Handling New User Memberships

Brandon McKean mckeanbs at jmu.edu
Wed May 10 15:30:00 EDT 2017


Thanks Scott.

I've given the RegexAttributePredicate class a try but I seem to be 
getting an error. This is what I placed in the flow:

> <bean id="ContextCheckPredicate" 
> class="net.shibboleth.idp.profile.logic.RegexAttributePredicate" 
> p:useUnfilteredAttributes="true" p:pat="staff|faculty" 
> p:attributeId="eduPersonScopedAffiliation" 
> p:attributeContextLookupStrategy-ref="shibboleth.ChildLookupOrCreate.AttributeContext" 
> /> 
I based that off of what I saw here, since I couldn't find anything on 
the wiki: https://issues.shibboleth.net/jira/browse/IDP-1062

This is what ended up being produced in the logs:

> 2017-05-10 15:23:07,939 - ERROR 
> [net.shibboleth.idp.profile.interceptor:-2] - Uncaught runtime exception
> org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'ContextCheckPredicate' defined in file 
> [/opt/shibboleth-idp/flows/intercept/userblock/userblock-beans.xml]: 
> Error setting property values; nested exception is 
> org.springframework.beans.NotWritablePropertyException: Invalid 
> property 'pat' of bean class 
> [net.shibboleth.idp.profile.logic.RegexAttributePredicate]: Bean 
> property 'pat' is not writable or has an invalid setter method. Does 
> the parameter type of the setter match the return type of the getter?
>     at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1518)
> Caused by: org.springframework.beans.NotWritablePropertyException: 
> Invalid property 'pat' of bean class 
> [net.shibboleth.idp.profile.logic.RegexAttributePredicate]: Bean 
> property 'pat' is not writable or has an invalid setter method. Does 
> the parameter type of the setter match the return type of the getter?
>     at 
> org.springframework.beans.BeanWrapperImpl.createNotWritablePropertyException(BeanWrapperImpl.java:243)
Did the property change maybe?

Thanks,

-- 
Brandon McKean
IT / Systems
Linux Administrator
(540)568-4235

On 05/10/2017 09:36 AM, Cantor, Scott wrote:
> On 5/10/17, 8:39 AM, "users on behalf of Brandon McKean" <users-bounces at shibboleth.net on behalf of mckeanbs at jmu.edu> wrote:
>
>> I was aiming for more of a regex style of match.
> Then you can wire up a regex directly with the RegexAttributePredicate class in the same Java package. Or you can punt and just use a ScriptedPredicate too.
>
>> I was able to get the
>> SimpleAttributePredicate working with an attribute that only produces
>> one value, so what I've done now is invent a new scripted attribute that
>> produces a one value result to then be used by ContextCheckPredicate.
> Same thing, you're just moving the script into the resolver. You don't have to use SimpleAttributePredicate. It's an example, nothing more.
>
>> Is this a good way to handle what I'm trying to do? It does work either
>> way but if there's a recommended approach I'd rather do that.
> There are no recommended approaches. The flow just evaluates a Predicate<ProfileRequestContext>. It doesn't care what you install as the Predicate.
>
> -- Scott
>
>



More information about the users mailing list