Package org.opensaml.saml.metadata.resolver.impl

Class PredicateRoleDescriptorResolver

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver

All Implemented Interfaces:

Component, DestructableComponent, IdentifiedComponent, InitializableComponent, Resolver<RoleDescriptor,CriteriaSet>, RoleDescriptorResolver

public class PredicateRoleDescriptorResolver
extends AbstractIdentifiedInitializableComponent
implements RoleDescriptorResolver

Implementation of RoleDescriptorResolver which wraps an instance of MetadataResolver to support basic EntityDescriptor resolution, and then performs further role-related filtering over the returned EntityDescriptor.

This implementation passes the input CriteriaSet through to the wrapped metadata resolver as-is.

This implementation also supports applying arbitrary predicates to the returned role descriptors, either passed directly as instances of EvaluableRoleDescriptorCriterion in the criteria, or resolved dynamically from other criteria via an instance of CriterionPredicateRegistry.

Field Summary

Fields

Modifier and Type	Field	Description
private CriterionPredicateRegistry<RoleDescriptor>	criterionPredicateRegistry	Registry used in resolving predicates from criteria.
private MetadataResolver	entityDescriptorResolver	Resolver of EntityDescriptors.
private static Predicate<XMLObject>	IS_VALID_PREDICATE	Predicate for evaluating whether a TimeboundSAMLObject is valid.
private org.slf4j.Logger	log	Logger.
private boolean	requireValidMetadata	Whether metadata is required to be valid.
private boolean	resolveViaPredicatesOnly	Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.
private boolean	satisfyAnyPredicates	Flag which determines whether predicates used in filtering are connected by a logical 'OR' (true) or by logical 'AND' (false).
private boolean	useDefaultPredicateRegistry	Flag which determines whether the default predicate registry will be used if no one is supplied explicitly.

Constructor Summary

Constructors

Constructor	Description
PredicateRoleDescriptorResolver(MetadataResolver mdResolver)	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doInitialize()	Subclasses should override this method to perform any initialization logic necessary.
protected Iterable<RoleDescriptor>	getAllCandidates(Iterable<EntityDescriptor> entityDescriptors)	Obtain all role descriptors contained by the input entity descriptors.
protected Iterable<RoleDescriptor>	getCandidatesByRoleAndProtocol(Iterable<EntityDescriptor> entityDescriptors, CriteriaSet criteria)	Obtain the role descriptors contained by the input entity descriptors which match the specified role and protocol criteria.
CriterionPredicateRegistry<RoleDescriptor>	getCriterionPredicateRegistry()	Get the registry used in resolving predicates from criteria.
protected boolean	haveRoleCriteria(CriteriaSet criteria)	Determine if have entity role criteria.
boolean	isRequireValidMetadata()
boolean	isResolveViaPredicatesOnly()	Get the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.
boolean	isSatisfyAnyPredicates()	Get the flag indicating whether resolved credentials may satisfy any predicates (i.e.
boolean	isUseDefaultPredicateRegistry()	Get the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.
protected Iterable<RoleDescriptor>	predicateFilterCandidates(Iterable<RoleDescriptor> candidates, CriteriaSet criteria, boolean onEmptyPredicatesReturnEmpty)	Filter the supplied candidates by resolving predicates from the supplied criteria and applying the predicates to return a filtered Iterable.
Iterable<RoleDescriptor>	resolve(CriteriaSet criteria)
RoleDescriptor	resolveSingle(CriteriaSet criteria)
void	setCriterionPredicateRegistry(CriterionPredicateRegistry<RoleDescriptor> registry)	Set the registry used in resolving predicates from criteria.
void	setRequireValidMetadata(boolean require)
void	setResolveViaPredicatesOnly(boolean flag)	Set the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.
void	setSatisfyAnyPredicates(boolean flag)	Set the flag indicating whether resolved credentials may satisfy any predicates (i.e.
void	setUseDefaultPredicateRegistry(boolean flag)	Set the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

getId, setId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Field Detail

IS_VALID_PREDICATE

private static final Predicate<XMLObject> IS_VALID_PREDICATE

Predicate for evaluating whether a TimeboundSAMLObject is valid.

log

private org.slf4j.Logger log

Logger.

requireValidMetadata

private boolean requireValidMetadata

Whether metadata is required to be valid.

entityDescriptorResolver

private MetadataResolver entityDescriptorResolver

Resolver of EntityDescriptors.

satisfyAnyPredicates

private boolean satisfyAnyPredicates

Flag which determines whether predicates used in filtering are connected by a logical 'OR' (true) or by logical 'AND' (false). Defaults to false.

criterionPredicateRegistry

private CriterionPredicateRegistry<RoleDescriptor> criterionPredicateRegistry

Registry used in resolving predicates from criteria.

useDefaultPredicateRegistry

private boolean useDefaultPredicateRegistry

Flag which determines whether the default predicate registry will be used if no one is supplied explicitly. Defaults to true.

resolveViaPredicatesOnly

private boolean resolveViaPredicatesOnly

Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection. Defaults to false.

Constructor Detail

PredicateRoleDescriptorResolver

public PredicateRoleDescriptorResolver(@Nonnull @ParameterName(name="mdResolver")
                                       MetadataResolver mdResolver)

Constructor.

Parameters:

mdResolver - the resolver of EntityDescriptors

Method Detail

isRequireValidMetadata

public boolean isRequireValidMetadata()

Specified by:

isRequireValidMetadata in interface RoleDescriptorResolver

setRequireValidMetadata

public void setRequireValidMetadata(boolean require)

Specified by:

setRequireValidMetadata in interface RoleDescriptorResolver

isSatisfyAnyPredicates

public boolean isSatisfyAnyPredicates()

Get the flag indicating whether resolved credentials may satisfy any predicates (i.e. connected by logical 'OR') or all predicates (connected by logical 'AND').

Defaults to false.

Returns:

true if must satisfy all, false otherwise

setSatisfyAnyPredicates

public void setSatisfyAnyPredicates(boolean flag)

Set the flag indicating whether resolved credentials may satisfy any predicates (i.e. connected by logical 'OR') or all predicates (connected by logical 'AND').

Defaults to false.

Parameters:

flag - true if must satisfy all, false otherwise

getCriterionPredicateRegistry

@NonnullAfterInit
public CriterionPredicateRegistry<RoleDescriptor> getCriterionPredicateRegistry()

Get the registry used in resolving predicates from criteria.

Returns:

the effective registry instance used

setCriterionPredicateRegistry

public void setCriterionPredicateRegistry(@Nullable
                                          CriterionPredicateRegistry<RoleDescriptor> registry)

Set the registry used in resolving predicates from criteria.

Parameters:

registry - the registry instance to use

isUseDefaultPredicateRegistry

public boolean isUseDefaultPredicateRegistry()

Get the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.

Defaults to true.

Returns:

true if should use default registry, false otherwise

setUseDefaultPredicateRegistry

public void setUseDefaultPredicateRegistry(boolean flag)

Set the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.

Defaults to true.

Parameters:

flag - true if should use default registry, false otherwise

isResolveViaPredicatesOnly

public boolean isResolveViaPredicatesOnly()

Get the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.

Returns:

true if resolution may be attempted solely via predicates, false if not

setResolveViaPredicatesOnly

public void setResolveViaPredicatesOnly(boolean flag)

Set the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.

Parameters:

flag - true if resolution may be attempted solely via predicates, false if not

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Subclasses should override this method to perform any initialization logic necessary. Default implementation is a no-op.

Overrides:

doInitialize in class AbstractIdentifiedInitializableComponent

Throws:

ComponentInitializationException - thrown if there is a problem initializing the provider

resolveSingle

@Nullable
public RoleDescriptor resolveSingle(CriteriaSet criteria)
                             throws ResolverException

Specified by:

resolveSingle in interface Resolver<RoleDescriptor,CriteriaSet>

Throws:

ResolverException

resolve

@Nonnull
public Iterable<RoleDescriptor> resolve(CriteriaSet criteria)
                                 throws ResolverException

Specified by:

resolve in interface Resolver<RoleDescriptor,CriteriaSet>

Throws:

ResolverException

haveRoleCriteria

protected boolean haveRoleCriteria(@Nonnull
                                   CriteriaSet criteria)

Determine if have entity role criteria.

Parameters:

criteria - the current criteria set

Returns:

true if have role criteria, false otherwise

getCandidatesByRoleAndProtocol

protected Iterable<RoleDescriptor> getCandidatesByRoleAndProtocol(@Nonnull
                                                                  Iterable<EntityDescriptor> entityDescriptors,
                                                                  @Nonnull
                                                                  CriteriaSet criteria)

Obtain the role descriptors contained by the input entity descriptors which match the specified role and protocol criteria.

This method should only be called if haveRoleCriteria(CriteriaSet) evaluates to true.

Parameters:

entityDescriptors - the entity descriptors on which to operate

criteria - the current criteria set

Returns:

the role descriptors corresponding to the input entity role and protocol

getAllCandidates

protected Iterable<RoleDescriptor> getAllCandidates(@Nonnull
                                                    Iterable<EntityDescriptor> entityDescriptors)

Obtain all role descriptors contained by the input entity descriptors.

Parameters:

entityDescriptors - the entity descriptors on which to operate

Returns:

all role descriptors contained by the input entity descriptors

predicateFilterCandidates

protected Iterable<RoleDescriptor> predicateFilterCandidates(@Nonnull
                                                             Iterable<RoleDescriptor> candidates,
                                                             @Nonnull
                                                             CriteriaSet criteria,
                                                             boolean onEmptyPredicatesReturnEmpty)
                                                      throws ResolverException

Filter the supplied candidates by resolving predicates from the supplied criteria and applying the predicates to return a filtered Iterable.

Parameters:

candidates - the candidates to evaluate

criteria - the criteria set to evaluate

onEmptyPredicatesReturnEmpty - if true and no predicates are supplied, then return an empty iterable; otherwise return the original input candidates

Returns:

an iterable of the candidates filtered by the resolved predicates

Throws:

ResolverException - if there is a fatal error during resolution