Package org.opensaml.security.messaging.impl

Class BaseTrustEngineSecurityHandler<TokenType>

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler<TokenType>
Type Parameters:
TokenType - type of token which is being evaluated by the underlying trust engine
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, MessageHandler
Direct Known Subclasses:
BaseClientCertAuthSecurityHandler, BaseSAMLXMLSignatureSecurityHandler
public abstract class BaseTrustEngineSecurityHandler<TokenType> extends AbstractMessageHandler
Base rule which uses a trust engine to evaluate a token extracted from the request or message.

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Logger.

    • trustEngine

      @NonnullBeforeExec private TrustEngine<? super TokenType> trustEngine
      Trust engine used to verify the particular token type.

  • Constructor Details

    • BaseTrustEngineSecurityHandler

      public BaseTrustEngineSecurityHandler()

  • Method Details

    • getTrustEngine

      @NonnullBeforeExec protected TrustEngine<? super TokenType> getTrustEngine()
      Gets the trust engine used to validate the untrusted token.
      Returns:
      trust engine used to validate the untrusted token

    • doPreInvoke

      protected boolean doPreInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException
      Called prior to execution, handlers may override this method to perform pre-processing for a request.

      The default impl applies the Predicate set via the AbstractMessageHandler.setActivationCondition(Predicate).

      If false is returned, execution will not proceed.

      Subclasses which override this method should generally invoke the super version of this method first, so that the activation condition will be applied up front, and immediately return false if the super version returns false. This avoids unnecessary execution of the remaining pre-invocation code if the handler ultimately will not execute.

      Overrides:
      doPreInvoke in class AbstractMessageHandler
      Parameters:
      messageContext - the message context on which to invoke the handler
      Returns:
      true iff execution should proceed
      Throws:
      MessageHandlerException - if there is a problem executing the handler pre-routine

    • resolveTrustEngine

      @Nullable protected abstract TrustEngine<? super TokenType> resolveTrustEngine(@Nonnull MessageContext messageContext)
      Resolve a TrustEngine instance of the appropriate type from the message context.
      Parameters:
      messageContext - the message context which is being evaluated
      Returns:
      the resolved TrustEngine, may be null

    • buildCriteriaSet

      @Nullable protected abstract CriteriaSet buildCriteriaSet(@Nullable String entityID, @Nonnull MessageContext messageContext) throws MessageHandlerException
      Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.
      Parameters:
      entityID - the candidate issuer entity ID which is being evaluated
      messageContext - the message context which is being evaluated
      Returns:
      a newly constructly set of criteria suitable for the configured trust engine
      Throws:
      MessageHandlerException - thrown if criteria set can not be constructed

    • evaluate

      protected boolean evaluate(@Nonnull TokenType token, @Nullable String entityID, @Nonnull MessageContext messageContext) throws MessageHandlerException
      Evaluate the token using the configured trust engine against criteria built using the specified candidate issuer entity ID and message context information.
      Parameters:
      token - the token to be evaluated
      entityID - the candidate issuer entity ID which is being evaluated
      messageContext - the message context which is being evaluated
      Returns:
      true if the token satisfies the criteria as determined by the trust engine, otherwise false
      Throws:
      MessageHandlerException - thrown if there is a fatal error during trust engine evaluation

    • evaluate

      protected boolean evaluate(@Nonnull TokenType token, @Nullable CriteriaSet criteriaSet) throws MessageHandlerException
      Evaluate the token against the specified criteria using the configured trust engine.
      Parameters:
      token - the token to be evaluated
      criteriaSet - the set of criteria against which to evaluate the token
      Returns:
      true if the token satisfies the criteria as determined by the trust engine, otherwise false
      Throws:
      MessageHandlerException - thrown if there is a fatal error during trust engine evaluation