Class ExtractSubjectFromRequest
java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
Action that extracts a SAML Subject from an inbound message, and prepares a
SubjectCanonicalizationContext to process it into a principal identity.
If the inbound message does not supply a NameIdentifier or NameID to
process, then nothing is done, and the local event ID NO_SUBJECT is signaled.
A policy predicate may also be executed to control the conditions under which a subject
name may be used by a requester, possibly resulting in a AuthnEventIds.INVALID_SUBJECT
event.
Otherwise, a custom Principal of the appropriate type is wrapped around the
identifier object and a Java Subject is prepared for canonicalization.
- Event:
EventIds.PROCEED_EVENT_ID,AuthnEventIds.INVALID_SUBJECT,NO_SUBJECT- Postcondition:
- If "proceed" signaled, then ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classLookup function that returns theNameIdentifierorNameIDfrom the request in the inbound message context. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final org.slf4j.LoggerClass logger.private SAMLObjectSAML 1 or 2 identifier object to wrap for c14n.private Predicate<ProfileRequestContext>Predicate to validate use ofNameIDorNameIdentifierin subject.static final StringLocal event signaling that canonicalization is unnecessary.private Function<ProfileRequestContext,String> Function used to obtain the requester ID.private Function<ProfileRequestContext,String> Function used to obtain the responder ID. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoExecute(ProfileRequestContext profileRequestContext) protected booleandoPreExecute(ProfileRequestContext profileRequestContext) voidsetNameIDPolicyPredicate(Predicate<ProfileRequestContext> predicate) Set a predicate used to validate use of theNameIDorNameIdentifierin the subject.voidSet the strategy used to locate the requester ID for canonicalization.voidSet the strategy used to locate the responder ID for canonicalization.Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategyMethods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationConditionMethods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, setHttpServletRequest, setHttpServletRequestSupplier, setHttpServletResponse, setHttpServletResponseSupplierMethods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
NO_SUBJECT
Local event signaling that canonicalization is unnecessary.- See Also:
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
nameIDPolicyPredicate
Predicate to validate use ofNameIDorNameIdentifierin subject. -
requesterLookupStrategy
Function used to obtain the requester ID. -
responderLookupStrategy
Function used to obtain the responder ID. -
nameIdentifier
SAML 1 or 2 identifier object to wrap for c14n.
-
-
Constructor Details
-
ExtractSubjectFromRequest
Constructor.- Throws:
ComponentInitializationException- if unable to initialize default objects
-
-
Method Details
-
setRequesterLookupStrategy
Set the strategy used to locate the requester ID for canonicalization.- Parameters:
strategy- lookup strategy
-
setResponderLookupStrategy
Set the strategy used to locate the responder ID for canonicalization.- Parameters:
strategy- lookup strategy
-
setNameIDPolicyPredicate
Set a predicate used to validate use of theNameIDorNameIdentifierin the subject.- Parameters:
predicate- predicate to use
-
doPreExecute
- Overrides:
doPreExecutein classAbstractConditionalProfileAction
-
doExecute
- Overrides:
doExecutein classAbstractProfileAction
-