|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.opensaml.ws.security.provider.BaseTrustEngineRule<Signature> org.opensaml.common.binding.security.BaseSAMLXMLSignatureSecurityPolicyRule org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule
public class SAMLProtocolMessageXMLSignatureSecurityPolicyRule
SAML security policy rule which validates the signature (if present) on the SAMLObject
which represents the
SAML protocol message being processed.
If the message is not an instance of SignableSAMLObject
, then no processing is performed. If signature
validation is successful, and the SAML message context issuer was not previously authenticated, then the context's
issuer authentication state will be set to true
.
If an optional Validator
for Signature
objects is supplied, this validator will be used to validate
the XML Signature element prior to the actual cryptographic validation of the signature. This might for example be
used to enforce certain signature profile requirements or to detect signatures upon which it would be unsafe to
attempt cryptographic processing. When using the single argument constructuor form, the validator will default to
SAMLSignatureProfileValidator
.
Field Summary | |
---|---|
private org.slf4j.Logger |
log
Logger. |
private Validator<Signature> |
sigValidator
Validator for XML Signature instances. |
Constructor Summary | |
---|---|
SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine)
Constructor. |
|
SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine,
Validator<Signature> signatureValidator)
Constructor. |
Method Summary | |
---|---|
protected void |
doEvaluate(Signature signature,
SignableSAMLObject signableObject,
SAMLMessageContext samlMsgCtx)
Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust engine. |
void |
evaluate(MessageContext messageContext)
|
protected Validator<Signature> |
getSignaturePrevalidator()
Get the validator used to perform pre-validation on Signature tokens. |
protected void |
performPreValidation(Signature signature)
Perform pre-validation on the Signature token. |
Methods inherited from class org.opensaml.common.binding.security.BaseSAMLXMLSignatureSecurityPolicyRule |
---|
buildCriteriaSet |
Methods inherited from class org.opensaml.ws.security.provider.BaseTrustEngineRule |
---|
evaluate, evaluate, getTrustEngine |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private final org.slf4j.Logger log
private Validator<Signature> sigValidator
Constructor Detail |
---|
public SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine)
SAMLSignatureProfileValidator
.
engine
- Trust engine used to verify the signaturepublic SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine, Validator<Signature> signatureValidator)
engine
- Trust engine used to verify the signaturesignatureValidator
- optional pre-validator used to validate Signature elements prior to the actual
cryptographic validation operationMethod Detail |
---|
public void evaluate(MessageContext messageContext) throws SecurityPolicyException
SecurityPolicyException
protected void doEvaluate(Signature signature, SignableSAMLObject signableObject, SAMLMessageContext samlMsgCtx) throws SecurityPolicyException
signature
- the signature which is being evaluatedsignableObject
- the signable object which contained the signaturesamlMsgCtx
- the SAML message context being processed
SecurityPolicyException
- thrown if the signature fails validationprotected Validator<Signature> getSignaturePrevalidator()
protected void performPreValidation(Signature signature) throws SecurityPolicyException
signature
- the signature to evaluate
SecurityPolicyException
- thrown if the signature element fails pre-validation
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |