Package org.opensaml.security.messaging.impl

Class BaseTrustEngineSecurityHandler<TokenType>

  • Type Parameters:
    TokenType - type of token which is being evaluated by the underlying trust engine
    All Implemented Interfaces:
    net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, org.opensaml.messaging.handler.MessageHandler
    Direct Known Subclasses:
    BaseClientCertAuthSecurityHandler
    public abstract class BaseTrustEngineSecurityHandler<TokenType>
extends org.opensaml.messaging.handler.AbstractMessageHandler
    Base rule which uses a trust engine to evaluate a token extracted from the request or message.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private org.slf4j.Logger log
      Logger.
      private org.opensaml.security.trust.TrustEngine<? super TokenType> trustEngine
      Trust engine used to verify the particular token type.

    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      protected abstract net.shibboleth.utilities.java.support.resolver.CriteriaSet buildCriteriaSet​(String entityID, org.opensaml.messaging.context.MessageContext messageContext)
      Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.
      protected boolean doPreInvoke​(org.opensaml.messaging.context.MessageContext messageContext)
      protected boolean evaluate​(TokenType token, String entityID, org.opensaml.messaging.context.MessageContext messageContext)
      Evaluate the token using the configured trust engine against criteria built using the specified candidate issuer entity ID and message context information.
      protected boolean evaluate​(TokenType token, net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet)
      Evaluate the token against the specified criteria using the configured trust engine.
      protected org.opensaml.security.trust.TrustEngine<? super TokenType> getTrustEngine()
      Gets the trust engine used to validate the untrusted token.
      protected abstract org.opensaml.security.trust.TrustEngine<? super TokenType> resolveTrustEngine​(org.opensaml.messaging.context.MessageContext messageContext)
      Resolve a TrustEngine instance of the appropriate type from the message context.

      • Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

        doInvoke, doPostInvoke, doPostInvoke, getActivationCondition, getLogPrefix, invoke, setActivationCondition

      • Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

        destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

      • Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

        initialize, isInitialized

    • Field Detail

      • log

        @Nonnull
private final org.slf4j.Logger log
        Logger.

      • trustEngine

        @Nullable
private org.opensaml.security.trust.TrustEngine<? super TokenType> trustEngine
        Trust engine used to verify the particular token type.

    • Constructor Detail

      • BaseTrustEngineSecurityHandler

        public BaseTrustEngineSecurityHandler()

    • Method Detail

      • getTrustEngine

        @Nullable
protected org.opensaml.security.trust.TrustEngine<? super TokenType> getTrustEngine()
        Gets the trust engine used to validate the untrusted token.
        Returns:
        trust engine used to validate the untrusted token

      • doPreInvoke

        protected boolean doPreInvoke​(@Nonnull
                              org.opensaml.messaging.context.MessageContext messageContext)
                       throws org.opensaml.messaging.handler.MessageHandlerException
        Overrides:
        doPreInvoke in class org.opensaml.messaging.handler.AbstractMessageHandler
        Throws:
        org.opensaml.messaging.handler.MessageHandlerException

      • resolveTrustEngine

        @Nullable
protected abstract org.opensaml.security.trust.TrustEngine<? super TokenType> resolveTrustEngine​(@Nonnull
                                                                                                 org.opensaml.messaging.context.MessageContext messageContext)
        Resolve a TrustEngine instance of the appropriate type from the message context.
        Parameters:
        messageContext - the message context which is being evaluated
        Returns:
        the resolved TrustEngine, may be null

      • buildCriteriaSet

        @Nullable
protected abstract net.shibboleth.utilities.java.support.resolver.CriteriaSet buildCriteriaSet​(@Nullable
                                                                                               String entityID,
                                                                                               @Nonnull
                                                                                               org.opensaml.messaging.context.MessageContext messageContext)
                                                                                        throws org.opensaml.messaging.handler.MessageHandlerException
        Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.
        Parameters:
        entityID - the candidate issuer entity ID which is being evaluated
        messageContext - the message context which is being evaluated
        Returns:
        a newly constructly set of criteria suitable for the configured trust engine
        Throws:
        org.opensaml.messaging.handler.MessageHandlerException - thrown if criteria set can not be constructed

      • evaluate

        protected boolean evaluate​(@Nonnull
                           TokenType token,
                           @Nullable
                           String entityID,
                           @Nonnull
                           org.opensaml.messaging.context.MessageContext messageContext)
                    throws org.opensaml.messaging.handler.MessageHandlerException
        Evaluate the token using the configured trust engine against criteria built using the specified candidate issuer entity ID and message context information.
        Parameters:
        token - the token to be evaluated
        entityID - the candidate issuer entity ID which is being evaluated
        messageContext - the message context which is being evaluated
        Returns:
        true if the token satisfies the criteria as determined by the trust engine, otherwise false
        Throws:
        org.opensaml.messaging.handler.MessageHandlerException - thrown if there is a fatal error during trust engine evaluation

      • evaluate

        protected boolean evaluate​(@Nonnull
                           TokenType token,
                           @Nullable
                           net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet)
                    throws org.opensaml.messaging.handler.MessageHandlerException
        Evaluate the token against the specified criteria using the configured trust engine.
        Parameters:
        token - the token to be evaluated
        criteriaSet - the set of criteria against which to evaluate the token
        Returns:
        true if the token satisfies the criteria as determined by the trust engine, otherwise false
        Throws:
        org.opensaml.messaging.handler.MessageHandlerException - thrown if there is a fatal error during trust engine evaluation