Package org.opensaml.saml.common.binding
Class AbstractEndpointResolver<EndpointType extends Endpoint>
java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
org.opensaml.saml.common.binding.AbstractEndpointResolver<EndpointType>
- Type Parameters:
EndpointType- type of endpoint
- All Implemented Interfaces:
Component,DestructableComponent,IdentifiedComponent,InitializableComponent,Resolver<EndpointType,,CriteriaSet> EndpointResolver<EndpointType>
- Direct Known Subclasses:
DefaultEndpointResolver
public abstract class AbstractEndpointResolver<EndpointType extends Endpoint>
extends AbstractIdentifiedInitializableComponent
implements EndpointResolver<EndpointType>
Base implementation that resolves and validates protocol/profile endpoints using a combination of supplied
parameters and SAML metadata.
SAML metadata rules are followed for deriving candidate endpoints to evaluate. The base class implements only a subset of required functionality, then extracts a set of candidates from metadata if present, and delegates to a subclass to actually evaluate each one for acceptability.
The supported Criterion types and their use follows:
EndpointCriterion(required)- Contains a "template" for the eventual
Endpoint(s) to resolve that identifies at minimum the type of endpoint object (via schema type or element name) to resolve. It MAY contain other attributes that will be used in matching candidate endpoints for suitability, such as index, binding, location, etc. If so marked, it may also be resolved as a trusted endpoint without additional verification required. BestMatchLocationCriterion- Prioritizes endpoint whose Location matches the most characters of the input criterion location. Only
applied to the
resolveSingle(CriteriaSet)method. BindingCriterion- Ordered list of bindings to filter and sort the endpoints. This overrides the ordering from the metadata and possibly overrides the normal default endpoint in favor of higher-precedence bindings.
RoleDescriptorCriterion- If present, provides access to the candidate endpoint(s) to attempt resolution against. Strictly optional,
but if absent, the supplied endpoint (from
EndpointCriterion) is returned as the sole result, whatever its completeness/usability, allowing for subclass validation.
Subclasses should override the {doCheckEndpoint(CriteriaSet, Endpoint) method to implement
further criteria.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate booleanSorting rule for results.private org.slf4j.LoggerClass logger. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate booleancanUseRequestedEndpoint(CriteriaSet criteria) Optimize the case of resolving a single endpoint if a populated endpoint is supplied via criteria, and validation is unnecessary due to a signed request.protected booleandoCheckEndpoint(CriteriaSet criteria, EndpointType endpoint) Apply the supplied criteria to a candidate endpoint to determine its suitability.private List<EndpointType>getCandidatesFromMetadata(CriteriaSet criteria) Get a mutable list of endpoints of a given type found in the metadata role contained in aRoleDescriptorCriterion(or an empty list if no metadata exists).protected StringReturn a prefix for logging messages for this component.booleanGet whether the results should be sorted by metadata order or based on the order of bindings provided to the lookup.resolve(CriteriaSet criteria) resolveSingle(CriteriaSet criteria) voidsetInMetadataOrder(boolean flag) Set whether the results should be sorted by metadata order or based on the order of bindings provided to the lookup.private List<EndpointType>sortCandidates(List<Endpoint> candidates) Copy and sort the endpoints such that the default endpoint by SAML rules comes first.private voidvalidateCriteria(CriteriaSet criteria) Verify that the requiredEndpointCriterionis present.Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
doInitialize, getId, setIdMethods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Field Details
-
log
@Nonnull private org.slf4j.Logger logClass logger. -
inMetadataOrder
private boolean inMetadataOrderSorting rule for results.
-
-
Constructor Details
-
AbstractEndpointResolver
public AbstractEndpointResolver()Constructor.
-
-
Method Details
-
isInMetadataOrder
public boolean isInMetadataOrder()Get whether the results should be sorted by metadata order or based on the order of bindings provided to the lookup.- Returns:
- true iff the
BindingCriterionshould be ignored for the purposes of sorting the results - Since:
- 4.1.0
-
setInMetadataOrder
public void setInMetadataOrder(boolean flag) Set whether the results should be sorted by metadata order or based on the order of bindings provided to the lookup.Defaults to true
- Parameters:
flag- flag to set- Since:
- 4.1.0
-
resolve
@Nonnull @NonnullElements public Iterable<EndpointType> resolve(@Nullable CriteriaSet criteria) throws ResolverException - Specified by:
resolvein interfaceResolver<EndpointType extends Endpoint,CriteriaSet> - Throws:
ResolverException
-
resolveSingle
@Nullable public EndpointType resolveSingle(@Nullable CriteriaSet criteria) throws ResolverException - Specified by:
resolveSinglein interfaceResolver<EndpointType extends Endpoint,CriteriaSet> - Throws:
ResolverException
-
doCheckEndpoint
Apply the supplied criteria to a candidate endpoint to determine its suitability.- Parameters:
criteria- input criteria setendpoint- candidate endpoint- Returns:
- true iff the endpoint meets the supplied criteria
-
validateCriteria
Verify that the requiredEndpointCriterionis present.- Parameters:
criteria- input criteria set- Throws:
ResolverException- if the input set is null or noEndpointCriterionis present
-
canUseRequestedEndpoint
Optimize the case of resolving a single endpoint if a populated endpoint is supplied via criteria, and validation is unnecessary due to a signed request. Note that this endpoint may turn out to be unusable by the caller, but that's immaterial because the requester must have dictated the binding and location, so we're not allowed to ignore that.- Parameters:
criteria- input criteria set- Returns:
- true iff the supplied endpoint via
EndpointCriterionshould be returned
-
getCandidatesFromMetadata
@Nonnull @NonnullElements private List<EndpointType> getCandidatesFromMetadata(@Nonnull CriteriaSet criteria) Get a mutable list of endpoints of a given type found in the metadata role contained in aRoleDescriptorCriterion(or an empty list if no metadata exists).The endpoint type to extract is based on the candidate endpoint in an
EndpointCriterion. If the endpoints are indexed, the first list entry will contain the default endpoint to use in the absence of other limiting criteria.- Parameters:
criteria- input criteria set- Returns:
- mutable list of endpoints from the metadata
-
sortCandidates
@Nonnull @NonnullElements private List<EndpointType> sortCandidates(@Nonnull @NonnullElements List<Endpoint> candidates) Copy and sort the endpoints such that the default endpoint by SAML rules comes first.- Parameters:
candidates- input list of endpoints- Returns:
- a new list containing the endpoints such that the default is first
-
getLogPrefix
Return a prefix for logging messages for this component.- Returns:
- a string for insertion at the beginning of any log messages
-