Package org.opensaml.security.messaging.impl

Class BaseTrustEngineSecurityHandler<TokenType>

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler<TokenType>
Type Parameters:
TokenType - type of token which is being evaluated by the underlying trust engine
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, MessageHandler
Direct Known Subclasses:
BaseClientCertAuthSecurityHandler
public abstract class BaseTrustEngineSecurityHandler<TokenType> extends AbstractMessageHandler
Base rule which uses a trust engine to evaluate a token extracted from the request or message.

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Logger.

    • trustEngine

      @NonnullBeforeExec private TrustEngine<? super TokenType> trustEngine
      Trust engine used to verify the particular token type.

  • Constructor Details

    • BaseTrustEngineSecurityHandler

      public BaseTrustEngineSecurityHandler()

  • Method Details

    • getTrustEngine

      @NonnullBeforeExec protected TrustEngine<? super TokenType> getTrustEngine()
      Gets the trust engine used to validate the untrusted token.
      Returns:
      trust engine used to validate the untrusted token

    • doPreInvoke

      protected boolean doPreInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException
      Overrides:
      doPreInvoke in class AbstractMessageHandler
      Throws:
      MessageHandlerException

    • resolveTrustEngine

      @Nullable protected abstract TrustEngine<? super TokenType> resolveTrustEngine(@Nonnull MessageContext messageContext)
      Resolve a TrustEngine instance of the appropriate type from the message context.
      Parameters:
      messageContext - the message context which is being evaluated
      Returns:
      the resolved TrustEngine, may be null

    • buildCriteriaSet

      @Nullable protected abstract CriteriaSet buildCriteriaSet(@Nullable String entityID, @Nonnull MessageContext messageContext) throws MessageHandlerException
      Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.
      Parameters:
      entityID - the candidate issuer entity ID which is being evaluated
      messageContext - the message context which is being evaluated
      Returns:
      a newly constructly set of criteria suitable for the configured trust engine
      Throws:
      MessageHandlerException - thrown if criteria set can not be constructed

    • evaluate

      protected boolean evaluate(@Nonnull TokenType token, @Nullable String entityID, @Nonnull MessageContext messageContext) throws MessageHandlerException
      Evaluate the token using the configured trust engine against criteria built using the specified candidate issuer entity ID and message context information.
      Parameters:
      token - the token to be evaluated
      entityID - the candidate issuer entity ID which is being evaluated
      messageContext - the message context which is being evaluated
      Returns:
      true if the token satisfies the criteria as determined by the trust engine, otherwise false
      Throws:
      MessageHandlerException - thrown if there is a fatal error during trust engine evaluation

    • evaluate

      protected boolean evaluate(@Nonnull TokenType token, @Nullable CriteriaSet criteriaSet) throws MessageHandlerException
      Evaluate the token against the specified criteria using the configured trust engine.
      Parameters:
      token - the token to be evaluated
      criteriaSet - the set of criteria against which to evaluate the token
      Returns:
      true if the token satisfies the criteria as determined by the trust engine, otherwise false
      Throws:
      MessageHandlerException - thrown if there is a fatal error during trust engine evaluation