/** {@inheritDoc} */
@Override
protected void doParse(
@Nonnull final Element config,
@Nonnull final ParserContext parserContext,
@Nonnull final BeanDefinitionBuilder builder) {
log.warn("PrincipalConnector feature is DEPRECATED in favor of subject c14n flows");
builder.setInitMethodName("initialize");
builder.setDestroyMethodName("destroy");
super.doParse(config, parserContext, builder);
// First up, add the per type decoders
addSAMLDecoders(config, parserContext, builder);
final String format = StringSupport.trimOrNull(config.getAttributeNS(null, "nameIDFormat"));
builder.addConstructorArgValue(format);
final String id = StringSupport.trimOrNull(config.getAttributeNS(null, "id"));
builder.addPropertyValue("id", id);
final List<Element> children = ElementSupport.getChildElements(config, RELYING_PARTY);
final List<String> relyingParties = new ManagedList<>(children.size());
for (Element child : children) {
relyingParties.add(child.getTextContent());
}
builder.addPropertyValue("relyingParties", relyingParties);
}
/**
* Build the POJO with the username and password.
*
* @param element the HTTPMetadataProvider parser.
* @return the bean definition with the username and password.
*/
private BeanDefinition buildBasicCredentials(Element element) {
BeanDefinitionBuilder builder =
BeanDefinitionBuilder.genericBeanDefinition(UsernamePasswordCredentials.class);
builder.setLazyInit(true);
builder.addConstructorArgValue(
StringSupport.trimOrNull(element.getAttributeNS(null, BASIC_AUTH_USER)));
builder.addConstructorArgValue(
StringSupport.trimOrNull(element.getAttributeNS(null, BASIC_AUTH_PASSWORD)));
return builder.getBeanDefinition();
}
/**
* Builds a name ID. The provided value is the textual content of the NameIdentifier. If a {@link
* #nameIdQualifier} is not null it is used as the NameIdentifier's name qualifier, otherwise the
* attribute issuer's entity id is used.
*
* @param nameIdValue value of the NameIdentifier
* @param resolutionContext current resolution context
* @return the constructed NameIdentifier
* @throws ResolutionException if the IdP Name is empty.
*/
protected NameIdentifier buildNameId(
@Nonnull @NotEmpty final String nameIdValue,
@Nonnull final AttributeResolutionContext resolutionContext)
throws ResolutionException {
log.debug("{} building a SAML1 NameIdentifier with value of '{}'", getLogPrefix(), nameIdValue);
final NameIdentifier nameIdentifier = nameIdentifierBuilder.buildObject();
nameIdentifier.setValue(nameIdValue);
if (nameIdFormat != null) {
log.debug("{} Format set to '{}'", getLogPrefix(), nameIdFormat);
nameIdentifier.setFormat(nameIdFormat);
}
final String attributeIssuerID =
StringSupport.trimOrNull(resolutionContext.getAttributeIssuerID());
if (nameIdQualifier != null) {
nameIdentifier.setNameQualifier(nameIdQualifier);
log.debug("{} NameQualifier set to '{}'", getLogPrefix(), nameIdQualifier);
} else if (null != attributeIssuerID) {
log.debug("{} NameQualifier set to '{}'", getLogPrefix(), attributeIssuerID);
nameIdentifier.setNameQualifier(attributeIssuerID);
} else {
throw new ResolutionException(getLogPrefix() + " provided attribute issuer ID was empty");
}
return nameIdentifier;
}
/** {@inheritDoc} */
@Override
protected void processAttribute(XMLObject xmlObject, Attr attribute)
throws UnmarshallingException {
if (attribute.getLocalName().equals(ActionMatchType.MATCH_ID_ATTRIB_NAME)) {
ActionMatchType matchType = (ActionMatchType) xmlObject;
matchType.setMatchId(StringSupport.trimOrNull(attribute.getValue()));
} else {
super.processAttribute(xmlObject, attribute);
}
}
/**
* Gets the entity ID of the service provider.
