Class RevocationCacheCondition
java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.idp.authn.revocation.impl.RevocationCacheCondition
- All Implemented Interfaces:
BiPredicate<ProfileRequestContext,,AuthenticationResult> Component,DestructableComponent,InitializableComponent
public class RevocationCacheCondition
extends AbstractInitializableComponent
implements BiPredicate<ProfileRequestContext,AuthenticationResult>
A condition for login flows that checks for revocation against a
RevocationCache.- Since:
- 4.3.0
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringPrefix of keys for address-based revocation.private NonnullSupplier<javax.servlet.http.HttpServletRequest>Servlet request Supplier.private final org.slf4j.LoggerClass logger.static final StringPrefix of keys for principal-based revocation.private Function<ProfileRequestContext,String> Lookup strategy for principal name.static final StringRevocation context.private RevocationCacheCache to use. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidprotected booleanisRevoked(String principal, AuthenticationResult result, Collection<String> revocationRecords) Check the revocation records' timestamps for applicability.voidsetHttpServletRequestSupplier(NonnullSupplier<javax.servlet.http.HttpServletRequest> supplier) SetHttpServletRequestin order to obtain client address.voidSet lookup strategy for principal name.voidSetRevocationCacheto use.booleantest(ProfileRequestContext input, AuthenticationResult input2) Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface java.util.function.BiPredicate
and, negate, or
-
Field Details
-
REVOCATION_CONTEXT
Revocation context.- See Also:
-
PRINCIPAL_REVOCATION_PREFIX
Prefix of keys for principal-based revocation.- See Also:
-
ADDRESS_REVOCATION_PREFIX
Prefix of keys for address-based revocation.- See Also:
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
revocationCache
Cache to use. -
principalNameLookupStrategy
Lookup strategy for principal name. -
httpServletRequestSupplier
Servlet request Supplier.
-
-
Constructor Details
-
RevocationCacheCondition
public RevocationCacheCondition()
-
-
Method Details
-
setRevocationCache
SetRevocationCacheto use.- Parameters:
cache- cache to use
-
setPrincipalNameLookupStrategy
public void setPrincipalNameLookupStrategy(@Nonnull Function<ProfileRequestContext, String> strategy) Set lookup strategy for principal name.- Parameters:
strategy- lookup strategy
-
setHttpServletRequestSupplier
public void setHttpServletRequestSupplier(@Nullable NonnullSupplier<javax.servlet.http.HttpServletRequest> supplier) SetHttpServletRequestin order to obtain client address.- Parameters:
supplier- servlet request interface
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
test
- Specified by:
testin interfaceBiPredicate<ProfileRequestContext,AuthenticationResult>
-
isRevoked
protected boolean isRevoked(@Nonnull @NotEmpty String principal, @Nonnull AuthenticationResult result, @Nonnull @NonnullElements Collection<String> revocationRecords) Check the revocation records' timestamps for applicability.- Parameters:
principal- name of principalresult- active result being checkedrevocationRecords- the records from the cache- Returns:
- true iff the revocation applies to this result
-