Package org.opensaml.saml.saml2.binding.decoding.impl

Class HTTPArtifactDecoder

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.messaging.decoder.AbstractMessageDecoder
org.opensaml.messaging.decoder.servlet.AbstractHttpServletRequestMessageDecoder
org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder
org.opensaml.saml.common.binding.impl.BaseSAMLHttpServletRequestDecoder
org.opensaml.saml.saml2.binding.decoding.impl.HTTPArtifactDecoder
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, UnmodifiableComponent, MessageDecoder, HttpServletRequestMessageDecoder, SAMLMessageDecoder
public class HTTPArtifactDecoder extends BaseSAMLHttpServletRequestDecoder implements SAMLMessageDecoder
SAML 2 Artifact Binding decoder, support both HTTP GET and POST.

  • Field Details

  • Constructor Details

    • HTTPArtifactDecoder

      public HTTPArtifactDecoder()

  • Method Details

    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class BaseHttpServletRequestXMLMessageDecoder
      Throws:
      ComponentInitializationException

    • getIdentifierGenerationStrategy

      @NonnullAfterInit public IdentifierGenerationStrategy getIdentifierGenerationStrategy()
      Get the identifier generation strategy.
      Returns:
      Returns the identifier generation strategy

    • setIdentifierGenerationStrategy

      public void setIdentifierGenerationStrategy(@Nonnull IdentifierGenerationStrategy strategy)
      Set the identifier generation strategy.
      Parameters:
      strategy - the identifier generation strategy

    • getSelfEntityIDResolver

      @NonnullAfterInit public Resolver<String,CriteriaSet> getSelfEntityIDResolver()
      Get the resolver for the self entityID.
      Returns:
      the resolver

    • setSelfEntityIDResolver

      public void setSelfEntityIDResolver(@Nullable Resolver<String,CriteriaSet> resolver)
      Set the resolver for the self entityID.
      Parameters:
      resolver - the resolver instance

    • getPeerEntityRole

      @NonnullAfterInit public QName getPeerEntityRole()
      Get the peer entity role QName.
      Returns:
      the peer entity role

    • setPeerEntityRole

      public void setPeerEntityRole(@Nullable QName role)
      Set the peer entity role QName.
      Parameters:
      role - the peer entity role

    • getArtifactEndpointResolver

      @NonnullAfterInit public EndpointResolver<ArtifactResolutionService> getArtifactEndpointResolver()
      Get the artifact endpoint resolver.
      Returns:
      the endpoint resolver

    • setArtifactEndpointResolver

      public void setArtifactEndpointResolver(@Nullable EndpointResolver<ArtifactResolutionService> resolver)
      Set the artifact endpoint resolver.
      Parameters:
      resolver - the new resolver

    • getRoleDescriptorResolver

      @NonnullAfterInit public RoleDescriptorResolver getRoleDescriptorResolver()
      Get the role descriptor resolver.

      Must be capable of resolving descriptors based on ArtifactCriterion.

      Returns:
      the role descriptor resolver

    • setRoleDescriptorResolver

      public void setRoleDescriptorResolver(@Nullable RoleDescriptorResolver resolver)
      Set the role descriptor resolver.

      Must be capable of resolving descriptors based on ArtifactCriterion.

      Parameters:
      resolver - the role descriptor resolver

    • getArtifactBuilderFactory

      @NonnullAfterInit public SAML2ArtifactBuilderFactory getArtifactBuilderFactory()
      Get the SAML 2 artifact builder factory.
      Returns:
      the artifact builder factory in use

    • setArtifactBuilderFactory

      public void setArtifactBuilderFactory(@Nullable SAML2ArtifactBuilderFactory factory)
      Set the SAML 2 artifact builder factory.
      Parameters:
      factory - the artifact builder factory

    • getSOAPClient

      @NonnullAfterInit public SOAPClient getSOAPClient()
      Get the SOAP client instance.
      Returns:
      the SOAP client

    • setSOAPClient

      public void setSOAPClient(@Nullable SOAPClient client)
      Set the SOAP client instance.
      Parameters:
      client - the SOAP client

    • getSOAPPipelineName

      @Nullable public String getSOAPPipelineName()
      Get the name of the specific SOAP client message pipeline to use, for example with PipelineFactoryHttpSOAPClient.
      Returns:
      the pipeline name, or null

    • setSOAPPipelineName

      public void setSOAPPipelineName(@Nullable String name)
      Set the name of the specific SOAP client message pipeline to use, for example with PipelineFactoryHttpSOAPClient.
      Parameters:
      name - the pipeline name, or null

    • getSOAPClientSecurityConfigurationProfileId

      @Nullable public String getSOAPClientSecurityConfigurationProfileId()
      Get the SOAP client security configuration profile ID to use.
      Returns:
      the client security configuration profile ID, or null

    • setSOAPClientSecurityConfigurationProfileId

      public void setSOAPClientSecurityConfigurationProfileId(@Nullable String profileId)
      Set the SOAP client security configuration profile ID to use.
      Parameters:
      profileId - the profile ID, or null

    • getBindingURI

      @Nonnull @NotEmpty public String getBindingURI()
      Gets the SAML binding URI supported by this decoder.
      Specified by:
      getBindingURI in interface SAMLMessageDecoder
      Returns:
      SAML binding URI supported by this decoder

