net.shibboleth.idp.saml.saml2.profile.impl

Class ProcessLogoutRequest

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>

org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.saml.saml2.profile.impl.ProcessLogoutRequest

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action

public class ProcessLogoutRequest
extends AbstractProfileAction

Profile action that processes a LogoutRequest by resolving matching sessions, and destroys them, populating the associated SPSession objects (excepting the one initiating the logout) into a LogoutContext.

A SubjectContext is also populated. If and only if a single IdPSession is resolved, a SessionContext is also populated.

Each SPSession is also assigned a unique number and inserted into the map returned by LogoutContext.getKeyedSessionMap().

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, EventIds.INVALID_MESSAGE, EventIds.IO_ERROR, SAMLEventIds.SESSION_NOT_FOUND

Postcondition:

The matching session(s) are destroyed., If a IdPSession was found, then a SubjectContext and LogoutContext will be populated., If a single IdPSession was found, then a SessionContext will be populated.

Field Summary

Fields

Modifier and Type	Field and Description
private String	assertingParty Cached lookup of assertingParty name.
private com.google.common.base.Function<ProfileRequestContext,String>	assertingPartyLookupStrategy Optional lookup function for obtaining default NameQualifier.
private org.slf4j.Logger	log Class logger.
private com.google.common.base.Function<ProfileRequestContext,net.shibboleth.idp.session.context.LogoutContext>	logoutContextCreationStrategy Creation/lookup function for LogoutContext.
private LogoutRequest	logoutRequest LogoutRequest to process.
private com.google.common.base.Function<ProfileRequestContext,LogoutRequest>	logoutRequestLookupStrategy Lookup strategy for LogoutRequest to process.
private Set<String>	qualifiedNameIDFormats NameID Formats allowing defaulted qualifiers.
private com.google.common.base.Function<ProfileRequestContext,Collection<String>>	qualifiedNameIDFormatsLookupStrategy Lookup strategy for obtaining qualifier-defaultable NameID Formats.
private String	relyingParty Cached lookup of relyingParty name.
private com.google.common.base.Function<ProfileRequestContext,String>	relyingPartyLookupStrategy Optional lookup function for obtaining default SPNameQualifier.
private com.google.common.base.Function<ProfileRequestContext,net.shibboleth.idp.session.context.SessionContext>	sessionContextCreationStrategy Creation/lookup function for SessionContext.
private net.shibboleth.idp.session.SessionManager	sessionManager Session manager.
private net.shibboleth.idp.session.SessionResolver	sessionResolver Session resolver.
private com.google.common.base.Function<ProfileRequestContext,CriteriaSet>	sessionResolverCriteriaStrategy Function to return CriteriaSet to give to session resolver.
private com.google.common.base.Function<ProfileRequestContext,SubjectContext>	subjectContextCreationStrategy Creation/lookup function for SubjectContext.

Constructor Summary

Constructors

Constructor and Description
ProcessLogoutRequest() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
private boolean	sessionMatches(ProfileRequestContext profileRequestContext, net.shibboleth.idp.session.IdPSession session) Check if the session contains a SAML2SPSession with the appropriate service ID and SessionIndex.
private boolean	sessionMatches(ProfileRequestContext profileRequestContext, net.shibboleth.idp.session.SPSession session) Check if the SPSession has the appropriate service ID and SessionIndex.
void	setAssertingPartyLookupStrategy(com.google.common.base.Function<ProfileRequestContext,String> strategy) Set the lookup strategy to obtain the default IdP NameQualifier.
void	setLogoutContextCreationStrategy(com.google.common.base.Function<ProfileRequestContext,net.shibboleth.idp.session.context.LogoutContext> strategy) Set the creation/lookup strategy for the LogoutContext to populate.
void	setLogoutRequestLookupStrategy(com.google.common.base.Function<ProfileRequestContext,LogoutRequest> strategy) Set the lookup strategy for the LogoutRequest to process.
void	setQualifiedNameIDFormatsLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy) Set the lookup strategy for the NameID Formats to allow defaulted qualifiers.
void	setRelyingPartyLookupStrategy(com.google.common.base.Function<ProfileRequestContext,String> strategy) Set the lookup strategy to obtain the default SPNameQualifier.
void	setSessionContextCreationStrategy(com.google.common.base.Function<ProfileRequestContext,net.shibboleth.idp.session.context.SessionContext> strategy) Set the creation/lookup strategy for the SessionContext to populate.
void	setSessionManager(net.shibboleth.idp.session.SessionManager manager) Set the SessionManager to use.
void	setSessionResolver(net.shibboleth.idp.session.SessionResolver resolver) Set the SessionResolver to use.
void	setSessionResolverCriteriaStrategy(com.google.common.base.Function<ProfileRequestContext,CriteriaSet> strategy) Set the strategy for building the CriteriaSet to feed into the SessionResolver.
void	setSubjectContextCreationStrategy(com.google.common.base.Function<ProfileRequestContext,SubjectContext> strategy) Set the creation/lookup strategy for the SubjectContext to populate.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

sessionResolver

@NonnullAfterInit
private net.shibboleth.idp.session.SessionResolver sessionResolver

Session resolver.

sessionManager

@NonnullAfterInit
private net.shibboleth.idp.session.SessionManager sessionManager

Session manager.

subjectContextCreationStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,SubjectContext> subjectContextCreationStrategy

