Created
April 13, 2016 08:04
-
-
Save korteke/bb76d6885e1fb0f4a13f4be56e5a568c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <flow xmlns="http://www.springframework.org/schema/webflow" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd" | |
| parent="intercept.abstract"> | |
| <!-- Rudimentary impediment to direct execution of subflow. --> | |
| <input name="calledAsSubflow" type="boolean" required="true" /> | |
| <!-- Attribute consent setup. --> | |
| <on-start> | |
| <evaluate expression="AttributeConsentFlowDescriptorLookupStrategy.apply(opensamlProfileRequestContext)" | |
| result="flowScope.attributeReleaseFlowDescriptor" /> | |
| </on-start> | |
| <action-state id="AttributeConsentSetup"> | |
| <evaluate expression="InitializeConsentContext" /> | |
| <evaluate expression="InitializeAttributeConsentContext" /> | |
| <evaluate expression="PopulateAttributeConsentContext" /> | |
| <evaluate expression="PopulatePreConsentAuditContext" /> | |
| <evaluate expression="SetRPUIInformation" /> | |
| <evaluate expression="'proceed'" /> | |
| <transition on="proceed" to="TestForRevokeConsent" /> | |
| </action-state> | |
| <!-- If consent revocation was requested, skip reading from storage. --> | |
| <decision-state id="TestForRevokeConsent"> | |
| <if test="opensamlProfileRequestContext.getSubcontext(T(net.shibboleth.idp.consent.context.ConsentManagementContext), true).getRevokeConsent()" | |
| then="RevokeConsent" else="ReadConsentFromStorage" /> | |
| </decision-state> | |
| <!-- Revoke consent by deleting consent storage records. --> | |
| <action-state id="RevokeConsent"> | |
| <evaluate expression="RevokeConsent" /> | |
| <evaluate expression="'ClearAttributeReleaseConsent'" /> | |
| </action-state> | |
| <!-- Write 'ClearAttributeReleaseConsent' event to consent audit log. --> | |
| <action-state id="ClearAttributeReleaseConsent"> | |
| <evaluate expression="WriteAttributeReleaseConsentAuditLog" /> | |
| <evaluate expression="'proceed'" /> | |
| <transition on="proceed" to="TestForRevokeGlobalAttributeConsent" /> | |
| </action-state> | |
| <decision-state id="TestForRevokeGlobalAttributeConsent"> | |
| <if test="attributeReleaseFlowDescriptor.isGlobalConsentAllowed()" | |
| then="RevokeGlobalAttributeConsent" else="PopulateConsentContext" /> | |
| </decision-state> | |
| <action-state id="RevokeGlobalAttributeConsent"> | |
| <evaluate expression="RevokeGlobalAttributeConsent" /> | |
| <evaluate expression="'proceed'" /> | |
| <transition on="proceed" to="PopulateConsentContext" /> | |
| </action-state> | |
| <!-- Read consent from storage. --> | |
| <action-state id="ReadConsentFromStorage"> | |
| <evaluate expression="ReadConsentFromStorage" /> | |
| <evaluate expression="'proceed'" /> | |
| <transition on="proceed" to="TestForReadGlobalAttributeConsentFromStorage" /> | |
| </action-state> | |
| <decision-state id="TestForReadGlobalAttributeConsentFromStorage"> | |
| <if test="attributeReleaseFlowDescriptor.globalConsentAllowed" | |
| then="ReadGlobalAttributeConsentFromStorage" else="PopulateConsentContext" /> | |
| </decision-state> | |
| <action-state id="ReadGlobalAttributeConsentFromStorage"> | |
| <evaluate expression="ReadGlobalAttributeConsentFromStorage" /> | |
| <evaluate expression="'proceed'" /> | |
| <transition on="proceed" to="TestForGlobalAttributeConsent" /> | |
| </action-state> | |
| <!-- If global consent has been given by user, skip the rest of the flow. --> | |
| <decision-state id="TestForGlobalAttributeConsent"> | |
| <if test="GlobalAttributeConsentPredicate.apply(opensamlProfileRequestContext)" | |
| then="proceed" else="PopulateConsentContext" /> | |
| </decision-state> | |
| <!-- Create consent objects and store in consent context. --> | |
| <action-state id="PopulateConsentContext"> | |
| <evaluate expression="PopulateConsentContext" /> | |
| <evaluate expression="'proceed'" /> | |
| <transition on="proceed" to="IsConsentRequired" /> | |
| </action-state> | |
| <!-- If consent is required, display page. Otherwise, release attributes. --> | |
| <decision-state id="IsConsentRequired"> | |
| <if test="IsConsentRequiredPredicate.apply(opensamlProfileRequestContext)" | |
| then="DisplayAttributeReleasePage" else="ReleaseAttributes" /> | |
| </decision-state> | |
| <!-- Display attribute release page. --> | |
| <view-state id="DisplayAttributeReleasePage" view="#{flowRequestContext.activeFlow.id}"> | |
| <on-render> | |
| <evaluate expression="environment" result="viewScope.environment" /> | |
| <evaluate expression="T(net.shibboleth.utilities.java.support.codec.HTMLEncoder)" result="viewScope.encoder" /> | |
| <evaluate expression="flowRequestContext.getExternalContext().getNativeRequest()" result="viewScope.request" /> | |
| <evaluate expression="flowRequestContext.getExternalContext().getNativeResponse()" result="viewScope.response" /> | |
| <evaluate expression="opensamlProfileRequestContext" result="viewScope.profileRequestContext" /> | |
| <evaluate expression="new net.shibboleth.idp.consent.logic.impl.AttributeDisplayNameFunction(flowRequestContext.getExternalContext().getNativeRequest(), FallbackLanguages)" | |
| result="viewScope.attributeDisplayNameFunction" /> | |
| <evaluate expression="new net.shibboleth.idp.consent.logic.impl.AttributeDisplayDescriptionFunction(flowRequestContext.getExternalContext().getNativeRequest(), FallbackLanguages)" | |
| result="viewScope.attributeDisplayDescriptionFunction" /> | |
| <evaluate expression="opensamlProfileRequestContext.getSubcontext(T(net.shibboleth.idp.consent.context.impl.ConsentContext))" result="viewScope.consentContext" /> | |
| <evaluate expression="opensamlProfileRequestContext.getSubcontext(T(net.shibboleth.idp.consent.context.impl.AttributeReleaseContext))" result="viewScope.attributeReleaseContext" /> | |
| <evaluate expression="SetRPUIInformation.getRPUIContextCreateStrategy().apply(opensamlProfileRequestContext)" result="viewScope.rpUIContext" /> | |
| <evaluate expression="flowRequestContext.getActiveFlow().getApplicationContext().containsBean('shibboleth.CustomViewContext') ? flowRequestContext.getActiveFlow().getApplicationContext().getBean('shibboleth.CustomViewContext') : null" result="viewScope.custom" /> | |
| </on-render> | |
| <transition on="RemoveAuthenticationResult" to="RemoveAuthenticationRes"/> | |
| <transition on="proceed" to="TestForGlobalConsent" /> | |
| </view-state> | |
| <action-state id="RemoveAuthenticationRes"> | |
| <on-entry> | |
| <evaluate expression="opensamlProfileRequestContext.getSubcontext(T(net.shibboleth.idp.session.context.SessionContext))" result="flowScope.sessionContext"/> | |
| <evaluate expression="sessionContext.getIdPSession()" result="flowScope.idpSession"/> | |
| <evaluate expression="idpSession.getAuthenticationResult('authn/Mobile')" result="flowScope.authenticationRes"/> | |
| <evaluate expression="idpSession.removeAuthenticationResult(authenticationRes)"/> | |
| </on-entry> | |
| <evaluate expression="'proceed'"/> | |
| <transition on="proceed" to="AttributeReleaseRejected"/> | |
| </action-state> | |
| <!-- If global consent was given by user, create appropriate storage result and end flow. --> | |
| <decision-state id="TestForGlobalConsent"> | |
| <if test="requestParameters._shib_idp_consentOptions == '_shib_idp_globalConsent'" | |
| then="GlobalConsent" else="ExtractConsent" /> | |
| </decision-state> | |
| <action-state id="GlobalConsent"> | |
| <evaluate expression="CreateGlobalConsentResult" /> | |
| <evaluate expression="'GlobalAttributeReleaseConsent'" /> | |
| </action-state> | |
| <!-- Write 'GlobalAttributeReleaseConsent' event to consent audit log. --> | |
| <action-state id="GlobalAttributeReleaseConsent"> | |
| <evaluate expression="WriteAttributeReleaseConsentAuditLog" /> | |
| <evaluate expression="'proceed'" /> | |
| <transition on="proceed" to="proceed" /> | |
| </action-state> | |
| <!-- Extract user input from form and update consent objects in consent context accordingly. --> | |
| <action-state id="ExtractConsent"> | |
| <evaluate expression="ExtractConsent" /> | |
| <evaluate expression="'AttributeReleaseConsent'" /> | |
| </action-state> | |
| <!-- Write 'AttributeReleaseConsent' event to consent audit log. --> | |
| <action-state id="AttributeReleaseConsent"> | |
| <evaluate expression="PopulateConsentAuditContext" /> | |
| <evaluate expression="WriteAttributeReleaseConsentAuditLog" /> | |
| <evaluate expression="'proceed'" /> | |
| <transition on="proceed" to="TestForDoNotRememberConsent" /> | |
| </action-state> | |
| <!-- Determine whether consent should be stored or not. --> | |
| <decision-state id="TestForDoNotRememberConsent"> | |
| <if test="requestParameters._shib_idp_consentOptions == '_shib_idp_doNotRememberConsent'" | |
| then="ReleaseAttributes" else="CreateResult" /> | |
| </decision-state> | |
| <!-- Create result to be stored by interceptor flow. --> | |
| <action-state id="CreateResult"> | |
| <evaluate expression="CreateResult" /> | |
| <evaluate expression="'proceed'" /> | |
| <transition on="proceed" to="ReleaseAttributes" /> | |
| </action-state> | |
| <!-- Release attributes consented to as well as non-consentable attributes from attribute context. --> | |
| <action-state id="ReleaseAttributes"> | |
| <evaluate expression="ReleaseAttributes" /> | |
| <evaluate expression="'proceed'" /> | |
| <transition on="proceed" to="proceed" /> | |
| </action-state> | |
| <end-state id="proceed" /> | |
| <bean-import resource="../../../system/flows/intercept/attribute-release-beans.xml" /> | |
| </flow> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment