Package org.opensaml.saml.saml2.assertion.impl

Class OneTimeUseConditionValidator

java.lang.Object
org.opensaml.saml.saml2.assertion.impl.OneTimeUseConditionValidator
All Implemented Interfaces:
ConditionValidator
@ThreadSafe public class OneTimeUseConditionValidator extends Object implements ConditionValidator
ConditionValidator used for OneTimeUse conditions.

Supports the following ValidationContext static parameters:

Supports the following ValidationContext dynamic parameters:

  • None.

  • Field Details

    • CACHE_CONTEXT

      @Nonnull @NotEmpty public static final String CACHE_CONTEXT
      Cache context name.

    • log

      @Nonnull private org.slf4j.Logger log
      Logger.

    • replayCache

      @Nonnull private final ReplayCache replayCache
      Replay cache used to track which assertions have been used.

    • replayCacheExpires

      @Nonnull private final Duration replayCacheExpires
      Time for disposal of value from cache.

  • Constructor Details

    • OneTimeUseConditionValidator

      public OneTimeUseConditionValidator(@Nonnull ReplayCache replay, @Nullable Duration expires)
      Constructor.
      Parameters:
      replay - reply cache used to track which assertions have been used
      expires - time for disposal of tracked assertion from the replay cache. May be null, then defaults to 8 hours

  • Method Details

    • getServicedCondition

      @Nonnull public QName getServicedCondition()
      Specified by:
      getServicedCondition in interface ConditionValidator

    • validate

      @Nonnull public ValidationResult validate(@Nonnull Condition condition, @Nonnull Assertion assertion, @Nonnull ValidationContext context) throws AssertionValidationException
      Specified by:
      validate in interface ConditionValidator
      Throws:
      AssertionValidationException

    • getReplayCacheExpires

      @Nonnull protected Duration getReplayCacheExpires()
      Get the configured validator cache expiration interval.
      Returns:
      the configured cache expiration interval

    • getExpires

      @Nonnull protected Instant getExpires(Assertion assertion, ValidationContext context)
      Get the one-time use expiration time for the assertion being evaluated.

      Defaults to Instant.now().plus(getReplayCacheExpires()).

      A subclass might override this to base expiration on data from the assertion or the validation context.

      Parameters:
      assertion - the SAML 2 Assertion being evaluated
      context - the current validation context
      Returns:
      the effective one-time use expiration for the assertion being evaluated

    • getCacheValue

      @Nonnull protected String getCacheValue(@Nonnull Assertion assertion) throws AssertionValidationException
      Get the string value which will be tracked in the cache for purposes of one-time use detection.
      Parameters:
      assertion - the SAML 2 Assertion to evaluate
      Returns:
      the cache value
      Throws:
      AssertionValidationException - thrown if there is a problem calculating the cached value