Package net.shibboleth.idp.attribute.filter.matcher.saml.impl

Class AttributeInMetadataMatcher

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
net.shibboleth.idp.attribute.filter.matcher.saml.impl.AttributeInMetadataMatcher
All Implemented Interfaces:
Matcher, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
public class AttributeInMetadataMatcher extends AbstractIdentifiableInitializableComponent implements Matcher
Matcher that checks whether an attribute is enumerated in an SP's metadata as a required or optional attribute. Also supports simple value filtering.

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • onlyIfRequired

      private boolean onlyIfRequired
      Whether optionally requested attributes should be matched.

    • matchIfMetadataSilent

      private boolean matchIfMetadataSilent
      Whether to return a match if the metadata does not contain an ACS descriptor.

    • attributeName

      @Nullable @NotEmpty private String attributeName
      The SAML Attribute Name to look for in the metadata.

    • attributeNameFormat

      @Nullable @NotEmpty private String attributeNameFormat
      The SAML Attribute NameFormat to look for in the metadata.

    • logPrefix

      @Nullable @NotEmpty private String logPrefix
      The String used to prefix log message.

  • Constructor Details

    • AttributeInMetadataMatcher

      public AttributeInMetadataMatcher()

  • Method Details

    • getOnlyIfRequired

      public boolean getOnlyIfRequired()
      Gets whether optionally requested attributes should be matched.
      Returns:
      Whether optionally requested attributes should be matched.

    • setOnlyIfRequired

      public void setOnlyIfRequired(boolean flag)
      Sets whether optionally requested attributes should be matched.
      Parameters:
      flag - whether optionally requested attributes should be matched

    • getMatchIfMetadataSilent

      public boolean getMatchIfMetadataSilent()
      Gets whether to matched if the metadata contains no AttributeConsumingService.
      Returns:
      whether to match if the metadata contains no AttributeConsumingService

    • setMatchIfMetadataSilent

      public void setMatchIfMetadataSilent(boolean flag)
      Sets whether to match if the metadata contains no AttributeConsumingService.
      Parameters:
      flag - whether to match if the metadata contains no AttributeConsumingService

    • getAttributeName

      @Nullable @NotEmpty public String getAttributeName()
      Get the SAML Attribute Name to look for in the metadata. If not used, the evaluated attribute's own eventual encoded name(s) will be used to find a match.
      Returns:
      the Name to look for

    • setAttributeName

      public void setAttributeName(@Nullable @NotEmpty String name)
      Set the SAML Attribute Name to look for in the metadata. If not used, the evaluated attribute's own eventual encoded name(s) will be used to find a match.

      This allows a "look aside" to match a different SAML Attribute Name in the metadata.

      Parameters:
      name - the Name to look for

    • getAttributeNameFormat

      @Nullable @NotEmpty public String getAttributeNameFormat()
      Get the SAML Attribute NameFormat to look for in the metadata. If not used, the evaluated attribute's own eventual encoded name format(s) will be used to find a match.
      Returns:
      the Name to look for

    • setAttributeNameFormat

      public void setAttributeNameFormat(@Nullable @NotEmpty String format)
      Set the SAML Attribute NameFormat to look for in the metadata. If not used, the evaluated attribute's own eventual encoded name format(s) will be used to find a match.

      This allows a "look aside" to match a different SAML Attribute NameFormat in the metadata.

      Parameters:
      format - the NameFormat to look for

    • getMatchingValues

      @Nonnull public Set<IdPAttributeValue> getMatchingValues(@Nonnull IdPAttribute attribute, @Nonnull AttributeFilterContext filterContext)
      Return those IdPAttributeValues which match this rule, or null if the matcher failed.
      Specified by:
      getMatchingValues in interface Matcher
      Parameters:
      attribute - the attribute under question.
      filterContext - the filter context
      Returns:
      The result of this rule. Null if we failed.

    • getAttributeConsumingService

      @Nullable private AttributeConsumingService getAttributeConsumingService(@Nonnull AttributeFilterContext filterContext)
      Get the appropriate AttributeConsumingService.
      Parameters:
      filterContext - the context for the operation
      Returns:
      the service, or null

    • findInMetadata

      @Nullable private RequestedAttribute findInMetadata(@Nonnull AttributeConsumingService service, @Nonnull String name, @Nullable String nameFormat)
      Locates a RequestedAttribute object in metadata that matches a specific Attribute Name and NameFormat.
      Parameters:
      service - the metadata descriptor to search
      name - Attribute Name to match
      nameFormat - Attribute NameFormat to match
      Returns:
      a matching RequestedAttribute, or null

    • filterValues

      @Nonnull private Set<IdPAttributeValue> filterValues(@Nullable IdPAttribute attribute, @Nonnull @NonnullElements List<IdPAttributeValue> requestedValues)
      Given an attribute and the requested values do the filtering.
      Parameters:
      attribute - the attribute
      requestedValues - the values
      Returns:
      the result of the filter

    • filterValues

      @Nonnull @Unmodifiable @NonnullElements private Set<IdPAttributeValue> filterValues(@Nonnull String attributeToLog, @Nullable IdPAttribute attribute, @Nonnull @NonnullElements List<XMLObject> requestedValues)
      Given an attribute and the requested values do the filtering.
      Parameters:
      attributeToLog - name of attribute to log
      attribute - the attribute
      requestedValues - the values
      Returns:
      the result of the filter

    • match

      private boolean match(XMLObject xmlObj, String attributeValue)
      Checks whether an XMLObject's "value" matches a candidate value.
      Parameters:
      xmlObj - the XMLObject to match
      attributeValue - the candidate value to match against
      Returns:
      true iff the two parameters are non-null and match

    • getLogPrefix

      @Nonnull protected String getLogPrefix()
      return a string which is to be prepended to all log messages.
      Returns:
      "Attribute Filter '<filterID>' :"