Class WSSecuritySAML20AssertionTokenSecurityHandler
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.saml.saml2.wssecurity.messaging.impl.WSSecuritySAML20AssertionTokenSecurityHandler
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,MessageHandler
A security handler which resolves SAML 2.0 Assertion tokens from a SOAP envelope's
wsse:Security header, validates them, and makes them available via via the
WSSecurityContext.-
Field Summary
FieldsModifier and TypeFieldDescriptionThe SAML 2.0 Assertion validator lookup function.private NonnullSupplier<HttpServletRequest>Supplier for the Current HTTP request, if available.private booleanFlag which indicates whether a failure of Assertion validation should be considered fatal.private final org.slf4j.LoggerClass logger.Function that builds aValidationContextinstance based on aSAML20AssertionTokenValidationInputinstance. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected ValidationContextbuildValidationContext(MessageContext messageContext, Assertion assertion) Build the Assertion ValidationContext.protected voidprotected voiddoInvoke(MessageContext messageContext) Performs the handler logic.getAssertionValidator(MessageContext messageContext, Assertion assertion) Get the configured Assertion validator.Get the Assertion validator lookup function.Get the current HTTP request if available.Get the supplier for HTTP request if available.Get the function that builds aValidationContextinstance based on aSAML20AssertionTokenValidationInputinstance.booleanGet flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.protected voidprocessResult(ValidationContext validationContext, ValidationResult validationResult, SAML20AssertionToken token, MessageContext messageContext) Process the result of the token validation.resolveAssertions(MessageContext messageContext) Resolve the SAML 2.0 Assertions token from the SOAP envelope.voidsetAssertionValidator(SAML20AssertionValidator validator) Set a locally-configured Assertion validator.voidsetAssertionValidatorLookup(Function<Pair<MessageContext, Assertion>, SAML20AssertionValidator> function) Set the Assertion validator lookup function.voidsetHttpServletRequestSupplier(NonnullSupplier<HttpServletRequest> requestSupplier) Set the current HTTP request Supplier.voidsetInvalidFatal(boolean flag) Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.voidsetValidationContextBuilder(Function<SAML20AssertionTokenValidationInput, ValidationContext> builder) Set the function that builds aValidationContextinstance based on aSAML20AssertionTokenValidationInputinstance.Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler
doPostInvoke, doPostInvoke, doPreInvoke, getActivationCondition, getLogPrefix, invoke, isPreInvokeCalled, setActivationConditionMethods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.shared.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
httpServletRequestSupplier
Supplier for the Current HTTP request, if available. -
invalidFatal
private boolean invalidFatalFlag which indicates whether a failure of Assertion validation should be considered fatal. -
assertionValidatorLookup
@Nonnull private Function<Pair<MessageContext,Assertion>, assertionValidatorLookupSAML20AssertionValidator> The SAML 2.0 Assertion validator lookup function. -
validationContextBuilder
@NonnullAfterInit private Function<SAML20AssertionTokenValidationInput,ValidationContext> validationContextBuilderFunction that builds aValidationContextinstance based on aSAML20AssertionTokenValidationInputinstance.
-
-
Constructor Details
-
WSSecuritySAML20AssertionTokenSecurityHandler
public WSSecuritySAML20AssertionTokenSecurityHandler()Constructor.
-
-
Method Details
-
getValidationContextBuilder
@NonnullAfterInit public Function<SAML20AssertionTokenValidationInput,ValidationContext> getValidationContextBuilder()Get the function that builds aValidationContextinstance based on aSAML20AssertionTokenValidationInputinstance.Defaults to an instance of
DefaultSAML20AssertionValidationContextBuilder.- Returns:
- the builder function
-
setValidationContextBuilder
public void setValidationContextBuilder(@Nonnull Function<SAML20AssertionTokenValidationInput, ValidationContext> builder) Set the function that builds aValidationContextinstance based on aSAML20AssertionTokenValidationInputinstance.Defaults to an instance of
DefaultSAML20AssertionValidationContextBuilder.- Parameters:
builder- the builder function
-
getHttpServletRequest
Get the current HTTP request if available.- Returns:
- current HTTP request
-
getHttpServletRequestSupplier
Get the supplier for HTTP request if available.- Returns:
- current HTTP request
-
isInvalidFatal
public boolean isInvalidFatal()Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.Defaults to:
true.- Returns:
- Returns the invalidFatal.
-
setInvalidFatal
public void setInvalidFatal(boolean flag) Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.Defaults to:
true.- Parameters:
flag- The invalidFatal to set.
-
getAssertionValidator
@Nullable public SAML20AssertionValidator getAssertionValidator(@Nullable MessageContext messageContext, @Nullable Assertion assertion) Get the configured Assertion validator.- Parameters:
messageContext- input message contextassertion- input assertion- Returns:
- the configured Assertion validator, or null
-
setAssertionValidator
Set a locally-configured Assertion validator.- Parameters:
validator- the local Assertion validator, may be null
-
getAssertionValidatorLookup
@Nullable public Function<Pair<MessageContext,Assertion>, getAssertionValidatorLookup()SAML20AssertionValidator> Get the Assertion validator lookup function.- Returns:
- the Assertion validator lookup function, or null
-
setAssertionValidatorLookup
public void setAssertionValidatorLookup(@Nonnull Function<Pair<MessageContext, Assertion>, SAML20AssertionValidator> function) Set the Assertion validator lookup function.- Parameters:
function- the Assertion validator lookup function, may be null
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
doInvoke
Performs the handler logic.- Specified by:
doInvokein classAbstractMessageHandler- Parameters:
messageContext- the message context on which to invoke the handler- Throws:
MessageHandlerException- if there is an error invoking the handler on the message context
-
processResult
protected void processResult(@Nonnull ValidationContext validationContext, @Nonnull ValidationResult validationResult, @Nonnull SAML20AssertionToken token, @Nonnull MessageContext messageContext) throws MessageHandlerException Process the result of the token validation.- Parameters:
validationContext- the Assertion validation contextvalidationResult- the Assertion validation resulttoken- the token being producedmessageContext- the current message context- Throws:
MessageHandlerException- if the Assertion was invalid or indeterminate and idInvalidFatal is true
-
buildValidationContext
@Nonnull protected ValidationContext buildValidationContext(@Nonnull MessageContext messageContext, @Nonnull Assertion assertion) throws MessageHandlerException Build the Assertion ValidationContext.- Parameters:
messageContext- the current message contextassertion- the assertion which is to be validated- Returns:
- the new Assertion validation context to use
- Throws:
MessageHandlerException- if no validation context instance could be built
-
resolveAssertions
@Nonnull @Unmodifiable @NotLive protected List<Assertion> resolveAssertions(@Nonnull MessageContext messageContext) Resolve the SAML 2.0 Assertions token from the SOAP envelope.- Parameters:
messageContext- the current message context- Returns:
- the list of resolved Assertions, or an empty list
-