public class PredicateRoleDescriptorResolver extends net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent implements RoleDescriptorResolver
RoleDescriptorResolver
which wraps an instance of MetadataResolver
to
support basic EntityDescriptor resolution, and then performs further role-related filtering over the
returned EntityDescriptor.
This implementation passes the input CriteriaSet
through to the wrapped metadata resolver as-is.
This implementation also supports applying arbitrary predicates to the returned role descriptors, either passed
directly as instances of EvaluableRoleDescriptorCriterion
in the criteria, or resolved dynamically
from other criteria via an instance of CriterionPredicateRegistry
.
Modifier and Type | Field and Description |
---|---|
private net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<RoleDescriptor> |
criterionPredicateRegistry
Registry used in resolving predicates from criteria.
|
private MetadataResolver |
entityDescriptorResolver
Resolver of EntityDescriptors.
|
private static com.google.common.base.Predicate<org.opensaml.core.xml.XMLObject> |
IS_VALID_PREDICATE
Predicate for evaluating whether a TimeboundSAMLObject is valid.
|
private org.slf4j.Logger |
log
Logger.
|
private boolean |
requireValidMetadata
Whether metadata is required to be valid.
|
private boolean |
resolveViaPredicatesOnly
Flag indicating whether resolution may be performed solely by applying predicates to the
entire metadata collection.
|
private boolean |
satisfyAnyPredicates
Flag which determines whether predicates used in filtering are connected by
a logical 'OR' (true) or by logical 'AND' (false).
|
private boolean |
useDefaultPredicateRegistry
Flag which determines whether the default predicate registry will be used if no one is supplied explicitly.
|
Constructor and Description |
---|
PredicateRoleDescriptorResolver(MetadataResolver mdResolver)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected void |
doInitialize()
Subclasses should override this method to perform any initialization logic necessary.
|
protected Iterable<RoleDescriptor> |
getAllCandidates(Iterable<EntityDescriptor> entityDescriptors)
Obtain all role descriptors contained by the input entity descriptors.
|
protected Iterable<RoleDescriptor> |
getCandidatesByRoleAndProtocol(Iterable<EntityDescriptor> entityDescriptors,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Obtain the role descriptors contained by the input entity descriptors which match
the specified role and protocol criteria.
|
net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<RoleDescriptor> |
getCriterionPredicateRegistry()
Get the registry used in resolving predicates from criteria.
|
protected boolean |
haveRoleCriteria(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Determine if have entity role criteria.
|
boolean |
isRequireValidMetadata() |
boolean |
isResolveViaPredicatesOnly()
Get the flag indicating whether resolution may be performed solely
by applying predicates to the entire metadata collection.
|
boolean |
isSatisfyAnyPredicates()
Get the flag indicating whether resolved credentials may satisfy any predicates
(i.e.
|
boolean |
isUseDefaultPredicateRegistry()
Get the flag which determines whether the default predicate registry will be used
if one is not supplied explicitly.
|
protected Iterable<RoleDescriptor> |
predicateFilterCandidates(Iterable<RoleDescriptor> candidates,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
boolean onEmptyPredicatesReturnEmpty)
Filter the supplied candidates by resolving predicates from the supplied criteria and applying
the predicates to return a filtered
Iterable . |
Iterable<RoleDescriptor> |
resolve(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) |
RoleDescriptor |
resolveSingle(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) |
void |
setCriterionPredicateRegistry(net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<RoleDescriptor> registry)
Set the registry used in resolving predicates from criteria.
|
void |
setRequireValidMetadata(boolean require) |
void |
setResolveViaPredicatesOnly(boolean flag)
Set the flag indicating whether resolution may be performed solely
by applying predicates to the entire metadata collection.
|
void |
setSatisfyAnyPredicates(boolean flag)
Set the flag indicating whether resolved credentials may satisfy any predicates
(i.e.
|
void |
setUseDefaultPredicateRegistry(boolean flag)
Set the flag which determines whether the default predicate registry will be used
if one is not supplied explicitly.
