Package org.opensaml.saml.saml2.wssecurity.messaging.impl

Class WSSecuritySAML20AssertionTokenSecurityHandler

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.messaging.handler.AbstractMessageHandler

org.opensaml.saml.saml2.wssecurity.messaging.impl.WSSecuritySAML20AssertionTokenSecurityHandler

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, org.opensaml.messaging.handler.MessageHandler

public class WSSecuritySAML20AssertionTokenSecurityHandler
extends org.opensaml.messaging.handler.AbstractMessageHandler

A security handler which resolves SAML 2.0 Assertion tokens from a SOAP envelope's wsse:Security header, validates them, and makes them available via via the WSSecurityContext.

Field Summary

Fields

Modifier and Type	Field	Description
private org.opensaml.saml.saml2.assertion.SAML20AssertionValidator	assertionValidator	The SAML 2.0 Assertion validator, may be null.
private Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,org.opensaml.saml.saml2.core.Assertion>,org.opensaml.saml.saml2.assertion.SAML20AssertionValidator>	assertionValidatorLookup	The SAML 2.0 Assertion validator lookup function, may be null.
private javax.servlet.http.HttpServletRequest	httpServletRequest	The HttpServletRequest being processed.
private boolean	invalidFatal	Flag which indicates whether a failure of Assertion validation should be considered fatal.
private org.slf4j.Logger	log	Class logger.
private Function<SAML20AssertionTokenValidationInput,org.opensaml.saml.common.assertion.ValidationContext>	validationContextBuilder	Function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Constructor Summary

Constructors

Constructor	Description
WSSecuritySAML20AssertionTokenSecurityHandler()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected org.opensaml.saml.common.assertion.ValidationContext	buildValidationContext(org.opensaml.messaging.context.MessageContext messageContext, org.opensaml.saml.saml2.core.Assertion assertion)	Build the Assertion ValidationContext.
protected void	doDestroy()
protected void	doInitialize()
protected void	doInvoke(org.opensaml.messaging.context.MessageContext messageContext)
org.opensaml.saml.saml2.assertion.SAML20AssertionValidator	getAssertionValidator()	Get the locally-configured Assertion validator.
Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,org.opensaml.saml.saml2.core.Assertion>,org.opensaml.saml.saml2.assertion.SAML20AssertionValidator>	getAssertionValidatorLookup()	Get the Assertion validator lookup function.
javax.servlet.http.HttpServletRequest	getHttpServletRequest()	Get the HTTP servlet request being processed.
Function<SAML20AssertionTokenValidationInput,org.opensaml.saml.common.assertion.ValidationContext>	getValidationContextBuilder()	Get the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.
boolean	isInvalidFatal()	Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
protected void	processResult(org.opensaml.saml.common.assertion.ValidationContext validationContext, org.opensaml.saml.common.assertion.ValidationResult validationResult, org.opensaml.saml.saml2.wssecurity.SAML20AssertionToken token, org.opensaml.messaging.context.MessageContext messageContext)	Process the result of the token validation.
protected List<org.opensaml.saml.saml2.core.Assertion>	resolveAssertions(org.opensaml.messaging.context.MessageContext messageContext)	Resolve the SAML 2.0 Assertions token from the SOAP envelope.
protected org.opensaml.saml.saml2.assertion.SAML20AssertionValidator	resolveValidator(org.opensaml.messaging.context.MessageContext messageContext, org.opensaml.saml.saml2.core.Assertion assertion)	Resolve the Assertion token validator to use with the specified Assertion.
void	setAssertionValidator(org.opensaml.saml.saml2.assertion.SAML20AssertionValidator validator)	Set the locally-configured Assertion validator.
void	setAssertionValidatorLookup(Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,org.opensaml.saml.saml2.core.Assertion>,org.opensaml.saml.saml2.assertion.SAML20AssertionValidator> function)	Set the Assertion validator lookup function.
void	setHttpServletRequest(javax.servlet.http.HttpServletRequest request)	Set the HTTP servlet request being processed.
void	setInvalidFatal(boolean flag)	Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
void	setValidationContextBuilder(Function<SAML20AssertionTokenValidationInput,org.opensaml.saml.common.assertion.ValidationContext> builder)	Set the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

doPostInvoke, doPostInvoke, doPreInvoke, getActivationCondition, getLogPrefix, invoke, setActivationCondition

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

httpServletRequest

@NonnullAfterInit
private javax.servlet.http.HttpServletRequest httpServletRequest

The HttpServletRequest being processed.

invalidFatal

private boolean invalidFatal

Flag which indicates whether a failure of Assertion validation should be considered fatal.

assertionValidator

@Nullable
private org.opensaml.saml.saml2.assertion.SAML20AssertionValidator assertionValidator

The SAML 2.0 Assertion validator, may be null.

assertionValidatorLookup

@Nullable
private Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,org.opensaml.saml.saml2.core.Assertion>,org.opensaml.saml.saml2.assertion.SAML20AssertionValidator> assertionValidatorLookup

The SAML 2.0 Assertion validator lookup function, may be null.

validationContextBuilder

@NonnullAfterInit
private Function<SAML20AssertionTokenValidationInput,org.opensaml.saml.common.assertion.ValidationContext> validationContextBuilder

Function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Constructor Detail

WSSecuritySAML20AssertionTokenSecurityHandler

public WSSecuritySAML20AssertionTokenSecurityHandler()

Constructor.

Method Detail

getValidationContextBuilder

@NonnullAfterInit
public Function<SAML20AssertionTokenValidationInput,org.opensaml.saml.common.assertion.ValidationContext> getValidationContextBuilder()

Get the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Defaults to an instance of DefaultSAML20AssertionValidationContextBuilder.

Returns:

the builder function

setValidationContextBuilder

public void setValidationContextBuilder(@Nonnull
                                        Function<SAML20AssertionTokenValidationInput,org.opensaml.saml.common.assertion.ValidationContext> builder)

Set the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Defaults to an instance of DefaultSAML20AssertionValidationContextBuilder.

Parameters:

builder - the builder function

getHttpServletRequest

@NonnullAfterInit
public javax.servlet.http.HttpServletRequest getHttpServletRequest()

Get the HTTP servlet request being processed.

Returns:

the HTTP servlet request

setHttpServletRequest

public void setHttpServletRequest(@Nonnull
                                  javax.servlet.http.HttpServletRequest request)

Set the HTTP servlet request being processed.

Parameters:

request - The HTTP servlet request

isInvalidFatal

public boolean isInvalidFatal()

Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

Defaults to: true.

Returns:

Returns the invalidFatal.

setInvalidFatal

public void setInvalidFatal(boolean flag)

Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

Defaults to: true.

Parameters:

flag - The invalidFatal to set.

getAssertionValidator

@Nullable
public org.opensaml.saml.saml2.assertion.SAML20AssertionValidator getAssertionValidator()

Get the locally-configured Assertion validator.

Returns:

the local Assertion validator, or null

setAssertionValidator

public void setAssertionValidator(@Nullable
                                  org.opensaml.saml.saml2.assertion.SAML20AssertionValidator validator)

Set the locally-configured Assertion validator.

Parameters:

validator - the local Assertion validator, may be null

getAssertionValidatorLookup

@Nullable
public Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,org.opensaml.saml.saml2.core.Assertion>,org.opensaml.saml.saml2.assertion.SAML20AssertionValidator> getAssertionValidatorLookup()

Get the Assertion validator lookup function.

Returns:

the Assertion validator lookup function, or null

setAssertionValidatorLookup

public void setAssertionValidatorLookup(@Nullable
                                        Function<net.shibboleth.utilities.java.support.collection.Pair<org.opensaml.messaging.context.MessageContext,org.opensaml.saml.saml2.core.Assertion>,org.opensaml.saml.saml2.assertion.SAML20AssertionValidator> function)

Set the Assertion validator lookup function.

Parameters:

function - the Assertion validator lookup function, may be null

doInitialize

protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException

Overrides:

doInitialize in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Throws:

net.shibboleth.utilities.java.support.component.ComponentInitializationException

doDestroy

protected void doDestroy()

Overrides:

doDestroy in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

doInvoke

protected void doInvoke(@Nonnull
                        org.opensaml.messaging.context.MessageContext messageContext)
                 throws org.opensaml.messaging.handler.MessageHandlerException

Specified by:

doInvoke in class org.opensaml.messaging.handler.AbstractMessageHandler

Throws:

org.opensaml.messaging.handler.MessageHandlerException

processResult

protected void processResult(@Nonnull
                             org.opensaml.saml.common.assertion.ValidationContext validationContext,
                             @Nonnull
                             org.opensaml.saml.common.assertion.ValidationResult validationResult,
                             @Nonnull
                             org.opensaml.saml.saml2.wssecurity.SAML20AssertionToken token,
                             @Nonnull
                             org.opensaml.messaging.context.MessageContext messageContext)
                      throws org.opensaml.messaging.handler.MessageHandlerException

Process the result of the token validation.

Parameters:

validationContext - the Assertion validation context

validationResult - the Assertion validation result

token - the token being produced

messageContext - the current message context

Throws:

org.opensaml.messaging.handler.MessageHandlerException - if the Assertion was invalid or indeterminate and idInvalidFatal is true

resolveValidator

@Nullable
protected org.opensaml.saml.saml2.assertion.SAML20AssertionValidator resolveValidator(@Nonnull
                                                                                      org.opensaml.messaging.context.MessageContext messageContext,
                                                                                      @Nonnull
                                                                                      org.opensaml.saml.saml2.core.Assertion assertion)

Resolve the Assertion token validator to use with the specified Assertion.

Parameters:

messageContext - the current message context

assertion - the assertion being evaluated

Returns:

the token validator

buildValidationContext

@Nonnull
protected org.opensaml.saml.common.assertion.ValidationContext buildValidationContext(@Nonnull
                                                                                      org.opensaml.messaging.context.MessageContext messageContext,
                                                                                      @Nonnull
                                                                                      org.opensaml.saml.saml2.core.Assertion assertion)
                                                                               throws org.opensaml.messaging.handler.MessageHandlerException

Build the Assertion ValidationContext.

Parameters:

messageContext - the current message context

assertion - the assertion which is to be validated

Returns:

the new Assertion validation context to use

Throws:

org.opensaml.messaging.handler.MessageHandlerException - if no validation context instance could be built

resolveAssertions

@Nonnull
protected List<org.opensaml.saml.saml2.core.Assertion> resolveAssertions(@Nonnull
                                                                         org.opensaml.messaging.context.MessageContext messageContext)

Resolve the SAML 2.0 Assertions token from the SOAP envelope.

Parameters:

messageContext - the current message context

Returns:

the list of resolved Assertions, or an empty list