*
* @param request current HTTP request
* @return the entity ID of the service provider
* @throws MessageDecodingException thrown if the request does not contain a service provider
* entity ID
*/
@Nonnull
@NotEmpty
protected String getEntityId(@Nonnull final HttpServletRequest request)
throws MessageDecodingException {
String entityId = StringSupport.trimOrNull(request.getParameter(PROVIDER_ID_PARAM));
if (entityId == null) {
throw new MessageDecodingException(
"Shibboleth Authentication Request message did not contain the "
+ PROVIDER_ID_PARAM
+ " query parameter.");
}
return entityId;
}
/**
* This method reads a certificate file and returns a {@link X509Certificate}
*
* @param certLocation the location of the certificate file
* @return the created {@link X509Certificate}
*/
private X509Certificate createCertificate(String certLocation) {
X509Certificate cert = null;
try {
FileInputStream fisCertificate = new FileInputStream(certLocation);
cert =
X509Support.decodeCertificate(
StringSupport.inputStreamToString(fisCertificate, null).getBytes());
fisCertificate.close();
} catch (Exception e) {
return null;
}
return cert;
}
/**
* This method reads a private key file and returns a {@link PrivateKey}
*
* @param privateKeyLocation the location of the private key file
* @return the created {@link PrivateKey}
*/
private PrivateKey createPrivateKey(String privateKeyLocation) {
PrivateKey privateKey = null;
try {
FileInputStream fisPrivateKey = new FileInputStream(privateKeyLocation);
privateKey =
KeySupport.decodePrivateKey(
StringSupport.inputStreamToString(fisPrivateKey, null).getBytes(), null);
fisPrivateKey.close();
} catch (Exception e) {
return null;
}
return privateKey;
}
/**
* This method reads a private key file and returns a {@link PrivateKey}
*
* @param privateKeyLocation the location of the private key file
* @return the created {@link PrivateKey}
*/
private PrivateKey getPrivateKey(String privateKeyLocation) {
PrivateKey privateKey = null;
try {
FileInputStream fisPrivateKey = new FileInputStream(privateKeyLocation);
privateKey =
KeySupport.decodePrivateKey(
StringSupport.inputStreamToString(fisPrivateKey, null).getBytes(), null);
fisPrivateKey.close();
} catch (Exception e) {
log.debug("{} Couldnt create the PrivateKey: {}", getLogPrefix(), e);
return null;
}
return privateKey;
}
/**
* This method reads a certificate file and returns a {@link X509Certificate}
*
* @param certLocation the location of the certificate file
* @return the created {@link X509Certificate}
*/
private X509Certificate getCertificate(String certLocation) {
X509Certificate cert = null;
try {
FileInputStream fisCertificate = new FileInputStream(certLocation);
cert =
X509Support.decodeCertificate(
StringSupport.inputStreamToString(fisCertificate, null).getBytes());
fisCertificate.close();
} catch (Exception e) {
log.debug("{} Couldnt create the X509Certificate: {}", getLogPrefix(), e);
return null;
}
return cert;
}
/**
* Construct a message ID for the request.
*
* @return the message ID to use
*/
@Nonnull
protected String getMessageID() {
HttpServletRequest request = getHttpServletRequest();
String timeString = StringSupport.trimOrNull(request.getParameter(TIME_PARAM));
// If both a timestamp and session ID are available, construct a pseudo message ID
// by combining them. Otherwise return a generated one.
if (timeString != null) {
String sessionID = request.getRequestedSessionId();
if (sessionID != null) {
return "_" + sessionID + '!' + timeString;
} else {
return idGenerator.generateIdentifier();
}
} else {
return idGenerator.generateIdentifier();
}
}
/**
* Worker function for doAttributeDefintionResolve. This returns an AttributeValue if the input
* value is appropriate for encoding as a NameID.
*
* @param theValue an arbitrary value.
* @param resolutionContext the context to get the rest of the values from
* @return null or an attributeValue;
* @throws ResolutionException if the IdP Name is empty.
*/
@Nullable
private XMLObjectAttributeValue encodeOneValue(
@Nonnull final IdPAttributeValue<?> theValue,
@Nonnull final AttributeResolutionContext resolutionContext)
throws ResolutionException {
if (theValue instanceof StringAttributeValue) {
final String value = StringSupport.trimOrNull(((StringAttributeValue) theValue).getValue());
if (value == null) {
log.warn("{} Value was all whitespace", getLogPrefix());
return null;
}
final NameIdentifier nid = buildNameId(value, resolutionContext);
final XMLObjectAttributeValue val = new XMLObjectAttributeValue(nid);
return val;
}
log.warn("{} Unsupported value type: {}", getLogPrefix(), theValue.getClass().getName());
return null;
}
/**
* Gets the current time, in milliseconds since the epoch, at the SP, if set.
