public class WSSecuritySAML20AssertionTokenSecurityHandler
extends org.opensaml.messaging.handler.AbstractMessageHandler
WSSecurityContext
.Modifier and Type | Field and Description |
---|---|
private SAML20AssertionValidator |
assertionValidator
The SAML 2.0 Assertion validator, may be null.
|
private com.google.common.base.Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,Assertion>,SAML20AssertionValidator> |
assertionValidatorLookup
The SAML 2.0 Assertion validator lookup function, may be null.
|
private javax.servlet.http.HttpServletRequest |
httpServletRequest
The HttpServletRequest being processed.
|
private boolean |
invalidFatal
Flag which indicates whether a failure of Assertion validation should be considered fatal.
|
private org.slf4j.Logger |
log
Class logger.
|
private com.google.common.base.Function<SAML20AssertionTokenValidationInput,ValidationContext> |
validationContextBuilder
Function that builds a
ValidationContext instance based on a
SAML20AssertionTokenValidationInput instance. |
Constructor and Description |
---|
WSSecuritySAML20AssertionTokenSecurityHandler()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected ValidationContext |
buildValidationContext(org.opensaml.messaging.context.MessageContext messageContext,
Assertion assertion)
Build the Assertion ValidationContext.
|
protected void |
doDestroy() |
protected void |
doInitialize() |
protected void |
doInvoke(org.opensaml.messaging.context.MessageContext messageContext) |
SAML20AssertionValidator |
getAssertionValidator()
Get the locally-configured Assertion validator.
|
com.google.common.base.Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,Assertion>,SAML20AssertionValidator> |
getAssertionValidatorLookup()
Get the Assertion validator lookup function.
|
javax.servlet.http.HttpServletRequest |
getHttpServletRequest()
Get the HTTP servlet request being processed.
|
com.google.common.base.Function<SAML20AssertionTokenValidationInput,ValidationContext> |
getValidationContextBuilder()
Get the function that builds a
ValidationContext instance based on a
SAML20AssertionTokenValidationInput instance. |
boolean |
isInvalidFatal()
Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
|
protected void |
processResult(ValidationContext validationContext,
ValidationResult validationResult,
SAML20AssertionToken token,
org.opensaml.messaging.context.MessageContext messageContext)
Process the result of the token validation.
|
protected List<Assertion> |
resolveAssertions(org.opensaml.messaging.context.MessageContext messageContext)
Resolve the SAML 2.0 Assertions token from the SOAP envelope.
|
protected SAML20AssertionValidator |
resolveValidator(org.opensaml.messaging.context.MessageContext messageContext,
Assertion assertion)
Resolve the Assertion token validator to use with the specified Assertion.
|
void |
setAssertionValidator(SAML20AssertionValidator validator)
Set the locally-configured Assertion validator.
|
void |
setAssertionValidatorLookup(com.google.common.base.Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,Assertion>,SAML20AssertionValidator> function)
Set the Assertion validator lookup function.
|
void |
setHttpServletRequest(javax.servlet.http.HttpServletRequest request)
Set the HTTP servlet request being processed.
|
void |
setInvalidFatal(boolean flag)
Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
|
void |
setValidationContextBuilder(com.google.common.base.Function<SAML20AssertionTokenValidationInput,ValidationContext> builder)
Set the function that builds a
ValidationContext instance based on a
SAML20AssertionTokenValidationInput instance. |
doPostInvoke, doPostInvoke, doPreInvoke, getActivationCondition, getLogPrefix, invoke, setActivationCondition
destroy, initialize, isDestroyed, isInitialized
private final org.slf4j.Logger log
@NonnullAfterInit private javax.servlet.http.HttpServletRequest httpServletRequest
private boolean invalidFatal
@Nullable private SAML20AssertionValidator assertionValidator
@Nullable private com.google.common.base.Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,Assertion>,SAML20AssertionValidator> assertionValidatorLookup
@NonnullAfterInit private com.google.common.base.Function<SAML20AssertionTokenValidationInput,ValidationContext> validationContextBuilder
ValidationContext
instance based on a
SAML20AssertionTokenValidationInput
instance.public WSSecuritySAML20AssertionTokenSecurityHandler()
@NonnullAfterInit public com.google.common.base.Function<SAML20AssertionTokenValidationInput,ValidationContext> getValidationContextBuilder()
ValidationContext
instance based on a
SAML20AssertionTokenValidationInput
instance.
Defaults to an instance of DefaultSAML20AssertionValidationContextBuilder
.
public void setValidationContextBuilder(@Nonnull com.google.common.base.Function<SAML20AssertionTokenValidationInput,ValidationContext> builder)
ValidationContext
instance based on a
SAML20AssertionTokenValidationInput
instance.
Defaults to an instance of DefaultSAML20AssertionValidationContextBuilder
.
builder
- the builder function@NonnullAfterInit public javax.servlet.http.HttpServletRequest getHttpServletRequest()
public void setHttpServletRequest(@Nonnull javax.servlet.http.HttpServletRequest request)
request
- The HTTP servlet requestpublic boolean isInvalidFatal()
Defaults to: true
.
public void setInvalidFatal(boolean flag)
Defaults to: true
.
flag
- The invalidFatal to set.@Nullable public SAML20AssertionValidator getAssertionValidator()
public void setAssertionValidator(@Nullable SAML20AssertionValidator validator)
validator
- the local Assertion validator, may be null@Nullable public com.google.common.base.Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,Assertion>,SAML20AssertionValidator> getAssertionValidatorLookup()
public void setAssertionValidatorLookup(@Nullable com.google.common.base.Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,Assertion>,SAML20AssertionValidator> function)
function
- the Assertion validator lookup function, may be nullprotected void doInitialize() throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
doInitialize
in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.utilities.java.support.component.ComponentInitializationException
protected void doDestroy()
doDestroy
in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
protected void doInvoke(@Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
doInvoke
in class org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.messaging.handler.MessageHandlerException
protected void processResult(@Nonnull ValidationContext validationContext, @Nonnull ValidationResult validationResult, @Nonnull SAML20AssertionToken token, @Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
validationContext
- the Assertion validation contextvalidationResult
- the Assertion validation resulttoken
- the token being producedmessageContext
- the current message contextorg.opensaml.messaging.handler.MessageHandlerException
- if the Assertion was invalid or indeterminate and idInvalidFatal is true@Nullable protected SAML20AssertionValidator resolveValidator(@Nonnull org.opensaml.messaging.context.MessageContext messageContext, @Nonnull Assertion assertion)
messageContext
- the current message contextassertion
- the assertion being evaluated@Nonnull protected ValidationContext buildValidationContext(@Nonnull org.opensaml.messaging.context.MessageContext messageContext, @Nonnull Assertion assertion) throws org.opensaml.messaging.handler.MessageHandlerException
messageContext
- the current message contextassertion
- the assertion which is to be validatedorg.opensaml.messaging.handler.MessageHandlerException
- if no validation context instance could be built@Nonnull protected List<Assertion> resolveAssertions(@Nonnull org.opensaml.messaging.context.MessageContext messageContext)
messageContext
- the current message contextCopyright © 1999–2020 Shibboleth Consortium. All rights reserved.