public class AddNameIDToSubjects extends AbstractProfileAction
NameID
and adds it to the Subject
of all the assertions
found in a Response
. The message to update is returned by a lookup strategy, by default
the message returned by InOutOperationContext.getOutboundMessageContext()
.
If no Response
exists, then an Assertion
directly in the outbound message context will
be used or created by the default lookup strategy.
If no Subject
exists in the assertions found, it will be cretaed.
The source of the NameID
is one of a set of candidate SAML2NameIDGenerator
plugins injected into the action. The plugin(s) to attempt to use are derived from the Format value,
which is established by a lookup strategy.
In addition, the generation process is influenced by the requested NameIDPolicy
, which
is evaluated using a pluggable predicate.
Modifier and Type | Class and Description |
---|---|
private class |
AddNameIDToSubjects.AssertionStrategy
Default strategy for obtaining assertions to modify.
|
static class |
AddNameIDToSubjects.NameIDPolicyLookupFunction
Lookup function that returns the
NameIDPolicy from an AuthnRequest message returned
from a lookup function, by default the inbound message. |
static class |
AddNameIDToSubjects.RequesterIdFromIssuerFunction
Lookup function that returns
RequestAbstractType.getIssuer()
from a request message returned from a lookup function, by default the inbound message. |
Modifier and Type | Field and Description |
---|---|
private List<Assertion> |
assertions
Response to modify.
|
private com.google.common.base.Function<ProfileRequestContext,List<Assertion>> |
assertionsLookupStrategy
Strategy used to locate the
Response to operate on. |
private com.google.common.base.Function<ProfileRequestContext,List<String>> |
formatLookupStrategy
Strategy used to determine the formats to try.
|
private List<String> |
formats
Formats to try.
|
private SAML2NameIDGenerator |
generator
Generator to use.
|
private net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy |
idGenerator
The generator to use.
|
private com.google.common.base.Function<ProfileRequestContext,net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy> |
idGeneratorLookupStrategy
Strategy used to locate the
IdentifierGenerationStrategy to use. |
private String |
issuerId
EntityID to populate into Issuer element.
|
private com.google.common.base.Function<ProfileRequestContext,String> |
issuerLookupStrategy
Strategy used to obtain the response issuer value.
|
private org.slf4j.Logger |
log
Class logger.
|
private SAMLObjectBuilder<NameID> |
nameIdBuilder
Builder for NameID objects.
|
private com.google.common.base.Predicate<ProfileRequestContext> |
nameIDPolicyPredicate
Predicate to validate
NameIDPolicy . |
private boolean |
overwriteExisting
Flag controlling whether to overwrite an existing NameID.
|
private AuthnRequest |
request
Request to examine.
|
private com.google.common.base.Function<ProfileRequestContext,AuthnRequest> |
requestLookupStrategy
Strategy used to locate the
AuthnRequest to operate on, if any. |
private String |
requiredFormat
Format required by requested
NameIDPolicy . |
private SAMLObjectBuilder<Subject> |
subjectBuilder
Builder for Subject objects.
|
Constructor and Description |
---|
AddNameIDToSubjects()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
private NameID |
cloneNameID(NameID nameId)
Create an efficient field-wise copy of a
NameID . |
protected void |
doExecute(ProfileRequestContext profileRequestContext) |
protected void |
doInitialize() |
protected boolean |
doPreExecute(ProfileRequestContext profileRequestContext) |
private NameID |
generateNameID(ProfileRequestContext profileRequestContext)
Attempt to generate a
NameID using each of the candidate Formats and plugins. |
private Subject |
getAssertionSubject(Assertion assertion)
Get the subject to which the name identifier will be added.
|
private String |
getRequiredFormat(ProfileRequestContext profileRequestContext)
Extract a format required by the inbound request, if present.
|
void |
setAssertionsLookupStrategy(com.google.common.base.Function<ProfileRequestContext,List<Assertion>> strategy)
Set the strategy used to locate the
Assertion s to operate on. |
void |
setFormatLookupStrategy(com.google.common.base.Function<ProfileRequestContext,List<String>> strategy)
Set the strategy function to use to obtain the formats to try.
