Package org.opensaml.saml.saml2.profile.impl

Class ValidateAssertions

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.saml.saml2.profile.impl.ValidateAssertions

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction

public class ValidateAssertions
extends AbstractProfileAction

A profile action which resolves SAML 2.0 Assertions from the profile request context and validates them using a resolved or configured instance of SAML20AssertionValidator.

The ValidationResult along with the ValidationContext used are stored in the assertion's XMLObject.getObjectMetadata() as instance of ValidationProcessingData.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	ValidateAssertions.AssertionValidationInput	Class which holds data relevant to validating a SAML 2.0 Assertion.
class	ValidateAssertions.DefaultAssertionResolver	The default assertion resolver function.

Field Summary

Fields

Modifier and Type	Field	Description
private Function<ProfileRequestContext,List<Assertion>>	assertionResolver	The resolver for the list of assertions to be validated.
private List<Assertion>	assertions	The resolved assertions to be validated.
private SAML20AssertionValidator	assertionValidator	The SAML 2.0 Assertion validator, may be null.
private Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator>	assertionValidatorLookup	The SAML 2.0 Assertion validator lookup function, may be null.
private javax.servlet.http.HttpServletRequest	httpServletRequest	The HttpServletRequest being processed.
private boolean	invalidFatal	Flag which indicates whether a failure of Assertion validation should be considered fatal.
private final org.slf4j.Logger	log	Class logger.
private Function<ValidateAssertions.AssertionValidationInput,ValidationContext>	validationContextBuilder	Function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

Constructor Summary

Constructors

Constructor	Description
ValidateAssertions()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected ValidationContext	buildValidationContext(ProfileRequestContext profileContext, Assertion assertion)	Build the Assertion ValidationContext.
protected void	doDestroy()
protected void	doExecute(ProfileRequestContext profileContext)	Performs this action.
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)	Called prior to execution, actions may override this method to perform pre-processing for a request.
Function<ProfileRequestContext,List<Assertion>>	getAssertionResolver()	Get the function which resolves the list of assertions to validate.
SAML20AssertionValidator	getAssertionValidator()	Get the locally-configured Assertion validator.
Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator>	getAssertionValidatorLookup()	Get the Assertion validator lookup function.
javax.servlet.http.HttpServletRequest	getHttpServletRequest()	Get the HTTP servlet request being processed.
Function<ValidateAssertions.AssertionValidationInput,ValidationContext>	getValidationContextBuilder()	Get the function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.
boolean	isInvalidFatal()	Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
protected void	processResult(ValidationContext validationContext, ValidationResult validationResult, Assertion assertion, ProfileRequestContext profileContext)	Process the result of the assertion validation.
protected SAML20AssertionValidator	resolveValidator(ProfileRequestContext profileContext, Assertion assertion)	Resolve the Assertion token validator to use with the specified Assertion.
void	setAssertionResolver(Function<ProfileRequestContext,List<Assertion>> function)	Set the function which resolves the list of assertions to validate.
void	setAssertionValidator(SAML20AssertionValidator validator)	Set the locally-configured Assertion validator.
void	setAssertionValidatorLookup(Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> function)	Set the Assertion validator lookup function.
void	setHttpServletRequest(javax.servlet.http.HttpServletRequest request)	Set the HTTP servlet request being processed.
void	setInvalidFatal(boolean flag)	Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
void	setValidationContextBuilder(Function<ValidateAssertions.AssertionValidationInput,ValidationContext> builder)	Set the function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletResponse, getLogPrefix, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

httpServletRequest

@NonnullAfterInit
private javax.servlet.http.HttpServletRequest httpServletRequest

The HttpServletRequest being processed.

invalidFatal

private boolean invalidFatal

Flag which indicates whether a failure of Assertion validation should be considered fatal.

assertionValidator

@Nullable
private SAML20AssertionValidator assertionValidator

The SAML 2.0 Assertion validator, may be null.

assertionValidatorLookup

@Nullable
private Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> assertionValidatorLookup

The SAML 2.0 Assertion validator lookup function, may be null.

validationContextBuilder

@NonnullAfterInit
private Function<ValidateAssertions.AssertionValidationInput,ValidationContext> validationContextBuilder

Function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

assertionResolver

@Nonnull
private Function<ProfileRequestContext,List<Assertion>> assertionResolver

The resolver for the list of assertions to be validated.

assertions

private List<Assertion> assertions

The resolved assertions to be validated.

Constructor Details

ValidateAssertions

public ValidateAssertions()

Constructor.

Method Details

getAssertionResolver

@Nonnull
public Function<ProfileRequestContext,List<Assertion>> getAssertionResolver()

Get the function which resolves the list of assertions to validate.

