Package org.opensaml.saml.common.binding.security.impl

Class ReceivedEndpointSecurityHandler

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, MessageHandler
public class ReceivedEndpointSecurityHandler extends AbstractMessageHandler
Message handler which checks the validity of the SAML protocol message receiver endpoint against requirements indicated in the message.

  • Field Details

    • log

      @Nonnull private org.slf4j.Logger log
      Logger.

    • uriComparator

      @Nonnull private URIComparator uriComparator
      The URI comparator to use in performing the validation.

    • httpServletRequestSupplier

      @NonnullAfterInit private NonnullSupplier<HttpServletRequest> httpServletRequestSupplier
      The HttpServletRequest being processed.

  • Constructor Details

    • ReceivedEndpointSecurityHandler

      public ReceivedEndpointSecurityHandler()
      Constructor.

  • Method Details

    • getURIComparator

      @Nonnull public URIComparator getURIComparator()
      Get the URI comparator instance to use.
      Returns:
      the uriComparator.

    • setURIComparator

      public void setURIComparator(@Nonnull URIComparator comparator)
      Set the URI comparator instance to use.
      Parameters:
      comparator - the new URI comparator to use

    • getHttpServletRequest

      @NonnullAfterInit public HttpServletRequest getHttpServletRequest()
      Get the HTTP servlet request being processed.
      Returns:
      Returns the request.

    • getHttpServletRequestSupplier

      @NonnullAfterInit public NonnullSupplier<HttpServletRequest> getHttpServletRequestSupplier()
      Get the supplier for HTTP request if available.
      Returns:
      current HTTP request

    • setHttpServletRequestSupplier

      public void setHttpServletRequestSupplier(@Nullable NonnullSupplier<HttpServletRequest> requestSupplier)
      Set the current HTTP request Supplier.
      Parameters:
      requestSupplier - Supplier for the current HTTP request

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractInitializableComponent
      Throws:
      ComponentInitializationException

    • doInvoke

      protected void doInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException
      Performs the handler logic.
      Specified by:
      doInvoke in class AbstractMessageHandler
      Parameters:
      messageContext - the message context on which to invoke the handler
      Throws:
      MessageHandlerException - if there is an error invoking the handler on the message context

    • compareEndpointURIs

      protected boolean compareEndpointURIs(@Nonnull @NotEmpty String messageDestination, @Nullable String receiverEndpoint, @Nonnull URIComparator comparator) throws URIException
      Compare the message endpoint URI's specified.

      The comparison is performed using the specified instance of URIComparator.

      Parameters:
      messageDestination - the intended message destination endpoint URI
      receiverEndpoint - the endpoint URI at which the message was received
      comparator - the comparator instance to use
      Returns:
      true if the endpoints are equivalent, false otherwise
      Throws:
      URIException - if one of the URI's to evaluate is invalid

    • checkEndpointURI

      protected void checkEndpointURI(@Nonnull MessageContext messageContext, @Nonnull URIComparator comparator) throws MessageHandlerException
      Check the validity of the SAML protocol message receiver endpoint against requirements indicated in the message.
      Parameters:
      messageContext - current message context
      comparator - the URI comparator instance to use, if null an internal default will be used
      Throws:
      MessageHandlerException - thrown if the message was received at an endpoint consistent with message requirements, or if there is a problem decoding and processing the message Destination or receiver endpoint information