Class ExtractSubjectFromRequest
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.profile.action.AbstractConditionalProfileAction
-
- net.shibboleth.idp.profile.AbstractProfileAction
-
- net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest
-
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
public class ExtractSubjectFromRequest extends AbstractProfileAction
Action that extracts a SAML Subject from an inbound message, and prepares aSubjectCanonicalizationContextto process it into a principal identity.If the inbound message does not supply a
NameIdentifierorNameIDto process, then nothing is done, and the local event IDNO_SUBJECTis signaled.A policy predicate may also be executed to control the conditions under which a subject name may be used by a requester, possibly resulting in a
AuthnEventIds.INVALID_SUBJECTevent.Otherwise, a custom
Principalof the appropriate type is wrapped around the identifier object and a JavaSubjectis prepared for canonicalization.- Event:
EventIds.PROCEED_EVENT_ID,AuthnEventIds.INVALID_SUBJECT,NO_SUBJECT- Postcondition:
- If "proceed" signaled, then ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classExtractSubjectFromRequest.SubjectNameLookupFunctionLookup function that returns theNameIdentifierorNameIDfrom the request in the inbound message context.
-
Field Summary
Fields Modifier and Type Field Description private org.slf4j.LoggerlogClass logger.private SAMLObjectnameIdentifierSAML 1 or 2 identifier object to wrap for c14n.private Predicate<ProfileRequestContext>nameIDPolicyPredicatePredicate to validate use ofNameIDorNameIdentifierin subject.static StringNO_SUBJECTLocal event signaling that canonicalization is unnecessary.private Function<ProfileRequestContext,String>requesterLookupStrategyFunction used to obtain the requester ID.private Function<ProfileRequestContext,String>responderLookupStrategyFunction used to obtain the responder ID.
-
Constructor Summary
Constructors Constructor Description ExtractSubjectFromRequest()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voiddoExecute(ProfileRequestContext profileRequestContext)protected booleandoPreExecute(ProfileRequestContext profileRequestContext)voidsetNameIDPolicyPredicate(Predicate<ProfileRequestContext> predicate)Set a predicate used to validate use of theNameIDorNameIdentifierin the subject.voidsetRequesterLookupStrategy(Function<ProfileRequestContext,String> strategy)Set the strategy used to locate the requester ID for canonicalization.voidsetResponderLookupStrategy(Function<ProfileRequestContext,String> strategy)Set the strategy used to locate the responder ID for canonicalization.-
Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy
-
Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition
-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
NO_SUBJECT
@Nonnull @NotEmpty public static final String NO_SUBJECT
Local event signaling that canonicalization is unnecessary.- See Also:
- Constant Field Values
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
nameIDPolicyPredicate
@Nullable private Predicate<ProfileRequestContext> nameIDPolicyPredicate
Predicate to validate use ofNameIDorNameIdentifierin subject.
-
requesterLookupStrategy
@Nullable private Function<ProfileRequestContext,String> requesterLookupStrategy
Function used to obtain the requester ID.
-
responderLookupStrategy
@Nullable private Function<ProfileRequestContext,String> responderLookupStrategy
Function used to obtain the responder ID.
-
nameIdentifier
@Nullable private SAMLObject nameIdentifier
SAML 1 or 2 identifier object to wrap for c14n.
-
-
Constructor Detail
-
ExtractSubjectFromRequest
public ExtractSubjectFromRequest() throws ComponentInitializationExceptionConstructor.- Throws:
ComponentInitializationException- if unable to initialize default objects
-
-
Method Detail
-
setRequesterLookupStrategy
public void setRequesterLookupStrategy(@Nullable Function<ProfileRequestContext,String> strategy)Set the strategy used to locate the requester ID for canonicalization.- Parameters:
strategy- lookup strategy
-
setResponderLookupStrategy
public void setResponderLookupStrategy(@Nullable Function<ProfileRequestContext,String> strategy)Set the strategy used to locate the responder ID for canonicalization.- Parameters:
strategy- lookup strategy
-
setNameIDPolicyPredicate
public void setNameIDPolicyPredicate(@Nullable Predicate<ProfileRequestContext> predicate)Set a predicate used to validate use of theNameIDorNameIdentifierin the subject.- Parameters:
predicate- predicate to use
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)- Overrides:
doPreExecutein classAbstractConditionalProfileAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)- Overrides:
doExecutein classAbstractProfileAction
-
-