Class ValidateAssertions
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.saml.saml2.profile.impl.ValidateAssertions
-
- All Implemented Interfaces:
Component
,DestructableComponent
,InitializableComponent
,ProfileAction
public class ValidateAssertions extends AbstractProfileAction
A profile action which resolves SAML 2.0 Assertions from the profile request context and validates them using a resolved or configured instance ofSAML20AssertionValidator
.The
ValidationResult
along with theValidationContext
used are stored in the assertion'sXMLObject.getObjectMetadata()
as instance ofValidationProcessingData
.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
ValidateAssertions.AssertionValidationInput
Class which holds data relevant to validating a SAML 2.0 Assertion.class
ValidateAssertions.DefaultAssertionResolver
The default assertion resolver function.
-
Field Summary
Fields Modifier and Type Field Description private Function<ProfileRequestContext,List<Assertion>>
assertionResolver
The resolver for the list of assertions to be validated.private List<Assertion>
assertions
The resolved assertions to be validated.private SAML20AssertionValidator
assertionValidator
The SAML 2.0 Assertion validator, may be null.private Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator>
assertionValidatorLookup
The SAML 2.0 Assertion validator lookup function, may be null.private javax.servlet.http.HttpServletRequest
httpServletRequest
The HttpServletRequest being processed.private boolean
invalidFatal
Flag which indicates whether a failure of Assertion validation should be considered fatal.private org.slf4j.Logger
log
Class logger.private Function<ValidateAssertions.AssertionValidationInput,ValidationContext>
validationContextBuilder
Function that builds aValidationContext
instance based on aValidateAssertions.AssertionValidationInput
instance.
-
Constructor Summary
Constructors Constructor Description ValidateAssertions()
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected ValidationContext
buildValidationContext(ProfileRequestContext profileContext, Assertion assertion)
Build the Assertion ValidationContext.protected void
doDestroy()
protected void
doExecute(ProfileRequestContext profileContext)
protected void
doInitialize()
protected boolean
doPreExecute(ProfileRequestContext profileRequestContext)
Function<ProfileRequestContext,List<Assertion>>
getAssertionResolver()
Get the function which resolves the list of assertions to validate.SAML20AssertionValidator
getAssertionValidator()
Get the locally-configured Assertion validator.Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator>
getAssertionValidatorLookup()
Get the Assertion validator lookup function.javax.servlet.http.HttpServletRequest
getHttpServletRequest()
Get the HTTP servlet request being processed.Function<ValidateAssertions.AssertionValidationInput,ValidationContext>
getValidationContextBuilder()
Get the function that builds aValidationContext
instance based on aValidateAssertions.AssertionValidationInput
instance.boolean
isInvalidFatal()
Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.protected void
processResult(ValidationContext validationContext, ValidationResult validationResult, Assertion assertion, ProfileRequestContext profileContext)
Process the result of the assertion validation.protected SAML20AssertionValidator
resolveValidator(ProfileRequestContext profileContext, Assertion assertion)
Resolve the Assertion token validator to use with the specified Assertion.void
setAssertionResolver(Function<ProfileRequestContext,List<Assertion>> function)
Set the function which resolves the list of assertions to validate.void
setAssertionValidator(SAML20AssertionValidator validator)
Set the locally-configured Assertion validator.void
setAssertionValidatorLookup(Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> function)
Set the Assertion validator lookup function.void
setHttpServletRequest(javax.servlet.http.HttpServletRequest request)
Set the HTTP servlet request being processed.void
setInvalidFatal(boolean flag)
Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.void
setValidationContextBuilder(Function<ValidateAssertions.AssertionValidationInput,ValidationContext> builder)
Set the function that builds aValidationContext
instance based on aValidateAssertions.AssertionValidationInput
instance.-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletResponse, getLogPrefix, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
httpServletRequest
@NonnullAfterInit private javax.servlet.http.HttpServletRequest httpServletRequest
The HttpServletRequest being processed.
-
invalidFatal
private boolean invalidFatal
Flag which indicates whether a failure of Assertion validation should be considered fatal.
-
assertionValidator
@Nullable private SAML20AssertionValidator assertionValidator
The SAML 2.0 Assertion validator, may be null.
-
assertionValidatorLookup
@Nullable private Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> assertionValidatorLookup
The SAML 2.0 Assertion validator lookup function, may be null.
-
validationContextBuilder
@NonnullAfterInit private Function<ValidateAssertions.AssertionValidationInput,ValidationContext> validationContextBuilder
Function that builds aValidationContext
instance based on aValidateAssertions.AssertionValidationInput
instance.
