net.shibboleth.metadata.dom.saml.mdattr

Class EntityAttributeFilteringStage

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

net.shibboleth.metadata.pipeline.BaseStage<Element>

net.shibboleth.metadata.dom.saml.mdattr.EntityAttributeFilteringStage

All Implemented Interfaces:

Stage<Element>, net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.IdentifiableComponent, net.shibboleth.utilities.java.support.component.IdentifiedComponent, net.shibboleth.utilities.java.support.component.InitializableComponent

public class EntityAttributeFilteringStage
extends BaseStage<Element>

A stage which filters entity attributes from entity definitions according to a supplied set of rules. For each attribute value under consideration, a EntityAttributeFilteringStage.EntityAttributeContext is built from the components of the attribute and the entity's registrationAuthority, if any. Note that the registrationAuthority to be used is assumed to have been extracted out into a RegistrationAuthority object in the entity's item metadata. The stage can be operated in a whitelisting mode (the default) or in a blacklisting mode by setting the whitelisting property to false.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
(package private) static class	EntityAttributeFilteringStage.ContextImpl A simple immutable implementation of EntityAttributeFilteringStage.EntityAttributeContext.
static interface	EntityAttributeFilteringStage.EntityAttributeContext An entity attribute context against which matches can take place.

Field Summary

Fields

Modifier and Type	Field and Description
private Logger	log Class logger.
private List<com.google.common.base.Predicate<EntityAttributeFilteringStage.EntityAttributeContext>>	rules List of matching rules to apply to each attribute value.
private boolean	whitelisting Mode of operation: whitelisting or blacklisting.

Constructor Summary

Constructors

Constructor and Description
EntityAttributeFilteringStage()

Method Summary

Methods

Modifier and Type	Method and Description
private boolean	applyRules(EntityAttributeFilteringStage.EntityAttributeContext ctx) Apply the rules to a context.
protected void	doDestroy()
protected void	doExecute(Collection<Item<Element>> itemCollection) Performs the stage processing on the given Item collection.
private String	extractRegistrationAuthority(Item<Element> item) Extract the registration authority for an entity from its entity metadata.
private void	filterAttribute(Element attribute, String registrationAuthority) Filter an Attribute element.
private void	filterEntityAttributes(Element entityAttributes, String registrationAuthority) Filter an EntityAttributes extension element.
List<com.google.common.base.Predicate<EntityAttributeFilteringStage.EntityAttributeContext>>	getRules() Returns the List of rules being used to match entity attributes.
boolean	isWhitelisting() Indicates whether the stage is set to whitelisting or blacklisting mode.
void	setRules(List<com.google.common.base.Predicate<EntityAttributeFilteringStage.EntityAttributeContext>> newRules) Sets the List of rules to be used to match attribute values.
void	setWhitelisting(boolean newValue) Sets the mode of operation.

Methods inherited from class net.shibboleth.metadata.pipeline.BaseStage

execute, getCollectionPredicate, setCollectionPredicate

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

setId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

doInitialize, getId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.DestructableComponent

destroy, isDestroyed

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

private final Logger log

Class logger.

rules

private List<com.google.common.base.Predicate<EntityAttributeFilteringStage.EntityAttributeContext>> rules

List of matching rules to apply to each attribute value. The list is applied in order, with the first rule returning true terminating the evaluation. This amounts to an implicit ORing of the individual rules, with early termination.

whitelisting

private boolean whitelisting

Mode of operation: whitelisting or blacklisting. Default: whitelisting.

Constructor Detail

EntityAttributeFilteringStage

public EntityAttributeFilteringStage()

Method Detail

setRules

public void setRules(@Nonnull
            List<com.google.common.base.Predicate<EntityAttributeFilteringStage.EntityAttributeContext>> newRules)

Sets the List of rules to be used to match attribute values.

Parameters:

newRules - new List of rules

getRules

@Nonnull
public List<com.google.common.base.Predicate<EntityAttributeFilteringStage.EntityAttributeContext>> getRules()

Returns the List of rules being used to match entity attributes.

Returns:

the List of rules

setWhitelisting

public void setWhitelisting(boolean newValue)

Sets the mode of operation.

Parameters:

newValue - true to whitelist (default), false to blacklist

isWhitelisting

public boolean isWhitelisting()

Indicates whether the stage is set to whitelisting or blacklisting mode.

Returns:

true if whitelisting (default), false if blacklisting

applyRules

private boolean applyRules(EntityAttributeFilteringStage.EntityAttributeContext ctx)

Apply the rules to a context.

Parameters:

ctx - the context to apply the rules to

Returns:

true if one of the rules returns true; otherwise false

extractRegistrationAuthority

private String extractRegistrationAuthority(@Nonnull
                                  Item<Element> item)

Extract the registration authority for an entity from its entity metadata.

Parameters:

item - the Item representing the entity

Returns:

the registration authority URI, or null if not present

filterAttribute

private void filterAttribute(@Nonnull
                   Element attribute,
                   @Nullable
                   String registrationAuthority)

Filter an Attribute element.

Parameters:

attribute - an Attribute element to filter

registrationAuthority - the registration authority associated with the entity

filterEntityAttributes

private void filterEntityAttributes(@Nonnull
                          Element entityAttributes,
                          @Nullable
                          String registrationAuthority)

Filter an EntityAttributes extension element.

Parameters:

entityAttributes - the EntityAttributes extension element

registrationAuthority - the registration authority associated with the entity

doExecute

protected void doExecute(Collection<Item<Element>> itemCollection)
                  throws StageProcessingException

Description copied from class: BaseStage

Performs the stage processing on the given Item collection.

The stage is guaranteed to be have been initialized and not destroyed when this is invoked.

Specified by:

doExecute in class BaseStage<Element>

Parameters:

itemCollection - collection to be processed

Throws:

StageProcessingException - thrown if there is an unrecoverable problem when processing the stage

doDestroy

protected void doDestroy()

Overrides:

doDestroy in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent