Package org.opensaml.profile.action.impl

Class CheckAccess

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.impl.CheckAccess

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction

public class CheckAccess
extends AbstractProfileAction

This action validates that a request comes from an authorized client, based on an injected service and policy parameters.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.ACCESS_DENIED

Field Summary

Fields

Modifier and Type	Field	Description
private final org.slf4j.Logger	log	Class logger.
private Function<ProfileRequestContext,String>	operationLookupStrategy	Lookup strategy for operation.
private Function<ProfileRequestContext,String>	policyNameLookupStrategy	Lookup strategy for policy to apply.
private Function<ProfileRequestContext,String>	resourceLookupStrategy	Lookup strategy for resource.
private AccessControlService	service	Access control service.

Constructor Summary

Constructors

Constructor	Description
CheckAccess()	Constructor.

Method Summary

Modifier and Type	Method	Description
void	doExecute(ProfileRequestContext profileRequestContext)	Performs this action.
protected void	doInitialize()
boolean	doPreExecute(ProfileRequestContext profileRequestContext)	Called prior to execution, actions may override this method to perform pre-processing for a request.
void	setAccessControlService(AccessControlService acs)	Set the service to use.
void	setOperation(String op)	Set operation.
void	setOperationLookupStrategy(Function<ProfileRequestContext,String> strategy)	Set a lookup strategy to use to obtain the operation.
void	setPolicyName(String name)	Set an explicit policy name to apply.
void	setPolicyNameLookupStrategy(Function<ProfileRequestContext,String> strategy)	Set a lookup strategy to use to obtain the policy name to apply.
void	setResource(String res)	Set resource.
void	setResourceLookupStrategy(Function<ProfileRequestContext,String> strategy)	Set a lookup strategy to use to obtain the resource.

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

service

@NonnullAfterInit
private AccessControlService service

Access control service.

policyNameLookupStrategy

@Nonnull
private Function<ProfileRequestContext,String> policyNameLookupStrategy

Lookup strategy for policy to apply.

operationLookupStrategy

@Nonnull
private Function<ProfileRequestContext,String> operationLookupStrategy

Lookup strategy for operation.

resourceLookupStrategy

@Nonnull
private Function<ProfileRequestContext,String> resourceLookupStrategy

Lookup strategy for resource.

Constructor Details

CheckAccess

public CheckAccess()

Constructor.

Method Details

setAccessControlService

public void setAccessControlService(@Nonnull
 AccessControlService acs)

Set the service to use.

Parameters:

acs - service to use

setPolicyNameLookupStrategy

public void setPolicyNameLookupStrategy(@Nonnull
 Function<ProfileRequestContext,String> strategy)

Set a lookup strategy to use to obtain the policy name to apply.

Parameters:

strategy - lookup strategy

Since:

3.3.0

setPolicyName

public void setPolicyName(@Nonnull @NotEmpty
 String name)

Set an explicit policy name to apply.

Parameters:

name - policy name

setOperationLookupStrategy

public void setOperationLookupStrategy(@Nonnull
 Function<ProfileRequestContext,String> strategy)

Set a lookup strategy to use to obtain the operation.

Parameters:

strategy - lookup strategy

Since:

3.3.0

setOperation

public void setOperation(@Nullable
 String op)

Set operation.

Parameters:

op - operation

setResourceLookupStrategy

public void setResourceLookupStrategy(@Nonnull
 Function<ProfileRequestContext,String> strategy)

Set a lookup strategy to use to obtain the resource.

Parameters:

strategy - lookup strategy

Since:

3.3.0

setResource

public void setResource(@Nullable
 String res)

Set resource.

Parameters:

res - resource

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

public boolean doPreExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Called prior to execution, actions may override this method to perform pre-processing for a request.

If false is returned, execution will not proceed, and the action should attach an EventContext to the context tree to signal how to continue with overall workflow processing.

If returning successfully, the last step should be to return the result of the superclass version of this method.

Overrides:

doPreExecute in class AbstractProfileAction

Parameters:

profileRequestContext - the current IdP profile request context

Returns:

true iff execution should proceed

doExecute

public void doExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Performs this action. Actions must override this method to perform their work.

Overrides:

doExecute in class AbstractProfileAction

Parameters:

profileRequestContext - the current IdP profile request context