ExtractSubjectFromRequest (Shibboleth IdP :: SAML Profile Implementation 3.3.2 API)

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>
  - - org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>
    - - net.shibboleth.idp.profile.AbstractProfileAction
      - net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, org.opensaml.profile.action.ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action
```
public class ExtractSubjectFromRequest
extends AbstractProfileAction
```
Action that extracts a SAML Subject from an inbound message, and prepares a SubjectCanonicalizationContext to process it into a principal identity.
If the inbound message does not supply a NameIdentifier or NameID to process, then nothing is done, and the local event ID NO_SUBJECT is signaled.

A policy predicate may also be executed to control the conditions under which a subject name may be used by a requester, possibly resulting in a AuthnEventIds.INVALID_SUBJECT event.

Otherwise, a custom Principal of the appropriate type is wrapped around the identifier object and a Java Subject is prepared for canonicalization.

Event:

EventIds.PROCEED_EVENT_ID, AuthnEventIds.INVALID_SUBJECT, NO_SUBJECT

Postcondition:

If "proceed" signaled, then ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static class`	`ExtractSubjectFromRequest.SubjectNameLookupFunction` Lookup function that returns the `NameIdentifier` or `NameID` from the request in the inbound message context.

Field Summary

Fields
Modifier and Type	Field and Description
`private org.slf4j.Logger`	`log` Class logger.
`private org.opensaml.saml.common.SAMLObject`	`nameIdentifier` SAML 1 or 2 identifier object to wrap for c14n.
`private Predicate<org.opensaml.profile.context.ProfileRequestContext>`	`nameIDPolicyPredicate` Predicate to validate use of `NameID` or `NameIdentifier` in subject.
`static String`	`NO_SUBJECT` Local event signaling that canonicalization is unnecessary.
`private Function<org.opensaml.profile.context.ProfileRequestContext,String>`	`requesterLookupStrategy` Function used to obtain the requester ID.
`private Function<org.opensaml.profile.context.ProfileRequestContext,String>`	`responderLookupStrategy` Function used to obtain the responder ID.

Constructor Summary

Constructors
Constructor and Description

ExtractSubjectFromRequest()
Constructor.

Constructors
Constructor and Description
`ExtractSubjectFromRequest()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`doExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)`
`protected boolean`	`doPreExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)`
`void`	`setNameIDPolicyPredicate(Predicate<org.opensaml.profile.context.ProfileRequestContext> predicate)` Set a predicate used to validate use of the `NameID` or `NameIdentifier` in the subject.
`void`	`setRequesterLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,String> strategy)` Set the strategy used to locate the requester ID for canonicalization.
`void`	`setResponderLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,String> strategy)` Set the strategy used to locate the responder ID for canonicalization.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

NO_SUBJECT
```
@Nonnull
@NotEmpty
public static final String NO_SUBJECT
```
Local event signaling that canonicalization is unnecessary.

See Also:
Constant Field Values

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

nameIDPolicyPredicate

@Nullable
private Predicate<org.opensaml.profile.context.ProfileRequestContext> nameIDPolicyPredicate

Predicate to validate use of NameID or NameIdentifier in subject.

requesterLookupStrategy

@Nullable
private Function<org.opensaml.profile.context.ProfileRequestContext,String> requesterLookupStrategy

Function used to obtain the requester ID.

responderLookupStrategy

@Nullable
private Function<org.opensaml.profile.context.ProfileRequestContext,String> responderLookupStrategy

Function used to obtain the responder ID.

nameIdentifier

@Nullable
private org.opensaml.saml.common.SAMLObject nameIdentifier

SAML 1 or 2 identifier object to wrap for c14n.

Constructor Detail
- ExtractSubjectFromRequest
```
public ExtractSubjectFromRequest()
                          throws ComponentInitializationException
```
  Constructor.
  
  Throws:
  
  ComponentInitializationException - if unable to initialize default objects

Method Detail

setRequesterLookupStrategy

public void setRequesterLookupStrategy(@Nullable
                              Function<org.opensaml.profile.context.ProfileRequestContext,String> strategy)

Set the strategy used to locate the requester ID for canonicalization.

Parameters:: strategy - lookup strategy

setResponderLookupStrategy

public void setResponderLookupStrategy(@Nullable
                              Function<org.opensaml.profile.context.ProfileRequestContext,String> strategy)

Set the strategy used to locate the responder ID for canonicalization.

Parameters:: strategy - lookup strategy

setNameIDPolicyPredicate

public void setNameIDPolicyPredicate(@Nullable
                            Predicate<org.opensaml.profile.context.ProfileRequestContext> predicate)

Set a predicate used to validate use of the NameID or NameIdentifier in the subject.

Parameters:: predicate - predicate to use

doPreExecute

protected boolean doPreExecute(@Nonnull
                   org.opensaml.profile.context.ProfileRequestContext profileRequestContext)

Overrides:: doPreExecute in class org.opensaml.profile.action.AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
             org.opensaml.profile.context.ProfileRequestContext profileRequestContext)

Overrides:: doExecute in class org.opensaml.profile.action.AbstractProfileAction

Class ExtractSubjectFromRequest

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent