net.shibboleth.idp.saml.saml2.profile.delegation.impl.AddDelegationPolicyToAssertion

All Implemented Interfaces:: Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

@Prototype
public class AddDelegationPolicyToAssertion
extends AbstractProfileAction

Action which adds a DelegationPolicy element to the Advice of an Assertion.

The assertion to modify is determined by the strategy set by setAssertionLookupStrategy(Function).

The maximum chain delegation length value for the added policy element is as follows:

If an inbound assertion token is present as determined by the strategy set by setAssertionTokenStrategy(Function), the value is obtained from the policy contained within the first DelegationPolicy element of that assertion's Advice element.
Otherwise the request is assumed to be the initial SSO request, so the value is determined by the requesting SP's profile configuration value BrowserSSOProfileConfiguration.getMaximumTokenDelegationChainLength(ProfileRequestContext).
If neither of these approaches produces a value, a default value is used DEFAULT_POLICY_MAX_CHAIN_LENGTH

Nested Class Summary

Nested Classes

Modifier and Type Class Description

private class AddDelegationPolicyToAssertion.AssertionStrategy
Default strategy for obtaining assertion to modify.

Field Summary

Fields
Modifier and Type	Field	Description
`private Assertion`	`assertion`	The assertion to modify.
`private Function<ProfileRequestContext,Assertion>`	`assertionLookupStrategy`	Strategy used to locate the `Assertion` to operate on.
`private Function<ProfileRequestContext,Assertion>`	`assertionTokenStrategy`	Function used to resolve the inbound assertion token to process.
`private Assertion`	`attestedAssertion`	The inbound delegated Assertion that was attested.
`static Long`	`DEFAULT_POLICY_MAX_CHAIN_LENGTH`	Default policy max chain length, when can't otherwise be derived.
`private org.slf4j.Logger`	`log`	Logger.
`private Long`	`maxChainLength`	The max token delegation chain length value to add.
`private Function<ProfileRequestContext,RelyingPartyContext>`	`relyingPartyContextLookupStrategy`	Strategy used to lookup the RelyingPartyContext.

Constructor Summary

Constructors

Constructor Description

AddDelegationPolicyToAssertion()
Constructor.

Method Summary

Modifier and Type	Method	Description
`protected void`	`doExecute(ProfileRequestContext profileRequestContext)`
`protected boolean`	`doPreExecute(ProfileRequestContext profileRequestContext)`
`protected Long`	`resolveMaxChainLength(ProfileRequestContext profileRequestContext)`	Resolve the max token delegation chain length value to add to the assertion.
`void`	`setAssertionLookupStrategy(Function<ProfileRequestContext,Assertion> strategy)`	Set the strategy used to locate the `Assertion` to operate on.
`void`	`setAssertionTokenStrategy(Function<ProfileRequestContext,Assertion> strategy)`	Set the strategy used to locate the inbound assertion token to process.
`void`	`setRelyingPartyContextLookupStrategy(Function<ProfileRequestContext,RelyingPartyContext> strategy)`	Set the strategy used to locate the current `RelyingPartyContext`.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details
- DEFAULT_POLICY_MAX_CHAIN_LENGTH
  
  @Nonnull public static final Long DEFAULT_POLICY_MAX_CHAIN_LENGTH
  
  Default policy max chain length, when can't otherwise be derived.
- log
  
  @Nonnull private org.slf4j.Logger log
  
  Logger.
- assertionLookupStrategy
  
  @Nonnull private Function<ProfileRequestContext,Assertion> assertionLookupStrategy
  
  Strategy used to locate the Assertion to operate on.
- assertionTokenStrategy
  
  @Nonnull private Function<ProfileRequestContext,Assertion> assertionTokenStrategy
  
  Function used to resolve the inbound assertion token to process.
- relyingPartyContextLookupStrategy
  
  @Nonnull private Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy
  
  Strategy used to lookup the RelyingPartyContext.
- assertion
  
  @Nullable private Assertion assertion
  
  The assertion to modify.
- attestedAssertion
  
  @Nullable private Assertion attestedAssertion
  
  The inbound delegated Assertion that was attested.
- maxChainLength
  
  @Nullable private Long maxChainLength
  
  The max token delegation chain length value to add.
Constructor Details
- AddDelegationPolicyToAssertion
  
  public AddDelegationPolicyToAssertion()
  
  Constructor.
Method Details
- setAssertionTokenStrategy
  
  public void setAssertionTokenStrategy(@Nonnull Function<ProfileRequestContext,Assertion> strategy)
  
  Set the strategy used to locate the inbound assertion token to process.
  
  Parameters:
  
  strategy - lookup strategy
- setRelyingPartyContextLookupStrategy
  
  public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext,RelyingPartyContext> strategy)
  
  Set the strategy used to locate the current RelyingPartyContext.
  
  Parameters:
  
  strategy - strategy used to locate the current RelyingPartyContext
- setAssertionLookupStrategy
  
  public void setAssertionLookupStrategy(@Nonnull Function<ProfileRequestContext,Assertion> strategy)
  
  Set the strategy used to locate the Assertion to operate on.
  
  Parameters:
  
  strategy - strategy used to locate the Assertion to operate on
- doPreExecute
  
  protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
  
  Overrides:
  
  doPreExecute in class AbstractConditionalProfileAction
- doExecute
  
  protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
  
  Overrides:
  
  doExecute in class AbstractProfileAction
- resolveMaxChainLength
  
  @Nonnull protected Long resolveMaxChainLength(@Nonnull ProfileRequestContext profileRequestContext)
  
  Resolve the max token delegation chain length value to add to the assertion.
  
  Parameters:
  
  profileRequestContext - the current profile request context
  
  Returns:
  
  the max chain length value

Class AddDelegationPolicyToAssertion

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

Field Details

DEFAULT_POLICY_MAX_CHAIN_LENGTH

log

assertionLookupStrategy

assertionTokenStrategy

relyingPartyContextLookupStrategy

assertion

attestedAssertion

maxChainLength

Constructor Details

AddDelegationPolicyToAssertion

Method Details

setAssertionTokenStrategy

setRelyingPartyContextLookupStrategy

setAssertionLookupStrategy

doPreExecute

doExecute

resolveMaxChainLength