org.opensaml.common.binding.security
Class SAMLSecurityPolicy

java.lang.Object
  extended by org.opensaml.ws.security.provider.BasicSecurityPolicy<javax.servlet.ServletRequest>
      extended by org.opensaml.common.binding.security.SAMLSecurityPolicy
All Implemented Interfaces:
SecurityPolicy<javax.servlet.ServletRequest>

public class SAMLSecurityPolicy
extends BasicSecurityPolicy<javax.servlet.ServletRequest>

A policy used to verify the security of an incoming SAML request. Its security mechanisms may be used to check transport layer items (e.g client certificates and basic auth passwords) and the payload valiators may be used to check the payload of a request to ensure it meets certain criteria (e.g. valid digital signature).


Constructor Summary
SAMLSecurityPolicy(javax.xml.namespace.QName role, java.lang.String protocol)
          Constructor.
SAMLSecurityPolicy(javax.xml.namespace.QName role, java.lang.String protocol, boolean requireAuthenticatedIssuer)
          Constructor.
 
Method Summary
protected  SecurityPolicyContext createNewContext()
          Get a new instance of SecurityPolicyContext to use for a given policy evaluation.
 void evaluate(javax.servlet.ServletRequest request, XMLObject message)
          Evaluates this policy.
 RoleDescriptor getIssuerRoleMetadata()
          Gets the role metadata for the issuer, after the security policy has been successfully evaluated.
 MetadataProvider getMetadataProvider()
          Gets the metadata provider used to look up entity information.
 void setMetadataProvider(MetadataProvider provider)
          Sets the metadata provider used to look up entity information.
 
Methods inherited from class org.opensaml.ws.security.provider.BasicSecurityPolicy
getIssuer, getPolicyRules, getSecurityPolicyContext, isIssuerAuthenticated
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SAMLSecurityPolicy

public SAMLSecurityPolicy(javax.xml.namespace.QName role,
                          java.lang.String protocol)
Constructor.

Parameters:
role - expected role of the issuer
protocol - expected protocol of the issuer

SAMLSecurityPolicy

public SAMLSecurityPolicy(javax.xml.namespace.QName role,
                          java.lang.String protocol,
                          boolean requireAuthenticatedIssuer)
Constructor.

Parameters:
role - expected role of the issuer
protocol - expected protocol of the issuer
requireAuthenticatedIssuer - whether the issuer of the message must be authenticated in order for the policy to pass
Method Detail

evaluate

public void evaluate(javax.servlet.ServletRequest request,
                     XMLObject message)
              throws SecurityPolicyException
Evaluates this policy.

Specified by:
evaluate in interface SecurityPolicy<javax.servlet.ServletRequest>
Overrides:
evaluate in class BasicSecurityPolicy<javax.servlet.ServletRequest>
Parameters:
request - the protocol request
message - the incoming message
Throws:
SecurityPolicyException - thrown if the request does not meet the requirements of this policy

getMetadataProvider

public MetadataProvider getMetadataProvider()
Gets the metadata provider used to look up entity information.

Returns:
metadata provider used to look up entity information

setMetadataProvider

public void setMetadataProvider(MetadataProvider provider)
Sets the metadata provider used to look up entity information.

Parameters:
provider - metadata provider used to look up entity information

getIssuerRoleMetadata

public RoleDescriptor getIssuerRoleMetadata()
Gets the role metadata for the issuer, after the security policy has been successfully evaluated.

Returns:
role metadata for the issuer

createNewContext

protected SecurityPolicyContext createNewContext()
Get a new instance of SecurityPolicyContext to use for a given policy evaluation. Subclasses may choose to override this method to create a context of the appropriate subtype.

Overrides:
createNewContext in class BasicSecurityPolicy<javax.servlet.ServletRequest>
Returns:
a new security policy context instance