Class PredicateRoleDescriptorResolver
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
-
- org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver
-
- All Implemented Interfaces:
Component
,DestructableComponent
,IdentifiedComponent
,InitializableComponent
,Resolver<RoleDescriptor,CriteriaSet>
,RoleDescriptorResolver
public class PredicateRoleDescriptorResolver extends AbstractIdentifiedInitializableComponent implements RoleDescriptorResolver
Implementation ofRoleDescriptorResolver
which wraps an instance ofMetadataResolver
to support basic EntityDescriptor resolution, and then performs further role-related filtering over the returned EntityDescriptor.This implementation passes the input
CriteriaSet
through to the wrapped metadata resolver as-is.This implementation also supports applying arbitrary predicates to the returned role descriptors, either passed directly as instances of
EvaluableRoleDescriptorCriterion
in the criteria, or resolved dynamically from other criteria via an instance ofCriterionPredicateRegistry
.
-
-
Field Summary
Fields Modifier and Type Field Description private CriterionPredicateRegistry<RoleDescriptor>
criterionPredicateRegistry
Registry used in resolving predicates from criteria.private MetadataResolver
entityDescriptorResolver
Resolver of EntityDescriptors.private static Predicate<XMLObject>
IS_VALID_PREDICATE
Predicate for evaluating whether a TimeboundSAMLObject is valid.private org.slf4j.Logger
log
Logger.private boolean
requireValidMetadata
Whether metadata is required to be valid.private boolean
resolveViaPredicatesOnly
Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.private boolean
satisfyAnyPredicates
Flag which determines whether predicates used in filtering are connected by a logical 'OR' (true) or by logical 'AND' (false).private boolean
useDefaultPredicateRegistry
Flag which determines whether the default predicate registry will be used if no one is supplied explicitly.
-
Constructor Summary
Constructors Constructor Description PredicateRoleDescriptorResolver(MetadataResolver mdResolver)
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
doInitialize()
Subclasses should override this method to perform any initialization logic necessary.protected Iterable<RoleDescriptor>
getAllCandidates(Iterable<EntityDescriptor> entityDescriptors)
Obtain all role descriptors contained by the input entity descriptors.protected Iterable<RoleDescriptor>
getCandidatesByRoleAndProtocol(Iterable<EntityDescriptor> entityDescriptors, CriteriaSet criteria)
Obtain the role descriptors contained by the input entity descriptors which match the specified role and protocol criteria.CriterionPredicateRegistry<RoleDescriptor>
getCriterionPredicateRegistry()
Get the registry used in resolving predicates from criteria.protected boolean
haveRoleCriteria(CriteriaSet criteria)
Determine if have entity role criteria.boolean
isRequireValidMetadata()
boolean
isResolveViaPredicatesOnly()
Get the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.boolean
isSatisfyAnyPredicates()
Get the flag indicating whether resolved credentials may satisfy any predicates (i.e.boolean
isUseDefaultPredicateRegistry()
Get the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.protected Iterable<RoleDescriptor>
predicateFilterCandidates(Iterable<RoleDescriptor> candidates, CriteriaSet criteria, boolean onEmptyPredicatesReturnEmpty)
Filter the supplied candidates by resolving predicates from the supplied criteria and applying the predicates to return a filteredIterable
.Iterable<RoleDescriptor>
resolve(CriteriaSet criteria)
RoleDescriptor
resolveSingle(CriteriaSet criteria)
void
setCriterionPredicateRegistry(CriterionPredicateRegistry<RoleDescriptor> registry)
Set the registry used in resolving predicates from criteria.void
setRequireValidMetadata(boolean require)
void
setResolveViaPredicatesOnly(boolean flag)
Set the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.void
setSatisfyAnyPredicates(boolean flag)
Set the flag indicating whether resolved credentials may satisfy any predicates (i.e.void
setUseDefaultPredicateRegistry(boolean flag)
Set the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
getId, setId
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent
getId
-
-
-
-
Field Detail
-
IS_VALID_PREDICATE
private static final Predicate<XMLObject> IS_VALID_PREDICATE
Predicate for evaluating whether a TimeboundSAMLObject is valid.
-
log
private org.slf4j.Logger log
Logger.
-
requireValidMetadata
private boolean requireValidMetadata
Whether metadata is required to be valid.
-
entityDescriptorResolver
private MetadataResolver entityDescriptorResolver
Resolver of EntityDescriptors.
-
satisfyAnyPredicates
private boolean satisfyAnyPredicates
Flag which determines whether predicates used in filtering are connected by a logical 'OR' (true) or by logical 'AND' (false). Defaults to false.
-
criterionPredicateRegistry
private CriterionPredicateRegistry<RoleDescriptor> criterionPredicateRegistry
Registry used in resolving predicates from criteria.
-
useDefaultPredicateRegistry
private boolean useDefaultPredicateRegistry
Flag which determines whether the default predicate registry will be used if no one is supplied explicitly. Defaults to true.
-
resolveViaPredicatesOnly
private boolean resolveViaPredicatesOnly
Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection. Defaults to false.
