Class ValidateAssertions
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.saml.saml2.profile.impl.ValidateAssertions
-
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction
public class ValidateAssertions extends AbstractProfileAction
A profile action which resolves SAML 2.0 Assertions from the profile request context and validates them using a resolved or configured instance ofSAML20AssertionValidator.The
ValidationResultalong with theValidationContextused are stored in the assertion'sXMLObject.getObjectMetadata()as instance ofValidationProcessingData.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description classValidateAssertions.AssertionValidationInputClass which holds data relevant to validating a SAML 2.0 Assertion.classValidateAssertions.DefaultAssertionResolverThe default assertion resolver function.
-
Field Summary
Fields Modifier and Type Field Description private Function<ProfileRequestContext,List<Assertion>>assertionResolverThe resolver for the list of assertions to be validated.private List<Assertion>assertionsThe resolved assertions to be validated.private SAML20AssertionValidatorassertionValidatorThe SAML 2.0 Assertion validator, may be null.private Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator>assertionValidatorLookupThe SAML 2.0 Assertion validator lookup function, may be null.private javax.servlet.http.HttpServletRequesthttpServletRequestThe HttpServletRequest being processed.private booleaninvalidFatalFlag which indicates whether a failure of Assertion validation should be considered fatal.private org.slf4j.LoggerlogClass logger.private Function<ValidateAssertions.AssertionValidationInput,ValidationContext>validationContextBuilderFunction that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance.
-
Constructor Summary
Constructors Constructor Description ValidateAssertions()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected ValidationContextbuildValidationContext(ProfileRequestContext profileContext, Assertion assertion)Build the Assertion ValidationContext.protected voiddoDestroy()protected voiddoExecute(ProfileRequestContext profileContext)protected voiddoInitialize()protected booleandoPreExecute(ProfileRequestContext profileRequestContext)Function<ProfileRequestContext,List<Assertion>>getAssertionResolver()Get the function which resolves the list of assertions to validate.SAML20AssertionValidatorgetAssertionValidator()Get the locally-configured Assertion validator.Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator>getAssertionValidatorLookup()Get the Assertion validator lookup function.javax.servlet.http.HttpServletRequestgetHttpServletRequest()Get the HTTP servlet request being processed.Function<ValidateAssertions.AssertionValidationInput,ValidationContext>getValidationContextBuilder()Get the function that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance.booleanisInvalidFatal()Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.protected voidprocessResult(ValidationContext validationContext, ValidationResult validationResult, Assertion assertion, ProfileRequestContext profileContext)Process the result of the assertion validation.protected SAML20AssertionValidatorresolveValidator(ProfileRequestContext profileContext, Assertion assertion)Resolve the Assertion token validator to use with the specified Assertion.voidsetAssertionResolver(Function<ProfileRequestContext,List<Assertion>> function)Set the function which resolves the list of assertions to validate.voidsetAssertionValidator(SAML20AssertionValidator validator)Set the locally-configured Assertion validator.voidsetAssertionValidatorLookup(Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> function)Set the Assertion validator lookup function.voidsetHttpServletRequest(javax.servlet.http.HttpServletRequest request)Set the HTTP servlet request being processed.voidsetInvalidFatal(boolean flag)Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.voidsetValidationContextBuilder(Function<ValidateAssertions.AssertionValidationInput,ValidationContext> builder)Set the function that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance.-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletResponse, getLogPrefix, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
httpServletRequest
@NonnullAfterInit private javax.servlet.http.HttpServletRequest httpServletRequest
The HttpServletRequest being processed.
-
invalidFatal
private boolean invalidFatal
Flag which indicates whether a failure of Assertion validation should be considered fatal.
-
assertionValidator
@Nullable private SAML20AssertionValidator assertionValidator
The SAML 2.0 Assertion validator, may be null.
-
assertionValidatorLookup
@Nullable private Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> assertionValidatorLookup
The SAML 2.0 Assertion validator lookup function, may be null.
-
validationContextBuilder
@NonnullAfterInit private Function<ValidateAssertions.AssertionValidationInput,ValidationContext> validationContextBuilder
Function that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance.
-
assertionResolver
@Nonnull private Function<ProfileRequestContext,List<Assertion>> assertionResolver
The resolver for the list of assertions to be validated.
