Package org.opensaml.saml.saml2.binding.decoding.impl

Class HTTPArtifactDecoder

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, net.shibboleth.utilities.java.support.component.UnmodifiableComponent, org.opensaml.messaging.decoder.MessageDecoder, org.opensaml.messaging.decoder.servlet.HttpServletRequestMessageDecoder, org.opensaml.saml.common.binding.decoding.SAMLMessageDecoder
    public class HTTPArtifactDecoder
extends org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder
implements org.opensaml.saml.common.binding.decoding.SAMLMessageDecoder
    SAML 2 Artifact Binding decoder, support both HTTP GET and POST.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private org.opensaml.saml.saml2.binding.artifact.SAML2ArtifactBuilderFactory artifactBuilderFactory
      SAML 2 artifact builder factory.
      private org.opensaml.saml.common.binding.EndpointResolver<org.opensaml.saml.saml2.metadata.ArtifactResolutionService> artifactEndpointResolver
      Resolver for ArtifactResolutionService endpoints.
      private org.opensaml.saml.common.binding.BindingDescriptor bindingDescriptor
      Optional BindingDescriptor to inject into SAMLBindingContext created.
      private net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy idStrategy
      Identifier generation strategy.
      private Logger log
      Class logger.
      private QName peerEntityRole
      The peer entity role QName.
      private org.opensaml.saml.metadata.resolver.RoleDescriptorResolver roleDescriptorResolver
      Role descriptor resolver.
      private net.shibboleth.utilities.java.support.resolver.Resolver<String,​net.shibboleth.utilities.java.support.resolver.CriteriaSet> selfEntityIDResolver
      Resolver for the self entityID, based on the peer entity data.
      private org.opensaml.soap.client.SOAPClient soapClient
      SOAP client.
      private String soapClientSecurityConfigurationProfileId
      SOAP client security configuration profile ID.
      private String soapPipelineName
      The SOAP client message pipeline name.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private org.opensaml.saml.saml2.core.ArtifactResolve buildArtifactResolveRequestMessage​(org.opensaml.saml.saml2.binding.artifact.SAML2Artifact artifact, String endpoint, org.opensaml.saml.saml2.metadata.RoleDescriptor peerRoleDescriptor, String selfEntityID)
      Build the SAML protocol message for artifact resolution.
      private org.opensaml.saml.saml2.core.Issuer buildIssuer​(String selfEntityID)
      Build the SAML protocol message Issuer element.
      private org.opensaml.saml.common.SAMLObject dereferenceArtifact​(org.opensaml.saml.saml2.binding.artifact.SAML2Artifact artifact, org.opensaml.saml.saml2.metadata.RoleDescriptor peerRoleDescriptor, org.opensaml.saml.saml2.metadata.ArtifactResolutionService ars)
      De-reference the supplied artifact into the corresponding SAML protocol message.
      protected void doDecode()
      protected void doDestroy()
      protected void doInitialize()
      org.opensaml.saml.saml2.binding.artifact.SAML2ArtifactBuilderFactory getArtifactBuilderFactory()
      Get the SAML 2 artifact builder factory.
      org.opensaml.saml.common.binding.EndpointResolver<org.opensaml.saml.saml2.metadata.ArtifactResolutionService> getArtifactEndpointResolver()
      Get the artifact endpoint resolver.
      org.opensaml.saml.common.binding.BindingDescriptor getBindingDescriptor()
      Get an optional BindingDescriptor to inject into SAMLBindingContext created.
      String getBindingURI()
      net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy getIdentifierGenerationStrategy()
      Get the identifier generation strategy.
      QName getPeerEntityRole()
      Get the peer entity role QName.
      org.opensaml.saml.metadata.resolver.RoleDescriptorResolver getRoleDescriptorResolver()
      Get the role descriptor resolver.
      net.shibboleth.utilities.java.support.resolver.Resolver<String,​net.shibboleth.utilities.java.support.resolver.CriteriaSet> getSelfEntityIDResolver()
      Get the resolver for the self entityID.
      org.opensaml.soap.client.SOAPClient getSOAPClient()
      Get the SOAP client instance.
      String getSOAPClientSecurityConfigurationProfileId()
      Get the SOAP client security configuration profile ID to use.
      String getSOAPPipelineName()
      Get the name of the specific SOAP client message pipeline to use, for example with PipelineFactoryHttpSOAPClient.
      private org.opensaml.saml.saml2.binding.artifact.SAML2Artifact parseArtifact​(String encodedArtifact)
      Parse and decode the supplied encoded artifact string into a SAML2Artifact instance.
      protected void populateBindingContext​(org.opensaml.messaging.context.MessageContext messageContext)
      Populate the context which carries information specific to this binding.
      private void processArtifact​(org.opensaml.messaging.context.MessageContext messageContext, javax.servlet.http.HttpServletRequest request)
      Process the incoming artifact by decoding the artifacts, dereferencing it from the artifact issuer and storing the resulting protocol message in the message context.
      private org.opensaml.saml.saml2.metadata.ArtifactResolutionService resolveArtifactEndpoint​(org.opensaml.saml.saml2.binding.artifact.SAML2Artifact artifact, org.opensaml.saml.saml2.metadata.RoleDescriptor peerRoleDescriptor)
      Resolve the artifact resolution endpoint of the peer who issued the artifact.
      private org.opensaml.saml.saml2.metadata.RoleDescriptor resolvePeerRoleDescriptor​(org.opensaml.saml.saml2.binding.artifact.SAML2Artifact artifact)
      Resolve the role descriptor of the SAML peer who issued the supplied artifact.
      private String resolveSelfEntityID​(org.opensaml.saml.saml2.metadata.RoleDescriptor peerRoleDescriptor)
      Resolve the self entityID, used as the issuer of the protocol message by this entity.
      void setArtifactBuilderFactory​(org.opensaml.saml.saml2.binding.artifact.SAML2ArtifactBuilderFactory factory)
      Set the SAML 2 artifact builder factory.
      void setArtifactEndpointResolver​(org.opensaml.saml.common.binding.EndpointResolver<org.opensaml.saml.saml2.metadata.ArtifactResolutionService> resolver)
      Set the artifact endpoint resolver.
      void setBindingDescriptor​(org.opensaml.saml.common.binding.BindingDescriptor descriptor)
      Set an optional BindingDescriptor to inject into SAMLBindingContext created.
      void setIdentifierGenerationStrategy​(net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy strategy)
      Set the identifier generation strategy.
      void setPeerEntityRole​(QName role)
      Set the peer entity role QName.
      void setRoleDescriptorResolver​(org.opensaml.saml.metadata.resolver.RoleDescriptorResolver resolver)
      Set the role descriptor resolver.
      void setSelfEntityIDResolver​(net.shibboleth.utilities.java.support.resolver.Resolver<String,​net.shibboleth.utilities.java.support.resolver.CriteriaSet> resolver)
      Set the resolver for the self entityID.
      void setSOAPClient​(org.opensaml.soap.client.SOAPClient client)
      Set the SOAP client instance.
      void setSOAPClientSecurityConfigurationProfileId​(String profileId)
      Set the SOAP client security configuration profile ID to use.
      void setSOAPPipelineName​(String name)
      Set the name of the specific SOAP client message pipeline to use, for example with PipelineFactoryHttpSOAPClient.
      private org.opensaml.saml.common.SAMLObject validateAndExtractResponseMessage​(org.opensaml.saml.saml2.core.ArtifactResponse artifactResponse)
      Validate and extract the SAML protocol message from the artifact response.

