Class OneTimeUseConditionValidator

    • Field Detail

      • CACHE_CONTEXT

        @Nonnull
        @NotEmpty
        public static final String CACHE_CONTEXT
        Cache context name.
      • log

        @Nonnull
        private org.slf4j.Logger log
        Logger.
      • replayCache

        @Nonnull
        private final ReplayCache replayCache
        Replay cache used to track which assertions have been used.
      • replayCacheExpires

        @Nonnull
        private Duration replayCacheExpires
        Time for disposal of value from cache.
    • Constructor Detail

      • OneTimeUseConditionValidator

        public OneTimeUseConditionValidator​(@Nonnull
                                            ReplayCache replay,
                                            @Nullable
                                            Duration expires)
        Constructor.
        Parameters:
        replay - reply cache used to track which assertions have been used
        expires - time for disposal of tracked assertion from the replay cache. May be null, then defaults to 8 hours
    • Method Detail

      • getReplayCacheExpires

        @Nonnull
        protected Duration getReplayCacheExpires()
        Get the configured validator cache expiration interval.
        Returns:
        the configured cache expiration interval
      • getExpires

        @Nonnull
        protected Instant getExpires​(Assertion assertion,
                                     ValidationContext context)
        Get the one-time use expiration time for the assertion being evaluated.

        Defaults to Instant.now().plus(getReplayCacheExpires()).

        A subclass might override this to base expiration on data from the assertion or the validation context.

        Parameters:
        assertion - the SAML 2 Assertion being evaluated
        context - the current validation context
        Returns:
        the effective one-time use expiration for the assertion being evaluated
      • getCacheValue

        @Nonnull
        protected String getCacheValue​(@Nonnull
                                       Assertion assertion)
                                throws AssertionValidationException
        Get the string value which will be tracked in the cache for purposes of one-time use detection.
        Parameters:
        assertion - the SAML 2 Assertion to evaluate
        Returns:
        the cache value
        Throws:
        AssertionValidationException - thrown if there is a problem calculating the cached value