Package org.opensaml.messaging.handler.impl

Class URLEvaluatingMessageChannelSecurity

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.messaging.handler.impl.AbstractMessageChannelSecurity
org.opensaml.messaging.handler.impl.URLEvaluatingMessageChannelSecurity
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, MessageHandler
public class URLEvaluatingMessageChannelSecurity extends AbstractMessageChannelSecurity
Message handler which populates a MessageChannelSecurityContext based on evaluating a target URL resolved via a configured strategy function.

  • Field Details

    • log

      @Nonnull private org.slf4j.Logger log
      Logger.

    • defaultPortInsecure

      private boolean defaultPortInsecure
      Flag controlling whether traffic on the default TLS port is "secure".

    • urlLookup

      @NonnullAfterInit private Function<MessageContext,String> urlLookup
      Function which looks up the URL to evaluate.

    • url

      @Nullable private String url
      The target resolved URL.

    • urlBuilder

      @Nullable private URLBuilder urlBuilder
      Target resolved and parsed URL.

  • Constructor Details

    • URLEvaluatingMessageChannelSecurity

      public URLEvaluatingMessageChannelSecurity()
      Constructor.

  • Method Details

    • setDefaultPortInsecure

      public void setDefaultPortInsecure(boolean flag)
      Set whether traffic on the default TLS port is "secure" for the purposes of this action.

      Defaults to "true"

      Ordinarily TLS is considered a "secure" channel, but traffic to a default port meant for browser access tends to rely on server certificates that are unsuited to secure messaging use cases. This flag allows software layers to recognize traffic on this port as "insecure" and needing additional security measures.

      Parameters:
      flag - flag to set

    • setURLLookup

      public void setURLLookup(@Nullable Function<MessageContext,String> function)
      Set the function which looks up the destination URL to evaluate.
      Parameters:
      function - the lookup function

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractInitializableComponent
      Throws:
      ComponentInitializationException

    • doPreInvoke

      protected boolean doPreInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException
      Called prior to execution, handlers may override this method to perform pre-processing for a request.

      The default impl applies the Predicate set via the AbstractMessageHandler.setActivationCondition(Predicate).

      If false is returned, execution will not proceed.

      Subclasses which override this method should generally invoke the super version of this method first, so that the activation condition will be applied up front, and immediately return false if the super version returns false. This avoids unnecessary execution of the remaining pre-invocation code if the handler ultimately will not execute.

      Overrides:
      doPreInvoke in class AbstractMessageChannelSecurity
      Parameters:
      messageContext - the message context on which to invoke the handler
      Returns:
      true iff execution should proceed
      Throws:
      MessageHandlerException - if there is a problem executing the handler pre-routine

    • doInvoke

      protected void doInvoke(@Nonnull MessageContext messageContext)
      Performs the handler logic.
      Specified by:
      doInvoke in class AbstractMessageHandler
      Parameters:
      messageContext - the message context on which to invoke the handler