      • Methods inherited from class org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder

        decode, getMessageToLog, getParserPool, logDecodedMessage, setParserPool, unmarshallMessage, validateHttpRequest

      • Methods inherited from class org.opensaml.messaging.decoder.servlet.AbstractHttpServletRequestMessageDecoder

        getHttpServletRequest, setHttpServletRequest

      • Methods inherited from class org.opensaml.messaging.decoder.AbstractMessageDecoder

        getMessageContext, setMessageContext

      • Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

        destroy, initialize, isDestroyed, isInitialized

      • Methods inherited from interface net.shibboleth.utilities.java.support.component.DestructableComponent

        destroy, isDestroyed

      • Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

        initialize, isInitialized

      • Methods inherited from interface org.opensaml.messaging.decoder.MessageDecoder

        decode, getMessageContext

    • Field Detail

      • log

        @Nonnull
private final Logger log
        Class logger.

      • bindingDescriptor

        @Nullable
private org.opensaml.saml.common.binding.BindingDescriptor bindingDescriptor
        Optional BindingDescriptor to inject into SAMLBindingContext created.

      • artifactBuilderFactory

        @NonnullAfterInit
private org.opensaml.saml.saml2.binding.artifact.SAML2ArtifactBuilderFactory artifactBuilderFactory
        SAML 2 artifact builder factory.

      • artifactEndpointResolver

        @NonnullAfterInit
private org.opensaml.saml.common.binding.EndpointResolver<org.opensaml.saml.saml2.metadata.ArtifactResolutionService> artifactEndpointResolver
        Resolver for ArtifactResolutionService endpoints.

