AddDelegationPolicyToAssertion (Shibboleth IdP :: SAML Profile Implementation 3.3.2 API)

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>
  - - org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>
    - - net.shibboleth.idp.profile.AbstractProfileAction
      - net.shibboleth.idp.saml.saml2.profile.delegation.impl.AddDelegationPolicyToAssertion

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, org.opensaml.profile.action.ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action
```
@Prototype
public class AddDelegationPolicyToAssertion
extends AbstractProfileAction
```
Action which adds a DelegationPolicy element to the Advice of an Assertion.
The assertion to modify is determined by the strategy set by setAssertionLookupStrategy(Function).

The maximum chain delegation length value for the added policy element is as follows:
1. If an inbound assertion token is present as determined by the strategy set by setAssertionTokenStrategy(Function), the value is obtained from the policy contained within the first DelegationPolicy element of that assertion's Advice element.
2. Otherwise the request is assumed to be the initial SSO request, so the value is determined by the requesting SP's profile configuration value BrowserSSOProfileConfiguration.getMaximumTokenDelegationChainLength().
3. If neither of these approaches produces a value, a default value is used DEFAULT_POLICY_MAX_CHAIN_LENGTH

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

private class AddDelegationPolicyToAssertion.AssertionStrategy
Default strategy for obtaining assertion to modify.

Nested Classes
Modifier and Type	Class and Description
`private class`	`AddDelegationPolicyToAssertion.AssertionStrategy` Default strategy for obtaining assertion to modify.

Field Summary

Fields
Modifier and Type	Field and Description
`private org.opensaml.saml.saml2.core.Assertion`	`assertion` The assertion to modify.
`private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion>`	`assertionLookupStrategy` Strategy used to locate the `Assertion` to operate on.
`private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion>`	`assertionTokenStrategy` Function used to resolve the inbound assertion token to process.
`private org.opensaml.saml.saml2.core.Assertion`	`attestedAssertion` The inbound delegated Assertion that was attested.
`static Long`	`DEFAULT_POLICY_MAX_CHAIN_LENGTH` Default policy max chain length, when can't otherwise be derived.
`private org.slf4j.Logger`	`log` Logger.
`private Long`	`maxChainLength` The max token delegation chain length value to add.
`private Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext>`	`relyingPartyContextLookupStrategy` Strategy used to lookup the RelyingPartyContext.

Constructor Summary

Constructors
Constructor and Description

AddDelegationPolicyToAssertion()
Constructor.

Constructors
Constructor and Description
`AddDelegationPolicyToAssertion()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`doExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)`
`protected boolean`	`doPreExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)`
`protected Long`	`resolveMaxChainLength(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)` Resolve the max token delegation chain length value to add to the assertion.
`void`	`setAssertionLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion> strategy)` Set the strategy used to locate the `Assertion` to operate on.
`void`	`setAssertionTokenStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion> strategy)` Set the strategy used to locate the inbound assertion token to process.
`void`	`setRelyingPartyContextLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> strategy)` Set the strategy used to locate the current `RelyingPartyContext`.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

DEFAULT_POLICY_MAX_CHAIN_LENGTH
```
public static final Long DEFAULT_POLICY_MAX_CHAIN_LENGTH
```
Default policy max chain length, when can't otherwise be derived.

log
```
private org.slf4j.Logger log
```
Logger.

assertionLookupStrategy

@Nonnull
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion> assertionLookupStrategy

Strategy used to locate the Assertion to operate on.

assertionTokenStrategy

@Nonnull
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion> assertionTokenStrategy

Function used to resolve the inbound assertion token to process.

relyingPartyContextLookupStrategy

@Nonnull
private Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy

Strategy used to lookup the RelyingPartyContext.

assertion

@Nullable
private org.opensaml.saml.saml2.core.Assertion assertion

The assertion to modify.

attestedAssertion

@Nullable
private org.opensaml.saml.saml2.core.Assertion attestedAssertion

The inbound delegated Assertion that was attested.

maxChainLength
```
@Nullable
private Long maxChainLength
```
The max token delegation chain length value to add.

Constructor Detail
- AddDelegationPolicyToAssertion
```
public AddDelegationPolicyToAssertion()
```
  Constructor.

Method Detail

setAssertionTokenStrategy

public void setAssertionTokenStrategy(@Nonnull
                             Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion> strategy)

Set the strategy used to locate the inbound assertion token to process.

Parameters:: strategy - lookup strategy

setRelyingPartyContextLookupStrategy

public void setRelyingPartyContextLookupStrategy(@Nonnull
                                        Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> strategy)

Set the strategy used to locate the current RelyingPartyContext.

Parameters:: strategy - strategy used to locate the current RelyingPartyContext

setAssertionLookupStrategy

public void setAssertionLookupStrategy(@Nonnull
                              Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.Assertion> strategy)

Set the strategy used to locate the Assertion to operate on.

Parameters:: strategy - strategy used to locate the Assertion to operate on

doPreExecute

protected boolean doPreExecute(@Nonnull
                   org.opensaml.profile.context.ProfileRequestContext profileRequestContext)

Overrides:: doPreExecute in class org.opensaml.profile.action.AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
             org.opensaml.profile.context.ProfileRequestContext profileRequestContext)

Overrides:: doExecute in class org.opensaml.profile.action.AbstractProfileAction

resolveMaxChainLength

@Nonnull
protected Long resolveMaxChainLength(@Nonnull
                                 org.opensaml.profile.context.ProfileRequestContext profileRequestContext)

Resolve the max token delegation chain length value to add to the assertion.

Parameters:: profileRequestContext - the current profile request context
Returns:: the max chain length value

Class AddDelegationPolicyToAssertion

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent