Package org.opensaml.saml.common.binding.security.impl

Class BaseSAMLXMLSignatureSecurityHandler

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler<Signature>
org.opensaml.saml.common.binding.security.impl.BaseSAMLXMLSignatureSecurityHandler
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, MessageHandler
Direct Known Subclasses:
SAMLProtocolMessageXMLSignatureSecurityHandler
public abstract class BaseSAMLXMLSignatureSecurityHandler extends BaseTrustEngineSecurityHandler<Signature>
Base class for SAML security message handlers which evaluate a signature with a signature trust engine.

  • Field Details

    • peerContext

      @Nullable private SAMLPeerEntityContext peerContext
      The context representing the SAML peer entity.

    • samlProtocolContext

      @Nullable private SAMLProtocolContext samlProtocolContext
      The SAML protocol context in operation.

  • Constructor Details

    • BaseSAMLXMLSignatureSecurityHandler

      public BaseSAMLXMLSignatureSecurityHandler()

  • Method Details

    • getSAMLPeerEntityContext

      @Nullable protected SAMLPeerEntityContext getSAMLPeerEntityContext()
      Get the SAMLPeerEntityContext associated with the message.
      Returns:
      the peer context

    • getSAMLProtocolContext

      @Nullable protected SAMLProtocolContext getSAMLProtocolContext()
      Get the SAMLProtocolContext associated with the message.
      Returns:
      the protocol context

    • doPreInvoke

      protected boolean doPreInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException
      Called prior to execution, handlers may override this method to perform pre-processing for a request.

      The default impl applies the Predicate set via the AbstractMessageHandler.setActivationCondition(Predicate).

      If false is returned, execution will not proceed.

      Subclasses which override this method should generally invoke the super version of this method first, so that the activation condition will be applied up front, and immediately return false if the super version returns false. This avoids unnecessary execution of the remaining pre-invocation code if the handler ultimately will not execute.

      Overrides:
      doPreInvoke in class BaseTrustEngineSecurityHandler<Signature>
      Parameters:
      messageContext - the message context on which to invoke the handler
      Returns:
      true iff execution should proceed
      Throws:
      MessageHandlerException - if there is a problem executing the handler pre-routine

    • resolveTrustEngine

      @Nullable protected TrustEngine<Signature> resolveTrustEngine(@Nonnull MessageContext messageContext)
      Resolve a TrustEngine instance of the appropriate type from the message context.
      Specified by:
      resolveTrustEngine in class BaseTrustEngineSecurityHandler<Signature>
      Parameters:
      messageContext - the message context which is being evaluated
      Returns:
      the resolved TrustEngine, may be null

    • buildCriteriaSet

      @Nonnull protected CriteriaSet buildCriteriaSet(@Nullable String entityID, @Nonnull MessageContext messageContext) throws MessageHandlerException
      Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.
      Specified by:
      buildCriteriaSet in class BaseTrustEngineSecurityHandler<Signature>
      Parameters:
      entityID - the candidate issuer entity ID which is being evaluated
      messageContext - the message context which is being evaluated
      Returns:
      a newly constructly set of criteria suitable for the configured trust engine
      Throws:
      MessageHandlerException - thrown if criteria set can not be constructed