|
getId, setId
destroy, doDestroy, initialize, isDestroyed, isInitialized
private static final com.google.common.base.Predicate<org.opensaml.core.xml.XMLObject> IS_VALID_PREDICATE
private org.slf4j.Logger log
private boolean requireValidMetadata
private MetadataResolver entityDescriptorResolver
private boolean satisfyAnyPredicates
private net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<RoleDescriptor> criterionPredicateRegistry
private boolean useDefaultPredicateRegistry
private boolean resolveViaPredicatesOnly
public PredicateRoleDescriptorResolver(@Nonnull MetadataResolver mdResolver)
mdResolver
- the resolver of EntityDescriptorspublic boolean isRequireValidMetadata()
isRequireValidMetadata
in interface RoleDescriptorResolver
public void setRequireValidMetadata(boolean require)
setRequireValidMetadata
in interface RoleDescriptorResolver
public boolean isSatisfyAnyPredicates()
Defaults to false.
public void setSatisfyAnyPredicates(boolean flag)
Defaults to false.
flag
- true if must satisfy all, false otherwise@NonnullAfterInit public net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<RoleDescriptor> getCriterionPredicateRegistry()
public void setCriterionPredicateRegistry(@Nullable net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry<RoleDescriptor> registry)
registry
- the registry instance to usepublic boolean isUseDefaultPredicateRegistry()
Defaults to true.
public void setUseDefaultPredicateRegistry(boolean flag)
Defaults to true.
flag
- true if should use default registry, false otherwisepublic boolean isResolveViaPredicatesOnly()
public void setResolveViaPredicatesOnly(boolean flag)
flag
- true if resolution may be attempted solely via predicates, false if notprotected void doInitialize() throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
doInitialize
in class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
net.shibboleth.utilities.java.support.component.ComponentInitializationException
- thrown if there is a problem initializing the provider@Nullable public RoleDescriptor resolveSingle(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) throws net.shibboleth.utilities.java.support.resolver.ResolverException
resolveSingle
in interface net.shibboleth.utilities.java.support.resolver.Resolver<RoleDescriptor,net.shibboleth.utilities.java.support.resolver.CriteriaSet>
net.shibboleth.utilities.java.support.resolver.ResolverException
@Nonnull public Iterable<RoleDescriptor> resolve(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) throws net.shibboleth.utilities.java.support.resolver.ResolverException
resolve
in interface net.shibboleth.utilities.java.support.resolver.Resolver<RoleDescriptor,net.shibboleth.utilities.java.support.resolver.CriteriaSet>
net.shibboleth.utilities.java.support.resolver.ResolverException
protected boolean haveRoleCriteria(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
criteria
- the current criteria setprotected Iterable<RoleDescriptor> getCandidatesByRoleAndProtocol(@Nonnull Iterable<EntityDescriptor> entityDescriptors, @Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
This method should only be called if haveRoleCriteria(CriteriaSet)
evaluates to true.
entityDescriptors
- the entity descriptors on which to operatecriteria
- the current criteria setprotected Iterable<RoleDescriptor> getAllCandidates(@Nonnull Iterable<EntityDescriptor> entityDescriptors)
entityDescriptors
- the entity descriptors on which to operateprotected Iterable<RoleDescriptor> predicateFilterCandidates(@Nonnull Iterable<RoleDescriptor> candidates, @Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, boolean onEmptyPredicatesReturnEmpty) throws net.shibboleth.utilities.java.support.resolver.ResolverException
Iterable
.candidates
- the candidates to evaluatecriteria
- the criteria set to evaluateonEmptyPredicatesReturnEmpty
- if true and no predicates are supplied, then return an empty iterable;
otherwise return the original input candidatesnet.shibboleth.utilities.java.support.resolver.ResolverException
- if there is a fatal error during resolutionCopyright © 1999–2020 Shibboleth Consortium. All rights reserved.