java.lang.Object
se.swedenconnect.opensaml.saml2.metadata.scope.ScopeUtils

public class ScopeUtils extends Object
Utility methods for validating a scoped attribute against a shibmd:Scope element.
Author:
Martin Lindström (martin@idsec.se)
  • Method Summary

    Modifier and Type
    Method
    Description
    static String
    getScopedDomain(String attributeValue)
    Gets the domain part (value@domain) from a scoped attribute value.
    static List<org.opensaml.core.xml.XMLObject>
    getScopeExtensions(org.opensaml.saml.saml2.metadata.EntityDescriptor entityDescriptor)
    Given an (IdP) EntityDescriptor, the method finds all shibmd:Scope elements.
    static boolean
    isAuthorized(org.opensaml.saml.saml2.core.Attribute scopedAttribute, List<org.opensaml.core.xml.XMLObject> scopes)
    Predicate that tells if a scoped attribute is "authorized", i.e., if its scope is listed in the supplied list of shibmd:Scope elements (gotten from the IdP metadata).
    static boolean
    isMatch(org.opensaml.core.xml.XMLObject scope, String attributeValue)
    Given a shibmd:Scope element, the method tests whether the value of the (scoped) attribute matches the scope.
    static boolean
    isMatch(org.opensaml.core.xml.XMLObject scope, org.opensaml.saml.saml2.core.Attribute attribute)
    Given a shibmd:Scope element, the method tests whether the value of the (scoped) attribute matches the scope.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Method Details

    • getScopeExtensions

      public static List<org.opensaml.core.xml.XMLObject> getScopeExtensions(org.opensaml.saml.saml2.metadata.EntityDescriptor entityDescriptor)
      Given an (IdP) EntityDescriptor, the method finds all shibmd:Scope elements.
      Parameters:
      entityDescriptor - the metadata object
      Returns:
      a (possible empty) list of shibmd:Scope elements
    • isAuthorized

      public static boolean isAuthorized(org.opensaml.saml.saml2.core.Attribute scopedAttribute, List<org.opensaml.core.xml.XMLObject> scopes)
      Predicate that tells if a scoped attribute is "authorized", i.e., if its scope is listed in the supplied list of shibmd:Scope elements (gotten from the IdP metadata).

      If an attribute that is not "scoped" (value@scope) the method returns false.

      Parameters:
      scopedAttribute - the attribute to test
      scopes - the shibmd:Scope elements
      Returns:
      true if the attribute scope is listed among the Scope extensions and false otherwise
    • isMatch

      public static boolean isMatch(org.opensaml.core.xml.XMLObject scope, org.opensaml.saml.saml2.core.Attribute attribute)
      Given a shibmd:Scope element, the method tests whether the value of the (scoped) attribute matches the scope.

      If the attribute contains multiple values, all must match the scope.

      Parameters:
      scope - the Scope element
      attribute - the attribute
      Returns:
      true if there is a match and false otherwise
    • isMatch

      public static boolean isMatch(org.opensaml.core.xml.XMLObject scope, String attributeValue)
      Given a shibmd:Scope element, the method tests whether the value of the (scoped) attribute matches the scope.
      Parameters:
      scope - the Scope element
      attributeValue - the full attribute value
      Returns:
      true if there is a match and false otherwise
    • getScopedDomain

      public static String getScopedDomain(String attributeValue)
      Gets the domain part (value@domain) from a scoped attribute value.
      Parameters:
      attributeValue - the attribute value
      Returns:
      the domain part, or null