Class AddNameIDToSubjects
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects
-
- All Implemented Interfaces:
Component
,DestructableComponent
,InitializableComponent
,ProfileAction
public class AddNameIDToSubjects extends AbstractProfileAction
Action that builds aNameID
and adds it to theSubject
of all the assertions found in aResponse
. The message to update is returned by a lookup strategy, by default the message returned byInOutOperationContext.getOutboundMessageContext()
.If no
Response
exists, then anAssertion
directly in the outbound message context will be used or created by the default lookup strategy.If no
Subject
exists in the assertions found, it will be cretaed.The source of the
NameID
is one of a set of candidateSAML2NameIDGenerator
plugins injected into the action. The plugin(s) to attempt to use are derived from the Format value, which is established by a lookup strategy.In addition, the generation process is influenced by the requested
NameIDPolicy
, which is evaluated using a pluggable predicate.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private class
AddNameIDToSubjects.AssertionStrategy
Default strategy for obtaining assertions to modify.static class
AddNameIDToSubjects.NameIDPolicyLookupFunction
Lookup function that returns theNameIDPolicy
from anAuthnRequest
message returned from a lookup function, by default the inbound message.static class
AddNameIDToSubjects.RequesterIdFromIssuerFunction
Lookup function that returnsRequestAbstractType.getIssuer()
from a request message returned from a lookup function, by default the inbound message.
-
Field Summary
Fields Modifier and Type Field Description private List<Assertion>
assertions
Response to modify.private Function<ProfileRequestContext,List<Assertion>>
assertionsLookupStrategy
Strategy used to locate theResponse
to operate on.private Function<ProfileRequestContext,List<String>>
formatLookupStrategy
Strategy used to determine the formats to try.private List<String>
formats
Formats to try.private SAML2NameIDGenerator
generator
Generator to use.private IdentifierGenerationStrategy
idGenerator
The generator to use.private Function<ProfileRequestContext,IdentifierGenerationStrategy>
idGeneratorLookupStrategy
Strategy used to locate theIdentifierGenerationStrategy
to use.private String
issuerId
EntityID to populate into Issuer element.private Function<ProfileRequestContext,String>
issuerLookupStrategy
Strategy used to obtain the response issuer value.private org.slf4j.Logger
log
Class logger.private SAMLObjectBuilder<NameID>
nameIdBuilder
Builder for NameID objects.private Predicate<ProfileRequestContext>
nameIDPolicyPredicate
Predicate to validateNameIDPolicy
.private boolean
overwriteExisting
Flag controlling whether to overwrite an existing NameID.private AuthnRequest
request
Request to examine.private Function<ProfileRequestContext,AuthnRequest>
requestLookupStrategy
Strategy used to locate theAuthnRequest
to operate on, if any.private String
requiredFormat
Format required by requestedNameIDPolicy
.private SAMLObjectBuilder<Subject>
subjectBuilder
Builder for Subject objects.
-
Constructor Summary
Constructors Constructor Description AddNameIDToSubjects()
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private NameID
cloneNameID(NameID nameId)
Create an efficient field-wise copy of aNameID
.protected void
doExecute(ProfileRequestContext profileRequestContext)
protected void
doInitialize()
protected boolean
doPreExecute(ProfileRequestContext profileRequestContext)
private NameID
generateNameID(ProfileRequestContext profileRequestContext)
Attempt to generate aNameID
using each of the candidate Formats and plugins.private Subject
getAssertionSubject(Assertion assertion)
Get the subject to which the name identifier will be added.private String
getRequiredFormat(ProfileRequestContext profileRequestContext)
Extract a format required by the inbound request, if present.void
setAssertionsLookupStrategy(Function<ProfileRequestContext,List<Assertion>> strategy)
Set the strategy used to locate theAssertion
s to operate on.void
setFormatLookupStrategy(Function<ProfileRequestContext,List<String>> strategy)
Set the strategy function to use to obtain the formats to try.void
setIdentifierGeneratorLookupStrategy(Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)
Set the strategy used to locate theIdentifierGenerationStrategy
to use.void
setIssuerLookupStrategy(Function<ProfileRequestContext,String> strategy)
Set the strategy used to locate the issuer value to use.void
setNameIDGenerator(SAML2NameIDGenerator theGenerator)
Set the generator to use.void
setNameIDPolicyPredicate(Predicate<ProfileRequestContext> predicate)
Set the predicate used to evaluate theNameIDPolicy
.void
setOverwriteExisting(boolean flag)
Set whether to overwrite any existingNameID
objects found.void
setRequestLookupStrategy(Function<ProfileRequestContext,AuthnRequest> strategy)
Set the strategy used to locate theAuthnRequest
to examine, if any.-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
subjectBuilder
@Nonnull private SAMLObjectBuilder<Subject> subjectBuilder
Builder for Subject objects.
-
nameIdBuilder
@Nonnull private SAMLObjectBuilder<NameID> nameIdBuilder
Builder for NameID objects.
