Package org.opensaml.saml.saml2.assertion.impl

Class AuthnStatementValidator

  • All Implemented Interfaces:
    org.opensaml.saml.saml2.assertion.StatementValidator
    public class AuthnStatementValidator
extends Object
implements org.opensaml.saml.saml2.assertion.StatementValidator
    StatementValidator implementation for AuthnStatement conditions.

    Supports the following ValidationContext static parameters:

    • SAML2AssertionValidationParameters.STMT_AUTHN_CHECK_ADDRESS: Optional.
    • SAML2AssertionValidationParameters.STMT_AUTHN_VALID_ADDRESSES: Required if SAML2AssertionValidationParameters.STMT_AUTHN_CHECK_ADDRESS is true or omitted, otherwise optional.
    • SAML2AssertionValidationParameters.STMT_AUTHN_MAX_TIME: Optional.

    Supports the following ValidationContext dynamic parameters:

    • None.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private Logger log
      Logger.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      QName getServicedStatement()
      org.opensaml.saml.common.assertion.ValidationResult validate​(org.opensaml.saml.saml2.core.Statement statement, org.opensaml.saml.saml2.core.Assertion assertion, org.opensaml.saml.common.assertion.ValidationContext context)
      protected org.opensaml.saml.common.assertion.ValidationResult validateAuthnContext​(org.opensaml.saml.saml2.core.AuthnStatement authnStatement, org.opensaml.saml.saml2.core.Assertion assertion, org.opensaml.saml.common.assertion.ValidationContext context)
      Validate the AuthnContext.
      protected org.opensaml.saml.common.assertion.ValidationResult validateAuthnInstant​(org.opensaml.saml.saml2.core.AuthnStatement authnStatement, org.opensaml.saml.saml2.core.Assertion assertion, org.opensaml.saml.common.assertion.ValidationContext context)
      Validate the authnInstant attribute of the AuthnStatement.
      protected org.opensaml.saml.common.assertion.ValidationResult validateSubjectLocality​(org.opensaml.saml.saml2.core.AuthnStatement authnStatement, org.opensaml.saml.saml2.core.Assertion assertion, org.opensaml.saml.common.assertion.ValidationContext context)
      Validate the SubjectLocality.

    • Field Detail

      • log

        private Logger log
        Logger.

    • Constructor Detail

      • AuthnStatementValidator

        public AuthnStatementValidator()

    • Method Detail

      • getServicedStatement

        public QName getServicedStatement()
        Specified by:
        getServicedStatement in interface org.opensaml.saml.saml2.assertion.StatementValidator

      • validate

        public org.opensaml.saml.common.assertion.ValidationResult validate​(@Nonnull
                                                                    org.opensaml.saml.saml2.core.Statement statement,
                                                                    @Nonnull
                                                                    org.opensaml.saml.saml2.core.Assertion assertion,
                                                                    @Nonnull
                                                                    org.opensaml.saml.common.assertion.ValidationContext context)
                                                             throws org.opensaml.saml.common.assertion.AssertionValidationException
        Specified by:
        validate in interface org.opensaml.saml.saml2.assertion.StatementValidator
        Throws:
        org.opensaml.saml.common.assertion.AssertionValidationException

      • validateAuthnInstant

        protected org.opensaml.saml.common.assertion.ValidationResult validateAuthnInstant​(@Nonnull
                                                                                   org.opensaml.saml.saml2.core.AuthnStatement authnStatement,
                                                                                   @Nonnull
                                                                                   org.opensaml.saml.saml2.core.Assertion assertion,
                                                                                   @Nonnull
                                                                                   org.opensaml.saml.common.assertion.ValidationContext context)
                                                                            throws org.opensaml.saml.common.assertion.AssertionValidationException
        Validate the authnInstant attribute of the AuthnStatement.
        Parameters:
        authnStatement - the current statement being validated
        assertion - the current assertion being evaluated
        context - the current validation context
        Returns:
        the validation result
        Throws:
        org.opensaml.saml.common.assertion.AssertionValidationException - if there is a fatal error during evaluation

      • validateSubjectLocality

        protected org.opensaml.saml.common.assertion.ValidationResult validateSubjectLocality​(@Nonnull
                                                                                      org.opensaml.saml.saml2.core.AuthnStatement authnStatement,
                                                                                      @Nonnull
                                                                                      org.opensaml.saml.saml2.core.Assertion assertion,
                                                                                      @Nonnull
                                                                                      org.opensaml.saml.common.assertion.ValidationContext context)
                                                                               throws org.opensaml.saml.common.assertion.AssertionValidationException
        Validate the SubjectLocality.
        Parameters:
        authnStatement - the current statement being validated
        assertion - the current assertion being evaluated
        context - the current validation context
        Returns:
        the validation result
        Throws:
        org.opensaml.saml.common.assertion.AssertionValidationException - if there is a fatal error during evaluation

      • validateAuthnContext

        protected org.opensaml.saml.common.assertion.ValidationResult validateAuthnContext​(@Nonnull
                                                                                   org.opensaml.saml.saml2.core.AuthnStatement authnStatement,
                                                                                   @Nonnull
                                                                                   org.opensaml.saml.saml2.core.Assertion assertion,
                                                                                   @Nonnull
                                                                                   org.opensaml.saml.common.assertion.ValidationContext context)
                                                                            throws org.opensaml.saml.common.assertion.AssertionValidationException
        Validate the AuthnContext.

        The default implementation is a no-op and always valid. Subclasses may override.

        Parameters:
        authnStatement - the current statement being validated
        assertion - the current assertion being evaluated
        context - the current validation context
        Returns:
        the validation result
        Throws:
        org.opensaml.saml.common.assertion.AssertionValidationException - if there is a fatal error during evaluation