    • getBindingDescriptor

      @Nullable public BindingDescriptor getBindingDescriptor()
      Get an optional BindingDescriptor to inject into SAMLBindingContext created.
      Returns:
      binding descriptor

    • setBindingDescriptor

      public void setBindingDescriptor(@Nullable BindingDescriptor descriptor)
      Set an optional BindingDescriptor to inject into SAMLBindingContext created.
      Parameters:
      descriptor - a binding descriptor

    • doDecode

      protected void doDecode() throws MessageDecodingException
      Performs the decoding logic. By the time this is called, this decoder has already been initialized and checked to ensure that it has not been destroyed.
      Specified by:
      doDecode in class AbstractMessageDecoder
      Throws:
      MessageDecodingException - thrown if there is a problem decoding the message

    • processArtifact

      private void processArtifact(@Nonnull MessageContext messageContext, @Nonnull HttpServletRequest request) throws MessageDecodingException
      Process the incoming artifact by decoding the artifacts, dereferencing it from the artifact issuer and storing the resulting protocol message in the message context.
      Parameters:
      messageContext - the message context being processed
      request - the HTTP servlet request
      Throws:
      MessageDecodingException - thrown if there is a problem decoding or dereferencing the artifact

    • dereferenceArtifact

      @Nonnull private SAMLObject dereferenceArtifact(@Nonnull SAML2Artifact artifact, @Nonnull RoleDescriptor peerRoleDescriptor, @Nonnull String endpoint) throws MessageDecodingException
      De-reference the supplied artifact into the corresponding SAML protocol message.
      Parameters:
      artifact - the artifact to de-reference
      peerRoleDescriptor - the peer RoleDescriptor
      endpoint - the peer's artifact resolution service endpoint
      Returns:
      the de-referenced artifact
      Throws:
      MessageDecodingException - if there is fatal error, or if the artifact was not successfully resolved

    • validateAndExtractResponseMessage

      @Nonnull private SAMLObject validateAndExtractResponseMessage(@Nonnull ArtifactResponse artifactResponse) throws MessageDecodingException
      Validate and extract the SAML protocol message from the artifact response.
      Parameters:
      artifactResponse - the response to process
      Returns:
      the SAML protocol message
      Throws:
      MessageDecodingException - if the protocol message was not sent or there was a non-success status response

    • buildArtifactResolveRequestMessage

      @Nonnull private ArtifactResolve buildArtifactResolveRequestMessage(@Nonnull SAML2Artifact artifact, @Nonnull String endpoint, @Nonnull RoleDescriptor peerRoleDescriptor, @Nonnull String selfEntityID) throws EncodingException
      Build the SAML protocol message for artifact resolution.
      Parameters:
      artifact - the artifact being de-referenced
      endpoint - the peer artifact resolution service endpoint
      peerRoleDescriptor - the peer RoleDescriptor
      selfEntityID - the entityID of this party, the issuer of the protocol request message
      Returns:
      the SAML protocol message for artifact resolution
      Throws:
      EncodingException - if the artifact can not be base64 encoded.

    • resolveSelfEntityID

      @Nonnull private String resolveSelfEntityID(@Nonnull RoleDescriptor peerRoleDescriptor) throws MessageDecodingException
      Resolve the self entityID, used as the issuer of the protocol message by this entity.
      Parameters:
      peerRoleDescriptor - the peer RoleDescriptor
      Returns:
      the resolved self entityID
      Throws:
      MessageDecodingException - if there was a fatal error during resolution, or the entityID could not be resolved

    • buildIssuer

      @Nonnull private Issuer buildIssuer(@Nonnull String selfEntityID)
      Build the SAML protocol message Issuer element.
      Parameters:
      selfEntityID - the entity ID of the protocol message issuer (this entity)
      Returns:
      the Issuer element

    • resolveArtifactEndpoint

      @Nonnull private String resolveArtifactEndpoint(@Nonnull SAML2Artifact artifact, @Nonnull RoleDescriptor peerRoleDescriptor) throws MessageDecodingException
      Resolve the artifact resolution endpoint of the peer who issued the artifact.
      Parameters:
      artifact - the artifact
      peerRoleDescriptor - the peer RoleDescriptor
      Returns:
      the peer artifact resolution service endpoint
      Throws:
      MessageDecodingException - if there is a fatal error resolving the endpoint, or the endpoint could not be resolved

    • resolvePeerRoleDescriptor

      @Nonnull private RoleDescriptor resolvePeerRoleDescriptor(@Nonnull SAML2Artifact artifact) throws MessageDecodingException
      Resolve the role descriptor of the SAML peer who issued the supplied artifact.
      Parameters:
      artifact - the artifact to process
      Returns:
      the peer RoleDescriptor
      Throws:
      MessageDecodingException - if there was a fatal error resolving the role descriptor, or the descriptor could not be resolved

    • parseArtifact

      @Nonnull private SAML2Artifact parseArtifact(@Nonnull String encodedArtifact) throws MessageDecodingException
      Parse and decode the supplied encoded artifact string into a SAML2Artifact instance.
      Parameters:
      encodedArtifact - the encoded artifact which was received
      Returns:
      the decoded artifact instance
      Throws:
      MessageDecodingException - if the encoded artifact could not be decoded

    • populateBindingContext

      protected void populateBindingContext(@Nonnull MessageContext messageContext)
      Populate the context which carries information specific to this binding.
      Parameters:
      messageContext - the current message context