Package net.shibboleth.idp.plugin.oidc.op.profile.impl

Class ValidateRegistrationAccessToken

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction<com.nimbusds.openid.connect.sdk.rp.OIDCClientRegistrationRequest>

net.shibboleth.idp.plugin.oidc.op.profile.impl.ValidateRegistrationAccessToken

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class ValidateRegistrationAccessToken
extends AbstractOIDCRequestAction<com.nimbusds.openid.connect.sdk.rp.OIDCClientRegistrationRequest>

Action that validates registration access token is a valid one. Token is valid if it is successfully unwrapped, parsed as access token, is not expired, has not been revoked and contains relying party identifier. Validated token is stored to under incoming message context OIDCClientRegistrationTokenClaimsContext.getClaimsSet().

Field Summary

Fields

Modifier and Type	Field	Description
private String	accessToken	The registration access token to be validated.
private DataSealer	dataSealer	Data sealer for unwrapping authorization code.
private org.slf4j.Logger	log	Class logger.
private com.fasterxml.jackson.databind.ObjectMapper	objectMapper	JSON object mapper.
private Function<ProfileRequestContext,OIDCClientRegistrationTokenClaimsContext>	registrationClaimsContextCreationStrategy	Strategy to create or return a OIDCClientRegistrationTokenClaimsContext.
private net.shibboleth.idp.profile.context.RelyingPartyContext	relyingPartyContext	The relying party context to operate on.
private Function<ProfileRequestContext,net.shibboleth.idp.profile.context.RelyingPartyContext>	relyingPartyContextLookupStrategy	Strategy that will return a RelyingPartyContext.
private RevocationCache	revocationCache	Message revocation cache instance to use.

Constructor Summary

Constructors

Constructor	Description
ValidateRegistrationAccessToken()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
void	setObjectMapper(com.fasterxml.jackson.databind.ObjectMapper mapper)	Set the JSON ObjectMapper.
void	setRegistrationClaimsContextCreationStrategy(Function<ProfileRequestContext,OIDCClientRegistrationTokenClaimsContext> strategy)	Set the strategy used to create or return the OIDCClientRegistrationTokenClaimsContext.
void	setRelyingPartyContextLookupStrategy(Function<ProfileRequestContext,net.shibboleth.idp.profile.context.RelyingPartyContext> strategy)	Set the strategy used to return the RelyingPartyContext.
void	setRevocationCache(RevocationCache cache)	Set the revocation cache instance to use.
void	setSealer(DataSealer sealer)	Set the data sealer for handling access token.

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction

getRequest

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private org.slf4j.Logger log

Class logger.

relyingPartyContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,net.shibboleth.idp.profile.context.RelyingPartyContext> relyingPartyContextLookupStrategy

Strategy that will return a RelyingPartyContext.

registrationClaimsContextCreationStrategy

@Nonnull
private Function<ProfileRequestContext,OIDCClientRegistrationTokenClaimsContext> registrationClaimsContextCreationStrategy

Strategy to create or return a OIDCClientRegistrationTokenClaimsContext.

dataSealer

@NonnullAfterInit
private DataSealer dataSealer

Data sealer for unwrapping authorization code.

revocationCache

@NonnullAfterInit
private RevocationCache revocationCache

Message revocation cache instance to use.

objectMapper

@NonnullAfterInit
private com.fasterxml.jackson.databind.ObjectMapper objectMapper

JSON object mapper.

relyingPartyContext

@Nullable
private net.shibboleth.idp.profile.context.RelyingPartyContext relyingPartyContext

The relying party context to operate on.

accessToken

@Nullable
@NotEmpty
private String accessToken

The registration access token to be validated.

Constructor Detail

ValidateRegistrationAccessToken

public ValidateRegistrationAccessToken()

Constructor.

Method Detail

setRelyingPartyContextLookupStrategy

public void setRelyingPartyContextLookupStrategy(@Nonnull
                                                 Function<ProfileRequestContext,net.shibboleth.idp.profile.context.RelyingPartyContext> strategy)

Set the strategy used to return the RelyingPartyContext.

Parameters:

strategy - lookup strategy

setRegistrationClaimsContextCreationStrategy

public void setRegistrationClaimsContextCreationStrategy(@Nonnull
                                                         Function<ProfileRequestContext,OIDCClientRegistrationTokenClaimsContext> strategy)

Set the strategy used to create or return the OIDCClientRegistrationTokenClaimsContext.

Parameters:

strategy - creation strategy

setSealer

public void setSealer(@Nonnull
                      DataSealer sealer)

Set the data sealer for handling access token.

Parameters:

sealer - data sealer.

setObjectMapper

public void setObjectMapper(@Nonnull
                            com.fasterxml.jackson.databind.ObjectMapper mapper)

Set the JSON ObjectMapper.

Parameters:

mapper - object mapper

setRevocationCache

public void setRevocationCache(@Nonnull
                               RevocationCache cache)

Set the revocation cache instance to use.

Parameters:

cache - The revocationCache to set.

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractOIDCRequestAction<com.nimbusds.openid.connect.sdk.rp.OIDCClientRegistrationRequest>

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction