Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.opensaml.saml2.binding.security
Class SAML2HTTPPostSimpleSignRule

java.lang.Object
  extended by org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule
      extended by org.opensaml.saml2.binding.security.SAML2HTTPPostSimpleSignRule
All Implemented Interfaces:
SecurityPolicyRule
public class SAML2HTTPPostSimpleSignRule
extends BaseSAMLSimpleSignatureSecurityPolicyRule

Security policy which evaluates simple "blob" signatures according to the SAML 2 HTTP-POST-SimpleSign binding.

Field Summary
private  KeyInfoCredentialResolver keyInfoResolver
          KeyInfo resolver to use to process KeyInfo request parameter.
private  org.slf4j.Logger log
          Logger.
private  ParserPool parser
          Parser pool to use to process KeyInfo request parameter.
 
Constructor Summary
SAML2HTTPPostSimpleSignRule(SignatureTrustEngine engine, ParserPool parserPool, KeyInfoCredentialResolver keyInfoCredResolver)
          Constructor.
 
Method Summary
protected  List<Credential> getRequestCredentials(javax.servlet.http.HttpServletRequest request, SAMLMessageContext samlContext)
          Extract any candidate validation credentials from the request and/or message context.
protected  byte[] getSignedContent(javax.servlet.http.HttpServletRequest request)
          Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).
protected  boolean ruleHandles(javax.servlet.http.HttpServletRequest request, SAMLMessageContext samlMsgCtx)
          Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.
 
Methods inherited from class org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule
buildCriteriaSet, deriveSignerEntityID, evaluate, getSignature, getSignatureAlgorithm, getTrustEngine, validateSignature
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

private org.slf4j.Logger log
Logger.

parser

private ParserPool parser
Parser pool to use to process KeyInfo request parameter.

keyInfoResolver

private KeyInfoCredentialResolver keyInfoResolver
KeyInfo resolver to use to process KeyInfo request parameter.

Constructor Detail

SAML2HTTPPostSimpleSignRule

public SAML2HTTPPostSimpleSignRule(SignatureTrustEngine engine,
                                   ParserPool parserPool,
                                   KeyInfoCredentialResolver keyInfoCredResolver)
Constructor.

Parameters:
engine - the trust engine to use
parserPool - the parser pool used to parse the KeyInfo request parameter
keyInfoCredResolver - the KeyInfo credential resovler to use to extract credentials from the KeyInfo request parameter
Method Detail

ruleHandles

protected boolean ruleHandles(javax.servlet.http.HttpServletRequest request,
                              SAMLMessageContext samlMsgCtx)
Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.

Specified by:
ruleHandles in class BaseSAMLSimpleSignatureSecurityPolicyRule
Parameters:
request - the HTTP servlet request being processed
samlMsgCtx - the SAML message context being processed
Returns:
true if the rule should attempt to process the request, otherwise false

getSignedContent

protected byte[] getSignedContent(javax.servlet.http.HttpServletRequest request)
                           throws SecurityPolicyException
Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).

Specified by:
getSignedContent in class BaseSAMLSimpleSignatureSecurityPolicyRule
Parameters:
request - the HTTP servlet request being processed
Returns:
the signed content extracted from the request, in the format suitable for input to the trust engine.
Throws:
SecurityPolicyException - thrown if there is an error during request processing

getRequestCredentials

protected List<Credential> getRequestCredentials(javax.servlet.http.HttpServletRequest request,
                                                 SAMLMessageContext samlContext)
                                          throws SecurityPolicyException
Extract any candidate validation credentials from the request and/or message context. Some bindings allow validataion keys for the simple signature to be supplied, and others do not.

Overrides:
getRequestCredentials in class BaseSAMLSimpleSignatureSecurityPolicyRule
Parameters:
request - the HTTP servlet request being processed
samlContext - the SAML message context being processed
Returns:
a list of candidate validation credentials in the request, or null if none were present
Throws:
SecurityPolicyException - thrown if there is an error during request processing
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 1999-2013. All Rights Reserved.