org.opensaml.common.binding.security
Class SAMLMDClientCertAuthRuleFactory.SAMLMDClientCertAuthRule

java.lang.Object
  extended by org.opensaml.ws.security.provider.BaseTrustEngineRule<X509Credential,javax.servlet.ServletRequest>
      extended by org.opensaml.ws.security.provider.ClientCertAuthRule
          extended by org.opensaml.common.binding.security.SAMLMDClientCertAuthRuleFactory.SAMLMDClientCertAuthRule
All Implemented Interfaces:
SecurityPolicyRule<javax.servlet.ServletRequest>
Enclosing class:
SAMLMDClientCertAuthRuleFactory

public class SAMLMDClientCertAuthRuleFactory.SAMLMDClientCertAuthRule
extends ClientCertAuthRule

SAML specialization of ClientCertAuthRule which provides support for X509Credential trust engine validation based on SAML metadta.


Constructor Summary
SAMLMDClientCertAuthRuleFactory.SAMLMDClientCertAuthRule(TrustEngine<X509Credential> engine, ClientCertAuthRuleFactory.CertificateNameOptions nameOptions)
          Constructor.
 
Method Summary
protected  CriteriaSet buildCriteriaSet(java.lang.String entityID, javax.servlet.ServletRequest request, XMLObject message, SecurityPolicyContext context)
          Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.
 
Methods inherited from class org.opensaml.ws.security.provider.ClientCertAuthRule
evaluate, evaluateCertificateNameDerivedIssuers, evaluateDerivedIssuers, evaluateSubjectAltNames, evaluateSubjectCommonName, evaluateSubjectDN, getAltNames, getCommonName, getSubjectName
 
Methods inherited from class org.opensaml.ws.security.provider.BaseTrustEngineRule
evaluate, getTrustEngine
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SAMLMDClientCertAuthRuleFactory.SAMLMDClientCertAuthRule

public SAMLMDClientCertAuthRuleFactory.SAMLMDClientCertAuthRule(TrustEngine<X509Credential> engine,
                                                                ClientCertAuthRuleFactory.CertificateNameOptions nameOptions)
Constructor.

Parameters:
engine - Trust engine used to verify the request X509Credential
nameOptions - options for deriving issuer names from an X.509 certificate
Method Detail

buildCriteriaSet

protected CriteriaSet buildCriteriaSet(java.lang.String entityID,
                                       javax.servlet.ServletRequest request,
                                       XMLObject message,
                                       SecurityPolicyContext context)
Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.

Overrides:
buildCriteriaSet in class ClientCertAuthRule
Parameters:
entityID - the candidate issuer entity ID which is being evaluated
request - the protocol request
message - the incoming message
context - the security policy context to use for evaluation and storage of related state info
Returns:
a newly constructly set of criteria suitable for the configured trust engine