Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.opensaml.common.binding.security
Class SAMLProtocolMessageXMLSignatureSecurityPolicyRule

java.lang.Object
  extended by org.opensaml.ws.security.provider.BaseTrustEngineRule<Signature>
      extended by org.opensaml.common.binding.security.BaseSAMLXMLSignatureSecurityPolicyRule
          extended by org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule
All Implemented Interfaces:
SecurityPolicyRule
public class SAMLProtocolMessageXMLSignatureSecurityPolicyRule
extends BaseSAMLXMLSignatureSecurityPolicyRule

SAML security policy rule which validates the signature (if present) on the SAMLObject which represents the SAML protocol message being processed.

If the message is not an instance of SignableSAMLObject, then no processing is performed. If signature validation is successful, and the SAML message context issuer was not previously authenticated, then the context's issuer authentication state will be set to true.

If an optional Validator for Signature objects is supplied, this validator will be used to validate the XML Signature element prior to the actual cryptographic validation of the signature. This might for example be used to enforce certain signature profile requirements or to detect signatures upon which it would be unsafe to attempt cryptographic processing. When using the single argument constructuor form, the validator will default to SAMLSignatureProfileValidator.

Field Summary
private  org.slf4j.Logger log
          Logger.
private  Validator<Signature> sigValidator
          Validator for XML Signature instances.
 
Constructor Summary
SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine)
          Constructor.
SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine, Validator<Signature> signatureValidator)
          Constructor.
 
Method Summary
protected  void doEvaluate(Signature signature, SignableSAMLObject signableObject, SAMLMessageContext samlMsgCtx)
          Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust engine.
 void evaluate(MessageContext messageContext)
          
protected  Validator<Signature> getSignaturePrevalidator()
          Get the validator used to perform pre-validation on Signature tokens.
protected  void performPreValidation(Signature signature)
          Perform pre-validation on the Signature token.
 
Methods inherited from class org.opensaml.common.binding.security.BaseSAMLXMLSignatureSecurityPolicyRule
buildCriteriaSet
 
Methods inherited from class org.opensaml.ws.security.provider.BaseTrustEngineRule
evaluate, evaluate, getTrustEngine
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

private final org.slf4j.Logger log
Logger.

sigValidator

private Validator<Signature> sigValidator
Validator for XML Signature instances.

Constructor Detail

SAMLProtocolMessageXMLSignatureSecurityPolicyRule

public SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine)
Constructor. Signature pre-validator defaults to SAMLSignatureProfileValidator.

Parameters:
engine - Trust engine used to verify the signature

SAMLProtocolMessageXMLSignatureSecurityPolicyRule

public SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine,
                                                         Validator<Signature> signatureValidator)
Constructor.

Parameters:
engine - Trust engine used to verify the signature
signatureValidator - optional pre-validator used to validate Signature elements prior to the actual cryptographic validation operation
Method Detail

evaluate

public void evaluate(MessageContext messageContext)
              throws SecurityPolicyException

Throws:
SecurityPolicyException

doEvaluate

protected void doEvaluate(Signature signature,
                          SignableSAMLObject signableObject,
                          SAMLMessageContext samlMsgCtx)
                   throws SecurityPolicyException
Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust engine.

Parameters:
signature - the signature which is being evaluated
signableObject - the signable object which contained the signature
samlMsgCtx - the SAML message context being processed
Throws:
SecurityPolicyException - thrown if the signature fails validation

getSignaturePrevalidator

protected Validator<Signature> getSignaturePrevalidator()
Get the validator used to perform pre-validation on Signature tokens.

Returns:
the configured Signature validator, or null

performPreValidation

protected void performPreValidation(Signature signature)
                             throws SecurityPolicyException
Perform pre-validation on the Signature token.

Parameters:
signature - the signature to evaluate
Throws:
SecurityPolicyException - thrown if the signature element fails pre-validation
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 1999-2012. All Rights Reserved.