Package org.opensaml.saml.saml2.profile.impl

Class ValidateAssertions

java.lang.Object

net.shibboleth.shared.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.saml.saml2.profile.impl.ValidateAssertions

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction

public class ValidateAssertions
extends AbstractProfileAction

A profile action which resolves SAML 2.0 Assertions from the profile request context and validates them using a resolved or configured instance of SAML20AssertionValidator.

The ValidationResult along with the ValidationContext used are stored in the assertion's XMLObject.getObjectMetadata() as instance of ValidationProcessingData.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	ValidateAssertions.AssertionValidationInput	Class which holds data relevant to validating a SAML 2.0 Assertion.
class	ValidateAssertions.DefaultAssertionResolver	The default assertion resolver function.

Field Summary

Fields

Modifier and Type	Field	Description
private Function<ProfileRequestContext,List<Assertion>>	assertionResolver	The resolver for the list of assertions to be validated.
private List<Assertion>	assertions	The resolved assertions to be validated.
private Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator>	assertionValidatorLookup	The SAML 2.0 Assertion validator lookup function, may be null.
private boolean	invalidFatal	Flag which indicates whether a failure of Assertion validation should be considered fatal.
private final org.slf4j.Logger	log	Class logger.
private Function<ValidateAssertions.AssertionValidationInput,ValidationContext>	validationContextBuilder	Function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

Constructor Summary

Constructors

Constructor	Description
ValidateAssertions()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected ValidationContext	buildValidationContext(ProfileRequestContext profileContext, Assertion assertion)	Build the Assertion ValidationContext.
protected void	doExecute(ProfileRequestContext profileContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
Function<ProfileRequestContext,List<Assertion>>	getAssertionResolver()	Get the function which resolves the list of assertions to validate.
SAML20AssertionValidator	getAssertionValidator(ProfileRequestContext profileRequestContext, Assertion assertion)	Get the configured Assertion validator.
Function<ValidateAssertions.AssertionValidationInput,ValidationContext>	getValidationContextBuilder()	Get the function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.
boolean	isInvalidFatal()	Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
protected void	processResult(ValidationContext validationContext, ValidationResult validationResult, Assertion assertion, ProfileRequestContext profileContext)	Process the result of the assertion validation.
void	setAssertionResolver(Function<ProfileRequestContext,List<Assertion>> function)	Set the function which resolves the list of assertions to validate.
void	setAssertionValidator(SAML20AssertionValidator validator)	Set the locally-configured Assertion validator.
void	setAssertionValidatorLookup(Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> function)	Set the Assertion validator lookup function.
void	setInvalidFatal(boolean flag)	Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
void	setValidationContextBuilder(Function<ValidateAssertions.AssertionValidationInput,ValidationContext> builder)	Set the function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, ensureHttpServletRequest, ensureHttpServletResponse, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, isPreExecuteCalled, setHttpServletRequestSupplier, setHttpServletResponseSupplier

Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent

checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.shared.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

invalidFatal

private boolean invalidFatal

Flag which indicates whether a failure of Assertion validation should be considered fatal.

assertionValidatorLookup

@Nonnull
private Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> assertionValidatorLookup

The SAML 2.0 Assertion validator lookup function, may be null.

validationContextBuilder

@Nonnull
private Function<ValidateAssertions.AssertionValidationInput,ValidationContext> validationContextBuilder

Function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

assertionResolver

@Nonnull
private Function<ProfileRequestContext,List<Assertion>> assertionResolver

The resolver for the list of assertions to be validated.

assertions

@NonnullBeforeExec
private List<Assertion> assertions

The resolved assertions to be validated.

Constructor Details

ValidateAssertions

public ValidateAssertions()

Constructor.

Method Details

getAssertionResolver

@Nonnull
public Function<ProfileRequestContext,List<Assertion>> getAssertionResolver()

Get the function which resolves the list of assertions to validate.

Returns:

the assertion resolver function

setAssertionResolver

public void setAssertionResolver(@Nonnull
 Function<ProfileRequestContext,List<Assertion>> function)

Set the function which resolves the list of assertions to validate.

Parameters:

function - the new assertion resolver function

getValidationContextBuilder

@Nonnull
public Function<ValidateAssertions.AssertionValidationInput,ValidationContext> getValidationContextBuilder()

Get the function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

Defaults to an instance of DefaultAssertionValidationContextBuilder.

Returns:

the builder function

setValidationContextBuilder

public void setValidationContextBuilder(@Nonnull
 Function<ValidateAssertions.AssertionValidationInput,ValidationContext> builder)

Set the function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

Defaults to an instance of DefaultAssertionValidationContextBuilder.

Parameters:

builder - the builder function

isInvalidFatal

public boolean isInvalidFatal()

Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

Defaults to: true.

Returns:

Returns the invalidFatal.

setInvalidFatal

public void setInvalidFatal(boolean flag)

Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

Defaults to: true.

Parameters:

flag - The invalidFatal to set.

getAssertionValidator

@Nullable
public SAML20AssertionValidator getAssertionValidator(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nonnull
 Assertion assertion)

Get the configured Assertion validator.

Parameters:

profileRequestContext - profile request context

assertion - assertion

Returns:

the Assertion validator, or null

setAssertionValidator

public void setAssertionValidator(@Nullable
 SAML20AssertionValidator validator)

Set the locally-configured Assertion validator.

Parameters:

validator - the local Assertion validator, may be null

setAssertionValidatorLookup

public void setAssertionValidatorLookup(@Nonnull
 Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> function)

Set the Assertion validator lookup function.

Parameters:

function - the Assertion validator lookup function, may be null

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractProfileAction

doExecute

protected void doExecute(@Nonnull
 ProfileRequestContext profileContext)

Overrides:

doExecute in class AbstractProfileAction

processResult

protected void processResult(@Nonnull
 ValidationContext validationContext,
 @Nonnull
 ValidationResult validationResult,
 @Nonnull
 Assertion assertion,
 @Nonnull
 ProfileRequestContext profileContext)

Process the result of the assertion validation.

Parameters:

validationContext - the Assertion validation context

validationResult - the Assertion validation result

assertion - the assertion being evaluated produced

profileContext - the current profile request context

buildValidationContext

@Nonnull
protected ValidationContext buildValidationContext(@Nonnull
 ProfileRequestContext profileContext,
 @Nonnull
 Assertion assertion)
                                            throws AssertionValidationException

Build the Assertion ValidationContext.

Parameters:

profileContext - the current profile context

assertion - the assertion which is to be validated

Returns:

the new Assertion validation context to use

Throws:

AssertionValidationException - if no validation context instance could be built