      • roleDescriptorResolver

        @NonnullAfterInit
private org.opensaml.saml.metadata.resolver.RoleDescriptorResolver roleDescriptorResolver
        Role descriptor resolver.

      • peerEntityRole

        @NonnullAfterInit
private QName peerEntityRole
        The peer entity role QName.

      • selfEntityIDResolver

        @NonnullAfterInit
private net.shibboleth.utilities.java.support.resolver.Resolver<String,​net.shibboleth.utilities.java.support.resolver.CriteriaSet> selfEntityIDResolver
        Resolver for the self entityID, based on the peer entity data.

      • soapClient

        private org.opensaml.soap.client.SOAPClient soapClient
        SOAP client.

      • soapPipelineName

        private String soapPipelineName
        The SOAP client message pipeline name.

      • soapClientSecurityConfigurationProfileId

        private String soapClientSecurityConfigurationProfileId
        SOAP client security configuration profile ID.

      • idStrategy

        private net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy idStrategy
        Identifier generation strategy.

    • Constructor Detail

      • HTTPArtifactDecoder

        public HTTPArtifactDecoder()

    • Method Detail

      • doInitialize

        protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
        Overrides:
        doInitialize in class org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder
        Throws:
        net.shibboleth.utilities.java.support.component.ComponentInitializationException

      • doDestroy

        protected void doDestroy()
        Overrides:
        doDestroy in class org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder

      • getIdentifierGenerationStrategy

        @NonnullAfterInit
public net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy getIdentifierGenerationStrategy()
        Get the identifier generation strategy.
        Returns:
        Returns the identifier generation strategy

      • setIdentifierGenerationStrategy

        public void setIdentifierGenerationStrategy​(@Nullable
                                            net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy strategy)
        Set the identifier generation strategy.
        Parameters:
        strategy - the identifier generation strategy

      • getSelfEntityIDResolver

        @NonnullAfterInit
public net.shibboleth.utilities.java.support.resolver.Resolver<String,​net.shibboleth.utilities.java.support.resolver.CriteriaSet> getSelfEntityIDResolver()
        Get the resolver for the self entityID.
        Returns:
        the resolver

      • setSelfEntityIDResolver

        public void setSelfEntityIDResolver​(@Nonnull
                                    net.shibboleth.utilities.java.support.resolver.Resolver<String,​net.shibboleth.utilities.java.support.resolver.CriteriaSet> resolver)
        Set the resolver for the self entityID.
        Parameters:
        resolver - the resolver instance

      • getPeerEntityRole

        @NonnullAfterInit
public QName getPeerEntityRole()
        Get the peer entity role QName.
        Returns:
        the peer entity role

      • setPeerEntityRole

        public void setPeerEntityRole​(@Nonnull
                              QName role)
        Set the peer entity role QName.
        Parameters:
        role - the peer entity role

      • getArtifactEndpointResolver

        @NonnullAfterInit
public org.opensaml.saml.common.binding.EndpointResolver<org.opensaml.saml.saml2.metadata.ArtifactResolutionService> getArtifactEndpointResolver()
        Get the artifact endpoint resolver.
        Returns:
        the endpoint resolver

      • setArtifactEndpointResolver

        public void setArtifactEndpointResolver​(@Nullable
                                        org.opensaml.saml.common.binding.EndpointResolver<org.opensaml.saml.saml2.metadata.ArtifactResolutionService> resolver)
        Set the artifact endpoint resolver.
        Parameters:
        resolver - the new resolver

      • getRoleDescriptorResolver

        @NonnullAfterInit
public org.opensaml.saml.metadata.resolver.RoleDescriptorResolver getRoleDescriptorResolver()
        Get the role descriptor resolver.

        Must be capable of resolving descriptors based on ArtifactCriterion.

        Returns:
        the role descriptor resolver

      • setRoleDescriptorResolver

        public void setRoleDescriptorResolver​(@Nullable
                                      org.opensaml.saml.metadata.resolver.RoleDescriptorResolver resolver)
        Set the role descriptor resolver.

        Must be capable of resolving descriptors based on ArtifactCriterion.

        Parameters:
        resolver - the role descriptor resolver

      • getArtifactBuilderFactory

        @NonnullAfterInit
public org.opensaml.saml.saml2.binding.artifact.SAML2ArtifactBuilderFactory getArtifactBuilderFactory()
        Get the SAML 2 artifact builder factory.
        Returns:
        the artifact builder factory in use

      • setArtifactBuilderFactory

        public void setArtifactBuilderFactory​(@Nullable
                                      org.opensaml.saml.saml2.binding.artifact.SAML2ArtifactBuilderFactory factory)
        Set the SAML 2 artifact builder factory.
        Parameters:
        factory - the artifact builder factory

      • getSOAPClient

        @NonnullAfterInit
public org.opensaml.soap.client.SOAPClient getSOAPClient()
        Get the SOAP client instance.
        Returns:
        the SOAP client

      • setSOAPClient

        public void setSOAPClient​(@Nonnull
                          org.opensaml.soap.client.SOAPClient client)
        Set the SOAP client instance.
        Parameters:
        client - the SOAP client

      • getSOAPPipelineName

        @Nullable
public String getSOAPPipelineName()
        Get the name of the specific SOAP client message pipeline to use, for example with PipelineFactoryHttpSOAPClient.
        Returns:
        the pipeline name, or null

      • setSOAPPipelineName

        public void setSOAPPipelineName​(@Nullable
                                String name)
        Set the name of the specific SOAP client message pipeline to use, for example with PipelineFactoryHttpSOAPClient.
        Parameters:
        name - the pipeline name, or null

      • getSOAPClientSecurityConfigurationProfileId

        @Nullable
public String getSOAPClientSecurityConfigurationProfileId()
        Get the SOAP client security configuration profile ID to use.
        Returns:
        the client security configuration profile ID, or null

      • setSOAPClientSecurityConfigurationProfileId

        @Nonnull
public void setSOAPClientSecurityConfigurationProfileId​(@Nullable
                                                        String profileId)
        Set the SOAP client security configuration profile ID to use.
        Parameters:
        profileId - the profile ID, or null

      • getBindingURI

        @Nonnull
@NotEmpty
public String getBindingURI()
        Specified by:
        getBindingURI in interface org.opensaml.saml.common.binding.decoding.SAMLMessageDecoder

      • getBindingDescriptor

        @Nullable
public org.opensaml.saml.common.binding.BindingDescriptor getBindingDescriptor()
        Get an optional BindingDescriptor to inject into SAMLBindingContext created.
        Returns:
        binding descriptor

      • setBindingDescriptor

        public void setBindingDescriptor​(@Nullable
                                 org.opensaml.saml.common.binding.BindingDescriptor descriptor)
        Set an optional BindingDescriptor to inject into SAMLBindingContext created.
        Parameters:
        descriptor - a binding descriptor

      • doDecode

        protected void doDecode()
                 throws org.opensaml.messaging.decoder.MessageDecodingException
        Specified by:
        doDecode in class org.opensaml.messaging.decoder.AbstractMessageDecoder
        Throws:
        org.opensaml.messaging.decoder.MessageDecodingException

      • processArtifact

        private void processArtifact​(org.opensaml.messaging.context.MessageContext messageContext,
                             javax.servlet.http.HttpServletRequest request)
                      throws org.opensaml.messaging.decoder.MessageDecodingException
        Process the incoming artifact by decoding the artifacts, dereferencing it from the artifact issuer and storing the resulting protocol message in the message context.
        Parameters:
        messageContext - the message context being processed
        request - the HTTP servlet request
        Throws:
        org.opensaml.messaging.decoder.MessageDecodingException - thrown if there is a problem decoding or dereferencing the artifact

      • dereferenceArtifact

        @Nonnull
private org.opensaml.saml.common.SAMLObject dereferenceArtifact​(@Nonnull
                                                                org.opensaml.saml.saml2.binding.artifact.SAML2Artifact artifact,
                                                                @Nonnull
                                                                org.opensaml.saml.saml2.metadata.RoleDescriptor peerRoleDescriptor,
                                                                @Nonnull
                                                                org.opensaml.saml.saml2.metadata.ArtifactResolutionService ars)
                                                         throws org.opensaml.messaging.decoder.MessageDecodingException
        De-reference the supplied artifact into the corresponding SAML protocol message.
        Parameters:
        artifact - the artifact to de-reference
        peerRoleDescriptor - the peer RoleDescriptor
        ars - the peer's artifact resolution service endpoint
        Returns:
        the de-referenced artifact
        Throws:
        org.opensaml.messaging.decoder.MessageDecodingException - if there is fatal error, or if the artifact was not successfully resolved

