edu.internet2.middleware.shibboleth.common.attribute.provider
Class ShibbolethSAML2AttributeAuthority

java.lang.Object
  extended by edu.internet2.middleware.shibboleth.common.config.BaseService
      extended by edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority
All Implemented Interfaces:
AttributeAuthority<SAMLProfileRequestContext<? extends org.opensaml.saml2.core.RequestAbstractType,? extends org.opensaml.saml2.core.StatusResponseType,org.opensaml.saml2.core.NameID,? extends AbstractSAML2ProfileConfiguration>>, SAML2AttributeAuthority, Service, BeanNameAware, ApplicationContextAware

public class ShibbolethSAML2AttributeAuthority
extends BaseService
implements SAML2AttributeAuthority

SAML 2.0 Attribute Authority.


Constructor Summary
ShibbolethSAML2AttributeAuthority(ShibbolethAttributeResolver resolver)
          This creates a new attribute authority.
 
Method Summary
 org.opensaml.saml2.core.AttributeStatement buildAttributeStatement(org.opensaml.saml2.core.AttributeQuery query, Collection<BaseAttribute> attributes)
          Creates a SAML 2 attribute statment from a collection of BaseAttribute.
protected  Collection<org.opensaml.saml2.core.Attribute> encodeAttributes(Collection<BaseAttribute> attributes)
          This encodes the supplied attributes with that attribute's SAML2 encoder.
protected  void filterAttributesByValue(org.opensaml.saml2.core.AttributeQuery query, Collection<org.opensaml.saml2.core.Attribute> attributes)
          Filters out all but the values, for an attribute, provided in the query, if and only if, the query specifies at least one value for the attribute.
protected  Set<String> getAttribtueIds(org.opensaml.saml2.metadata.EntityDescriptor metadata)
          Gets the attribute IDs for those attributes requested in the entity metadata.
 String getAttributeIDBySAMLAttribute(org.opensaml.saml2.core.Attribute attribute)
          Translates SAML 2 attribute naming information into the internal attribute ID used by the resolver and filtering engine.
protected  Set<String> getAttributeIds(List<org.opensaml.saml2.core.Attribute> attributes)
          This parses the attribute ids from the supplied list of attributes.
protected  Set<String> getAttributeIds(org.opensaml.saml2.core.RequestAbstractType samlRequest)
          Gets the attribute IDs for those attributes requested in the attribute query.
 ShibbolethAttributeResolver getAttributeResolver()
          Gets the attribute resolver.
 Map<String,BaseAttribute> getAttributes(SAMLProfileRequestContext<? extends org.opensaml.saml2.core.RequestAbstractType,? extends org.opensaml.saml2.core.StatusResponseType,org.opensaml.saml2.core.NameID,? extends AbstractSAML2ProfileConfiguration> requestContext)
          Gets the attributes for the principal identified in the request.
 ShibbolethAttributeFilteringEngine getFilteringEngine()
          Gets the filtering engine.
 String getPrincipal(SAMLProfileRequestContext<? extends org.opensaml.saml2.core.RequestAbstractType,? extends org.opensaml.saml2.core.StatusResponseType,org.opensaml.saml2.core.NameID,? extends AbstractSAML2ProfileConfiguration> requestContext)
          Resolves a NameID into the internal principal name used Shibboleth.
 org.opensaml.saml2.core.Attribute getSAMLAttributeByAttributeID(String id)
          Translates the internal attribute ID, used by the resolver and filtering engine, into its representative SAML 2 attribute name.
protected  void onNewContextCreated(ApplicationContext newServiceContext)
          Called after a new context has been created but before it set as the service's context.
 void setFilteringEngine(ShibbolethAttributeFilteringEngine engine)
          Sets the attribute filtering engine.
 
Methods inherited from class edu.internet2.middleware.shibboleth.common.config.BaseService
destroy, getApplicationContext, getId, getReadWriteLock, getServiceConfigurations, getServiceContext, initialize, isDestroyed, isInitialized, loadContext, setApplicationContext, setBeanName, setInitialized, setServiceConfigurations, setServiceContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ShibbolethSAML2AttributeAuthority

public ShibbolethSAML2AttributeAuthority(ShibbolethAttributeResolver resolver)
This creates a new attribute authority.

Parameters:
resolver - The attribute resolver to set
Method Detail

getAttributeResolver

public ShibbolethAttributeResolver getAttributeResolver()
Gets the attribute resolver.

Returns:
Returns the attributeResolver.

getFilteringEngine

public ShibbolethAttributeFilteringEngine getFilteringEngine()
Gets the filtering engine.

Returns:
Returns the filteringEngine.

setFilteringEngine

public void setFilteringEngine(ShibbolethAttributeFilteringEngine engine)
Sets the attribute filtering engine.

Parameters:
engine - attribute filtering engine

buildAttributeStatement

public org.opensaml.saml2.core.AttributeStatement buildAttributeStatement(org.opensaml.saml2.core.AttributeQuery query,
                                                                          Collection<BaseAttribute> attributes)
                                                                   throws AttributeEncodingException
Creates a SAML 2 attribute statment from a collection of BaseAttribute.

Specified by:
buildAttributeStatement in interface SAML2AttributeAuthority
Parameters:
query - the attribute query the statement is in respone to, may be null
attributes - the attributes to create the attribute statement form
Returns:
the generated attribute statement
Throws:
AttributeEncodingException - thrown if an BaseAttribute can not be encoded

getAttributeIDBySAMLAttribute

public String getAttributeIDBySAMLAttribute(org.opensaml.saml2.core.Attribute attribute)
Translates SAML 2 attribute naming information into the internal attribute ID used by the resolver and filtering engine.

Specified by:
getAttributeIDBySAMLAttribute in interface SAML2AttributeAuthority
Parameters:
attribute - the SAML 2 attribute to translate
Returns:
the attribute ID used by the resolver and filtering engine

getSAMLAttributeByAttributeID

public org.opensaml.saml2.core.Attribute getSAMLAttributeByAttributeID(String id)
Translates the internal attribute ID, used by the resolver and filtering engine, into its representative SAML 2 attribute name.

Specified by:
getSAMLAttributeByAttributeID in interface SAML2AttributeAuthority
Parameters:
id - internal attribute ID
Returns:
SAML 2 attribute name

getPrincipal

public String getPrincipal(SAMLProfileRequestContext<? extends org.opensaml.saml2.core.RequestAbstractType,? extends org.opensaml.saml2.core.StatusResponseType,org.opensaml.saml2.core.NameID,? extends AbstractSAML2ProfileConfiguration> requestContext)
                    throws AttributeRequestException
Resolves a NameID into the internal principal name used Shibboleth.

Specified by:
getPrincipal in interface SAML2AttributeAuthority
Parameters:
requestContext - The request context within which to retrieve the principal. At a mimium, a NameID and relying party ID must be included.
Returns:
NameID into the internal principal name used Shibboleth
Throws:
AttributeRequestException - thrown if the principal get not be resolved

getAttributes

public Map<String,BaseAttribute> getAttributes(SAMLProfileRequestContext<? extends org.opensaml.saml2.core.RequestAbstractType,? extends org.opensaml.saml2.core.StatusResponseType,org.opensaml.saml2.core.NameID,? extends AbstractSAML2ProfileConfiguration> requestContext)
                                        throws AttributeRequestException
Gets the attributes for the principal identified in the request.

Specified by:
getAttributes in interface AttributeAuthority<SAMLProfileRequestContext<? extends org.opensaml.saml2.core.RequestAbstractType,? extends org.opensaml.saml2.core.StatusResponseType,org.opensaml.saml2.core.NameID,? extends AbstractSAML2ProfileConfiguration>>
Parameters:
requestContext - contextual information for the attribute request
Returns:
the request attributes keyed by the attributes' IDs.
Throws:
AttributeRequestException - thrown if there is a problem retrieving the attributes

encodeAttributes

protected Collection<org.opensaml.saml2.core.Attribute> encodeAttributes(Collection<BaseAttribute> attributes)
                                                                  throws AttributeEncodingException
This encodes the supplied attributes with that attribute's SAML2 encoder.

Parameters:
attributes - the attributes to encode
Returns:
the encoded attributes
Throws:
AttributeEncodingException - thrown if an attribute could not be encoded

filterAttributesByValue

protected void filterAttributesByValue(org.opensaml.saml2.core.AttributeQuery query,
                                       Collection<org.opensaml.saml2.core.Attribute> attributes)
Filters out all but the values, for an attribute, provided in the query, if and only if, the query specifies at least one value for the attribute. That is to say, if the attribute query does not specify any attribute values then all values for that attribute are accepted and remain. Because this comparison acts on the marshalled form the provided attributes will be encoded prior to filtering.

Parameters:
query - the attribute query
attributes - the attributes to filter

getAttributeIds

protected Set<String> getAttributeIds(org.opensaml.saml2.core.RequestAbstractType samlRequest)
Gets the attribute IDs for those attributes requested in the attribute query.

Parameters:
samlRequest - incomming SAML request
Returns:
attribute IDs for those attributes requested in the attribute query

getAttribtueIds

protected Set<String> getAttribtueIds(org.opensaml.saml2.metadata.EntityDescriptor metadata)
Gets the attribute IDs for those attributes requested in the entity metadata.

Parameters:
metadata - the entity metadata
Returns:
attribute IDs for those attributes requested in the entity metadata

getAttributeIds

protected Set<String> getAttributeIds(List<org.opensaml.saml2.core.Attribute> attributes)
This parses the attribute ids from the supplied list of attributes.

Parameters:
attributes - List
Returns:
Set of attribute ids

onNewContextCreated

protected void onNewContextCreated(ApplicationContext newServiceContext)
                            throws ServiceException
Called after a new context has been created but before it set as the service's context. If an exception is thrown the new context will not be set as the service's context and the current service context will be retained.

Specified by:
onNewContextCreated in class BaseService
Parameters:
newServiceContext - the newly created context for the service
Throws:
ServiceException - thrown if there is a problem with the given service context


Copyright © 2006-2011 Internet2. All Rights Reserved.