Interface ClaimSource
-
- All Superinterfaces:
Serializable
public interface ClaimSource extends Serializable
This is charged with modelling the source for sets of claims. Note that the contract of the standard implementation is to have a no argument constructor that has a JSON object injected as the configuration.Created by Jeff Gaynor
on 8/17/15 at 2:28 PM
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
fromQDL(org.qdl_lang.variables.QDLStem stem)
Collection<String>
getClaims()
in order to support server discovery, every plugin must enumerate whatever claims it may serve.ClaimSourceConfiguration
getConfiguration()
edu.uiuc.ncsa.security.util.functor.parser.FunctorScript
getPostProcessor()
See comment ingetPreProcessor()
.edu.uiuc.ncsa.security.util.functor.parser.FunctorScript
getPreProcessor()
This is the preprocessor after it has run.Collection<String>
getScopes()
A list of scopes that this source supports.boolean
hasConfiguration()
boolean
isEnabled()
boolean
isRunOnlyAtAuthorization()
Whether to run this during the authorization phase or not.net.sf.json.JSONObject
process(net.sf.json.JSONObject claims, javax.servlet.http.HttpServletRequest request, ServiceTransaction transaction)
net.sf.json.JSONObject
process(net.sf.json.JSONObject claims, ServiceTransaction transaction)
AUserInfo
object and the current service transaction are supplied.void
setConfiguration(ClaimSourceConfiguration configuration)
This passes in aJSONObject
that is in turn used to configure the source.void
setScopes(Collection<String> scopes)
Set the scopes for this source.org.qdl_lang.variables.QDLStem
toQDL()
-
-
-
Method Detail
-
setConfiguration
void setConfiguration(ClaimSourceConfiguration configuration)
This passes in aJSONObject
that is in turn used to configure the source. It is up to the implementaton to make sense of this.- Parameters:
configuration
-
-
getConfiguration
ClaimSourceConfiguration getConfiguration()
-
hasConfiguration
boolean hasConfiguration()
-
process
net.sf.json.JSONObject process(net.sf.json.JSONObject claims, ServiceTransaction transaction) throws UnsupportedScopeException
AUserInfo
object and the current service transaction are supplied. The contract is that this handler will receive a claims object with standard information in place for the request, but may then populate a claims object and return it. It is up to the source to run the pre and post processors before actually invoking the claims.- Parameters:
claims
-transaction
-- Returns:
- Throws:
UnsupportedScopeException
-
process
net.sf.json.JSONObject process(net.sf.json.JSONObject claims, javax.servlet.http.HttpServletRequest request, ServiceTransaction transaction) throws UnsupportedScopeException
- Throws:
UnsupportedScopeException
-
setScopes
void setScopes(Collection<String> scopes)
Set the scopes for this source.- Parameters:
scopes
-
-
getScopes
Collection<String> getScopes()
A list of scopes that this source supports. Any scope that is not recognized by this source should be rejected.- Returns:
-
getClaims
Collection<String> getClaims()
in order to support server discovery, every plugin must enumerate whatever claims it may serve. This is not a guarantee that all of these claims will be delivered, just that they might be.- Returns:
-
isEnabled
boolean isEnabled()
-
isRunOnlyAtAuthorization
boolean isRunOnlyAtAuthorization()
Whether to run this during the authorization phase or not. That means it will either run in the authorization servlet or, if there is an external authorization application (e.g. Shibboleth) it will be invoked when the transaction has been created. Normally this is set true if there is some state (such as reading claims from HTTP headers) that will not exist after the authorization has happened. The other option (when this is false) is to be invoked immediately before the access token is issued. Note that if there are out of band operations (e.g. CILogon makes several calls to the backend database as it gets the user information together) then all of those should be done by the time the access token is issued.- Returns:
-
getPreProcessor
edu.uiuc.ncsa.security.util.functor.parser.FunctorScript getPreProcessor()
This is the preprocessor after it has run. It is not available until execution time since it has to be constructed on the fly from the current state of the claims.- Returns:
-
getPostProcessor
edu.uiuc.ncsa.security.util.functor.parser.FunctorScript getPostProcessor()
See comment ingetPreProcessor()
.- Returns:
-
fromQDL
void fromQDL(org.qdl_lang.variables.QDLStem stem)
-
toQDL
org.qdl_lang.variables.QDLStem toQDL()
-
-