Class ValidateAssertions
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.saml.saml2.profile.impl.ValidateAssertions
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction
A profile action which resolves SAML 2.0 Assertions from the profile request context
and validates them using a resolved or configured instance of
SAML20AssertionValidator.
The ValidationResult along with the ValidationContext used are stored in the assertion's
XMLObject.getObjectMetadata() as instance of ValidationProcessingData.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classClass which holds data relevant to validating a SAML 2.0 Assertion.classThe default assertion resolver function. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate Function<ProfileRequestContext,List<Assertion>> The resolver for the list of assertions to be validated.The resolved assertions to be validated.The SAML 2.0 Assertion validator lookup function, may be null.private booleanFlag which indicates whether a failure of Assertion validation should be considered fatal.private final org.slf4j.LoggerClass logger.Function that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected ValidationContextbuildValidationContext(ProfileRequestContext profileContext, Assertion assertion) Build the Assertion ValidationContext.protected voiddoExecute(ProfileRequestContext profileContext) Performs this action.protected voidprotected booleandoPreExecute(ProfileRequestContext profileRequestContext) Called prior to execution, actions may override this method to perform pre-processing for a request.Get the function which resolves the list of assertions to validate.getAssertionValidator(ProfileRequestContext profileRequestContext, Assertion assertion) Get the configured Assertion validator.Get the function that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance.booleanGet flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.protected voidprocessResult(ValidationContext validationContext, ValidationResult validationResult, Assertion assertion, ProfileRequestContext profileContext) Process the result of the assertion validation.voidsetAssertionResolver(Function<ProfileRequestContext, List<Assertion>> function) Set the function which resolves the list of assertions to validate.voidsetAssertionValidator(SAML20AssertionValidator validator) Set the locally-configured Assertion validator.voidsetAssertionValidatorLookup(Function<Pair<ProfileRequestContext, Assertion>, SAML20AssertionValidator> function) Set the Assertion validator lookup function.voidsetInvalidFatal(boolean flag) Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.voidsetValidationContextBuilder(Function<ValidateAssertions.AssertionValidationInput, ValidationContext> builder) Set the function that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance.Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, ensureHttpServletRequest, ensureHttpServletResponse, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, isPreExecuteCalled, setHttpServletRequestSupplier, setHttpServletResponseSupplierMethods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.shared.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
invalidFatal
private boolean invalidFatalFlag which indicates whether a failure of Assertion validation should be considered fatal. -
assertionValidatorLookup
@Nonnull private Function<Pair<ProfileRequestContext,Assertion>, assertionValidatorLookupSAML20AssertionValidator> The SAML 2.0 Assertion validator lookup function, may be null. -
validationContextBuilder
@Nonnull private Function<ValidateAssertions.AssertionValidationInput,ValidationContext> validationContextBuilderFunction that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance. -
assertionResolver
The resolver for the list of assertions to be validated. -
assertions
The resolved assertions to be validated.
-
-
Constructor Details
-
ValidateAssertions
public ValidateAssertions()Constructor.
-
-
Method Details
-
getAssertionResolver
Get the function which resolves the list of assertions to validate.- Returns:
- the assertion resolver function
-
setAssertionResolver
Set the function which resolves the list of assertions to validate.- Parameters:
function- the new assertion resolver function
-
getValidationContextBuilder
@Nonnull public Function<ValidateAssertions.AssertionValidationInput,ValidationContext> getValidationContextBuilder()Get the function that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance.Defaults to an instance of
DefaultAssertionValidationContextBuilder.- Returns:
- the builder function
-
setValidationContextBuilder
public void setValidationContextBuilder(@Nonnull Function<ValidateAssertions.AssertionValidationInput, ValidationContext> builder) Set the function that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance.Defaults to an instance of
DefaultAssertionValidationContextBuilder.- Parameters:
builder- the builder function
-
isInvalidFatal
public boolean isInvalidFatal()Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.Defaults to:
true.- Returns:
- Returns the invalidFatal.
-
setInvalidFatal
public void setInvalidFatal(boolean flag) Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.Defaults to:
true.- Parameters:
flag- The invalidFatal to set.
-
getAssertionValidator
@Nullable public SAML20AssertionValidator getAssertionValidator(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull Assertion assertion) Get the configured Assertion validator.- Parameters:
profileRequestContext- profile request contextassertion- assertion- Returns:
- the Assertion validator, or null
-
setAssertionValidator
Set the locally-configured Assertion validator.- Parameters:
validator- the local Assertion validator, may be null
-
setAssertionValidatorLookup
public void setAssertionValidatorLookup(@Nonnull Function<Pair<ProfileRequestContext, Assertion>, SAML20AssertionValidator> function) Set the Assertion validator lookup function.- Parameters:
function- the Assertion validator lookup function, may be null
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
doPreExecute
Called prior to execution, actions may override this method to perform pre-processing for a request.If false is returned, execution will not proceed, and the action should attach an
EventContextto the context tree to signal how to continue with overall workflow processing.If returning successfully, the last step should be to return the result of the superclass version of this method.
- Overrides:
doPreExecutein classAbstractProfileAction- Parameters:
profileRequestContext- the current IdP profile request context- Returns:
- true iff execution should proceed
-
doExecute
Performs this action. Actions must override this method to perform their work.- Overrides:
doExecutein classAbstractProfileAction- Parameters:
profileContext- the current IdP profile request context
-
processResult
protected void processResult(@Nonnull ValidationContext validationContext, @Nonnull ValidationResult validationResult, @Nonnull Assertion assertion, @Nonnull ProfileRequestContext profileContext) Process the result of the assertion validation.- Parameters:
validationContext- the Assertion validation contextvalidationResult- the Assertion validation resultassertion- the assertion being evaluated producedprofileContext- the current profile request context
-
buildValidationContext
@Nonnull protected ValidationContext buildValidationContext(@Nonnull ProfileRequestContext profileContext, @Nonnull Assertion assertion) throws AssertionValidationException Build the Assertion ValidationContext.- Parameters:
profileContext- the current profile contextassertion- the assertion which is to be validated- Returns:
- the new Assertion validation context to use
- Throws:
AssertionValidationException- if no validation context instance could be built
-