Class SAML2HTTPPostSimpleSignSecurityHandler
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.messaging.handler.AbstractMessageHandler
-
- org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler
-
- org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
-
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,MessageHandler
public class SAML2HTTPPostSimpleSignSecurityHandler extends BaseSAMLSimpleSignatureSecurityHandler
Message handler which evaluates simple "blob" signatures according to the SAML 2 HTTP-POST-SimpleSign binding.
-
-
Field Summary
Fields Modifier and Type Field Description private KeyInfoCredentialResolverkeyInfoResolverKeyInfo resolver to use to process KeyInfo request parameter.private org.slf4j.LoggerlogLogger.private ParserPoolparserPoolParser pool to use to process KeyInfo request parameter.
-
Constructor Summary
Constructors Constructor Description SAML2HTTPPostSimpleSignSecurityHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voiddoInitialize()KeyInfoCredentialResolvergetKeyInfoResolver()Get the KeyInfo credential resolver.ParserPoolgetParserPool()Get the parser pool.protected List<Credential>getRequestCredentials(MessageContext samlContext)Extract any candidate validation credentials from the request and/or message context.protected byte[]getSignedContent()Get the content over which to validate the signature, in the form suitable for input intoSignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).protected booleanruleHandles(MessageContext messageContext)Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.voidsetKeyInfoResolver(KeyInfoCredentialResolver newKeyInfoResolver)Set the KeyInfo credential resolver.voidsetParser(ParserPool newParserPool)Set the parser pool.-
Methods inherited from class org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler
buildCriteriaSet, deriveSignerEntityID, doInvoke, doPreInvoke, getHttpServletRequest, getSignature, getSignatureAlgorithm, getTrustEngine, setHttpServletRequest, validateSignature
-
Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler
doPostInvoke, doPostInvoke, getActivationCondition, getLogPrefix, invoke, setActivationCondition
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull private org.slf4j.Logger log
Logger.
-
parserPool
@NonnullAfterInit private ParserPool parserPool
Parser pool to use to process KeyInfo request parameter.
-
keyInfoResolver
@NonnullAfterInit private KeyInfoCredentialResolver keyInfoResolver
KeyInfo resolver to use to process KeyInfo request parameter.
-
-
Method Detail
-
getParserPool
@NonnullAfterInit public ParserPool getParserPool()
Get the parser pool.- Returns:
- Returns the parser pool.
-
setParser
public void setParser(@Nonnull ParserPool newParserPool)Set the parser pool.- Parameters:
newParserPool- The parser to set.
-
getKeyInfoResolver
@NonnullAfterInit public KeyInfoCredentialResolver getKeyInfoResolver()
Get the KeyInfo credential resolver.- Returns:
- Returns the keyInfoResolver.
-
setKeyInfoResolver
public void setKeyInfoResolver(@Nonnull KeyInfoCredentialResolver newKeyInfoResolver)Set the KeyInfo credential resolver.- Parameters:
newKeyInfoResolver- The keyInfoResolver to set.
-
doInitialize
protected void doInitialize() throws ComponentInitializationException- Overrides:
doInitializein classBaseSAMLSimpleSignatureSecurityHandler- Throws:
ComponentInitializationException
-
ruleHandles
protected boolean ruleHandles(@Nonnull MessageContext messageContext)Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.- Specified by:
ruleHandlesin classBaseSAMLSimpleSignatureSecurityHandler- Parameters:
messageContext- the SAML message context being processed- Returns:
- true if the rule should attempt to process the request, otherwise false
-
getSignedContent
@Nullable protected byte[] getSignedContent() throws MessageHandlerExceptionGet the content over which to validate the signature, in the form suitable for input intoSignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).- Specified by:
getSignedContentin classBaseSAMLSimpleSignatureSecurityHandler- Returns:
- the signed content extracted from the request, in the format suitable for input to the trust engine.
- Throws:
MessageHandlerException- thrown if there is an error during request processing
-
getRequestCredentials
@Nonnull @NonnullElements protected List<Credential> getRequestCredentials(@Nonnull MessageContext samlContext) throws MessageHandlerException
Extract any candidate validation credentials from the request and/or message context. Some bindings allow validataion keys for the simple signature to be supplied, and others do not.- Overrides:
getRequestCredentialsin classBaseSAMLSimpleSignatureSecurityHandler- Parameters:
samlContext- the SAML message context being processed- Returns:
- a list of candidate validation credentials in the request, or null if none were present
- Throws:
MessageHandlerException- thrown if there is an error during request processing
-
-