/**
   * Set the strategy used to locate the principal name for this attribute filtering.
   *
   * @param strategy lookup strategy
   */
  public void setPrincipalNameLookupStrategy(
      @Nonnull final Function<ProfileRequestContext, String> strategy) {
    ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);

    principalNameLookupStrategy =
        Constraint.isNotNull(strategy, "Principal name lookup strategy cannot be null");
  }
 @Override
 @Nullable
 public ProxyGrantingTicket removeProxyGrantingTicket(@Nonnull final String id) {
   Constraint.isNotNull(id, "Id cannot be null");
   final ProxyGrantingTicket pgt = delete(id, ProxyGrantingTicket.class);
   return pgt;
 }
  /**
   * Set the strategy used to locate or create the {@link AttributeFilterContext} to populate.
   *
   * @param strategy lookup/creation strategy
   */
  public void setFilterContextCreationStrategy(
      @Nonnull final Function<ProfileRequestContext, AttributeFilterContext> strategy) {
    ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);

    filterContextCreationStrategy =
        Constraint.isNotNull(strategy, "AttributeContext creation strategy cannot be null");
  }
  /**
   * Set the flows available for possible use.
   *
   * @param flows the flows available for possible use
   */
  public void setAvailableFlows(
      @Nonnull @NonnullElements final Collection<SubjectCanonicalizationFlowDescriptor> flows) {
    ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
    Constraint.isNotNull(flows, "Flow collection cannot be null");

    availableFlows = new ArrayList<>(Collections2.filter(flows, Predicates.notNull()));
  }
  /**
   * Set the creation/lookup strategy for the {@link LogoutPropagationContext}.
   *
   * @param strategy creation/lookup strategy
   */
  public void setLogoutPropagationContextCreationStrategy(
      @Nonnull final Function<ProfileRequestContext, LogoutPropagationContext> strategy) {
    ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);

    contextCreationStrategy =
        Constraint.isNotNull(strategy, "LogoutPropagationContext creation strategy cannot be null");
  }
  /** {@inheritDoc} */
  @Override
  @Nonnull
  public Iterable<EncryptedKey> resolve(@Nonnull final EncryptedData encryptedData) {
    Constraint.isNotNull(encryptedData, "EncryptedData cannot be null");

    return resolveKeyInfo(encryptedData.getKeyInfo(), depthLimit);
  }
  /**
   * Set the strategy used to locate the {@link AuthenticationContext} associated with a given
   * {@link ProfileRequestContext}.
   *
   * @param strategy strategy used to locate the {@link AuthenticationContext} associated with a
   *     given {@link ProfileRequestContext}
   */
  public void setAuthenticationContextLookupStrategy(
      @Nonnull final Function<ProfileRequestContext, AuthenticationContext> strategy) {
    ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);

