|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.opensaml.ws.message.encoder.BaseMessageEncoder org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder org.opensaml.saml2.binding.encoding.HTTPPostEncoder org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder
public class HTTPPostSimpleSignEncoder
SAML 2.0 HTTP-POST-SimpleSign binding message encoder.
The spec does not preclude the SAML 2 protocol message from being signed using the XML Signature method, in addition
to the SimpleSign method specified by this binding. Signing via XML Signature over the SAML request and response
payload may be toggled by the signXMLProtocolMessage
parameter to the constructor
HTTPPostSimpleSignEncoder(VelocityEngine, String, boolean)
. If this constructor
variant is not used, the flag defaults to false
.
Field Summary | |
---|---|
private org.slf4j.Logger |
log
Class logger. |
private boolean |
signProtocolMessageWithXMLDSIG
Flag to indicate whether the SAML 2 protocol message should additionally be signed using the XML Signature, in addition to SimpleSign. |
Constructor Summary | |
---|---|
HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine,
String templateId)
Constructor. |
|
HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine,
String templateId,
boolean signXMLProtocolMessage)
Constructor. |
Method Summary | |
---|---|
protected String |
buildFormDataToSign(org.apache.velocity.VelocityContext velocityContext,
SAMLMessageContext messageContext,
String sigAlgURI)
Build the form control data string over which the signature is computed. |
protected String |
buildKeyInfo(Credential signingCredential,
KeyInfoGenerator kiGenerator)
Build the KeyInfo from the signing credential. |
protected String |
generateSignature(Credential signingCredential,
String algorithmURI,
String formData)
Generates the signature over the string of concatenated form control data as indicated by the SimpleSign spec. |
String |
getBindingURI()
Gets the SAML binding URI supported by this encoder. |
protected String |
getSignatureAlgorithmURI(Credential credential,
SecurityConfiguration config)
Gets the signature algorithm URI to use with the given signing credential. |
protected void |
populateVelocityContext(org.apache.velocity.VelocityContext velocityContext,
SAMLMessageContext messageContext,
String endpointURL)
Populate the Velocity context instance which will be used to render the POST body. |
protected void |
signMessage(SAMLMessageContext messageContext)
Signs the given SAML message if it a SignableSAMLObject and this encoder has signing credentials. |
Methods inherited from class org.opensaml.saml2.binding.encoding.HTTPPostEncoder |
---|
doEncode, postEncode, providesMessageConfidentiality, providesMessageIntegrity |
Methods inherited from class org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder |
---|
checkRelayState, getAllowedURLSchemes, getEndpointURL, setAllowedURLSchemes, setResponseDestination |
Methods inherited from class org.opensaml.ws.message.encoder.BaseMessageEncoder |
---|
encode, logEncodedMessage, marshallMessage |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface org.opensaml.ws.message.encoder.MessageEncoder |
---|
encode |
Field Detail |
---|
private final org.slf4j.Logger log
private boolean signProtocolMessageWithXMLDSIG
Constructor Detail |
---|
public HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine, String templateId)
engine
- Velocity engine instance used to create POST bodytemplateId
- ID of the template used to create POST bodypublic HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine, String templateId, boolean signXMLProtocolMessage)
engine
- Velocity engine instance used to create POST bodytemplateId
- ID of the template used to create POST bodysignXMLProtocolMessage
- if true, the protocol message will be signed according to the XML Signature
specification, in addition to the HTTP-POST-SimpleSign binding specificationMethod Detail |
---|
public String getBindingURI()
getBindingURI
in interface SAMLMessageEncoder
getBindingURI
in class HTTPPostEncoder
protected void signMessage(SAMLMessageContext messageContext) throws MessageEncodingException
SignableSAMLObject
and this encoder has signing credentials.
signMessage
in class BaseSAML2MessageEncoder
messageContext
- current message context
MessageEncodingException
- thrown if there is a problem marshalling or signing the outbound messageprotected void populateVelocityContext(org.apache.velocity.VelocityContext velocityContext, SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException
populateVelocityContext
in class HTTPPostEncoder
velocityContext
- the Velocity context instance to populate with datamessageContext
- the SAML message context source of dataendpointURL
- endpoint URL to which to encode message
MessageEncodingException
- thrown if there is a problem encoding the messageprotected String buildKeyInfo(Credential signingCredential, KeyInfoGenerator kiGenerator) throws MessageEncodingException
KeyInfo
from the signing credential.
signingCredential
- the credential used for signingkiGenerator
- the generator for the KeyInfo
MessageEncodingException
- thrown if there is an error generating or marshalling the KeyInfoprotected String buildFormDataToSign(org.apache.velocity.VelocityContext velocityContext, SAMLMessageContext messageContext, String sigAlgURI)
velocityContext
- the Velocity context which is already populated with the values for SAML message and relay
statemessageContext
- the SAML message context being processedsigAlgURI
- the signature algorithm URI
protected String getSignatureAlgorithmURI(Credential credential, SecurityConfiguration config) throws MessageEncodingException
credential
- the credential that will be used to sign the messageconfig
- the SecurityConfiguration to use (may be null)
MessageEncodingException
- thrown if the algorithm URI could not be derived from the supplied credentialprotected String generateSignature(Credential signingCredential, String algorithmURI, String formData) throws MessageEncodingException
signingCredential
- credential that will be used to signalgorithmURI
- algorithm URI of the signing credentialformData
- form control data to be signed
MessageEncodingException
- there is an error computing the signature
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |