Class BasicAdministrativeFlowDescriptor

    • Constructor Detail

      • BasicAdministrativeFlowDescriptor

        public BasicAdministrativeFlowDescriptor​(@Nonnull @NotEmpty @ParameterName(name="id")
                                                 String id)
        Constructor.
        Parameters:
        id - profile Id
    • Method Detail

      • setPrincipalServiceManager

        public void setPrincipalServiceManager​(@Nullable
                                               PrincipalServiceManager manager)
        Sets a PrincipalServiceManager to use for string-based principal processing.
        Parameters:
        manager - manager to set
        Since:
        4.2.0
      • setLoggingId

        public void setLoggingId​(@Nullable
                                 String id)
        Set a logging ID to use when auditing this profile.
        Parameters:
        id - logging ID
      • isNonBrowserSupported

        public boolean isNonBrowserSupported​(@Nullable
                                             ProfileRequestContext profileRequestContext)
        Get whether this flow supports non-browser clients (default is true).
        Specified by:
        isNonBrowserSupported in interface AdministrativeFlowDescriptor
        Parameters:
        profileRequestContext - current profile request context
        Returns:
        whether this flow supports non-browser clients
      • setNonBrowserSupported

        public void setNonBrowserSupported​(boolean flag)
        Set whether this flow supports non-browser clients.
        Parameters:
        flag - flag to set
      • setNonBrowserSupportedPredicate

        public void setNonBrowserSupportedPredicate​(@Nonnull
                                                    Predicate<ProfileRequestContext> condition)
        Set condition to determine whether this flow supports non-browser clients.
        Parameters:
        condition - condition to apply
      • isAuthenticated

        public boolean isAuthenticated​(@Nullable
                                       ProfileRequestContext profileRequestContext)
        Get whether user authentication is required (default is false).
        Specified by:
        isAuthenticated in interface AdministrativeFlowDescriptor
        Parameters:
        profileRequestContext - current profile request context
        Returns:
        whether user authentication is required
      • setAuthenticated

        public void setAuthenticated​(boolean flag)
        Set whether user authentication is required (default is false).
        Parameters:
        flag - flag to set
      • setAuthenticatedPredicate

        public void setAuthenticatedPredicate​(@Nonnull
                                              Predicate<ProfileRequestContext> condition)
        Set condition to determine whether user authentication is required (default is false).
        Parameters:
        condition - condition to apply
      • setPolicyName

        public void setPolicyName​(@Nullable
                                  String name)
        Set an explicit access control policy name to apply.
        Parameters:
        name - policy name
      • setPolicyNameLookupStrategy

        public void setPolicyNameLookupStrategy​(@Nonnull
                                                Function<ProfileRequestContext,​String> strategy)
        Set a lookup strategy to use to obtain the access control policy for this flow.
        Parameters:
        strategy - lookup strategy
      • setResolveAttributes

        public void setResolveAttributes​(boolean flag)
        Set whether attributes should be resolved during the profile.
        Parameters:
        flag - flag to set
      • setResolveAttributesPredicate

        public void setResolveAttributesPredicate​(@Nonnull
                                                  Predicate<ProfileRequestContext> condition)
        Set a condition to determine whether attributes should be resolved during the profile.
        Parameters:
        condition - condition to set
      • setDefaultAuthenticationMethods

        public void setDefaultAuthenticationMethods​(@Nullable @NonnullElements
                                                    Collection<Principal> methods)
        Set the default authentication methods to use, expressed as custom principals.
        Parameters:
        methods - default authentication methods to use
      • setDefaultAuthenticationMethodsLookupStrategy

        public void setDefaultAuthenticationMethodsLookupStrategy​(@Nonnull
                                                                  Function<ProfileRequestContext,​Collection<Principal>> strategy)
        Set a lookup strategy for the authentication methods to use, expressed as custom principals.
        Parameters:
        strategy - lookup strategy
      • setDefaultAuthenticationMethodsByString

        public void setDefaultAuthenticationMethodsByString​(@Nullable @NonnullElements
                                                            Collection<String> methods)
        Set the authentication methods to use, expressed as strings that will be converted to principals during initialization.
        Parameters:
        methods - default authentication methods to use, expressed as strings
        Since:
        4.2.0
      • setDefaultAuthenticationMethodsByStringLookupStrategy

        public void setDefaultAuthenticationMethodsByStringLookupStrategy​(@Nonnull
                                                                          Function<ProfileRequestContext,​Collection<String>> strategy)
        Set a lookup strategy for the authentication methods to use, expressed as strings that will be converted to principals during initialization.
        Parameters:
        strategy - lookup strategy
        Since:
        4.2.0
      • setAuthenticationFlows

        public void setAuthenticationFlows​(@Nullable @NonnullElements
                                           Collection<String> flows)
        Set the authentication flows to use.
        Parameters:
        flows - flow identifiers to use
      • setAuthenticationFlowsLookupStrategy

        public void setAuthenticationFlowsLookupStrategy​(@Nonnull
                                                         Function<ProfileRequestContext,​Set<String>> strategy)
        Set a lookup strategy for the authentication flows to use.
        Parameters:
        strategy - lookup strategy
      • setPostAuthenticationFlows

        public void setPostAuthenticationFlows​(@Nullable @NonnullElements
                                               Collection<String> flows)
        Set the ordered collection of post-authentication interceptor flows to enable.
        Parameters:
        flows - flow identifiers to enable
      • setPostAuthenticationFlowsLookupStrategy

        public void setPostAuthenticationFlowsLookupStrategy​(@Nonnull
                                                             Function<ProfileRequestContext,​Collection<String>> strategy)
        Set a lookup strategy for the post-authentication interceptor flows to enable.
        Parameters:
        strategy - lookup strategy
      • isForceAuthn

        public boolean isForceAuthn​(@Nullable
                                    ProfileRequestContext profileRequestContext)
        Get whether the authentication process should include a proof of user presence.
        Specified by:
        isForceAuthn in interface AuthenticationProfileConfiguration
        Parameters:
        profileRequestContext - current profile request context
        Returns:
        true iff authentication should require user presence
      • setForceAuthn

        public void setForceAuthn​(boolean flag)
        Set whether a fresh user presence proof should be required for this request.
        Parameters:
        flag - flag to set
      • setForceAuthnPredicate

        public void setForceAuthnPredicate​(@Nonnull
                                           Predicate<ProfileRequestContext> condition)
        Set a condition to determine whether a fresh user presence proof should be required for this request.
        Parameters:
        condition - condition to set
      • getProxyCount

        @Nullable
        public Integer getProxyCount​(@Nullable
                                     ProfileRequestContext profileRequestContext)
        Gets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
        Specified by:
        getProxyCount in interface AuthenticationProfileConfiguration
        Parameters:
        profileRequestContext - current profile request context
        Returns:
        maximum number of times an assertion or authentication may be proxied
      • setProxyCount

        public void setProxyCount​(@Nullable @NonNegative
                                  Integer count)
        Sets the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
        Parameters:
        count - proxy count
        Since:
        4.0.0
      • setProxyCountLookupStrategy

        public void setProxyCountLookupStrategy​(@Nonnull
                                                Function<ProfileRequestContext,​Integer> strategy)
        Set a lookup strategy for the maximum number of times an assertion may be proxied outbound and/or the maximum number of hops between the relying party and a proxied authentication authority inbound.
        Parameters:
        strategy - lookup strategy
        Since:
        4.0.0