-
assertionResolver
@Nonnull private Function<ProfileRequestContext,List<Assertion>> assertionResolver
The resolver for the list of assertions to be validated.
-
-
Method Detail
-
getAssertionResolver
@Nonnull public Function<ProfileRequestContext,List<Assertion>> getAssertionResolver()
Get the function which resolves the list of assertions to validate.- Returns:
- the assertion resolver function
-
setAssertionResolver
public void setAssertionResolver(@Nonnull Function<ProfileRequestContext,List<Assertion>> function)
Set the function which resolves the list of assertions to validate.- Parameters:
function
- the new assertion resolver function
-
getValidationContextBuilder
@NonnullAfterInit public Function<ValidateAssertions.AssertionValidationInput,ValidationContext> getValidationContextBuilder()
Get the function that builds aValidationContext
instance based on aValidateAssertions.AssertionValidationInput
instance.Defaults to an instance of
DefaultAssertionValidationContextBuilder
.- Returns:
- the builder function
-
setValidationContextBuilder
public void setValidationContextBuilder(@Nonnull Function<ValidateAssertions.AssertionValidationInput,ValidationContext> builder)
Set the function that builds aValidationContext
instance based on aValidateAssertions.AssertionValidationInput
instance.Defaults to an instance of
DefaultAssertionValidationContextBuilder
.- Parameters:
builder
- the builder function
-
getHttpServletRequest
@NonnullAfterInit public javax.servlet.http.HttpServletRequest getHttpServletRequest()
Get the HTTP servlet request being processed.- Overrides:
getHttpServletRequest
in classAbstractProfileAction
- Returns:
- the HTTP servlet request
-
setHttpServletRequest
public void setHttpServletRequest(@Nonnull javax.servlet.http.HttpServletRequest request)
Set the HTTP servlet request being processed.- Overrides:
setHttpServletRequest
in classAbstractProfileAction
- Parameters:
request
- The HTTP servlet request
-
isInvalidFatal
public boolean isInvalidFatal()
Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.Defaults to:
true
.- Returns:
- Returns the invalidFatal.
-
setInvalidFatal
public void setInvalidFatal(boolean flag)
Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.Defaults to:
true
.- Parameters:
flag
- The invalidFatal to set.
-
getAssertionValidator
@Nullable public SAML20AssertionValidator getAssertionValidator()
Get the locally-configured Assertion validator.- Returns:
- the local Assertion validator, or null
-
setAssertionValidator
public void setAssertionValidator(@Nullable SAML20AssertionValidator validator)
Set the locally-configured Assertion validator.- Parameters:
validator
- the local Assertion validator, may be null
-
getAssertionValidatorLookup
@Nullable public Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> getAssertionValidatorLookup()
Get the Assertion validator lookup function.- Returns:
- the Assertion validator lookup function, or null
-
setAssertionValidatorLookup
public void setAssertionValidatorLookup(@Nullable Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> function)
Set the Assertion validator lookup function.- Parameters:
function
- the Assertion validator lookup function, may be null
-
doInitialize
protected void doInitialize() throws ComponentInitializationException
- Overrides:
doInitialize
in classAbstractInitializableComponent
- Throws:
ComponentInitializationException
-
doDestroy
protected void doDestroy()
- Overrides:
doDestroy
in classAbstractInitializableComponent
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
- Overrides:
doPreExecute
in classAbstractProfileAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileContext)
- Overrides:
doExecute
in classAbstractProfileAction
-
processResult
protected void processResult(@Nonnull ValidationContext validationContext, @Nonnull ValidationResult validationResult, @Nonnull Assertion assertion, @Nonnull ProfileRequestContext profileContext)
Process the result of the assertion validation.- Parameters:
validationContext
- the Assertion validation contextvalidationResult
- the Assertion validation resultassertion
- the assertion being evaluated producedprofileContext
- the current profile request context
-
resolveValidator
@Nullable protected SAML20AssertionValidator resolveValidator(@Nonnull ProfileRequestContext profileContext, @Nonnull Assertion assertion)
Resolve the Assertion token validator to use with the specified Assertion.- Parameters:
profileContext
- the current profile contextassertion
- the assertion being evaluated- Returns:
- the token validator
-
buildValidationContext
@Nonnull protected ValidationContext buildValidationContext(@Nonnull ProfileRequestContext profileContext, @Nonnull Assertion assertion) throws AssertionValidationException
Build the Assertion ValidationContext.- Parameters:
profileContext
- the current profile contextassertion
- the assertion which is to be validated- Returns:
- the new Assertion validation context to use
- Throws:
AssertionValidationException
- if no validation context instance could be built
-
-