Package org.opensaml.saml.saml2.profile.impl

Class ValidateAssertions

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, org.opensaml.profile.action.ProfileAction
    public class ValidateAssertions
extends org.opensaml.profile.action.AbstractProfileAction
    A profile action which resolves SAML 2.0 Assertions from the profile request context and validates them using a resolved or configured instance of SAML20AssertionValidator.

    The ValidationResult along with the ValidationContext used are stored in the assertion's XMLObject.getObjectMetadata() as instance of ValidationProcessingData.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private Function<org.opensaml.profile.context.ProfileRequestContext,​List<org.opensaml.saml.saml2.core.Assertion>> assertionResolver
      The resolver for the list of assertions to be validated.
      private List<org.opensaml.saml.saml2.core.Assertion> assertions
      The resolved assertions to be validated.
      private org.opensaml.saml.saml2.assertion.SAML20AssertionValidator assertionValidator
      The SAML 2.0 Assertion validator, may be null.
      private Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Assertion>,​org.opensaml.saml.saml2.assertion.SAML20AssertionValidator> assertionValidatorLookup
      The SAML 2.0 Assertion validator lookup function, may be null.
      private javax.servlet.http.HttpServletRequest httpServletRequest
      The HttpServletRequest being processed.
      private boolean invalidFatal
      Flag which indicates whether a failure of Assertion validation should be considered fatal.
      private Logger log
      Class logger.
      private Function<ValidateAssertions.AssertionValidationInput,​org.opensaml.saml.common.assertion.ValidationContext> validationContextBuilder
      Function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected org.opensaml.saml.common.assertion.ValidationContext buildValidationContext​(org.opensaml.profile.context.ProfileRequestContext profileContext, org.opensaml.saml.saml2.core.Assertion assertion)
      Build the Assertion ValidationContext.
      protected void doDestroy()
      protected void doExecute​(org.opensaml.profile.context.ProfileRequestContext profileContext)
      protected void doInitialize()
      protected boolean doPreExecute​(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
      Function<org.opensaml.profile.context.ProfileRequestContext,​List<org.opensaml.saml.saml2.core.Assertion>> getAssertionResolver()
      Get the function which resolves the list of assertions to validate.
      org.opensaml.saml.saml2.assertion.SAML20AssertionValidator getAssertionValidator()
      Get the locally-configured Assertion validator.
      Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Assertion>,​org.opensaml.saml.saml2.assertion.SAML20AssertionValidator> getAssertionValidatorLookup()
      Get the Assertion validator lookup function.
      javax.servlet.http.HttpServletRequest getHttpServletRequest()
      Get the HTTP servlet request being processed.
      Function<ValidateAssertions.AssertionValidationInput,​org.opensaml.saml.common.assertion.ValidationContext> getValidationContextBuilder()
      Get the function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.
      boolean isInvalidFatal()
      Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
      protected void processResult​(org.opensaml.saml.common.assertion.ValidationContext validationContext, org.opensaml.saml.common.assertion.ValidationResult validationResult, org.opensaml.saml.saml2.core.Assertion assertion, org.opensaml.profile.context.ProfileRequestContext profileContext)
      Process the result of the assertion validation.
      protected org.opensaml.saml.saml2.assertion.SAML20AssertionValidator resolveValidator​(org.opensaml.profile.context.ProfileRequestContext profileContext, org.opensaml.saml.saml2.core.Assertion assertion)
      Resolve the Assertion token validator to use with the specified Assertion.
      void setAssertionResolver​(Function<org.opensaml.profile.context.ProfileRequestContext,​List<org.opensaml.saml.saml2.core.Assertion>> function)
      Set the function which resolves the list of assertions to validate.
      void setAssertionValidator​(org.opensaml.saml.saml2.assertion.SAML20AssertionValidator validator)
      Set the locally-configured Assertion validator.
      void setAssertionValidatorLookup​(Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Assertion>,​org.opensaml.saml.saml2.assertion.SAML20AssertionValidator> function)
      Set the Assertion validator lookup function.
      void setHttpServletRequest​(javax.servlet.http.HttpServletRequest request)
      Set the HTTP servlet request being processed.
      void setInvalidFatal​(boolean flag)
      Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
      void setValidationContextBuilder​(Function<ValidateAssertions.AssertionValidationInput,​org.opensaml.saml.common.assertion.ValidationContext> builder)
      Set the function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

      • Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

        doPostExecute, doPostExecute, execute, getHttpServletResponse, getLogPrefix, setHttpServletResponse

      • Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

        destroy, initialize, isDestroyed, isInitialized

      • Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

        initialize, isInitialized

    • Field Detail

      • log

        @Nonnull
private final Logger log
        Class logger.

      • httpServletRequest

        @NonnullAfterInit
private javax.servlet.http.HttpServletRequest httpServletRequest
        The HttpServletRequest being processed.

      • invalidFatal

        private boolean invalidFatal
        Flag which indicates whether a failure of Assertion validation should be considered fatal.

      • assertionValidator

        @Nullable
private org.opensaml.saml.saml2.assertion.SAML20AssertionValidator assertionValidator
        The SAML 2.0 Assertion validator, may be null.

      • assertionValidatorLookup

        @Nullable
private Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Assertion>,​org.opensaml.saml.saml2.assertion.SAML20AssertionValidator> assertionValidatorLookup
        The SAML 2.0 Assertion validator lookup function, may be null.

      • assertionResolver

        @Nonnull
private Function<org.opensaml.profile.context.ProfileRequestContext,​List<org.opensaml.saml.saml2.core.Assertion>> assertionResolver
        The resolver for the list of assertions to be validated.