*
* @param request current HTTP request
* @return the time sent by the service provider, or null
* @throws MessageDecodingException thrown if the time parameter given by the service provider is
* non-numeric or a negative time
*/
@Nullable
protected Long getTime(@Nonnull final HttpServletRequest request)
throws MessageDecodingException {
String timeString = StringSupport.trimOrNull(request.getParameter(TIME_PARAM));
if (timeString == null) {
return null;
}
try {
long time = Long.parseLong(timeString);
if (time < 0) {
throw new MessageDecodingException(
"Shibboleth Authentication Request contained a negative time value");
}
return time * 1000;
} catch (NumberFormatException e) {
throw new MessageDecodingException(
"Shibboleth Authentication Request contained a non-numeric time value");
}
}
/** {@inheritDoc} */
@Override
protected void addSAMLDecoders(
@Nonnull final Element config,
@Nonnull final ParserContext parserContext,
@Nonnull final BeanDefinitionBuilder builder) {
BeanDefinitionBuilder subBuilder =
BeanDefinitionBuilder.genericBeanDefinition(TransformingNameIDDecoder.class);
subBuilder.setInitMethodName("initialize");
subBuilder.setDestroyMethodName("destroy");
final String id = StringSupport.trimOrNull(config.getAttributeNS(null, "id"));
subBuilder.addPropertyValue("id", id);
builder.addConstructorArgValue(subBuilder.getBeanDefinition());
subBuilder =
BeanDefinitionBuilder.genericBeanDefinition(TransformingNameIdentifierDecoder.class);
subBuilder.setInitMethodName("initialize");
subBuilder.setDestroyMethodName("destroy");
subBuilder.addPropertyValue("id", id);
builder.addConstructorArgValue(subBuilder.getBeanDefinition());
}
/**
* Set the required content type.
*
* @param contentType the content type
*/
public void setRequiredContentType(String contentType) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
requiredContentType = contentType;
requiredRequestMethod = StringSupport.trimOrNull(contentType);
}
/**
* Gets the opaque relay state sent by the service provider.
*
* @param request current HTTP request
* @return the relay state, or null if the service provider did not send one
*/
@Nullable
protected String getTarget(@Nonnull final HttpServletRequest request) {
return StringSupport.trimOrNull(request.getParameter(TARGET_PARAM));
}
// Checkstyle: CyclomaticComplexity OFF
@Override
protected void doNativeParse(
Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
super.doNativeParse(element, parserContext, builder);
if (element.hasAttributeNS(null, "cacheDuration")) {
log.error(
"{}: cacheDuration is not supported",
parserContext.getReaderContext().getResource().getDescription());
throw new BeanDefinitionParsingException(
new Problem(
"cacheDuration is not supported",
new Location(parserContext.getReaderContext().getResource())));
}
if (element.hasAttributeNS(null, "maintainExpiredMetadata")) {
log.error(
"{}: maintainExpiredMetadata is not supported",
parserContext.getReaderContext().getResource().getDescription());
throw new BeanDefinitionParsingException(
new Problem(
"maintainExpiredMetadata is not supported",
new Location(parserContext.getReaderContext().getResource())));
}
boolean haveTLSTrustEngine = false;
if (element.hasAttributeNS(null, "tlsTrustEngineRef")) {
builder.addPropertyReference(
"tLSTrustEngine",
StringSupport.trimOrNull(element.getAttributeNS(null, "tlsTrustEngineRef")));
haveTLSTrustEngine = true;
} else {
BeanDefinition tlsTrustEngine = parseTLSTrustEngine(element, parserContext);
if (tlsTrustEngine != null) {
builder.addPropertyValue("tLSTrustEngine", tlsTrustEngine);
haveTLSTrustEngine = true;
}
}
if (element.hasAttributeNS(null, "httpClientRef")) {
builder.addConstructorArgReference(
StringSupport.trimOrNull(element.getAttributeNS(null, "httpClientRef")));
if (element.hasAttributeNS(null, "requestTimeout")
|| element.hasAttributeNS(null, "disregardSslCertificate")
|| element.hasAttributeNS(null, "disregardTLSCertificate")
|| element.hasAttributeNS(null, "proxyHost")
|| element.hasAttributeNS(null, "proxyPort")
|| element.hasAttributeNS(null, "proxyUser")
|| element.hasAttributeNS(null, "proxyPassword")) {
log.warn(
"httpClientRef overrides settings for requestTimeout, disregardSslCertificate, "
+ "disregardTLSCertificate, proxyHost, proxyPort, proxyUser and proxyPassword");
}
} else {
builder.addConstructorArgValue(buildHttpClient(element, parserContext, haveTLSTrustEngine));
}
builder.addConstructorArgValue(
StringSupport.trimOrNull(element.getAttributeNS(null, METADATA_URL)));
if (element.hasAttributeNS(null, BASIC_AUTH_USER)
|| element.hasAttributeNS(null, BASIC_AUTH_PASSWORD)) {
builder.addPropertyValue("basicCredentials", buildBasicCredentials(element));
}
}
// Checkstyle: CyclomaticComplexity OFF
// Checkstyle: MethodLength OFF
private BeanDefinition buildHttpClient(
Element element, ParserContext parserContext, boolean haveTLSTrustEngine) {
String caching = DEFAULT_CACHING;
if (element.hasAttributeNS(null, "httpCaching")) {
caching = StringSupport.trimOrNull(element.getAttributeNS(null, "httpCaching"));
}
BeanDefinitionBuilder clientBuilder = null;
switch (caching) {
case "none":
clientBuilder = BeanDefinitionBuilder.genericBeanDefinition(HttpClientFactoryBean.class);
break;
case "file":
clientBuilder =
BeanDefinitionBuilder.genericBeanDefinition(FileCachingHttpClientFactoryBean.class);
if (element.hasAttributeNS(null, "httpCacheDirectory")) {
clientBuilder.addPropertyValue(
"cacheDirectory",
StringSupport.trimOrNull(element.getAttributeNS(null, "httpCacheDirectory")));
}
if (element.hasAttributeNS(null, "httpMaxCacheEntries")) {
clientBuilder.addPropertyValue(
"maxCacheEntries",
StringSupport.trimOrNull(element.getAttributeNS(null, "httpMaxCacheEntries")));
}
if (element.hasAttributeNS(null, "httpMaxCacheEntrySize")) {
clientBuilder.addPropertyValue(
"maxCacheEntrySize",
StringSupport.trimOrNull(element.getAttributeNS(null, "httpMaxCacheEntrySize")));
}
break;
case "memory":
clientBuilder =
BeanDefinitionBuilder.genericBeanDefinition(InMemoryCachingHttpClientFactoryBean.class);
if (element.hasAttributeNS(null, "httpMaxCacheEntries")) {
clientBuilder.addPropertyValue(
"maxCacheEntries",
StringSupport.trimOrNull(element.getAttributeNS(null, "httpMaxCacheEntries")));
}
if (element.hasAttributeNS(null, "httpMaxCacheEntrySize")) {
clientBuilder.addPropertyValue(
"maxCacheEntrySize",
StringSupport.trimOrNull(element.getAttributeNS(null, "httpMaxCacheEntrySize")));
}
break;
default:
throw new BeanDefinitionParsingException(
new Problem(
String.format("Caching value '%s' is unsupported", caching),
new Location(parserContext.getReaderContext().getResource())));
}
clientBuilder.setLazyInit(true);
if (element.hasAttributeNS(null, "requestTimeout")) {
clientBuilder.addPropertyValue(
"connectionTimeout",
StringSupport.trimOrNull(element.getAttributeNS(null, "requestTimeout")));
}
if (haveTLSTrustEngine) {
clientBuilder.addPropertyValue(
"tLSSocketFactory",
new SecurityEnhancedTLSSocketFactory(
HttpClientSupport.buildNoTrustTLSSocketFactory(), new StrictHostnameVerifier()));
}
if (element.hasAttributeNS(null, "disregardTLSCertificate")) {
clientBuilder.addPropertyValue(
"connectionDisregardTLSCertificate",
StringSupport.trimOrNull(element.getAttributeNS(null, "disregardTLSCertificate")));
} else if (element.hasAttributeNS(null, "disregardSslCertificate")) {
log.warn("disregardSslCertificate is deprecated, please switch to disregardTLSCertificate");
clientBuilder.addPropertyValue(
"connectionDisregardTLSCertificate",
StringSupport.trimOrNull(element.getAttributeNS(null, "disregardSslCertificate")));
}
if (element.hasAttributeNS(null, "proxyHost")) {
clientBuilder.addPropertyValue(
"connectionProxyHost",
StringSupport.trimOrNull(element.getAttributeNS(null, "proxyHost")));
}
if (element.hasAttributeNS(null, "proxyPort")) {
clientBuilder.addPropertyValue(
"connectionProxyPort",
StringSupport.trimOrNull(element.getAttributeNS(null, "proxyPort")));
}
if (element.hasAttributeNS(null, "proxyUser")) {
