EntityRoleFilterStage (Shibboleth Metadata Aggregator

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

net.shibboleth.metadata.dom.saml
Class EntityRoleFilterStage

java.lang.Object
  net.shibboleth.utilities.java.support.component.AbstractDestructableInitializableComponent
      net.shibboleth.utilities.java.support.component.AbstractDestructableIdentifiableInitializableComponent
          net.shibboleth.metadata.pipeline.BaseStage<ItemType>
              net.shibboleth.metadata.pipeline.BaseIteratingStage<DomElementItem>
                  net.shibboleth.metadata.dom.saml.EntityRoleFilterStage

All Implemented Interfaces:: Stage<DomElementItem>, net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.IdentifiableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent

@ThreadSafe public class EntityRoleFilterStage
extends BaseIteratingStage<DomElementItem>
extends BaseIteratingStage<DomElementItem>

A pipeline stage that will filter SAML role descriptors from EntityDescriptors. This filter will work on DomElementItem elements that are entity or entities descriptors. In the case of EntitiesDescriptors the role filter will effect all descendant EntityDescriptors.

Field Summary
`static QName`	`ATTRIBUTE_AUTHORITY_DESCRIPTOR_NAME` QName of the AttributeAuthorityDescriptor element.
`static QName`	`AUTHN_AUTHORITY_DESCRIPTOR_NAME` QName of the AuthnAuthorityDescriptor element.
`private Collection<QName>`	`designatedRoles` Role element or type names which are white/black listed depending on the value of `whitelistingRoles`.
`static QName`	`IDP_SSO_DESCRIPTOR_NAME` QName of the IDPSSODescriptor element.
`private Logger`	`log` Class logger.
`private Set<QName>`	`namedRoles` Set containing the SAML-defined, named role descriptors: `IDP_SSO_DESCRIPTOR_NAME`, `SP_SSO_DESCRIPTOR_NAME`, `AUTHN_AUTHORITY_DESCRIPTOR_NAME`, `ATTRIBUTE_AUTHORITY_DESCRIPTOR_NAME`, `PDP_DESCRIPTOR_NAME`.
`static QName`	`PDP_DESCRIPTOR_NAME` QName of the PDPDescriptor element.
`private boolean`	`removingEntitylessEntitiesDescriptor` Whether EntitiesDescriptor that do not contain EntityDescriptors should be removed.
`private boolean`	`removingRolelessEntities` Whether EntityDescriptor elements that do not contain roles, after filtering, should be removed.
`static QName`	`ROLE_DESCRIPTOR_NAME` QName of the RoleDescriptor element.
`static QName`	`SP_SSO_DESCRIPTOR_NAME` QName of the SPSSODescriptor element.
`private boolean`	`whitelistingRoles` Whether `designatedRoles` should be considered a whitelist or a blacklist.

Constructor Summary
`EntityRoleFilterStage()`

Method Summary
`protected void`	`doDestroy()`
`protected boolean`	`doExecute(DomElementItem item)` Processes a given Item.
`Collection<QName>`	`getDesignatedRoles()` Gets the list of designated entity roles.
`protected List<Element>`	`getFilteredRoles(String entityId, Element entityDescriptor)` Iterates over the roles of a EntitiesDescriptor, filters out the appropriate ones and returns the rest.
`boolean`	`isRemovingEntitylessEntitiesDescriptor()` Gets whether EntitiesDescriptor that do not contain EntityDescriptors should be removed.
`boolean`	`isRemovingRolelessEntities()` Gets whether EntityDescriptor elements without roles (after filtering) should be removed altogether.
`boolean`	`isWhitelistingRoles()` Gets whether the list of designated roles should be considered a whitelist.
`protected boolean`	`processEntitiesDescriptor(Element entitiesDescriptor)` Iterates over all child EntitiesDescriptor, passing each to `processEntitiesDescriptor(Element)`, and EntityDescriptor, passing each to `processEntityDescriptor(Element)`.
`protected boolean`	`processEntityDescriptor(Element entityDescriptor)` Processes an EntityDescriptor.
`void`	`setDesignatedRoles(Collection<QName> roles)` Sets the list of designated entity roles.
`void`	`setRemoveRolelessEntities(boolean remove)` Sets whether EntityDescriptor elements without roles (after filtering) should be removed altogether.
`void`	`setRemovingEntitylessEntitiesDescriptor(boolean remove)` Sets whether EntitiesDescriptor that do not contain EntityDescriptors should be removed.
`void`	`setWhitelistingRoles(boolean whitelisting)` Sets whether the list of designated roles should be considered a whitelist.

Methods inherited from class net.shibboleth.metadata.pipeline.BaseIteratingStage
`doExecute`

Methods inherited from class net.shibboleth.metadata.pipeline.BaseStage
`execute, setId`

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractDestructableIdentifiableInitializableComponent
`doInitialize, getId`

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractDestructableInitializableComponent
`destroy, initialize, isDestroyed, isInitialized`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Methods inherited from interface net.shibboleth.utilities.java.support.component.DestructableComponent
`destroy, isDestroyed`

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiableComponent
`getId`

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
`initialize, isInitialized`

Field Detail

ROLE_DESCRIPTOR_NAME

public static final QName ROLE_DESCRIPTOR_NAME

QName of the RoleDescriptor element.

IDP_SSO_DESCRIPTOR_NAME

public static final QName IDP_SSO_DESCRIPTOR_NAME

QName of the IDPSSODescriptor element.

SP_SSO_DESCRIPTOR_NAME

public static final QName SP_SSO_DESCRIPTOR_NAME

QName of the SPSSODescriptor element.

