org.opensaml.ws.security.provider
Class BasicSecurityPolicy<RequestType extends javax.servlet.ServletRequest>

java.lang.Object
  extended by org.opensaml.ws.security.provider.BasicSecurityPolicy<RequestType>
Type Parameters:
RequestType - the message request type
All Implemented Interfaces:
SecurityPolicy<RequestType>
Direct Known Subclasses:
SAMLSecurityPolicy

public class BasicSecurityPolicy<RequestType extends javax.servlet.ServletRequest>
extends java.lang.Object
implements SecurityPolicy<RequestType>

Basic security policy implementation which evaluates a given set of SecurityPolicyRule in an ordered manner. A policy evaluates succesfully if, and only if:


Constructor Summary
BasicSecurityPolicy()
          Constructor.
BasicSecurityPolicy(boolean authenticatedIssuer)
          Constructor.
 
Method Summary
protected  SecurityPolicyContext createNewContext()
          Get a new instance of SecurityPolicyContext to use for a given policy evaluation.
 void evaluate(RequestType request, XMLObject message)
          Evaluates this policy.
 java.lang.String getIssuer()
          Convenience method for getting the issuer of the message as determined by the registered validators, from the security policy context.
 java.util.List<SecurityPolicyRule<RequestType>> getPolicyRules()
          Gets the rules that are evaluated for this policy.
 SecurityPolicyContext getSecurityPolicyContext()
          Get the SecurityPolicyContext instance which stores various items of state related to the evaluation of this policy.
 java.lang.Boolean isIssuerAuthenticated()
          Gets whether the message issuer was authenticated.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BasicSecurityPolicy

public BasicSecurityPolicy()
Constructor. Message issuer is required to be authenticated.


BasicSecurityPolicy

public BasicSecurityPolicy(boolean authenticatedIssuer)
Constructor.

Parameters:
authenticatedIssuer - indicates whether the issuer must be authenticated
Method Detail

getSecurityPolicyContext

public SecurityPolicyContext getSecurityPolicyContext()
Get the SecurityPolicyContext instance which stores various items of state related to the evaluation of this policy.

Specified by:
getSecurityPolicyContext in interface SecurityPolicy<RequestType extends javax.servlet.ServletRequest>
Returns:
security policy context information as determined by the registered security policy rules

getIssuer

public java.lang.String getIssuer()
Convenience method for getting the issuer of the message as determined by the registered validators, from the security policy context.

Specified by:
getIssuer in interface SecurityPolicy<RequestType extends javax.servlet.ServletRequest>
Returns:
issuer of the message as determined by the registered validators

isIssuerAuthenticated

public java.lang.Boolean isIssuerAuthenticated()
Gets whether the message issuer was authenticated.

Specified by:
isIssuerAuthenticated in interface SecurityPolicy<RequestType extends javax.servlet.ServletRequest>
Returns:
Boolean.TRUE if the issuer was authenticated, Boolean.FALSE if the issuer failed authentication, or null if no authentication was attempted

getPolicyRules

public java.util.List<SecurityPolicyRule<RequestType>> getPolicyRules()
Gets the rules that are evaluated for this policy.

Specified by:
getPolicyRules in interface SecurityPolicy<RequestType extends javax.servlet.ServletRequest>
Returns:
rules that are evaluated for this policy

evaluate

public void evaluate(RequestType request,
                     XMLObject message)
              throws SecurityPolicyException
Evaluates this policy.

Specified by:
evaluate in interface SecurityPolicy<RequestType extends javax.servlet.ServletRequest>
Parameters:
request - the protocol request
message - the incoming message
Throws:
SecurityPolicyException - thrown if the request does not meet the requirements of this policy

createNewContext

protected SecurityPolicyContext createNewContext()
Get a new instance of SecurityPolicyContext to use for a given policy evaluation. Subclasses may choose to override this method to create a context of the appropriate subtype.

Returns:
a new security policy context instance