Package org.opensaml.saml.saml2.wssecurity.messaging.impl

Class WSSecuritySAML20AssertionTokenSecurityHandler

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.messaging.handler.AbstractMessageHandler

org.opensaml.saml.saml2.wssecurity.messaging.impl.WSSecuritySAML20AssertionTokenSecurityHandler

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, MessageHandler

public class WSSecuritySAML20AssertionTokenSecurityHandler
extends AbstractMessageHandler

A security handler which resolves SAML 2.0 Assertion tokens from a SOAP envelope's wsse:Security header, validates them, and makes them available via via the WSSecurityContext.

Field Summary

Fields

Modifier and Type	Field	Description
private SAML20AssertionValidator	assertionValidator	The SAML 2.0 Assertion validator, may be null.
private Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator>	assertionValidatorLookup	The SAML 2.0 Assertion validator lookup function, may be null.
private javax.servlet.http.HttpServletRequest	httpServletRequest	The HttpServletRequest being processed.
private boolean	invalidFatal	Flag which indicates whether a failure of Assertion validation should be considered fatal.
private final org.slf4j.Logger	log	Class logger.
private Function<SAML20AssertionTokenValidationInput,ValidationContext>	validationContextBuilder	Function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Constructor Summary

Constructors

Constructor	Description
WSSecuritySAML20AssertionTokenSecurityHandler()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected ValidationContext	buildValidationContext(MessageContext messageContext, Assertion assertion)	Build the Assertion ValidationContext.
protected void	doDestroy()
protected void	doInitialize()
protected void	doInvoke(MessageContext messageContext)	Performs the handler logic.
SAML20AssertionValidator	getAssertionValidator()	Get the locally-configured Assertion validator.
Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator>	getAssertionValidatorLookup()	Get the Assertion validator lookup function.
javax.servlet.http.HttpServletRequest	getHttpServletRequest()	Get the HTTP servlet request being processed.
Function<SAML20AssertionTokenValidationInput,ValidationContext>	getValidationContextBuilder()	Get the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.
boolean	isInvalidFatal()	Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
protected void	processResult(ValidationContext validationContext, ValidationResult validationResult, SAML20AssertionToken token, MessageContext messageContext)	Process the result of the token validation.
protected List<Assertion>	resolveAssertions(MessageContext messageContext)	Resolve the SAML 2.0 Assertions token from the SOAP envelope.
protected SAML20AssertionValidator	resolveValidator(MessageContext messageContext, Assertion assertion)	Resolve the Assertion token validator to use with the specified Assertion.
void	setAssertionValidator(SAML20AssertionValidator validator)	Set the locally-configured Assertion validator.
void	setAssertionValidatorLookup(Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator> function)	Set the Assertion validator lookup function.
void	setHttpServletRequest(javax.servlet.http.HttpServletRequest request)	Set the HTTP servlet request being processed.
void	setInvalidFatal(boolean flag)	Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.
void	setValidationContextBuilder(Function<SAML20AssertionTokenValidationInput,ValidationContext> builder)	Set the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

doPostInvoke, doPostInvoke, doPreInvoke, getActivationCondition, getLogPrefix, invoke, setActivationCondition

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

httpServletRequest

@NonnullAfterInit
private javax.servlet.http.HttpServletRequest httpServletRequest

The HttpServletRequest being processed.

invalidFatal

private boolean invalidFatal

Flag which indicates whether a failure of Assertion validation should be considered fatal.

assertionValidator

@Nullable
private SAML20AssertionValidator assertionValidator

The SAML 2.0 Assertion validator, may be null.

assertionValidatorLookup

@Nullable
private Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator> assertionValidatorLookup

The SAML 2.0 Assertion validator lookup function, may be null.

validationContextBuilder

@NonnullAfterInit
private Function<SAML20AssertionTokenValidationInput,ValidationContext> validationContextBuilder

Function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Constructor Details

WSSecuritySAML20AssertionTokenSecurityHandler

public WSSecuritySAML20AssertionTokenSecurityHandler()

Constructor.

Method Details

getValidationContextBuilder

@NonnullAfterInit
public Function<SAML20AssertionTokenValidationInput,ValidationContext> getValidationContextBuilder()

Get the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Defaults to an instance of DefaultSAML20AssertionValidationContextBuilder.