Creation/lookup function for SubjectContext.

sessionContextCreationStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,net.shibboleth.idp.session.context.SessionContext> sessionContextCreationStrategy

Creation/lookup function for SessionContext.

logoutContextCreationStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,net.shibboleth.idp.session.context.LogoutContext> logoutContextCreationStrategy

Creation/lookup function for LogoutContext.

sessionResolverCriteriaStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,CriteriaSet> sessionResolverCriteriaStrategy

Function to return CriteriaSet to give to session resolver.

logoutRequestLookupStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,LogoutRequest> logoutRequestLookupStrategy

Lookup strategy for LogoutRequest to process.

qualifiedNameIDFormatsLookupStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,Collection<String>> qualifiedNameIDFormatsLookupStrategy

Lookup strategy for obtaining qualifier-defaultable NameID Formats.

assertingPartyLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,String> assertingPartyLookupStrategy

Optional lookup function for obtaining default NameQualifier.

relyingPartyLookupStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,String> relyingPartyLookupStrategy

Optional lookup function for obtaining default SPNameQualifier.

logoutRequest

@Nullable
private LogoutRequest logoutRequest

LogoutRequest to process.

qualifiedNameIDFormats

@Nonnull
private Set<String> qualifiedNameIDFormats

NameID Formats allowing defaulted qualifiers.

assertingParty

@Nullable
private String assertingParty

Cached lookup of assertingParty name.

relyingParty

@Nullable
private String relyingParty

Cached lookup of relyingParty name.

Constructor Detail

ProcessLogoutRequest

public ProcessLogoutRequest()

Constructor.

Method Detail

setSessionResolver

public void setSessionResolver(@Nonnull
                      net.shibboleth.idp.session.SessionResolver resolver)

Set the SessionResolver to use.

Parameters:

resolver - session resolver to use

setSessionManager

public void setSessionManager(@Nonnull
                     net.shibboleth.idp.session.SessionManager manager)

Set the SessionManager to use.

Parameters:

manager - session manager to use

setSubjectContextCreationStrategy

public void setSubjectContextCreationStrategy(@Nonnull
                                     com.google.common.base.Function<ProfileRequestContext,SubjectContext> strategy)

Set the creation/lookup strategy for the SubjectContext to populate.

Parameters:

strategy - creation/lookup strategy

setSessionContextCreationStrategy

public void setSessionContextCreationStrategy(@Nonnull
                                     com.google.common.base.Function<ProfileRequestContext,net.shibboleth.idp.session.context.SessionContext> strategy)

Set the creation/lookup strategy for the SessionContext to populate.

Parameters:

strategy - creation/lookup strategy

setLogoutContextCreationStrategy

public void setLogoutContextCreationStrategy(@Nonnull
                                    com.google.common.base.Function<ProfileRequestContext,net.shibboleth.idp.session.context.LogoutContext> strategy)

Set the creation/lookup strategy for the LogoutContext to populate.

Parameters:

strategy - creation/lookup strategy

setSessionResolverCriteriaStrategy

public void setSessionResolverCriteriaStrategy(@Nonnull
                                      com.google.common.base.Function<ProfileRequestContext,CriteriaSet> strategy)

Set the strategy for building the CriteriaSet to feed into the SessionResolver.

Parameters:

strategy - building strategy

setLogoutRequestLookupStrategy

public void setLogoutRequestLookupStrategy(@Nonnull
                                  com.google.common.base.Function<ProfileRequestContext,LogoutRequest> strategy)

Set the lookup strategy for the LogoutRequest to process.

Parameters:

strategy - lookup strategy

setQualifiedNameIDFormatsLookupStrategy

public void setQualifiedNameIDFormatsLookupStrategy(@Nonnull
                                           com.google.common.base.Function<ProfileRequestContext,Collection<String>> strategy)

Set the lookup strategy for the NameID Formats to allow defaulted qualifiers.

Parameters:

strategy - lookup strategy

Since:

3.4.0

setAssertingPartyLookupStrategy

public void setAssertingPartyLookupStrategy(@Nullable
                                   com.google.common.base.Function<ProfileRequestContext,String> strategy)

Set the lookup strategy to obtain the default IdP NameQualifier.

Parameters:

strategy - lookup strategy

Since:

3.4.0

setRelyingPartyLookupStrategy

public void setRelyingPartyLookupStrategy(@Nullable
                                 com.google.common.base.Function<ProfileRequestContext,String> strategy)

Set the lookup strategy to obtain the default SPNameQualifier.

Parameters:

strategy - lookup strategy

Since:

3.4.0

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                   ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
             ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction

sessionMatches

private boolean sessionMatches(@Nonnull
                     ProfileRequestContext profileRequestContext,
                     @Nonnull
                     net.shibboleth.idp.session.IdPSession session)

Check if the session contains a SAML2SPSession with the appropriate service ID and SessionIndex.

Parameters:

profileRequestContext - current profile request context

session - IdPSession to check

Returns:

true iff the set of SPSessions includes one applicable to the logout request

sessionMatches

private boolean sessionMatches(@Nonnull
                     ProfileRequestContext profileRequestContext,
                     @Nonnull
                     net.shibboleth.idp.session.SPSession session)

Check if the SPSession has the appropriate service ID and SessionIndex.

Parameters:

profileRequestContext - current profile request context

session - SPSession to check

Returns:

true iff the SPSession directly matches the logout request