The predicate bean named shibboleth.Conditions.SubjectName is another example of an "adapter" and allows a bean of type Predicate<String> to be applied in any situation that would normally expect a Predicate<ProfileRequestContext> and supplies as input the name of the authenticated subject associated with a request (if any).
...
It is an abstract parent bean, so has to be appropriately constructed, and there are a couple of different ways:
With an argument named
pred, which is an actual Predicate<String> to runWith an argument named
collection, of type Collection<String>, which auto-constructs a condition that checks for the input value in the supplied collection.
The second form is the most common, and is a simple way to implement access control conditions based on short lists of users.
...
| Code Block |
|---|
<bean id="CheckForUser" parent="shibboleth.Conditions.SubjectName" c:collection="#{{'jdoe', 'bsmith'}}"/> |