    authnContextLookupStrategy =
        Constraint.isNotNull(strategy, "AuthenticationContext lookup strategy cannot be null");
  }
 /**
  * Constructor.
  *
  * @param configurations varargs array of configuration instances
  */
 public EncryptionConfigurationCriterion(
     @Nonnull @NonnullElements @NotEmpty EncryptionConfiguration... configurations) {
   Constraint.isNotNull(configurations, "List of configurations cannot be null");
   configs =
       new ArrayList<>(Collections2.filter(Arrays.asList(configurations), Predicates.notNull()));
   Constraint.isGreaterThanOrEqual(1, configs.size(), "At least one configuration is required");
 }
 @Override
 @Nonnull
 public ProxyGrantingTicket createProxyGrantingTicket(
     @Nonnull final String id,
     @Nonnull final Instant expiry,
     @Nonnull final ProxyTicket proxyTicket) {
   Constraint.isNotNull(proxyTicket, "ProxyTicket cannot be null");
   final ProxyGrantingTicket pgt =
       new ProxyGrantingTicket(
           Constraint.isNotNull(id, "ID cannot be null"),
           proxyTicket.getSessionId(),
           proxyTicket.getService(),
           Constraint.isNotNull(expiry, "Expiry cannot be null"),
           proxyTicket.getPgtId());
   store(pgt);
   return pgt;
 }
 @Override
 @Nonnull
 public ServiceTicket createServiceTicket(
     @Nonnull final String id,
     @Nonnull final Instant expiry,
     @Nonnull final String sessionId,
     @Nonnull final String service,
     final boolean renew) {
   final ServiceTicket st =
       new ServiceTicket(
           Constraint.isNotNull(id, "ID cannot be null"),
           Constraint.isNotNull(sessionId, "Session ID cannot be null"),
           Constraint.isNotNull(service, "Service cannot be null"),
           Constraint.isNotNull(expiry, "Expiry cannot be null"),
           renew);
   store(st);
   return st;
 }
 @Nonnull
 @Override
 public ProxyTicket createProxyTicket(
     @Nonnull final String id,
     @Nonnull final Instant expiry,
     @Nonnull final ProxyGrantingTicket pgt,
     @Nonnull final String service) {
   Constraint.isNotNull(pgt, "ProxyGrantingTicket cannot be null");
   final ProxyTicket pt =
       new ProxyTicket(
           Constraint.isNotNull(id, "ID cannot be null"),
           pgt.getSessionId(),
           Constraint.isNotNull(service, "Service cannot be null"),
           Constraint.isNotNull(expiry, "Expiry cannot be null"),
           pgt.getId());
   store(pt);
   return pt;
 }
Ejemplo n.º 12
0
  /**
   * Set the strategy used to locate the {@link SAMLMetadataContext} associated with a given {@link
   * ProfileRequestContext}. Also sets the strategy to find the {@link SAMLMetadataContext} from the
   * {@link AttributeFilterContext}; SAMLMetadataContext
   *
   * @param strategy strategy used to locate the {@link AuthenticationContext} associated with a
   *     given {@link ProfileRequestContext}
   */
  public void setMetadataContextLookupStrategy(
      @Nonnull final Function<ProfileRequestContext, SAMLMetadataContext> strategy) {
    ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);

    metadataContextLookupStrategy =
        Constraint.isNotNull(strategy, "MetadataContext lookup strategy cannot be null");
    metadataFromFilterLookupStrategy =
        Functions.compose(
            metadataContextLookupStrategy,
            new RootContextLookup<AttributeFilterContext, ProfileRequestContext>());
  }
Ejemplo n.º 13
0
  /**
   * Constructor.
   *
   * @param filterService engine used to filter attributes
   */
  public FilterAttributes(@Nonnull final ReloadableService<AttributeFilter> filterService) {
    attributeFilterService = Constraint.isNotNull(filterService, "Service cannot be null");

    issuerLookupStrategy = new ResponderIdLookupFunction();
    recipientLookupStrategy = new RelyingPartyIdLookupFunction();

    attributeContextLookupStrategy =
        Functions.compose(
            new ChildContextLookup<>(AttributeContext.class),
            new ChildContextLookup<ProfileRequestContext, RelyingPartyContext>(
                RelyingPartyContext.class));

    principalNameLookupStrategy =
        Functions.compose(
            new SubjectContextPrincipalLookupFunction(),
            new ChildContextLookup<ProfileRequestContext, SubjectContext>(SubjectContext.class));

    authnContextLookupStrategy = new ChildContextLookup<>(AuthenticationContext.class);

    // Default: inbound msg context -> SAMLPeerEntityContext -> SAMLMetadataContext
    metadataContextLookupStrategy =
        Functions.compose(
            new ChildContextLookup<>(SAMLMetadataContext.class),
            Functions.compose(
                new ChildContextLookup<>(SAMLPeerEntityContext.class),
                new InboundMessageContextLookup()));

    // This is always set to navigate to the root context and then apply the previous function.
    metadataFromFilterLookupStrategy =
        Functions.compose(
            new Function<ProfileRequestContext, SAMLMetadataContext>() {
              @Override
              public SAMLMetadataContext apply(ProfileRequestContext input) {
                return metadataContextLookupStrategy.apply(input);
              }
            },
            new RootContextLookup<AttributeFilterContext, ProfileRequestContext>());

    // Defaults to ProfileRequestContext -> RelyingPartyContext -> AttributeFilterContext.
    filterContextCreationStrategy =
        Functions.compose(
            new ChildContextLookup<>(AttributeFilterContext.class, true),
            new ChildContextLookup<ProfileRequestContext, RelyingPartyContext>(
                RelyingPartyContext.class));

    maskFailures = true;
  }
  /**
   * Set the {@link SPSessionSerializerRegistry} to use.
   *
   * @param registry a registry of SPSession class to serializer mappings
   */
  public void setSPSessionSerializerRegistry(@Nonnull final SPSessionSerializerRegistry registry) {
    ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);

    spSessionSerializerRegistry = Constraint.isNotNull(registry, "Registry cannot be null");
  }
  /** {@inheritDoc} */
  protected void doInitialize() throws ComponentInitializationException {
    super.doInitialize();

    Constraint.isNotNull(getHttpServletRequest(), "HttpServletRequest may not be null");
  }
 /**
  * Set the HTTP servlet request instance being evaluated.
  *
  * @param request the request instance
  */
 public void setHttpServletRequest(HttpServletRequest request) {
   ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
   httpServletRequest = Constraint.isNotNull(request, "HttpServletRequest may not be null");
 }
 /**
  * Set the strategy for locating {@link SAMLConsentContext}.
  *
  * @param strategy lookup strategy
  */
 public void setConsentContextLookupStrategy(
     @Nonnull final Function<MessageContext, SAMLConsentContext> strategy) {
   consentContextStrategy =
       Constraint.isNotNull(strategy, "SAMLConsentContext lookup strategy cannot be null");
 }
 /**
  * Constructor.
  *
  * @param entityId the entity ID, can not be null or empty
  */
 public EntityIdCriterion(@Nonnull @NotEmpty final String entityId) {
   id =
       Constraint.isNotNull(
           StringSupport.trimOrNull(entityId), "Entity ID cannot be null or empty");
 }
 /**
  * Creates a new instance.
  *
  * @param ticketService Ticket service component.
  */
 public GrantProxyTicketAction(final TicketServiceEx ticketService) {
   this.ticketService = Constraint.isNotNull(ticketService, "TicketService cannot be null");
 }
 @Override
 @Nullable
 public ProxyGrantingTicket fetchProxyGrantingTicket(@Nonnull final String id) {
   Constraint.isNotNull(id, "Id cannot be null");
   return read(id, ProxyGrantingTicket.class);
 }
  /**
   * Set the {@link DataSealer} to use.
   *
   * @param sealer the {@link DataSealer} to use
   */
  public void setDataSealer(@Nonnull final DataSealer sealer) {
    ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);

    dataSealer = Constraint.isNotNull(sealer, "DataSealer cannot be null");
  }
 @Override
 @Nullable
 public ServiceTicket removeServiceTicket(@Nonnull final String id) {
   Constraint.isNotNull(id, "Id cannot be null");
   return delete(id, ServiceTicket.class);
 }
 /**
  * Creates a new instance with given parameters.
  *
  * @param pt Proxy ticket ID.
  */
 public ProxyTicketResponse(@Nonnull final String pt) {
   Constraint.isNotNull(pt, "PT cannot be null");
   this.pt = pt;
 }
 /*
  * Constructor
  */
 public MobileUserPrincipal(@Nonnull @NotEmpty final String mobile) {
   this.mobileNumber =
       Constraint.isNotNull(
           StringSupport.trimOrNull(mobile), "MobileNumber cannot be null or empty");
 }
  /** {@inheritDoc} */
  @Override
  protected void doV2Parse(
      @Nonnull final Element config,
      @Nonnull final ParserContext parserContext,
      @Nonnull final BeanDefinitionBuilder builder) {
    log.debug("{} Parsing v2 configuration {}", getLogPrefix(), config);

    final String targetResolvingStrategy =
        AttributeSupport.getAttributeValue(config, new QName("targetDeterminationStrategy"));
    Constraint.isNotNull(
        StringSupport.trimOrNull(targetResolvingStrategy),
        "The targetDeterminationStrategy can not be null or empty, please adjust entityID from the AQ DataConnector");

    if (targetResolvingStrategy.equals("mysql")) {
      // Constructor is MySQLTargetResolvingStrategy(String url, String username, String password),
      // adding arguments in this order:
      final BeanDefinitionBuilder mysqlTargetResolvingStrategy =
          BeanDefinitionBuilder.genericBeanDefinition(MySQLTargetDeterminationStrategy.class);

      final String dbURL = AttributeSupport.getAttributeValue(config, new QName("dbURL"));
      Constraint.isNotNull(
          StringSupport.trimOrNull(dbURL),
          "The dbURL attribute is required if the targetResolvingStrategy is mysql, please adjust entityID from the AQ DataConnector");
      mysqlTargetResolvingStrategy.addConstructorArgValue(dbURL);

      final String dbUsername = AttributeSupport.getAttributeValue(config, new QName("dbUsername"));
      Constraint.isNotNull(
          StringSupport.trimOrNull(dbUsername),
          "The dbUsername attribute is required if the targetResolvingStrategy is mysql, please adjust entityID from the AQ DataConnector");
      mysqlTargetResolvingStrategy.addConstructorArgValue(dbUsername);

      final String dbPassword = AttributeSupport.getAttributeValue(config, new QName("dbPassword"));
      Constraint.isNotNull(
          StringSupport.trimOrNull(dbPassword),
          "The dbPassword attribute is required if the targetResolvingStrategy is mysql, please adjust entityID from the AQ DataConnector");
      mysqlTargetResolvingStrategy.addConstructorArgValue(dbPassword);

      builder.addPropertyValue(
          "targetResolvingStrategy", mysqlTargetResolvingStrategy.getBeanDefinition());
    } else if (targetResolvingStrategy.equals("ldap")) {
      final BeanDefinitionBuilder ldapTargetResolvingStrategy =
          BeanDefinitionBuilder.genericBeanDefinition(LDAPTargetDeterminationStrategy.class);

      final String sourceAttributeID =
          AttributeSupport.getAttributeValue(config, new QName("sourceAttributeID"));
      Constraint.isNotNull(
          StringSupport.trimOrNull(sourceAttributeID),
          "The sourceAttributeID attribute is required if the targetResolvingStrategy is ldap, please adjust entityID from the AQ DataConnector");
      ldapTargetResolvingStrategy.addConstructorArgValue(sourceAttributeID);

      final List<Element> dependencyElements =
          ElementSupport.getChildElements(config, ResolverPluginDependencyParser.ELEMENT_NAME);
      ldapTargetResolvingStrategy.addPropertyValue(
          "dependencies", SpringSupport.parseCustomElements(dependencyElements, parserContext));

      final String connectorID = AttributeSupport.getAttributeValue(config, new QName("id"));
      Constraint.isNotNull(
          StringSupport.trimOrNull(sourceAttributeID),
          "The connectorID can not be empty, please adjust it for the AQ DataConnector");
      ldapTargetResolvingStrategy.addConstructorArgValue(connectorID);

      builder.addPropertyValue(
          "targetResolvingStrategy", ldapTargetResolvingStrategy.getBeanDefinition());