|
void |
setIdentifierGeneratorLookupStrategy(com.google.common.base.Function<ProfileRequestContext,net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy> strategy)
Set the strategy used to locate the
IdentifierGenerationStrategy to use. |
void |
setIssuerLookupStrategy(com.google.common.base.Function<ProfileRequestContext,String> strategy)
Set the strategy used to locate the issuer value to use.
|
void |
setNameIDGenerator(SAML2NameIDGenerator theGenerator)
Set the generator to use.
|
void |
setNameIDPolicyPredicate(com.google.common.base.Predicate<ProfileRequestContext> predicate)
Set the predicate used to evaluate the
NameIDPolicy . |
void |
setOverwriteExisting(boolean flag)
Set whether to overwrite any existing
NameID objects found. |
void |
setRequestLookupStrategy(com.google.common.base.Function<ProfileRequestContext,AuthnRequest> strategy)
Set the strategy used to locate the
AuthnRequest to examine, if any. |
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
destroy, doDestroy, initialize, isDestroyed, isInitialized
@Nonnull private final org.slf4j.Logger log
@Nonnull private SAMLObjectBuilder<Subject> subjectBuilder
@Nonnull private SAMLObjectBuilder<NameID> nameIdBuilder
private boolean overwriteExisting
@Nonnull private com.google.common.base.Function<ProfileRequestContext,AuthnRequest> requestLookupStrategy
AuthnRequest
to operate on, if any.@Nonnull private com.google.common.base.Function<ProfileRequestContext,List<Assertion>> assertionsLookupStrategy
Response
to operate on.@Nonnull private com.google.common.base.Function<ProfileRequestContext,net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy> idGeneratorLookupStrategy
IdentifierGenerationStrategy
to use.@Nullable private com.google.common.base.Function<ProfileRequestContext,String> issuerLookupStrategy
@Nonnull private com.google.common.base.Predicate<ProfileRequestContext> nameIDPolicyPredicate
NameIDPolicy
.@Nonnull private com.google.common.base.Function<ProfileRequestContext,List<String>> formatLookupStrategy
@NonnullAfterInit private SAML2NameIDGenerator generator
@Nullable private String requiredFormat
NameIDPolicy
.@Nullable private AuthnRequest request
@Nullable private net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy idGenerator
public AddNameIDToSubjects() throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
net.shibboleth.utilities.java.support.component.ComponentInitializationException
- if an error occurs initializing default predicate.public void setOverwriteExisting(boolean flag)
NameID
objects found.flag
- true iff the action should overwrite any existing objectspublic void setRequestLookupStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,AuthnRequest> strategy)
AuthnRequest
to examine, if any.strategy
- strategy used to locate the AuthnRequest
public void setAssertionsLookupStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,List<Assertion>> strategy)
Assertion
s to operate on.strategy
- lookup strategypublic void setIdentifierGeneratorLookupStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy> strategy)
IdentifierGenerationStrategy
to use.strategy
- lookup strategypublic void setIssuerLookupStrategy(@Nullable com.google.common.base.Function<ProfileRequestContext,String> strategy)
strategy
- lookup strategypublic void setNameIDPolicyPredicate(@Nonnull com.google.common.base.Predicate<ProfileRequestContext> predicate)
NameIDPolicy
.predicate
- predicate used to evaluate the NameIDPolicy
public void setFormatLookupStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,List<String>> strategy)
strategy
- format lookup strategypublic void setNameIDGenerator(@Nullable SAML2NameIDGenerator theGenerator)
theGenerator
- the generator to useprotected void doInitialize() throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
doInitialize
in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.utilities.java.support.component.ComponentInitializationException
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
doPreExecute
in class AbstractProfileAction
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
doExecute
in class AbstractProfileAction
@Nullable private String getRequiredFormat(@Nonnull ProfileRequestContext profileRequestContext)
profileRequestContext
- current profile request context@Nullable private NameID generateNameID(@Nonnull ProfileRequestContext profileRequestContext)
NameID
using each of the candidate Formats and plugins.profileRequestContext
- current profile request contextNameID
or null@Nonnull private Subject getAssertionSubject(@Nonnull Assertion assertion)
assertion
- the assertion being modifiedCopyright © 1999–2020 Shibboleth Consortium. All rights reserved.