Returns:

the builder function

setValidationContextBuilder

public void setValidationContextBuilder(@Nonnull
 Function<SAML20AssertionTokenValidationInput,ValidationContext> builder)

Set the function that builds a ValidationContext instance based on a SAML20AssertionTokenValidationInput instance.

Defaults to an instance of DefaultSAML20AssertionValidationContextBuilder.

Parameters:

builder - the builder function

getHttpServletRequest

@NonnullAfterInit
public javax.servlet.http.HttpServletRequest getHttpServletRequest()

Get the HTTP servlet request being processed.

Returns:

the HTTP servlet request

setHttpServletRequest

public void setHttpServletRequest(@Nonnull
 javax.servlet.http.HttpServletRequest request)

Set the HTTP servlet request being processed.

Parameters:

request - The HTTP servlet request

isInvalidFatal

public boolean isInvalidFatal()

Get flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

Defaults to: true.

Returns:

Returns the invalidFatal.

setInvalidFatal

public void setInvalidFatal(boolean flag)

Set flag which indicates whether a failure of Assertion validation should be considered a fatal processing error.

Defaults to: true.

Parameters:

flag - The invalidFatal to set.

getAssertionValidator

@Nullable
public SAML20AssertionValidator getAssertionValidator()

Get the locally-configured Assertion validator.

Returns:

the local Assertion validator, or null

setAssertionValidator

public void setAssertionValidator(@Nullable
 SAML20AssertionValidator validator)

Set the locally-configured Assertion validator.

Parameters:

validator - the local Assertion validator, may be null

getAssertionValidatorLookup

@Nullable
public Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator> getAssertionValidatorLookup()

Get the Assertion validator lookup function.

Returns:

the Assertion validator lookup function, or null

setAssertionValidatorLookup

public void setAssertionValidatorLookup(@Nullable
 Function<Pair<MessageContext,Assertion>,SAML20AssertionValidator> function)

Set the Assertion validator lookup function.

Parameters:

function - the Assertion validator lookup function, may be null

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doDestroy

protected void doDestroy()

Overrides:

doDestroy in class AbstractInitializableComponent

doInvoke

protected void doInvoke(@Nonnull
 MessageContext messageContext)
                 throws MessageHandlerException

Performs the handler logic.

Specified by:

doInvoke in class AbstractMessageHandler

Parameters:

messageContext - the message context on which to invoke the handler

Throws:

MessageHandlerException - if there is an error invoking the handler on the message context

processResult

protected void processResult(@Nonnull
 ValidationContext validationContext,
 @Nonnull
 ValidationResult validationResult,
 @Nonnull
 SAML20AssertionToken token,
 @Nonnull
 MessageContext messageContext)
                      throws MessageHandlerException

Process the result of the token validation.

Parameters:

validationContext - the Assertion validation context

validationResult - the Assertion validation result

token - the token being produced

messageContext - the current message context

Throws:

MessageHandlerException - if the Assertion was invalid or indeterminate and idInvalidFatal is true

resolveValidator

@Nullable
protected SAML20AssertionValidator resolveValidator(@Nonnull
 MessageContext messageContext,
 @Nonnull
 Assertion assertion)

Resolve the Assertion token validator to use with the specified Assertion.

Parameters:

messageContext - the current message context

assertion - the assertion being evaluated

Returns:

the token validator

buildValidationContext

@Nonnull
protected ValidationContext buildValidationContext(@Nonnull
 MessageContext messageContext,
 @Nonnull
 Assertion assertion)
                                            throws MessageHandlerException

Build the Assertion ValidationContext.

Parameters:

messageContext - the current message context

assertion - the assertion which is to be validated

Returns:

the new Assertion validation context to use

Throws:

MessageHandlerException - if no validation context instance could be built

resolveAssertions

@Nonnull
protected List<Assertion> resolveAssertions(@Nonnull
 MessageContext messageContext)

Resolve the SAML 2.0 Assertions token from the SOAP envelope.

Parameters:

messageContext - the current message context

Returns:

the list of resolved Assertions, or an empty list