Class BaseSAMLXMLSignatureSecurityHandler
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler<Signature>
org.opensaml.saml.common.binding.security.impl.BaseSAMLXMLSignatureSecurityHandler
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,MessageHandler
- Direct Known Subclasses:
SAMLProtocolMessageXMLSignatureSecurityHandler
public abstract class BaseSAMLXMLSignatureSecurityHandler
extends BaseTrustEngineSecurityHandler<Signature>
Base class for SAML security message handlers which evaluate a signature with a signature trust engine.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate SAMLPeerEntityContextThe context representing the SAML peer entity.private StringThe SAML protocol in use.private SAMLProtocolContextThe SAML protocol context in operation.private QNameThe SAML role in use.private SignatureValidationParametersParameters for signature validation. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected CriteriaSetbuildCriteriaSet(String entityID, MessageContext messageContext) Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.protected booleandoPreInvoke(MessageContext messageContext) Called prior to execution, handlers may override this method to perform pre-processing for a request.protected SAMLPeerEntityContextGet theSAMLPeerEntityContextassociated with the message.protected SAMLProtocolContextGet theSAMLProtocolContextassociated with the message.protected TrustEngine<Signature>resolveTrustEngine(MessageContext messageContext) Resolve a TrustEngine instance of the appropriate type from the message context.Methods inherited from class org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler
evaluate, evaluate, getTrustEngineMethods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler
doInvoke, doPostInvoke, doPostInvoke, getActivationCondition, getLogPrefix, invoke, isPreInvokeCalled, setActivationConditionMethods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, doInitialize, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.shared.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
peerContext
The context representing the SAML peer entity. -
samlProtocolContext
The SAML protocol context in operation. -
samlProtocol
The SAML protocol in use. -
samlRole
The SAML role in use. -
signatureValidationParameters
Parameters for signature validation.
-
-
Constructor Details
-
BaseSAMLXMLSignatureSecurityHandler
public BaseSAMLXMLSignatureSecurityHandler()
-
-
Method Details
-
getSAMLPeerEntityContext
Get theSAMLPeerEntityContextassociated with the message.- Returns:
- the peer context
-
getSAMLProtocolContext
Get theSAMLProtocolContextassociated with the message.- Returns:
- the protocol context
-
doPreInvoke
protected boolean doPreInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException Called prior to execution, handlers may override this method to perform pre-processing for a request.The default impl applies the
Predicateset via theAbstractMessageHandler.setActivationCondition(Predicate).If false is returned, execution will not proceed.
Subclasses which override this method should generally invoke the super version of this method first, so that the activation condition will be applied up front, and immediately return false if the super version returns false. This avoids unnecessary execution of the remaining pre-invocation code if the handler ultimately will not execute.
- Overrides:
doPreInvokein classBaseTrustEngineSecurityHandler<Signature>- Parameters:
messageContext- the message context on which to invoke the handler- Returns:
- true iff execution should proceed
- Throws:
MessageHandlerException- if there is a problem executing the handler pre-routine
-
resolveTrustEngine
@Nullable protected TrustEngine<Signature> resolveTrustEngine(@Nonnull MessageContext messageContext) Resolve a TrustEngine instance of the appropriate type from the message context.- Specified by:
resolveTrustEnginein classBaseTrustEngineSecurityHandler<Signature>- Parameters:
messageContext- the message context which is being evaluated- Returns:
- the resolved TrustEngine, may be null
-
buildCriteriaSet
@Nonnull protected CriteriaSet buildCriteriaSet(@Nullable String entityID, @Nonnull MessageContext messageContext) throws MessageHandlerException Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.- Specified by:
buildCriteriaSetin classBaseTrustEngineSecurityHandler<Signature>- Parameters:
entityID- the candidate issuer entity ID which is being evaluatedmessageContext- the message context which is being evaluated- Returns:
- a newly constructly set of criteria suitable for the configured trust engine
- Throws:
MessageHandlerException- thrown if criteria set can not be constructed
-