clientBuilder.addPropertyValue(
"connectionProxyUsername",
StringSupport.trimOrNull(element.getAttributeNS(null, "proxyUser")));
}
if (element.hasAttributeNS(null, "proxyPassword")) {
clientBuilder.addPropertyValue(
"connectionProxyPassword", element.getAttributeNS(null, "proxyPassword"));
}
return clientBuilder.getBeanDefinition();
}
/** {@inheritDoc} */
@Override
protected void doV2Parse(
@Nonnull final Element config,
@Nonnull final ParserContext parserContext,
@Nonnull final BeanDefinitionBuilder builder) {
log.debug("{} Parsing v2 configuration {}", getLogPrefix(), config);
final String targetResolvingStrategy =
AttributeSupport.getAttributeValue(config, new QName("targetDeterminationStrategy"));
Constraint.isNotNull(
StringSupport.trimOrNull(targetResolvingStrategy),
"The targetDeterminationStrategy can not be null or empty, please adjust entityID from the AQ DataConnector");
if (targetResolvingStrategy.equals("mysql")) {
// Constructor is MySQLTargetResolvingStrategy(String url, String username, String password),
// adding arguments in this order:
final BeanDefinitionBuilder mysqlTargetResolvingStrategy =
BeanDefinitionBuilder.genericBeanDefinition(MySQLTargetDeterminationStrategy.class);
final String dbURL = AttributeSupport.getAttributeValue(config, new QName("dbURL"));
Constraint.isNotNull(
StringSupport.trimOrNull(dbURL),
"The dbURL attribute is required if the targetResolvingStrategy is mysql, please adjust entityID from the AQ DataConnector");
mysqlTargetResolvingStrategy.addConstructorArgValue(dbURL);
final String dbUsername = AttributeSupport.getAttributeValue(config, new QName("dbUsername"));
Constraint.isNotNull(
StringSupport.trimOrNull(dbUsername),
"The dbUsername attribute is required if the targetResolvingStrategy is mysql, please adjust entityID from the AQ DataConnector");
mysqlTargetResolvingStrategy.addConstructorArgValue(dbUsername);
final String dbPassword = AttributeSupport.getAttributeValue(config, new QName("dbPassword"));
Constraint.isNotNull(
StringSupport.trimOrNull(dbPassword),
"The dbPassword attribute is required if the targetResolvingStrategy is mysql, please adjust entityID from the AQ DataConnector");
mysqlTargetResolvingStrategy.addConstructorArgValue(dbPassword);
builder.addPropertyValue(
"targetResolvingStrategy", mysqlTargetResolvingStrategy.getBeanDefinition());
} else if (targetResolvingStrategy.equals("ldap")) {
final BeanDefinitionBuilder ldapTargetResolvingStrategy =
BeanDefinitionBuilder.genericBeanDefinition(LDAPTargetDeterminationStrategy.class);
final String sourceAttributeID =
AttributeSupport.getAttributeValue(config, new QName("sourceAttributeID"));
Constraint.isNotNull(
StringSupport.trimOrNull(sourceAttributeID),
"The sourceAttributeID attribute is required if the targetResolvingStrategy is ldap, please adjust entityID from the AQ DataConnector");
ldapTargetResolvingStrategy.addConstructorArgValue(sourceAttributeID);
final List<Element> dependencyElements =
ElementSupport.getChildElements(config, ResolverPluginDependencyParser.ELEMENT_NAME);
ldapTargetResolvingStrategy.addPropertyValue(
"dependencies", SpringSupport.parseCustomElements(dependencyElements, parserContext));
final String connectorID = AttributeSupport.getAttributeValue(config, new QName("id"));
Constraint.isNotNull(
StringSupport.trimOrNull(sourceAttributeID),
"The connectorID can not be empty, please adjust it for the AQ DataConnector");
ldapTargetResolvingStrategy.addConstructorArgValue(connectorID);
builder.addPropertyValue(
"targetResolvingStrategy", ldapTargetResolvingStrategy.getBeanDefinition());
} else {
log.error(
"{} Unsupported targetResolvingStrategy: {}. Change it to mysql or ldap! ",
getLogPrefix(),
targetResolvingStrategy);
}
final BeanDefinitionBuilder attributeQueryBuilder =
BeanDefinitionBuilder.genericBeanDefinition(AttributeQueryBuilder.class);
// Parse value of the entityID attribute
final String issuer = AttributeSupport.getAttributeValue(config, new QName("entityID"));