-
-
Constructor Detail
-
PredicateRoleDescriptorResolver
public PredicateRoleDescriptorResolver(@Nonnull @ParameterName(name="mdResolver") MetadataResolver mdResolver)
Constructor.- Parameters:
mdResolver
- the resolver of EntityDescriptors
-
-
Method Detail
-
isRequireValidMetadata
public boolean isRequireValidMetadata()
- Specified by:
isRequireValidMetadata
in interfaceRoleDescriptorResolver
-
setRequireValidMetadata
public void setRequireValidMetadata(boolean require)
- Specified by:
setRequireValidMetadata
in interfaceRoleDescriptorResolver
-
isSatisfyAnyPredicates
public boolean isSatisfyAnyPredicates()
Get the flag indicating whether resolved credentials may satisfy any predicates (i.e. connected by logical 'OR') or all predicates (connected by logical 'AND').Defaults to false.
- Returns:
- true if must satisfy all, false otherwise
-
setSatisfyAnyPredicates
public void setSatisfyAnyPredicates(boolean flag)
Set the flag indicating whether resolved credentials may satisfy any predicates (i.e. connected by logical 'OR') or all predicates (connected by logical 'AND').Defaults to false.
- Parameters:
flag
- true if must satisfy all, false otherwise
-
getCriterionPredicateRegistry
@NonnullAfterInit public CriterionPredicateRegistry<RoleDescriptor> getCriterionPredicateRegistry()
Get the registry used in resolving predicates from criteria.- Returns:
- the effective registry instance used
-
setCriterionPredicateRegistry
public void setCriterionPredicateRegistry(@Nullable CriterionPredicateRegistry<RoleDescriptor> registry)
Set the registry used in resolving predicates from criteria.- Parameters:
registry
- the registry instance to use
-
isUseDefaultPredicateRegistry
public boolean isUseDefaultPredicateRegistry()
Get the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.Defaults to true.
- Returns:
- true if should use default registry, false otherwise
-
setUseDefaultPredicateRegistry
public void setUseDefaultPredicateRegistry(boolean flag)
Set the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.Defaults to true.
- Parameters:
flag
- true if should use default registry, false otherwise
-
isResolveViaPredicatesOnly
public boolean isResolveViaPredicatesOnly()
Get the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.- Returns:
- true if resolution may be attempted solely via predicates, false if not
-
setResolveViaPredicatesOnly
public void setResolveViaPredicatesOnly(boolean flag)
Set the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.- Parameters:
flag
- true if resolution may be attempted solely via predicates, false if not
-
doInitialize
protected void doInitialize() throws ComponentInitializationException
Subclasses should override this method to perform any initialization logic necessary. Default implementation is a no-op.- Overrides:
doInitialize
in classAbstractIdentifiedInitializableComponent
- Throws:
ComponentInitializationException
- thrown if there is a problem initializing the provider
-
resolveSingle
@Nullable public RoleDescriptor resolveSingle(CriteriaSet criteria) throws ResolverException
- Specified by:
resolveSingle
in interfaceResolver<RoleDescriptor,CriteriaSet>
- Throws:
ResolverException
-
resolve
@Nonnull public Iterable<RoleDescriptor> resolve(CriteriaSet criteria) throws ResolverException
- Specified by:
resolve
in interfaceResolver<RoleDescriptor,CriteriaSet>
- Throws:
ResolverException
-
haveRoleCriteria
protected boolean haveRoleCriteria(@Nonnull CriteriaSet criteria)
Determine if have entity role criteria.- Parameters:
criteria
- the current criteria set- Returns:
- true if have role criteria, false otherwise
-
getCandidatesByRoleAndProtocol
protected Iterable<RoleDescriptor> getCandidatesByRoleAndProtocol(@Nonnull Iterable<EntityDescriptor> entityDescriptors, @Nonnull CriteriaSet criteria)
Obtain the role descriptors contained by the input entity descriptors which match the specified role and protocol criteria.This method should only be called if
haveRoleCriteria(CriteriaSet)
evaluates to true.- Parameters:
entityDescriptors
- the entity descriptors on which to operatecriteria
- the current criteria set- Returns:
- the role descriptors corresponding to the input entity role and protocol
-
getAllCandidates
protected Iterable<RoleDescriptor> getAllCandidates(@Nonnull Iterable<EntityDescriptor> entityDescriptors)
Obtain all role descriptors contained by the input entity descriptors.- Parameters:
entityDescriptors
- the entity descriptors on which to operate- Returns:
- all role descriptors contained by the input entity descriptors
-
predicateFilterCandidates
protected Iterable<RoleDescriptor> predicateFilterCandidates(@Nonnull Iterable<RoleDescriptor> candidates, @Nonnull CriteriaSet criteria, boolean onEmptyPredicatesReturnEmpty) throws ResolverException
Filter the supplied candidates by resolving predicates from the supplied criteria and applying the predicates to return a filteredIterable
.- Parameters:
candidates
- the candidates to evaluatecriteria
- the criteria set to evaluateonEmptyPredicatesReturnEmpty
- if true and no predicates are supplied, then return an empty iterable; otherwise return the original input candidates- Returns:
- an iterable of the candidates filtered by the resolved predicates
- Throws:
ResolverException
- if there is a fatal error during resolution
-
-