public class EncryptNameIDs extends AbstractEncryptAction
NameID
s in a message obtained from a lookup strategy,
by default the outbound message context.
Specific formats may be excluded from encryption, by default excluding the "entity" format.
EventIds.PROCEED_EVENT_ID
, EventIds.UNABLE_TO_ENCRYPT
NameID
s in all locations have been replaced with encrypted versions.
It's possible for some to be replaced but others not if an error occurs.Modifier and Type | Field and Description |
---|---|
private Set<String> |
excludedFormats
Formats to exclude from encryption.
|
private org.slf4j.Logger |
log
Class logger.
|
private SAMLObject |
message
The message to operate on.
|
private com.google.common.base.Function<ProfileRequestContext,SAMLObject> |
messageLookupStrategy
Strategy used to locate the message to operate on.
|
Constructor and Description |
---|
EncryptNameIDs()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected void |
doExecute(ProfileRequestContext profileRequestContext) |
protected boolean |
doPreExecute(ProfileRequestContext profileRequestContext) |
protected org.opensaml.xmlsec.EncryptionParameters |
getApplicableParameters(EncryptionContext ctx)
Return the right set of parameters for the operation to be performed, or none if no encryption should occur.
|
private void |
processAssertion(Assertion assertion)
Decrypt any
EncryptedID found in an assertion and replace it with the result. |
private void |
processLogoutRequest(LogoutRequest request)
Encrypt a
NameID found in a LogoutRequest and replace it with the result. |
private void |
processManageNameIDRequest(ManageNameIDRequest request)
Encrypt a
NameID found in a ManageNameIDRequest and replace it with the result. |
private void |
processNameIDMappingRequest(NameIDMappingRequest request)
Encrypt a
NameID found in a NameIDMappingRequest and replace it with the result. |
private void |
processNameIDMappingResponse(NameIDMappingResponse response)
Encrypt a
NameID found in a NameIDMappingResponse and replace it with the result. |
private void |
processSubject(Subject subject)
Encrypt any
NameID s found in a subject and replace them with the result. |
void |
setExcludedFormats(Collection<String> formats)
Set the
NameID formats to ignore and leave unencrypted. |
void |
setMessageLookupStrategy(com.google.common.base.Function<ProfileRequestContext,SAMLObject> strategy)
Set the strategy used to locate the
Response to operate on. |
private boolean |
shouldEncrypt(NameID name)
Return true iff the NameID should be encrypted.
|
getEncrypter, setEncryptionContextLookupStrategy, setEncryptToSelf, setEncryptToSelfParametersStrategy, setKeyPlacementLookupStrategy, setRecipientLookupStrategy, setSelfRecipientLookupStrategy
getActivationCondition, setActivationCondition
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized
@Nonnull private final org.slf4j.Logger log
@Nonnull private com.google.common.base.Function<ProfileRequestContext,SAMLObject> messageLookupStrategy
@Nonnull @NonnullElements private Set<String> excludedFormats
@Nullable private SAMLObject message
public void setMessageLookupStrategy(@Nonnull com.google.common.base.Function<ProfileRequestContext,SAMLObject> strategy)
Response
to operate on.strategy
- strategy used to locate the Response
to operate onpublic void setExcludedFormats(@Nonnull @NonnullElements Collection<String> formats)
NameID
formats to ignore and leave unencrypted.formats
- formats to exclude@Nullable protected org.opensaml.xmlsec.EncryptionParameters getApplicableParameters(@Nullable EncryptionContext ctx)
getApplicableParameters
in class AbstractEncryptAction
ctx
- possibly null input context to pull parameters fromprotected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
doPreExecute
in class AbstractEncryptAction
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
doExecute
in class AbstractProfileAction
private boolean shouldEncrypt(@Nullable NameID name)
name
- NameID to checkprivate void processSubject(@Nullable Subject subject) throws org.opensaml.xmlsec.encryption.support.EncryptionException
NameID
s found in a subject and replace them with the result.subject
- subject to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException
- if an error occursprivate void processLogoutRequest(@Nonnull LogoutRequest request) throws org.opensaml.xmlsec.encryption.support.EncryptionException
NameID
found in a LogoutRequest and replace it with the result.request
- request to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException
- if an error occursprivate void processManageNameIDRequest(@Nonnull ManageNameIDRequest request) throws org.opensaml.xmlsec.encryption.support.EncryptionException
NameID
found in a ManageNameIDRequest and replace it with the result.request
- request to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException
- if an error occursprivate void processNameIDMappingRequest(@Nonnull NameIDMappingRequest request) throws org.opensaml.xmlsec.encryption.support.EncryptionException
NameID
found in a NameIDMappingRequest and replace it with the result.request
- request to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException
- if an error occursprivate void processNameIDMappingResponse(@Nonnull NameIDMappingResponse response) throws org.opensaml.xmlsec.encryption.support.EncryptionException
NameID
found in a NameIDMappingResponse and replace it with the result.response
- response to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException
- if an error occursprivate void processAssertion(@Nonnull Assertion assertion) throws org.opensaml.xmlsec.encryption.support.EncryptionException
EncryptedID
found in an assertion and replace it with the result.assertion
- assertion to operate onorg.opensaml.xmlsec.encryption.support.EncryptionException
- if an error occursCopyright © 1999–2020 Shibboleth Consortium. All rights reserved.