Constraint.isNotNull(
StringSupport.trimOrNull(issuer),
"The entityID of the Issuer can not be empty, please adjust entityID from the AQ DataConnector");
attributeQueryBuilder.addConstructorArgValue(issuer);
// parsing of the defined AQAttributes for the attribute query
final List<Element> children = ElementSupport.getChildElements(config, ATTRIBUTE_ELEMENT_NAME);
final List<BeanDefinition> attributes = new ManagedList<>(children.size());
for (final Element child : children) {
final String name = AttributeSupport.getAttributeValue(child, new QName("name"));
final String friendlyName =
AttributeSupport.getAttributeValue(child, new QName("friendlyName"));
final BeanDefinitionBuilder attribute =
BeanDefinitionBuilder.genericBeanDefinition(AQAttribute.class);
attribute.addConstructorArgValue(name);
attribute.addConstructorArgValue(friendlyName);
log.debug(
"{} Added one AQAttribute to the resolving List. Friendly Name {}, Name {}",
getLogPrefix(),
friendlyName,
name);
attributes.add(attribute.getBeanDefinition());
}
attributeQueryBuilder.addConstructorArgValue(attributes);
builder.addPropertyValue("attributeQueryBuilder", attributeQueryBuilder.getBeanDefinition());
final BeanDefinitionBuilder keyManager =
BeanDefinitionBuilder.genericBeanDefinition(AttributeQueryKeyManager.class);
// parse the keyLocaton attribute from the AQ DataCOnnector
final String keyLocation = AttributeSupport.getAttributeValue(config, new QName("keyLocation"));
Constraint.isNotNull(
StringSupport.trimOrNull(keyLocation),
"Key location can not be empty, please adjust keyLocation from the AQ DataConnector");
// parse the certLocaton attribute from the AQ DataCOnnector
final String certLocation =
AttributeSupport.getAttributeValue(config, new QName("certLocation"));
Constraint.isNotNull(
StringSupport.trimOrNull(certLocation),
"Certificate location can not be empty, please adjust certLocation from the AQ DataConnector");
keyManager.addConstructorArgValue(getPrivateKey(keyLocation));
keyManager.addConstructorArgValue(getCertificate(certLocation));
builder.addPropertyValue("attributeQueryKeyManager", keyManager.getBeanDefinition());
// if the asertionSigned attribute is true, set the value to true
final String signatureRequired =
AttributeSupport.getAttributeValue(config, new QName("assertionSigned"));
if (signatureRequired != null && signatureRequired.equals("true")) {
builder.addPropertyValue("signatureRequired", Boolean.TRUE);
}
// if the requestedAttributesRequired attribute is true, set the value to true
final String requireMetadataAttributes =
AttributeSupport.getAttributeValue(config, new QName("requestedAttributesRequired"));
if (requireMetadataAttributes != null && requireMetadataAttributes.equals("true")) {
builder.addPropertyValue("requireMetadataAttributes", Boolean.TRUE);
}
builder.setInitMethodName("initialize");
builder.setDestroyMethodName("destroy");
}
/**
* Constructor.
*
* @param entityId the entity ID, can not be null or empty
*/
public EntityIdCriterion(@Nonnull @NotEmpty final String entityId) {
id =
Constraint.isNotNull(
StringSupport.trimOrNull(entityId), "Entity ID cannot be null or empty");
}
/*
* Constructor
*/
public MobileUserPrincipal(@Nonnull @NotEmpty final String mobile) {
this.mobileNumber =
Constraint.isNotNull(
StringSupport.trimOrNull(mobile), "MobileNumber cannot be null or empty");
}
/**
* Set the required request method.
*
* @param requestMethod the required request method
*/
public void setRequiredRequestMethod(String requestMethod) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
requiredRequestMethod = StringSupport.trimOrNull(requestMethod);
}
/**
* Gets the assertion consumer service URL for the service provider.
*
* @param request current HTTP request
* @return the assertion consumer service URL, may be null if none is given in the request
*/
@Nullable
protected String getAcsUrl(@Nonnull final HttpServletRequest request) {
return StringSupport.trimOrNull(request.getParameter(SHIRE_PARAM));
}