Class AttributeRevocationCondition
java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.idp.authn.revocation.impl.AttributeRevocationCondition
- All Implemented Interfaces:
BiPredicate<ProfileRequestContext,,AuthenticationResult> Component,DestructableComponent,InitializableComponent
public class AttributeRevocationCondition
extends AbstractInitializableComponent
implements BiPredicate<ProfileRequestContext,AuthenticationResult>
A condition for login flows that checks for revocation against a resolved
IdPAttribute.- Since:
- 4.3.0
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate StringAttribute ID to resolve.private ReloadableService<AttributeResolver>Attribute Resolver service.private Function<ProfileRequestContext,String> Strategy used to locate the identity of the issuer associated with the attribute resolution.private final org.slf4j.LoggerClass logger.private Function<ProfileRequestContext,String> Lookup strategy for principal name.private Function<ProfileRequestContext,String> Strategy used to locate the identity of the recipient associated with the attribute resolution. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate AttributeResolutionContextbuildResolutionContext(ProfileRequestContext profileRequestContext, String principal) Build anAttributeResolutionContextto use.protected voidprotected booleanisRevoked(String principal, AuthenticationResult result, Collection<Instant> revocationRecords) Check the revocation records' timestamps for applicability.voidsetAttributeId(String id) Set the ID of anIdPAttributeto resolve to obtain revocation records for the principal.voidSetAttributeResolverto use.voidSet the strategy used to lookup the issuer for this attribute resolution.voidSet lookup strategy for principal name.voidSet the strategy used to lookup the recipient for this attribute resolution.booleantest(ProfileRequestContext input, AuthenticationResult input2) Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface java.util.function.BiPredicate
and, negate, or
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
principalNameLookupStrategy
Lookup strategy for principal name. -
issuerLookupStrategy
Strategy used to locate the identity of the issuer associated with the attribute resolution. -
recipientLookupStrategy
Strategy used to locate the identity of the recipient associated with the attribute resolution. -
attributeResolver
Attribute Resolver service. -
attributeId
Attribute ID to resolve.
-
-
Constructor Details
-
AttributeRevocationCondition
public AttributeRevocationCondition()Constructor.
-
-
Method Details
-
setPrincipalNameLookupStrategy
public void setPrincipalNameLookupStrategy(@Nonnull Function<ProfileRequestContext, String> strategy) Set lookup strategy for principal name.- Parameters:
strategy- lookup strategy
-
setIssuerLookupStrategy
Set the strategy used to lookup the issuer for this attribute resolution.- Parameters:
strategy- lookup strategy
-
setRecipientLookupStrategy
Set the strategy used to lookup the recipient for this attribute resolution.- Parameters:
strategy- lookup strategy
-
setAttributeResolver
SetAttributeResolverto use.- Parameters:
service- attribute resolver service
-
setAttributeId
Set the ID of anIdPAttributeto resolve to obtain revocation records for the principal.- Parameters:
id- attribute ID to resolve
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
test
- Specified by:
testin interfaceBiPredicate<ProfileRequestContext,AuthenticationResult>
-
buildResolutionContext
@Nonnull private AttributeResolutionContext buildResolutionContext(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull @NotEmpty String principal) Build anAttributeResolutionContextto use.- Parameters:
profileRequestContext- profile request contextprincipal- name of principal- Returns:
- the attached context
-
isRevoked
protected boolean isRevoked(@Nonnull @NotEmpty String principal, @Nonnull AuthenticationResult result, @Nonnull @NonnullElements Collection<Instant> revocationRecords) Check the revocation records' timestamps for applicability.- Parameters:
principal- name of principalresult- active result being checkedrevocationRecords- the records from the cache- Returns:
- true iff the revocation applies to this result
-