Package org.opensaml.saml.metadata.resolver.impl

Class PredicateRoleDescriptorResolver

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver
All Implemented Interfaces:
Component, DestructableComponent, IdentifiedComponent, InitializableComponent, Resolver<RoleDescriptor,​CriteriaSet>, RoleDescriptorResolver
public class PredicateRoleDescriptorResolver
extends AbstractIdentifiedInitializableComponent
implements RoleDescriptorResolver
Implementation of RoleDescriptorResolver which wraps an instance of MetadataResolver to support basic EntityDescriptor resolution, and then performs further role-related filtering over the returned EntityDescriptor.

This implementation passes the input CriteriaSet through to the wrapped metadata resolver as-is.

This implementation also supports applying arbitrary predicates to the returned role descriptors, either passed directly as instances of EvaluableRoleDescriptorCriterion in the criteria, or resolved dynamically from other criteria via an instance of CriterionPredicateRegistry.

  • Field Details

    • IS_VALID_PREDICATE

      private static final Predicate<XMLObject> IS_VALID_PREDICATE
      Predicate for evaluating whether a TimeboundSAMLObject is valid.

    • log

      private org.slf4j.Logger log
      Logger.

    • requireValidMetadata

      private boolean requireValidMetadata
      Whether metadata is required to be valid.

    • entityDescriptorResolver

      private MetadataResolver entityDescriptorResolver
      Resolver of EntityDescriptors.

    • satisfyAnyPredicates

      private boolean satisfyAnyPredicates
      Flag which determines whether predicates used in filtering are connected by a logical 'OR' (true) or by logical 'AND' (false). Defaults to false.

    • criterionPredicateRegistry

      private CriterionPredicateRegistry<RoleDescriptor> criterionPredicateRegistry
      Registry used in resolving predicates from criteria.

    • useDefaultPredicateRegistry

      private boolean useDefaultPredicateRegistry
      Flag which determines whether the default predicate registry will be used if no one is supplied explicitly. Defaults to true.

    • resolveViaPredicatesOnly

      private boolean resolveViaPredicatesOnly
      Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection. Defaults to false.

  • Constructor Details

    • PredicateRoleDescriptorResolver

      public PredicateRoleDescriptorResolver​(@Nonnull @ParameterName(name="mdResolver") MetadataResolver mdResolver)
      Constructor.
      Parameters:
      mdResolver - the resolver of EntityDescriptors

  • Method Details

    • isRequireValidMetadata

      public boolean isRequireValidMetadata()
      Gets whether the metadata returned by queries must be valid. At a minimum, metadata is valid only if the date expressed in the element, and all its ancestral element's, validUntil attribute has not passed. Specific implementations may add additional constraints.
      Specified by:
      isRequireValidMetadata in interface RoleDescriptorResolver
      Returns:
      whether the metadata returned by queries must be valid

    • setRequireValidMetadata

      public void setRequireValidMetadata​(boolean require)
      Sets whether the metadata returned by queries must be valid.
      Specified by:
      setRequireValidMetadata in interface RoleDescriptorResolver
      Parameters:
      require - whether the metadata returned by queries must be valid

    • isSatisfyAnyPredicates

      public boolean isSatisfyAnyPredicates()
      Get the flag indicating whether resolved credentials may satisfy any predicates (i.e. connected by logical 'OR') or all predicates (connected by logical 'AND').

      Defaults to false.

      Returns:
      true if must satisfy all, false otherwise

    • setSatisfyAnyPredicates

      public void setSatisfyAnyPredicates​(boolean flag)
      Set the flag indicating whether resolved credentials may satisfy any predicates (i.e. connected by logical 'OR') or all predicates (connected by logical 'AND').

      Defaults to false.

      Parameters:
      flag - true if must satisfy all, false otherwise

    • getCriterionPredicateRegistry

      @NonnullAfterInit public CriterionPredicateRegistry<RoleDescriptor> getCriterionPredicateRegistry()
      Get the registry used in resolving predicates from criteria.
      Returns:
      the effective registry instance used

    • setCriterionPredicateRegistry

      public void setCriterionPredicateRegistry​(@Nullable CriterionPredicateRegistry<RoleDescriptor> registry)
      Set the registry used in resolving predicates from criteria.
      Parameters:
      registry - the registry instance to use

    • isUseDefaultPredicateRegistry

      public boolean isUseDefaultPredicateRegistry()
      Get the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.

      Defaults to true.

      Returns:
      true if should use default registry, false otherwise

    • setUseDefaultPredicateRegistry

      public void setUseDefaultPredicateRegistry​(boolean flag)
      Set the flag which determines whether the default predicate registry will be used if one is not supplied explicitly.

      Defaults to true.

      Parameters:
      flag - true if should use default registry, false otherwise

    • isResolveViaPredicatesOnly

      public boolean isResolveViaPredicatesOnly()
      Get the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.
      Returns:
      true if resolution may be attempted solely via predicates, false if not

    • setResolveViaPredicatesOnly

      public void setResolveViaPredicatesOnly​(boolean flag)
      Set the flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection.
      Parameters:
      flag - true if resolution may be attempted solely via predicates, false if not

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Subclasses should override this method to perform any initialization logic necessary. Default implementation is a no-op.
      Overrides:
      doInitialize in class AbstractIdentifiedInitializableComponent
      Throws:
      ComponentInitializationException - thrown if there is a problem initializing the provider

    • resolveSingle

      @Nullable public RoleDescriptor resolveSingle​(CriteriaSet criteria) throws ResolverException
      Specified by:
      resolveSingle in interface Resolver<RoleDescriptor,​CriteriaSet>
      Throws:
      ResolverException

    • resolve

      @Nonnull public Iterable<RoleDescriptor> resolve​(CriteriaSet criteria) throws ResolverException
      Specified by:
      resolve in interface Resolver<RoleDescriptor,​CriteriaSet>
      Throws:
      ResolverException

    • haveRoleCriteria

      protected boolean haveRoleCriteria​(@Nonnull CriteriaSet criteria)
      Determine if have entity role criteria.
      Parameters:
      criteria - the current criteria set
      Returns:
      true if have role criteria, false otherwise

    • getCandidatesByRoleAndProtocol

      protected Iterable<RoleDescriptor> getCandidatesByRoleAndProtocol​(@Nonnull Iterable<EntityDescriptor> entityDescriptors, @Nonnull CriteriaSet criteria)
      Obtain the role descriptors contained by the input entity descriptors which match the specified role and protocol criteria.

      This method should only be called if haveRoleCriteria(CriteriaSet) evaluates to true.

      Parameters:
      entityDescriptors - the entity descriptors on which to operate
      criteria - the current criteria set
      Returns:
      the role descriptors corresponding to the input entity role and protocol

    • getAllCandidates

      protected Iterable<RoleDescriptor> getAllCandidates​(@Nonnull Iterable<EntityDescriptor> entityDescriptors)
      Obtain all role descriptors contained by the input entity descriptors.
      Parameters:
      entityDescriptors - the entity descriptors on which to operate
      Returns:
      all role descriptors contained by the input entity descriptors

    • predicateFilterCandidates

      protected Iterable<RoleDescriptor> predicateFilterCandidates​(@Nonnull Iterable<RoleDescriptor> candidates, @Nonnull CriteriaSet criteria, boolean onEmptyPredicatesReturnEmpty) throws ResolverException
      Filter the supplied candidates by resolving predicates from the supplied criteria and applying the predicates to return a filtered Iterable.
      Parameters:
      candidates - the candidates to evaluate
      criteria - the criteria set to evaluate
      onEmptyPredicatesReturnEmpty - if true and no predicates are supplied, then return an empty iterable; otherwise return the original input candidates
      Returns:
      an iterable of the candidates filtered by the resolved predicates
      Throws:
      ResolverException - if there is a fatal error during resolution