Returns:

the assertion resolver function

setAssertionResolver

public void setAssertionResolver(@Nonnull
 Function<ProfileRequestContext,List<Assertion>> function)

Set the function which resolves the list of assertions to validate.

Parameters:

function - the new assertion resolver function

getValidationContextBuilder

@NonnullAfterInit
public Function<ValidateAssertions.AssertionValidationInput,ValidationContext> getValidationContextBuilder()

Get the function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

Defaults to an instance of DefaultAssertionValidationContextBuilder.

Returns:

the builder function

setValidationContextBuilder

public void setValidationContextBuilder(@Nonnull
 Function<ValidateAssertions.AssertionValidationInput,ValidationContext> builder)

Set the function that builds a ValidationContext instance based on a ValidateAssertions.AssertionValidationInput instance.

Defaults to an instance of DefaultAssertionValidationContextBuilder.

Parameters:

builder - the builder function

getHttpServletRequest

@NonnullAfterInit
public javax.servlet.http.HttpServletRequest getHttpServletRequest()

Get the HTTP servlet request being processed.

Overrides:

getHttpServletRequest in class AbstractProfileAction

Returns:

the HTTP servlet request

setHttpServletRequest

public void setHttpServletRequest(@Nonnull
 javax.servlet.http.HttpServletRequest request)

Set the HTTP servlet request being processed.

Overrides:

setHttpServletRequest in class AbstractProfileAction

Parameters:

request - The HTTP servlet request

isInvalidFatal

public boolean isInvalidFatal()

Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

Defaults to: true.

Returns:

Returns the invalidFatal.

setInvalidFatal

public void setInvalidFatal(boolean flag)

Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

Defaults to: true.

Parameters:

flag - The invalidFatal to set.

getAssertionValidator

@Nullable
public SAML20AssertionValidator getAssertionValidator()

Get the locally-configured Assertion validator.

Returns:

the local Assertion validator, or null

setAssertionValidator

public void setAssertionValidator(@Nullable
 SAML20AssertionValidator validator)

Set the locally-configured Assertion validator.

Parameters:

validator - the local Assertion validator, may be null

getAssertionValidatorLookup

@Nullable
public Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> getAssertionValidatorLookup()

Get the Assertion validator lookup function.

Returns:

the Assertion validator lookup function, or null

setAssertionValidatorLookup

public void setAssertionValidatorLookup(@Nullable
 Function<Pair<ProfileRequestContext,Assertion>,SAML20AssertionValidator> function)

Set the Assertion validator lookup function.

Parameters:

function - the Assertion validator lookup function, may be null

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doDestroy

protected void doDestroy()

Overrides:

doDestroy in class AbstractInitializableComponent

doPreExecute

protected boolean doPreExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Called prior to execution, actions may override this method to perform pre-processing for a request.

If false is returned, execution will not proceed, and the action should attach an EventContext to the context tree to signal how to continue with overall workflow processing.

If returning successfully, the last step should be to return the result of the superclass version of this method.

Overrides:

doPreExecute in class AbstractProfileAction

Parameters:

profileRequestContext - the current IdP profile request context

Returns:

true iff execution should proceed

doExecute

protected void doExecute(@Nonnull
 ProfileRequestContext profileContext)

Performs this action. Actions must override this method to perform their work.

Overrides:

doExecute in class AbstractProfileAction

Parameters:

profileContext - the current IdP profile request context

processResult

protected void processResult(@Nonnull
 ValidationContext validationContext,
 @Nonnull
 ValidationResult validationResult,
 @Nonnull
 Assertion assertion,
 @Nonnull
 ProfileRequestContext profileContext)

Process the result of the assertion validation.

Parameters:

validationContext - the Assertion validation context

validationResult - the Assertion validation result

assertion - the assertion being evaluated produced

profileContext - the current profile request context

resolveValidator

@Nullable
protected SAML20AssertionValidator resolveValidator(@Nonnull
 ProfileRequestContext profileContext,
 @Nonnull
 Assertion assertion)

Resolve the Assertion token validator to use with the specified Assertion.

Parameters:

profileContext - the current profile context

assertion - the assertion being evaluated

Returns:

the token validator

buildValidationContext

@Nonnull
protected ValidationContext buildValidationContext(@Nonnull
 ProfileRequestContext profileContext,
 @Nonnull
 Assertion assertion)
                                            throws AssertionValidationException

Build the Assertion ValidationContext.

Parameters:

profileContext - the current profile context

assertion - the assertion which is to be validated

Returns:

the new Assertion validation context to use

Throws:

AssertionValidationException - if no validation context instance could be built