The <ConditionScript>
element contains a script (or a reference to a script) that ultimately applies an implementation of Predicate<EntityDescriptor>
to a given entity descriptor.
...
The <ConditionScript>
element implicitly iterates over all entity descriptors in the metadata pipeline. For each entity descriptor, the parent <MetadataFilter>
element acts on the input entity descriptor if (and only if) the predicate evaluates to true. The action taken depends on the type of metadata filter.
The <ConditionScript>
may be a child of the following filters:
Schema
The <ConditionScript>
element is a configuration element of type ScriptType
. Both the element and its type are defined by the urn:mace:shibboleth:2.0:metadata
schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-metadata.xsd.
...
A script contained by a <ConditionScript>
element has access to an object called input
by convention. The actual input
argument is an instance of a class that implements the EntityDescriptor
interface.If the customObjectRef
attribute is present on the <ConditionScript>
element, the result of the referenced Spring bean is made available to the script via a second Additionally the script has access to an object called custom
. The type of the custom
object is determined by the Spring bean.
Examples
If This is the bean specified using the customObjectRef
attribute is not present on the <ConditionScript>
element, the script operates on a single input
argument. , if present, and null if not..
Examples
The following trivial implementation of Predicate<EntityDescriptor>
always returns false regardless of the input
argument:
Code Block | ||||
---|---|---|---|---|
| ||||
<ConditionScript> <Script> <![CDATA[ "use strict"; // A trivial implementation of Predicate<EntityDescriptor> // applied to the input argument // // The input argument is of type: // org.opensaml.saml.saml2.metadata.EntityDescriptor // (function (entity) { return false; }(input)) false; ]]> </Script> </ConditionScript> |
The formal parameter name is arbitrary. In the previous example, the parameter name entity
is used for clarity.
If the customObjectRef
attribute is present on the <ConditionScript>
element, the script operates on a pair of arguments custom
and input
. The following script implements a function that always returns the same trivial implementation of Predicate<EntityDescriptor>
regardless of the custom
argument. The resulting predicate is then applied to the input
argument, which always returns false.A more complex example might use the custom
object to help in the definition
Code Block | ||||
---|---|---|---|---|
| ||||
<ConditionScript customObjectRef="BeanID"> <Script> <![CDATA[ "use strict"; var someCondition // A trivial implementation of Function<T, Predicate<EntityDescriptor>>,= function(entityID) { // that is, a function that takes an argument of some unspecified type TGood stuff } // and returns an implementation ofvar Predicate<EntityDescriptor>.result; // TheCustomObjectRef latterpoints isto ultimatelya applied<util:map> towhere the inputkey object.is a string and the value is an 'interesting // bean' if (someCondition(input.getEntityID())) { // The type of the custom argument dependsresult on the application.= custom["myFirstBean"].someFunction(input); //} else { // The input argument is of type:result // org.opensaml.saml.saml2.metadata.EntityDescriptor= custom["mySecondBean"].someOtherFunction(input); // } (function (t) { return function (entity) { return false; }; }(custom))(input) result; ]]> </Script> </ConditionScript> |
...