Package org.opensaml.saml.saml2.wssecurity.messaging.impl

Class WSSecuritySAML20AssertionTokenSecurityHandler

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.messaging.handler.AbstractMessageHandler

org.opensaml.saml.saml2.wssecurity.messaging.impl.WSSecuritySAML20AssertionTokenSecurityHandler

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, MessageHandler

public class WSSecuritySAML20AssertionTokenSecurityHandler
extends AbstractMessageHandler

A security handler which resolves SAML 2.0 Assertion tokens from a SOAP envelope's wsse:Security header, validates them, and makes them available via via the WSSecurityContext.

Field Summary

Fields

Modifier and Type	Field	Description
private SAML20AssertionValidator	assertionValidator	The SAML 2.0 Assertion validator, may be null.
private Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator>	assertionValidatorLookup	The SAML 2.0 Assertion validator lookup function, may be null.
private NonnullSupplier<javax.servlet.http.HttpServletRequest>	httpServletRequestSupplier	Supplier for the Current HTTP request, if available.
private boolean	invalidFatal	Flag which indicates whether a failure of Assertion validation should be considered fatal.
private org.slf4j.Logger	log	Class logger.
private Function<SAML20AssertionTokenValidationInput,ValidationContext>	validationContextBuilder	Function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Constructor Summary

Constructors

Constructor	Description
WSSecuritySAML20AssertionTokenSecurityHandler()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected ValidationContext	buildValidationContext(MessageContext messageContext, Assertion assertion)	Build the Assertion ValidationContext.
protected void	doInitialize()
protected void	doInvoke(MessageContext messageContext)
SAML20AssertionValidator	getAssertionValidator()	Get the locally-configured Assertion validator.
Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator>	getAssertionValidatorLookup()	Get the Assertion validator lookup function.
javax.servlet.http.HttpServletRequest	getHttpServletRequest()	Get the current HTTP request if available.
NonnullSupplier<javax.servlet.http.HttpServletRequest>	getHttpServletRequestSupplier()	Get the supplier for HTTP request if available.
Function<SAML20AssertionTokenValidationInput,ValidationContext>	getValidationContextBuilder()	Get the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.
boolean	isInvalidFatal()	Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
protected void	processResult(ValidationContext validationContext, ValidationResult validationResult, SAML20AssertionToken token, MessageContext messageContext)	Process the result of the token validation.
protected List<Assertion>	resolveAssertions(MessageContext messageContext)	Resolve the SAML 2.0 Assertions token from the SOAP envelope.
protected SAML20AssertionValidator	resolveValidator(MessageContext messageContext, Assertion assertion)	Resolve the Assertion token validator to use with the specified Assertion.
void	setAssertionValidator(SAML20AssertionValidator validator)	Set the locally-configured Assertion validator.
void	setAssertionValidatorLookup(Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator> function)	Set the Assertion validator lookup function.
void	setHttpServletRequestSupplier(NonnullSupplier<javax.servlet.http.HttpServletRequest> requestSupplier)	Set the current HTTP request Supplier.
void	setInvalidFatal(boolean flag)	Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
void	setValidationContextBuilder(Function<SAML20AssertionTokenValidationInput,ValidationContext> builder)	Set the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

doPostInvoke, doPostInvoke, doPreInvoke, getActivationCondition, getLogPrefix, invoke, setActivationCondition

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

httpServletRequestSupplier

@Nullable
private NonnullSupplier<javax.servlet.http.HttpServletRequest> httpServletRequestSupplier

Supplier for the Current HTTP request, if available.

invalidFatal

private boolean invalidFatal

Flag which indicates whether a failure of Assertion validation should be considered fatal.

assertionValidator

@Nullable
private SAML20AssertionValidator assertionValidator

The SAML 2.0 Assertion validator, may be null.

assertionValidatorLookup

@Nullable
private Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator> assertionValidatorLookup

The SAML 2.0 Assertion validator lookup function, may be null.

validationContextBuilder

@NonnullAfterInit
private Function<SAML20AssertionTokenValidationInput,ValidationContext> validationContextBuilder

Function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Constructor Detail

WSSecuritySAML20AssertionTokenSecurityHandler

public WSSecuritySAML20AssertionTokenSecurityHandler()

Constructor.

