descriptor if it does not contain any roles after filtering
-
getRemoveEmptyEntitiesDescriptors
public boolean getRemoveEmptyEntitiesDescriptors()
Get whether to remove an entities descriptor if it does not contain any entity descriptor or entities descriptors.- Returns:
- whether to remove an entities descriptor if it does not contain any entity descriptor or entities descriptors
-
setRemoveEmptyEntitiesDescriptors
public void setRemoveEmptyEntitiesDescriptors(boolean remove)
Set whether to remove an entities descriptor if it does not contain any entity descriptor or entities descriptors.- Parameters:
remove
- whether to remove an entities descriptor if it does not contain any entity descriptor or entities descriptors
-
filter
@Nullable public XMLObject filter(@Nullable XMLObject metadata, @Nonnull MetadataFilterContext context) throws FilterException
- Specified by:
filter
in interfaceMetadataFilter
- Throws:
FilterException
-
filterEntitiesDescriptor
protected void filterEntitiesDescriptor(@Nonnull EntitiesDescriptor descriptor) throws FilterException
FiltersEntitiesDescriptor
.- Parameters:
descriptor
- entities descriptor to filter- Throws:
FilterException
- thrown if an effective role name can not be determined
-
filterEntityDescriptor
protected void filterEntityDescriptor(@Nonnull EntityDescriptor descriptor) throws FilterException
Filters entity descriptor roles.- Parameters:
descriptor
- entity descriptor to filter- Throws:
FilterException
- thrown if an effective role name can not be determined
-
getRoleName
protected QName getRoleName(@Nonnull RoleDescriptor role) throws FilterException
Gets the effective name for the role. This is either the element QName for roles defined within the SAML metadata specification or the element schema type QName for those that are not.- Parameters:
role
- role to get the effective name for- Returns:
- effective name of the role
- Throws:
FilterException
- thrown if the effective role name can not be determined
-
-