1 /* 2 * Licensed to the University Corporation for Advanced Internet Development, 3 * Inc. (UCAID) under one or more contributor license agreements. See the 4 * NOTICE file distributed with this work for additional information regarding 5 * copyright ownership. The UCAID licenses this file to You under the Apache 6 * License, Version 2.0 (the "License"); you may not use this file except in 7 * compliance with the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package edu.internet2.middleware.shibboleth.common.attribute.provider; 19 20 import java.util.Collection; 21 22 import org.opensaml.saml2.core.Attribute; 23 import org.opensaml.saml2.core.AttributeQuery; 24 import org.opensaml.saml2.core.AttributeStatement; 25 import org.opensaml.saml2.core.NameID; 26 import org.opensaml.saml2.core.RequestAbstractType; 27 import org.opensaml.saml2.core.StatusResponseType; 28 29 import edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthority; 30 import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException; 31 import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute; 32 import edu.internet2.middleware.shibboleth.common.attribute.encoding.AttributeEncodingException; 33 import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext; 34 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.AbstractSAML2ProfileConfiguration; 35 36 /** 37 * An attribute authority that can take an attribute query and produce a resultant attribute statement. 38 */ 39 public interface SAML2AttributeAuthority 40 extends 41 AttributeAuthority<SAMLProfileRequestContext<? extends RequestAbstractType, ? extends StatusResponseType, NameID, ? extends AbstractSAML2ProfileConfiguration>> { 42 43 /** 44 * Resolves a {@link NameID} into the internal principal name used Shibboleth. 45 * 46 * @param requestContext The request context within which to retrieve the principal. At a mimium, a {@link NameID} 47 * and relying party ID must be included. 48 * 49 * @return {@link NameID} into the internal principal name used Shibboleth 50 * 51 * @throws AttributeRequestException thrown if the principal get not be resolved 52 */ 53 public String getPrincipal( 54 SAMLProfileRequestContext<? extends RequestAbstractType, ? extends StatusResponseType, NameID, ? extends AbstractSAML2ProfileConfiguration> requestContext) 55 throws AttributeRequestException; 56 57 /** 58 * Creates a SAML 2 attribute statment from a collection of {@link BaseAttribute}. 59 * 60 * @param query the attribute query the statement is in respone to, may be null 61 * @param attributes the attributes to create the attribute statement form 62 * 63 * @return the generated attribute statement 64 * 65 * @throws AttributeEncodingException thrown if an {@link BaseAttribute} can not be encoded 66 */ 67 public AttributeStatement buildAttributeStatement(AttributeQuery query, Collection<BaseAttribute> attributes) 68 throws AttributeEncodingException; 69 70 /** 71 * Translates SAML 2 attribute naming information into the internal attribute ID used by the resolver and filtering 72 * engine. 73 * 74 * @param attribute the SAML 2 attribute to translate 75 * 76 * @return the attribute ID used by the resolver and filtering engine 77 */ 78 public String getAttributeIDBySAMLAttribute(Attribute attribute); 79 80 /** 81 * Translates the internal attribute ID, used by the resolver and filtering engine, into its representative SAML 2 82 * attribute name. 83 * 84 * @param id internal attribute ID 85 * 86 * @return SAML 2 attribute name 87 */ 88 public Attribute getSAMLAttributeByAttributeID(String id); 89 }