org.opensaml.ws.security.provider
Class BaseTrustEngineRule<TokenType,RequestType extends javax.servlet.ServletRequest>

java.lang.Object
  extended by org.opensaml.ws.security.provider.BaseTrustEngineRule<TokenType,RequestType>
Type Parameters:
RequestType - type of request being processed
TokenType - type of token which is being evaluated by the underlying trust engine
All Implemented Interfaces:
SecurityPolicyRule<RequestType>
Direct Known Subclasses:
BaseSAMLSignatureSecurityPolicyRuleFactory.BaseSAMLSignatureSecurityPolicyRule, ClientCertAuthRule

public abstract class BaseTrustEngineRule<TokenType,RequestType extends javax.servlet.ServletRequest>
extends java.lang.Object
implements SecurityPolicyRule<RequestType>

Base rule which uses a trust engine to evaluate a token extracted from the request or message.


Constructor Summary
BaseTrustEngineRule(TrustEngine<TokenType> engine)
          Constructor.
 
Method Summary
protected abstract  CriteriaSet buildCriteriaSet(java.lang.String entityID, RequestType request, XMLObject message, SecurityPolicyContext context)
          Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.
abstract  void evaluate(RequestType request, XMLObject message, SecurityPolicyContext context)
          Evaluates the rule against the given request and message.
protected  boolean evaluate(TokenType token, CriteriaSet criteriaSet)
          Evaluate the token against the specified criteria using the configured trust engine.
 TrustEngine<TokenType> getTrustEngine()
          Gets the engine used to validate the untrusted token.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BaseTrustEngineRule

public BaseTrustEngineRule(TrustEngine<TokenType> engine)
Constructor.

Parameters:
engine - Trust engine used to verify the particular token type
Method Detail

getTrustEngine

public TrustEngine<TokenType> getTrustEngine()
Gets the engine used to validate the untrusted token.

Returns:
engine engine used to validate the untrusted token

evaluate

public abstract void evaluate(RequestType request,
                              XMLObject message,
                              SecurityPolicyContext context)
                       throws SecurityPolicyException
Evaluates the rule against the given request and message.

Specified by:
evaluate in interface SecurityPolicyRule<RequestType extends javax.servlet.ServletRequest>
Parameters:
request - the protocol request
message - the incoming message
context - the security policy context to use for evaluation and storage of related state info
Throws:
SecurityPolicyException - thrown if the request/message do not meet the requirements of this rule

buildCriteriaSet

protected abstract CriteriaSet buildCriteriaSet(java.lang.String entityID,
                                                RequestType request,
                                                XMLObject message,
                                                SecurityPolicyContext context)
Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.

Parameters:
entityID - the candidate issuer entity ID which is being evaluated
request - the protocol request
message - the incoming message
context - the security policy context to use for evaluation and storage of related state info
Returns:
a newly constructly set of criteria suitable for the configured trust engine

evaluate

protected boolean evaluate(TokenType token,
                           CriteriaSet criteriaSet)
                    throws SecurityPolicyException
Evaluate the token against the specified criteria using the configured trust engine.

Parameters:
token - the token to be evaluated
criteriaSet - the set of criteria against which to evaluate the token
Returns:
true if the token satisfies the criteria as determined by the trust engine, otherwise false
Throws:
SecurityPolicyException - thrown if there is a fatal error during trust engine evaluation