Package net.shibboleth.idp.attribute.filter.policyrule.saml.impl

Class AbstractEntityAttributePolicyRule

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent
net.shibboleth.idp.attribute.filter.policyrule.impl.AbstractPolicyRule
net.shibboleth.idp.attribute.filter.policyrule.saml.impl.AbstractEntityAttributePolicyRule
All Implemented Interfaces:
PolicyRequirementRule, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
Direct Known Subclasses:
AbstractEntityAttributeExactPolicyRule, AbstractEntityAttributeRegexPolicyRule
public abstract class AbstractEntityAttributePolicyRule extends AbstractPolicyRule
Base class for matchers that check whether a particular entity attribute is present and contains a given value.

Given the metadata for an entity, this class takes care of navigation to the attribute and extracting the values, including optimized handling of mapped attributes.

Classes wishing to implement Entity Attribute matchers implement getEntityMetadata(AttributeFilterContext) to navigate to the entity (probably recipient or issuer) and entityAttributeValueMatches(Set) to implement the comparison (probably string or regexp).

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • attrName

      @NonnullAfterInit @NotEmpty private String attrName
      The name of the entity attribute the entity must have.

    • nameFormat

      @Nullable @NotEmpty private String nameFormat
      The name format of the entity attribute the entity must have.

    • ignoreUnmappedEntityAttributes

      private boolean ignoreUnmappedEntityAttributes
      Whether to ignore unmapped attributes as an optimization.

  • Constructor Details

    • AbstractEntityAttributePolicyRule

      public AbstractEntityAttributePolicyRule()

  • Method Details

    • getAttributeName

      @NonnullAfterInit @NotEmpty public String getAttributeName()
      Gets the name of the entity attribute the entity must have.
      Returns:
      name of the entity attribute the entity must have

    • setAttributeName

      public void setAttributeName(@Nullable @NotEmpty String attributeName)
      Sets the name of the entity attribute the entity must have.
      Parameters:
      attributeName - name of the entity attribute the entity must have

    • getNameFormat

      @Nullable @NotEmpty public String getNameFormat()
      Gets the name format of the entity attribute the entity must have.
      Returns:
      name format of the entity attribute the entity must have

    • setNameFormat

      public void setNameFormat(@Nullable @NotEmpty String attributeNameFormat)
      Sets the name format of the entity attribute the entity must have.
      Parameters:
      attributeNameFormat - name format of the entity attribute the entity must have

    • getIgnoreUnmappedEntityAttributes

      public boolean getIgnoreUnmappedEntityAttributes()
      Gets whether to ignore unmapped/decoded EntityAttribute extensions as an optimization.
      Returns:
      whether to ignore unmapped/decoded EntityAttribute extensions as an optimization

    • setIgnoreUnmappedEntityAttributes

      public void setIgnoreUnmappedEntityAttributes(boolean flag)
      Sets whether to ignore unmapped/decoded EntityAttribute extensions as an optimization.

      Defaults to false. Only applies if getNameFormat() property is non-null.

      Parameters:
      flag - flag to set

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractPolicyRule
      Throws:
      ComponentInitializationException

    • matches

      @Nonnull public PolicyRequirementRule.Tristate matches(@Nonnull AttributeFilterContext filterContext)
      Evaluate what this rule means.
      Parameters:
      filterContext - the context.
      Returns:
      whether the rule holds

    • getEntityMetadata

      @Nullable protected abstract EntityDescriptor getEntityMetadata(@Nonnull AttributeFilterContext filterContext)
      Gets the entity descriptor for the entity to check.
      Parameters:
      filterContext - current filter request context
      Returns:
      entity descriptor for the entity to check or null if not found

    • entityAttributeValueMatches

      protected abstract boolean entityAttributeValueMatches(@Nonnull @NotEmpty Set<String> entityAttributeValues)
      Checks whether the given entity attribute's values match for particular implementations of this functor.
      Parameters:
      entityAttributeValues - the entity attribute values
      Returns:
      true if the value matches, false if not

    • getEntityAttributeValues

      private void getEntityAttributeValues(@Nonnull XMLObject metadataObject, @Nullable @NotEmpty String name, @Nonnull @Live Set<String> valueAccumulator)
      Gets the entity attribute values from the given metadata.

      If both the attribute name and name format for this match functor is configured then both must match, otherwise only the attribute name must match.

      Parameters:
      metadataObject - the metadata object
      name - name of metadata object
      valueAccumulator - stores values of the designated attribute

    • getMappedEntityAttributeValues

      private void getMappedEntityAttributeValues(@Nonnull XMLObject metadataObject, @Nonnull @Live Set<String> valueAccumulator)
      Gets the mapped entity attribute values from the given metadata.
      Parameters:
      metadataObject - the metadata object
      valueAccumulator - stores values of the designated attribute

    • getMappedRequestedAttributes

      @Nullable private Multimap<String,IdPAttribute> getMappedRequestedAttributes(@Nonnull XMLObject metadataObject)
      Dig into the metadata to determine whether any mapped requested attribute information exists.
      Parameters:
      metadataObject - metadata object
      Returns:
      the extracted map of requested attributes or null

    • getStringValue

      @Nullable private String getStringValue(@Nonnull XMLObject object)
      Function to return an XMLObject in string form.
      Parameters:
      object - object to decode
      Returns:
      decoded string, or null