      • validateAndExtractResponseMessage

        @Nonnull
private org.opensaml.saml.common.SAMLObject validateAndExtractResponseMessage​(@Nonnull
                                                                              org.opensaml.saml.saml2.core.ArtifactResponse artifactResponse)
                                                                       throws org.opensaml.messaging.decoder.MessageDecodingException
        Validate and extract the SAML protocol message from the artifact response.
        Parameters:
        artifactResponse - the response to process
        Returns:
        the SAML protocol message
        Throws:
        org.opensaml.messaging.decoder.MessageDecodingException - if the protocol message was not sent or there was a non-success status response

      • buildArtifactResolveRequestMessage

        @Nonnull
private org.opensaml.saml.saml2.core.ArtifactResolve buildArtifactResolveRequestMessage​(@Nonnull
                                                                                        org.opensaml.saml.saml2.binding.artifact.SAML2Artifact artifact,
                                                                                        @Nonnull
                                                                                        String endpoint,
                                                                                        @Nonnull
                                                                                        org.opensaml.saml.saml2.metadata.RoleDescriptor peerRoleDescriptor,
                                                                                        @Nonnull
                                                                                        String selfEntityID)
        Build the SAML protocol message for artifact resolution.
        Parameters:
        artifact - the artifact being de-referenced
        endpoint - the peer artifact resolution service endpoint
        peerRoleDescriptor - the peer RoleDescriptor
        selfEntityID - the entityID of this party, the issuer of the protocol request message
        Returns:
        the SAML protocol message for artifact resolution

      • resolveSelfEntityID

        @Nonnull
private String resolveSelfEntityID​(@Nonnull
                                   org.opensaml.saml.saml2.metadata.RoleDescriptor peerRoleDescriptor)
                            throws org.opensaml.messaging.decoder.MessageDecodingException
        Resolve the self entityID, used as the issuer of the protocol message by this entity.
        Parameters:
        peerRoleDescriptor - the peer RoleDescriptor
        Returns:
        the resolved self entityID
        Throws:
        org.opensaml.messaging.decoder.MessageDecodingException - if there was a fatal error during resolution, or the entityID could not be resolved

      • buildIssuer

        @Nonnull
private org.opensaml.saml.saml2.core.Issuer buildIssuer​(@Nonnull
                                                        String selfEntityID)
        Build the SAML protocol message Issuer element.
        Parameters:
        selfEntityID - the entity ID of the protocol message issuer (this entity)
        Returns:
        the Issuer element

      • resolveArtifactEndpoint

        @Nonnull
private org.opensaml.saml.saml2.metadata.ArtifactResolutionService resolveArtifactEndpoint​(@Nonnull
                                                                                           org.opensaml.saml.saml2.binding.artifact.SAML2Artifact artifact,
                                                                                           @Nonnull
                                                                                           org.opensaml.saml.saml2.metadata.RoleDescriptor peerRoleDescriptor)
                                                                                    throws org.opensaml.messaging.decoder.MessageDecodingException
        Resolve the artifact resolution endpoint of the peer who issued the artifact.
        Parameters:
        artifact - the artifact
        peerRoleDescriptor - the peer RoleDescriptor
        Returns:
        the peer artifact resolution service endpoint
        Throws:
        org.opensaml.messaging.decoder.MessageDecodingException - if there is a fatal error resolving the endpoint, or the endpoint could not be resolved

      • resolvePeerRoleDescriptor

        @Nonnull
private org.opensaml.saml.saml2.metadata.RoleDescriptor resolvePeerRoleDescriptor​(@Nonnull
                                                                                  org.opensaml.saml.saml2.binding.artifact.SAML2Artifact artifact)
                                                                           throws org.opensaml.messaging.decoder.MessageDecodingException
        Resolve the role descriptor of the SAML peer who issued the supplied artifact.
        Parameters:
        artifact - the artifact to process
        Returns:
        the peer RoleDescriptor
        Throws:
        org.opensaml.messaging.decoder.MessageDecodingException - if there was a fatal error resolving the role descriptor, or the descriptor could not be resolved

      • parseArtifact

        @Nonnull
private org.opensaml.saml.saml2.binding.artifact.SAML2Artifact parseArtifact​(@Nonnull
                                                                             String encodedArtifact)
                                                                      throws org.opensaml.messaging.decoder.MessageDecodingException
        Parse and decode the supplied encoded artifact string into a SAML2Artifact instance.
        Parameters:
        encodedArtifact - the encoded artifact which was received
        Returns:
        the decoded artifact instance
        Throws:
        org.opensaml.messaging.decoder.MessageDecodingException - if the encoded artifact could not be decoded

      • populateBindingContext

        protected void populateBindingContext​(org.opensaml.messaging.context.MessageContext messageContext)
        Populate the context which carries information specific to this binding.
        Parameters:
        messageContext - the current message context