Method Detail

getValidationContextBuilder

@NonnullAfterInit
public Function<SAML20AssertionTokenValidationInput,ValidationContext> getValidationContextBuilder()

Get the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Defaults to an instance of DefaultSAML20AssertionValidationContextBuilder.

Returns:

the builder function

setValidationContextBuilder

public void setValidationContextBuilder(@Nonnull
                                        Function<SAML20AssertionTokenValidationInput,ValidationContext> builder)

Set the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Defaults to an instance of DefaultSAML20AssertionValidationContextBuilder.

Parameters:

builder - the builder function

getHttpServletRequest

@Nullable
public javax.servlet.http.HttpServletRequest getHttpServletRequest()

Get the current HTTP request if available.

Returns:

current HTTP request

getHttpServletRequestSupplier

@Nullable
public NonnullSupplier<javax.servlet.http.HttpServletRequest> getHttpServletRequestSupplier()

Get the supplier for HTTP request if available.

Returns:

current HTTP request

setHttpServletRequestSupplier

public void setHttpServletRequestSupplier(@Nullable
                                          NonnullSupplier<javax.servlet.http.HttpServletRequest> requestSupplier)

Set the current HTTP request Supplier.

Parameters:

requestSupplier - Supplier for the current HTTP request

isInvalidFatal

public boolean isInvalidFatal()

Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

Defaults to: true.

Returns:

Returns the invalidFatal.

setInvalidFatal

public void setInvalidFatal(boolean flag)

Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

Defaults to: true.

Parameters:

flag - The invalidFatal to set.

getAssertionValidator

@Nullable
public SAML20AssertionValidator getAssertionValidator()

Get the locally-configured Assertion validator.

Returns:

the local Assertion validator, or null

setAssertionValidator

public void setAssertionValidator(@Nullable
                                  SAML20AssertionValidator validator)

Set the locally-configured Assertion validator.

Parameters:

validator - the local Assertion validator, may be null

getAssertionValidatorLookup

@Nullable
public Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator> getAssertionValidatorLookup()

Get the Assertion validator lookup function.

Returns:

the Assertion validator lookup function, or null

setAssertionValidatorLookup

public void setAssertionValidatorLookup(@Nullable
                                        Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator> function)

Set the Assertion validator lookup function.

Parameters:

function - the Assertion validator lookup function, may be null

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doInvoke

protected void doInvoke(@Nonnull
                        MessageContext messageContext)
                 throws MessageHandlerException

Specified by:

doInvoke in class AbstractMessageHandler

Throws:

MessageHandlerException

processResult

protected void processResult(@Nonnull
                             ValidationContext validationContext,
                             @Nonnull
                             ValidationResult validationResult,
                             @Nonnull
                             SAML20AssertionToken token,
                             @Nonnull
                             MessageContext messageContext)
                      throws MessageHandlerException

Process the result of the token validation.

Parameters:

validationContext - the Assertion validation context

validationResult - the Assertion validation result

token - the token being produced

messageContext - the current message context

Throws:

MessageHandlerException - if the Assertion was invalid or indeterminate and idInvalidFatal is true

resolveValidator

@Nullable
protected SAML20AssertionValidator resolveValidator(@Nonnull
                                                    MessageContext messageContext,
                                                    @Nonnull
                                                    Assertion assertion)

Resolve the Assertion token validator to use with the specified Assertion.

Parameters:

messageContext - the current message context

assertion - the assertion being evaluated

Returns:

the token validator

buildValidationContext

@Nonnull
protected ValidationContext buildValidationContext(@Nonnull
                                                   MessageContext messageContext,
                                                   @Nonnull
                                                   Assertion assertion)
                                            throws MessageHandlerException

Build the Assertion ValidationContext.

Parameters:

messageContext - the current message context

assertion - the assertion which is to be validated

Returns:

the new Assertion validation context to use

Throws:

MessageHandlerException - if no validation context instance could be built

resolveAssertions

@Nonnull
protected List<Assertion> resolveAssertions(@Nonnull
                                            MessageContext messageContext)

Resolve the SAML 2.0 Assertions token from the SOAP envelope.

Parameters:

messageContext - the current message context

Returns:

the list of resolved Assertions, or an empty list