-
-
Method Detail
-
getAssertionResolver
@Nonnull public Function<ProfileRequestContext,List<Assertion>> getAssertionResolver()
Get the function which resolves the list of assertions to validate.- Returns:
- the assertion resolver function
-
setAssertionResolver
public void setAssertionResolver(@Nonnull Function<ProfileRequestContext,List<Assertion>> function)Set the function which resolves the list of assertions to validate.- Parameters:
function- the new assertion resolver function
-
getValidationContextBuilder
@NonnullAfterInit public Function<ValidateAssertions.AssertionValidationInput,ValidationContext> getValidationContextBuilder()
Get the function that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance.Defaults to an instance of
DefaultAssertionValidationContextBuilder.- Returns:
- the builder function
-
setValidationContextBuilder
public void setValidationContextBuilder(@Nonnull Function<ValidateAssertions.AssertionValidationInput,ValidationContext> builder)Set the function that builds aValidationContextinstance based on aValidateAssertions.AssertionValidationInputinstance.Defaults to an instance of
DefaultAssertionValidationContextBuilder.- Parameters:
builder- the builder function
-
getHttpServletRequest
@NonnullAfterInit public javax.servlet.http.HttpServletRequest getHttpServletRequest()
Get the HTTP servlet request being processed.- Overrides:
getHttpServletRequestin classAbstractProfileAction- Returns:
- the HTTP servlet request
-
setHttpServletRequest
public void setHttpServletRequest(@Nonnull javax.servlet.http.HttpServletRequest request)Set the HTTP servlet request being processed.- Overrides:
setHttpServletRequestin classAbstractProfileAction- Parameters:
request- The HTTP servlet request
-
isInvalidFatal
public boolean isInvalidFatal()
Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.Defaults to:
true.- Returns:
- Returns the invalidFatal.
-
setInvalidFatal
public void setInvalidFatal(boolean flag)
Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.Defaults to:
true.- Parameters:
flag- The invalidFatal to set.
-
getAssertionValidator
@Nullable public SAML20AssertionValidator getAssertionValidator()
Get the locally-configured Assertion validator.- Returns:
- the local Assertion validator, or null
-
setAssertionValidator
public void setAssertionValidator(@Nullable SAML20AssertionValidator validator)Set the locally-configured Assertion validator.- Parameters:
validator- the local Assertion validator, may be null
-
getAssertionValidatorLookup
@Nullable public Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> getAssertionValidatorLookup()
Get the Assertion validator lookup function.- Returns:
- the Assertion validator lookup function, or null
-
setAssertionValidatorLookup
public void setAssertionValidatorLookup(@Nullable Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> function)Set the Assertion validator lookup function.- Parameters:
function- the Assertion validator lookup function, may be null
-
doInitialize
protected void doInitialize() throws ComponentInitializationException- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
doDestroy
protected void doDestroy()
- Overrides:
doDestroyin classAbstractInitializableComponent
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)- Overrides:
doPreExecutein classAbstractProfileAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileContext)- Overrides:
doExecutein classAbstractProfileAction
-
processResult
protected void processResult(@Nonnull ValidationContext validationContext, @Nonnull ValidationResult validationResult, @Nonnull Assertion assertion, @Nonnull ProfileRequestContext profileContext)Process the result of the assertion validation.- Parameters:
validationContext- the Assertion validation contextvalidationResult- the Assertion validation resultassertion- the assertion being evaluated producedprofileContext- the current profile request context
-
resolveValidator
@Nullable protected SAML20AssertionValidator resolveValidator(@Nonnull ProfileRequestContext profileContext, @Nonnull Assertion assertion)
Resolve the Assertion token validator to use with the specified Assertion.- Parameters:
profileContext- the current profile contextassertion- the assertion being evaluated- Returns:
- the token validator
-
buildValidationContext
@Nonnull protected ValidationContext buildValidationContext(@Nonnull ProfileRequestContext profileContext, @Nonnull Assertion assertion) throws AssertionValidationException
Build the Assertion ValidationContext.- Parameters:
profileContext- the current profile contextassertion- the assertion which is to be validated- Returns:
- the new Assertion validation context to use
- Throws:
AssertionValidationException- if no validation context instance could be built
-
-