|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opensaml.ws.security.provider.BasicSecurityPolicy<javax.servlet.ServletRequest>
org.opensaml.common.binding.security.SAMLSecurityPolicy
public class SAMLSecurityPolicy
A policy used to verify the security of an incoming SAML request. Its security mechanisms may be used to check transport layer items (e.g client certificates and basic auth passwords) and the payload valiators may be used to check the payload of a request to ensure it meets certain criteria (e.g. valid digital signature).
Constructor Summary | |
---|---|
SAMLSecurityPolicy(javax.xml.namespace.QName role,
java.lang.String protocol)
Constructor. |
|
SAMLSecurityPolicy(javax.xml.namespace.QName role,
java.lang.String protocol,
boolean requireAuthenticatedIssuer)
Constructor. |
Method Summary | |
---|---|
protected SecurityPolicyContext |
createNewContext()
Get a new instance of SecurityPolicyContext to use for a given policy evaluation. |
void |
evaluate(javax.servlet.ServletRequest request,
XMLObject message)
Evaluates this policy. |
RoleDescriptor |
getIssuerRoleMetadata()
Gets the role metadata for the issuer, after the security policy has been successfully evaluated. |
MetadataProvider |
getMetadataProvider()
Gets the metadata provider used to look up entity information. |
void |
setMetadataProvider(MetadataProvider provider)
Sets the metadata provider used to look up entity information. |
Methods inherited from class org.opensaml.ws.security.provider.BasicSecurityPolicy |
---|
getIssuer, getPolicyRules, getSecurityPolicyContext, isIssuerAuthenticated |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SAMLSecurityPolicy(javax.xml.namespace.QName role, java.lang.String protocol)
role
- expected role of the issuerprotocol
- expected protocol of the issuerpublic SAMLSecurityPolicy(javax.xml.namespace.QName role, java.lang.String protocol, boolean requireAuthenticatedIssuer)
role
- expected role of the issuerprotocol
- expected protocol of the issuerrequireAuthenticatedIssuer
- whether the issuer of the message must be authenticated in order for the policy
to passMethod Detail |
---|
public void evaluate(javax.servlet.ServletRequest request, XMLObject message) throws SecurityPolicyException
evaluate
in interface SecurityPolicy<javax.servlet.ServletRequest>
evaluate
in class BasicSecurityPolicy<javax.servlet.ServletRequest>
request
- the protocol requestmessage
- the incoming message
SecurityPolicyException
- thrown if the request does not meet the requirements of this policypublic MetadataProvider getMetadataProvider()
public void setMetadataProvider(MetadataProvider provider)
provider
- metadata provider used to look up entity informationpublic RoleDescriptor getIssuerRoleMetadata()
protected SecurityPolicyContext createNewContext()
SecurityPolicyContext
to use for a given policy evaluation.
Subclasses may choose to override this method to create a context of the appropriate subtype.
createNewContext
in class BasicSecurityPolicy<javax.servlet.ServletRequest>
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |