Package net.shibboleth.idp.saml.saml2.profile.delegation.impl

Class AddDelegationPolicyToAssertion

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.saml.saml2.profile.delegation.impl.AddDelegationPolicyToAssertion

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

@Prototype
public class AddDelegationPolicyToAssertion
extends AbstractProfileAction

Action which adds a DelegationPolicy element to the Advice of an Assertion.

The assertion to modify is determined by the strategy set by setAssertionLookupStrategy(Function).

The maximum chain delegation length value for the added policy element is as follows:

1. If an inbound assertion token is present as determined by the strategy set by setAssertionTokenStrategy(Function), the value is obtained from the policy contained within the first DelegationPolicy element of that assertion's Advice element.
2. Otherwise the request is assumed to be the initial SSO request, so the value is determined by the requesting SP's profile configuration value BrowserSSOProfileConfiguration.getMaximumTokenDelegationChainLength(ProfileRequestContext).
3. If neither of these approaches produces a value, a default value is used DEFAULT_POLICY_MAX_CHAIN_LENGTH

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private class	AddDelegationPolicyToAssertion.AssertionStrategy	Default strategy for obtaining assertion to modify.

Field Summary

Fields

Modifier and Type	Field	Description
private Assertion	assertion	The assertion to modify.
private Function<ProfileRequestContext,Assertion>	assertionLookupStrategy	Strategy used to locate the Assertion to operate on.
private Function<ProfileRequestContext,Assertion>	assertionTokenStrategy	Function used to resolve the inbound assertion token to process.
private Assertion	attestedAssertion	The inbound delegated Assertion that was attested.
static final Long	DEFAULT_POLICY_MAX_CHAIN_LENGTH	Default policy max chain length, when can't otherwise be derived.
private org.slf4j.Logger	log	Logger.
private Long	maxChainLength	The max token delegation chain length value to add.
private Function<ProfileRequestContext,RelyingPartyContext>	relyingPartyContextLookupStrategy	Strategy used to lookup the RelyingPartyContext.

Constructor Summary

Constructors

Constructor	Description
AddDelegationPolicyToAssertion()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
protected Long	resolveMaxChainLength(ProfileRequestContext profileRequestContext)	Resolve the max token delegation chain length value to add to the assertion.
void	setAssertionLookupStrategy(Function<ProfileRequestContext,Assertion> strategy)	Set the strategy used to locate the Assertion to operate on.
void	setAssertionTokenStrategy(Function<ProfileRequestContext,Assertion> strategy)	Set the strategy used to locate the inbound assertion token to process.
void	setRelyingPartyContextLookupStrategy(Function<ProfileRequestContext,RelyingPartyContext> strategy)	Set the strategy used to locate the current RelyingPartyContext.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, setHttpServletRequest, setHttpServletRequestSupplier, setHttpServletResponse, setHttpServletResponseSupplier

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details

DEFAULT_POLICY_MAX_CHAIN_LENGTH

@Nonnull
public static final Long DEFAULT_POLICY_MAX_CHAIN_LENGTH

Default policy max chain length, when can't otherwise be derived.

log

@Nonnull
private org.slf4j.Logger log

Logger.

assertionLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Assertion> assertionLookupStrategy

Strategy used to locate the Assertion to operate on.

assertionTokenStrategy

@Nonnull
private Function<ProfileRequestContext,Assertion> assertionTokenStrategy

Function used to resolve the inbound assertion token to process.

relyingPartyContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy

Strategy used to lookup the RelyingPartyContext.

assertion

@Nullable
private Assertion assertion

The assertion to modify.

attestedAssertion

@Nullable
private Assertion attestedAssertion

The inbound delegated Assertion that was attested.

maxChainLength

@Nullable
private Long maxChainLength

The max token delegation chain length value to add.

Constructor Details

AddDelegationPolicyToAssertion

public AddDelegationPolicyToAssertion()

Constructor.

Method Details

setAssertionTokenStrategy

public void setAssertionTokenStrategy(@Nonnull
 Function<ProfileRequestContext,Assertion> strategy)

Set the strategy used to locate the inbound assertion token to process.

Parameters:

strategy - lookup strategy

setRelyingPartyContextLookupStrategy

public void setRelyingPartyContextLookupStrategy(@Nonnull
 Function<ProfileRequestContext,RelyingPartyContext> strategy)

Set the strategy used to locate the current RelyingPartyContext.

Parameters:

strategy - strategy used to locate the current RelyingPartyContext

setAssertionLookupStrategy

public void setAssertionLookupStrategy(@Nonnull
 Function<ProfileRequestContext,Assertion> strategy)

Set the strategy used to locate the Assertion to operate on.

Parameters:

strategy - strategy used to locate the Assertion to operate on

doPreExecute

protected boolean doPreExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction

resolveMaxChainLength

@Nonnull
protected Long resolveMaxChainLength(@Nonnull
 ProfileRequestContext profileRequestContext)

Resolve the max token delegation chain length value to add to the assertion.

Parameters:

profileRequestContext - the current profile request context

Returns:

the max chain length value