    } else {
      log.error(
          "{} Unsupported targetResolvingStrategy: {}. Change it to mysql or ldap! ",
          getLogPrefix(),
          targetResolvingStrategy);
    }

    final BeanDefinitionBuilder attributeQueryBuilder =
        BeanDefinitionBuilder.genericBeanDefinition(AttributeQueryBuilder.class);

    // Parse value of the entityID attribute
    final String issuer = AttributeSupport.getAttributeValue(config, new QName("entityID"));
    Constraint.isNotNull(
        StringSupport.trimOrNull(issuer),
        "The entityID of the Issuer can not be empty, please adjust entityID from the AQ DataConnector");
    attributeQueryBuilder.addConstructorArgValue(issuer);

    // parsing of the defined AQAttributes for the attribute query
    final List<Element> children = ElementSupport.getChildElements(config, ATTRIBUTE_ELEMENT_NAME);
    final List<BeanDefinition> attributes = new ManagedList<>(children.size());
    for (final Element child : children) {
      final String name = AttributeSupport.getAttributeValue(child, new QName("name"));
      final String friendlyName =
          AttributeSupport.getAttributeValue(child, new QName("friendlyName"));

      final BeanDefinitionBuilder attribute =
          BeanDefinitionBuilder.genericBeanDefinition(AQAttribute.class);
      attribute.addConstructorArgValue(name);
      attribute.addConstructorArgValue(friendlyName);
      log.debug(
          "{} Added one AQAttribute to the resolving List. Friendly Name {}, Name {}",
          getLogPrefix(),
          friendlyName,
          name);
      attributes.add(attribute.getBeanDefinition());
    }

    attributeQueryBuilder.addConstructorArgValue(attributes);
    builder.addPropertyValue("attributeQueryBuilder", attributeQueryBuilder.getBeanDefinition());

    final BeanDefinitionBuilder keyManager =
        BeanDefinitionBuilder.genericBeanDefinition(AttributeQueryKeyManager.class);

    // parse the keyLocaton attribute from the AQ DataCOnnector
    final String keyLocation = AttributeSupport.getAttributeValue(config, new QName("keyLocation"));
    Constraint.isNotNull(
        StringSupport.trimOrNull(keyLocation),
        "Key location can not be empty, please adjust keyLocation from the AQ DataConnector");

    // parse the certLocaton attribute from the AQ DataCOnnector
    final String certLocation =
        AttributeSupport.getAttributeValue(config, new QName("certLocation"));
    Constraint.isNotNull(
        StringSupport.trimOrNull(certLocation),
        "Certificate location can not be empty, please adjust certLocation from the AQ DataConnector");

    keyManager.addConstructorArgValue(getPrivateKey(keyLocation));
    keyManager.addConstructorArgValue(getCertificate(certLocation));
    builder.addPropertyValue("attributeQueryKeyManager", keyManager.getBeanDefinition());

    // if the asertionSigned attribute is true, set the value to true
    final String signatureRequired =
        AttributeSupport.getAttributeValue(config, new QName("assertionSigned"));
    if (signatureRequired != null && signatureRequired.equals("true")) {
      builder.addPropertyValue("signatureRequired", Boolean.TRUE);
    }

    // if the requestedAttributesRequired attribute is true, set the value to true
    final String requireMetadataAttributes =
        AttributeSupport.getAttributeValue(config, new QName("requestedAttributesRequired"));
    if (requireMetadataAttributes != null && requireMetadataAttributes.equals("true")) {
      builder.addPropertyValue("requireMetadataAttributes", Boolean.TRUE);
    }

    builder.setInitMethodName("initialize");
    builder.setDestroyMethodName("destroy");
  }
 /**
  * Creates a new instance.
  *
  * @param service Storage service to which tickets are persisted.
  */
 public SimpleTicketService(@Nonnull final StorageService service) {
   this.storageService = Constraint.isNotNull(service, "StorageService cannot be null.");
 }