AUTHN_AUTHORITY_DESCRIPTOR_NAME

public static final QName AUTHN_AUTHORITY_DESCRIPTOR_NAME

QName of the AuthnAuthorityDescriptor element.

ATTRIBUTE_AUTHORITY_DESCRIPTOR_NAME

public static final QName ATTRIBUTE_AUTHORITY_DESCRIPTOR_NAME

QName of the AttributeAuthorityDescriptor element.

PDP_DESCRIPTOR_NAME

public static final QName PDP_DESCRIPTOR_NAME

QName of the PDPDescriptor element.

log

private final Logger log

Class logger.

namedRoles

private final Set<QName> namedRoles

Set containing the SAML-defined, named role descriptors: IDP_SSO_DESCRIPTOR_NAME, SP_SSO_DESCRIPTOR_NAME, AUTHN_AUTHORITY_DESCRIPTOR_NAME, ATTRIBUTE_AUTHORITY_DESCRIPTOR_NAME, PDP_DESCRIPTOR_NAME.

designatedRoles

private Collection<QName> designatedRoles

Role element or type names which are white/black listed depending on the value of whitelistingRoles.

whitelistingRoles

private boolean whitelistingRoles

Whether designatedRoles should be considered a whitelist or a blacklist. Default value: false

removingRolelessEntities

private boolean removingRolelessEntities

Whether EntityDescriptor elements that do not contain roles, after filtering, should be removed. Default value: true

removingEntitylessEntitiesDescriptor

private boolean removingEntitylessEntitiesDescriptor

Whether EntitiesDescriptor that do not contain EntityDescriptors should be removed. Default value: true

Constructor Detail

EntityRoleFilterStage

public EntityRoleFilterStage()

Method Detail

getDesignatedRoles

@Nonnull
@NonnullElements
@Unmodifiable
public Collection<QName> getDesignatedRoles()

Gets the list of designated entity roles. The list may contain either role element names or schema types.

Returns:: list of designated entity roles, never null

setDesignatedRoles

public void setDesignatedRoles(@Nullable@NullableElements
                               Collection<QName> roles)

Sets the list of designated entity roles. The list may contain either role element names or schema types.

Parameters:: roles - list of designated entity roles

isWhitelistingRoles

public boolean isWhitelistingRoles()

Gets whether the list of designated roles should be considered a whitelist.

Returns:: true if the designated roles should be considered a whitelist, false otherwise

setWhitelistingRoles

public void setWhitelistingRoles(boolean whitelisting)

Sets whether the list of designated roles should be considered a whitelist.

Parameters:: whitelisting - true if the designated entities should be considered a whitelist, false otherwise

isRemovingRolelessEntities

public boolean isRemovingRolelessEntities()

Gets whether EntityDescriptor elements without roles (after filtering) should be removed altogether.

Returns:: true if EntityDescriptors without roles (after filtering) should be removed, false otherwise

setRemoveRolelessEntities

public void setRemoveRolelessEntities(boolean remove)

Sets whether EntityDescriptor elements without roles (after filtering) should be removed altogether.

Parameters:: remove - whether EntityDescriptor elements without roles (after filtering) should be removed altogether

isRemovingEntitylessEntitiesDescriptor

public boolean isRemovingEntitylessEntitiesDescriptor()

Gets whether EntitiesDescriptor that do not contain EntityDescriptors should be removed.

Returns:: whether EntitiesDescriptor that do not contain EntityDescriptors should be removed

setRemovingEntitylessEntitiesDescriptor

public void setRemovingEntitylessEntitiesDescriptor(boolean remove)

Sets whether EntitiesDescriptor that do not contain EntityDescriptors should be removed.

Parameters:: remove - whether EntitiesDescriptor that do not contain EntityDescriptors should be removed

doDestroy

protected void doDestroy()

Overrides:: doDestroy in class net.shibboleth.utilities.java.support.component.AbstractDestructableInitializableComponent

doExecute

protected boolean doExecute(@Nonnull
                            DomElementItem item)

Processes a given Item.

Specified by:: doExecute in class BaseIteratingStage<DomElementItem>

Parameters:: item - Item on which to operate
Returns:: true if the Item should be retained in the collection, false if not

processEntitiesDescriptor

protected boolean processEntitiesDescriptor(@Nonnull
                                            Element entitiesDescriptor)

Iterates over all child EntitiesDescriptor, passing each to processEntitiesDescriptor(Element), and EntityDescriptor, passing each to processEntityDescriptor(Element). If isRemovingEntitylessEntitiesDescriptor() is true and the EntitiesDescriptor contains no child EntitiesDescriptors or EntityDescriptors it is removed.

Parameters:: entitiesDescriptor - EntitiesDescriptor being processed
Returns:: true if the descriptor should be removed, false otherwise

processEntityDescriptor

protected boolean processEntityDescriptor(@Nonnull
                                          Element entityDescriptor)

Processes an EntityDescriptor. First, all filtered out roles are removed. Then, if no roles are left and isRemovingRolelessEntities() is true the EntityDescriptor is marked to be removed.

Parameters:: entityDescriptor - entity descriptor being processed
Returns:: true if the entity descriptor should be removed, false otherwise

getFilteredRoles

protected List<Element> getFilteredRoles(@Nonnull
                                         String entityId,
                                         @Nonnull
                                         Element entityDescriptor)

Iterates over the roles of a EntitiesDescriptor, filters out the appropriate ones and returns the rest.

Parameters:: entityId - ID of the entity whose roles are being processed; entityDescriptor - descriptor of entity whose roles are being processed
Returns:: the list of roles remaining after processing