Package net.shibboleth.idp.attribute.filter.policyrule.saml.impl

Class AbstractEntityGroupPolicyRule

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
net.shibboleth.idp.attribute.filter.policyrule.impl.AbstractPolicyRule
net.shibboleth.idp.attribute.filter.policyrule.saml.impl.AbstractEntityGroupPolicyRule
All Implemented Interfaces:
PolicyRequirementRule, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
Direct Known Subclasses:
IssuerInEntityGroupPolicyRule, ProxiedRequesterInEntityGroupPolicyRule, RequesterInEntityGroupPolicyRule
public abstract class AbstractEntityGroupPolicyRule extends AbstractPolicyRule
A matcher that evaluates to true if an entity's metadata matches the provided entity group name, or a valid metadata-sourced affiliation of entities.
Since:
4.0.0

  • Field Details

    • entityGroup

      @NonnullAfterInit @NotEmpty private String entityGroup
      The entity group to match against.

    • checkAffiliations

      private boolean checkAffiliations
      Whether to search metadata for AffiliationDescriptor membership.

  • Constructor Details

    • AbstractEntityGroupPolicyRule

      public AbstractEntityGroupPolicyRule()

  • Method Details

    • getEntityGroup

      @NonnullAfterInit @NotEmpty public String getEntityGroup()
      Gets the entity group to match against.
      Returns:
      entity group to match against

    • setEntityGroup

      public void setEntityGroup(@Nullable String group)
      Sets the entity group to match against.
      Parameters:
      group - entity group to match against

    • setCheckAffiliations

      public void setCheckAffiliations(boolean flag)
      Set whether to check a supplied MetadataResolver for membership in an AffiliationDescriptor as a form of group policy.

      Defaults to false.

      Parameters:
      flag - flag to set

    • isCheckAffiliations

      public boolean isCheckAffiliations()
      Returns whether we check a supplied MetadataResolver for membership in an AffiliationDescriptor as a form of group policy.
      Returns:
      whether to check for AffiliationDescriptor membership
      Since:
      4.0.0

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractPolicyRule
      Throws:
      ComponentInitializationException

    • getEntityMetadata

      @Nullable protected abstract EntityDescriptor getEntityMetadata(@Nonnull AttributeFilterContext filterContext)
      Gets the entity descriptor for the entity to check.
      Parameters:
      filterContext - current filter request context
      Returns:
      entity descriptor for the entity to check

    • matches

      @Nonnull public PolicyRequirementRule.Tristate matches(@Nonnull AttributeFilterContext input)
      Checks if the given entity is in the provided entity group.
      Parameters:
      input - the context to look at
      Returns:
      whether the entity is in the group whether the rule holds