-
overwriteExisting
private boolean overwriteExisting
Flag controlling whether to overwrite an existing NameID.
-
requestLookupStrategy
@Nonnull private Function<ProfileRequestContext,AuthnRequest> requestLookupStrategy
Strategy used to locate theAuthnRequest
to operate on, if any.
-
assertionsLookupStrategy
@Nonnull private Function<ProfileRequestContext,List<Assertion>> assertionsLookupStrategy
Strategy used to locate theResponse
to operate on.
-
idGeneratorLookupStrategy
@Nonnull private Function<ProfileRequestContext,IdentifierGenerationStrategy> idGeneratorLookupStrategy
Strategy used to locate theIdentifierGenerationStrategy
to use.
-
issuerLookupStrategy
@Nullable private Function<ProfileRequestContext,String> issuerLookupStrategy
Strategy used to obtain the response issuer value.
-
nameIDPolicyPredicate
@Nonnull private Predicate<ProfileRequestContext> nameIDPolicyPredicate
Predicate to validateNameIDPolicy
.
-
formatLookupStrategy
@Nonnull private Function<ProfileRequestContext,List<String>> formatLookupStrategy
Strategy used to determine the formats to try.
-
generator
@NonnullAfterInit private SAML2NameIDGenerator generator
Generator to use.
-
formats
@Nonnull @NonnullElements private List<String> formats
Formats to try.
-
requiredFormat
@Nullable private String requiredFormat
Format required by requestedNameIDPolicy
.
-
request
@Nullable private AuthnRequest request
Request to examine.
-
idGenerator
@Nullable private IdentifierGenerationStrategy idGenerator
The generator to use.
-
issuerId
@Nullable private String issuerId
EntityID to populate into Issuer element.
-
-
Constructor Detail
-
AddNameIDToSubjects
public AddNameIDToSubjects() throws ComponentInitializationException
Constructor.- Throws:
ComponentInitializationException
- if an error occurs initializing default predicate.
-
-
Method Detail
-
setOverwriteExisting
public void setOverwriteExisting(boolean flag)
Set whether to overwrite any existingNameID
objects found.- Parameters:
flag
- true iff the action should overwrite any existing objects
-
setRequestLookupStrategy
public void setRequestLookupStrategy(@Nonnull Function<ProfileRequestContext,AuthnRequest> strategy)
Set the strategy used to locate theAuthnRequest
to examine, if any.- Parameters:
strategy
- strategy used to locate theAuthnRequest
-
setAssertionsLookupStrategy
public void setAssertionsLookupStrategy(@Nonnull Function<ProfileRequestContext,List<Assertion>> strategy)
Set the strategy used to locate theAssertion
s to operate on.- Parameters:
strategy
- lookup strategy
-
setIdentifierGeneratorLookupStrategy
public void setIdentifierGeneratorLookupStrategy(@Nonnull Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)
Set the strategy used to locate theIdentifierGenerationStrategy
to use.- Parameters:
strategy
- lookup strategy
-
setIssuerLookupStrategy
public void setIssuerLookupStrategy(@Nullable Function<ProfileRequestContext,String> strategy)
Set the strategy used to locate the issuer value to use.- Parameters:
strategy
- lookup strategy
-
setNameIDPolicyPredicate
public void setNameIDPolicyPredicate(@Nonnull Predicate<ProfileRequestContext> predicate)
Set the predicate used to evaluate theNameIDPolicy
.- Parameters:
predicate
- predicate used to evaluate theNameIDPolicy
-
setFormatLookupStrategy
public void setFormatLookupStrategy(@Nonnull Function<ProfileRequestContext,List<String>> strategy)
Set the strategy function to use to obtain the formats to try.- Parameters:
strategy
- format lookup strategy
-
setNameIDGenerator
public void setNameIDGenerator(@Nullable SAML2NameIDGenerator theGenerator)
Set the generator to use.- Parameters:
theGenerator
- the generator to use
-
doInitialize
protected void doInitialize() throws ComponentInitializationException
- Overrides:
doInitialize
in classAbstractInitializableComponent
- Throws:
ComponentInitializationException
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
- Overrides:
doPreExecute
in classAbstractProfileAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
- Overrides:
doExecute
in classAbstractProfileAction
-
getRequiredFormat
@Nullable private String getRequiredFormat(@Nonnull ProfileRequestContext profileRequestContext)
Extract a format required by the inbound request, if present.- Parameters:
profileRequestContext
- current profile request context- Returns:
- a format dictated by the request, or null
-
generateNameID
@Nullable private NameID generateNameID(@Nonnull ProfileRequestContext profileRequestContext)
Attempt to generate aNameID
using each of the candidate Formats and plugins.- Parameters:
profileRequestContext
- current profile request context- Returns:
- a generated
NameID
or null
-
getAssertionSubject
@Nonnull private Subject getAssertionSubject(@Nonnull Assertion assertion)
Get the subject to which the name identifier will be added.- Parameters:
assertion
- the assertion being modified- Returns:
- the assertion to which the name identifier will be added
-
-