      • assertions

        private List<org.opensaml.saml.saml2.core.Assertion> assertions
        The resolved assertions to be validated.

    • Constructor Detail

      • ValidateAssertions

        public ValidateAssertions()
        Constructor.

    • Method Detail

      • getAssertionResolver

        @Nonnull
public Function<org.opensaml.profile.context.ProfileRequestContext,​List<org.opensaml.saml.saml2.core.Assertion>> getAssertionResolver()
        Get the function which resolves the list of assertions to validate.
        Returns:
        the assertion resolver function

      • setAssertionResolver

        public void setAssertionResolver​(@Nonnull
                                 Function<org.opensaml.profile.context.ProfileRequestContext,​List<org.opensaml.saml.saml2.core.Assertion>> function)
        Set the function which resolves the list of assertions to validate.
        Parameters:
        function - the new assertion resolver function

      • getHttpServletRequest

        @NonnullAfterInit
public javax.servlet.http.HttpServletRequest getHttpServletRequest()
        Get the HTTP servlet request being processed.
        Overrides:
        getHttpServletRequest in class org.opensaml.profile.action.AbstractProfileAction
        Returns:
        the HTTP servlet request

      • setHttpServletRequest

        public void setHttpServletRequest​(@Nonnull
                                  javax.servlet.http.HttpServletRequest request)
        Set the HTTP servlet request being processed.
        Overrides:
        setHttpServletRequest in class org.opensaml.profile.action.AbstractProfileAction
        Parameters:
        request - The HTTP servlet request

      • isInvalidFatal

        public boolean isInvalidFatal()
        Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

        Defaults to: true.

        Returns:
        Returns the invalidFatal.

      • setInvalidFatal

        public void setInvalidFatal​(boolean flag)
        Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

        Defaults to: true.

        Parameters:
        flag - The invalidFatal to set.

      • getAssertionValidator

        @Nullable
public org.opensaml.saml.saml2.assertion.SAML20AssertionValidator getAssertionValidator()
        Get the locally-configured Assertion validator.
        Returns:
        the local Assertion validator, or null

      • setAssertionValidator

        public void setAssertionValidator​(@Nullable
                                  org.opensaml.saml.saml2.assertion.SAML20AssertionValidator validator)
        Set the locally-configured Assertion validator.
        Parameters:
        validator - the local Assertion validator, may be null

      • getAssertionValidatorLookup

        @Nullable
public Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Assertion>,​org.opensaml.saml.saml2.assertion.SAML20AssertionValidator> getAssertionValidatorLookup()
        Get the Assertion validator lookup function.
        Returns:
        the Assertion validator lookup function, or null

      • setAssertionValidatorLookup

        public void setAssertionValidatorLookup​(@Nullable
                                        Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.profile.context.ProfileRequestContext,​org.opensaml.saml.saml2.core.Assertion>,​org.opensaml.saml.saml2.assertion.SAML20AssertionValidator> function)
        Set the Assertion validator lookup function.
        Parameters:
        function - the Assertion validator lookup function, may be null

      • doInitialize

        protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
        Overrides:
        doInitialize in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
        Throws:
        net.shibboleth.utilities.java.support.component.ComponentInitializationException

      • doDestroy

        protected void doDestroy()
        Overrides:
        doDestroy in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

      • doPreExecute

        protected boolean doPreExecute​(@Nonnull
                               org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
        Overrides:
        doPreExecute in class org.opensaml.profile.action.AbstractProfileAction

      • doExecute

        protected void doExecute​(@Nonnull
                         org.opensaml.profile.context.ProfileRequestContext profileContext)
        Overrides:
        doExecute in class org.opensaml.profile.action.AbstractProfileAction

      • processResult

        protected void processResult​(@Nonnull
                             org.opensaml.saml.common.assertion.ValidationContext validationContext,
                             @Nonnull
                             org.opensaml.saml.common.assertion.ValidationResult validationResult,
                             @Nonnull
                             org.opensaml.saml.saml2.core.Assertion assertion,
                             @Nonnull
                             org.opensaml.profile.context.ProfileRequestContext profileContext)
        Process the result of the assertion validation.
        Parameters:
        validationContext - the Assertion validation context
        validationResult - the Assertion validation result
        assertion - the assertion being evaluated produced
        profileContext - the current profile request context

      • resolveValidator

        @Nullable
protected org.opensaml.saml.saml2.assertion.SAML20AssertionValidator resolveValidator​(@Nonnull
                                                                                      org.opensaml.profile.context.ProfileRequestContext profileContext,
                                                                                      @Nonnull
                                                                                      org.opensaml.saml.saml2.core.Assertion assertion)
        Resolve the Assertion token validator to use with the specified Assertion.
        Parameters:
        profileContext - the current profile context
        assertion - the assertion being evaluated
        Returns:
        the token validator

      • buildValidationContext

        @Nonnull
protected org.opensaml.saml.common.assertion.ValidationContext buildValidationContext​(@Nonnull
                                                                                      org.opensaml.profile.context.ProfileRequestContext profileContext,
                                                                                      @Nonnull
                                                                                      org.opensaml.saml.saml2.core.Assertion assertion)
                                                                               throws org.opensaml.saml.common.assertion.AssertionValidationException
        Build the Assertion ValidationContext.
        Parameters:
        profileContext - the current profile context
        assertion - the assertion which is to be validated
        Returns:
        the new Assertion validation context to use
        Throws:
        org.opensaml.saml.common.assertion.AssertionValidationException - if no validation context instance could be built