org.opensaml.saml.common.binding.security.impl

Class BaseSAMLXMLSignatureSecurityHandler

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.messaging.handler.AbstractMessageHandler

org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler<Signature>

org.opensaml.saml.common.binding.security.impl.BaseSAMLXMLSignatureSecurityHandler

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, MessageHandler

Direct Known Subclasses:

SAMLProtocolMessageXMLSignatureSecurityHandler

public abstract class BaseSAMLXMLSignatureSecurityHandler
extends BaseTrustEngineSecurityHandler<Signature>

Base class for SAML security message handlers which evaluate a signature with a signature trust engine.

Field Summary

Fields

Modifier and Type	Field and Description
private SAMLPeerEntityContext	peerContext The context representing the SAML peer entity.
private SAMLProtocolContext	samlProtocolContext The SAML protocol context in operation.

Constructor Summary

Constructors

Constructor and Description
BaseSAMLXMLSignatureSecurityHandler()

Method Summary

Modifier and Type	Method and Description
protected net.shibboleth.utilities.java.support.resolver.CriteriaSet	buildCriteriaSet(java.lang.String entityID, MessageContext messageContext) Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.
protected boolean	doPreInvoke(MessageContext messageContext) Called prior to execution, handlers may override this method to perform pre-processing for a request.
protected SAMLPeerEntityContext	getSAMLPeerEntityContext() Get the SAMLPeerEntityContext associated with the message.
protected SAMLProtocolContext	getSAMLProtocolContext() Get the SAMLProtocolContext associated with the message.
protected TrustEngine<Signature>	resolveTrustEngine(MessageContext messageContext) Resolve a TrustEngine instance of the appropriate type from the message context.

Methods inherited from class org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler

evaluate, evaluate, getTrustEngine

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

doInvoke, doPostInvoke, doPostInvoke, getLogPrefix, invoke

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

peerContext

@Nullable
private SAMLPeerEntityContext peerContext

The context representing the SAML peer entity.

samlProtocolContext

@Nullable
private SAMLProtocolContext samlProtocolContext

The SAML protocol context in operation.

Constructor Detail

BaseSAMLXMLSignatureSecurityHandler

public BaseSAMLXMLSignatureSecurityHandler()

Method Detail

getSAMLPeerEntityContext

@Nullable
protected SAMLPeerEntityContext getSAMLPeerEntityContext()

Get the SAMLPeerEntityContext associated with the message.

Returns:

the peer context

getSAMLProtocolContext

@Nullable
protected SAMLProtocolContext getSAMLProtocolContext()

Get the SAMLProtocolContext associated with the message.

Returns:

the protocol context

doPreInvoke

protected boolean doPreInvoke(@Nonnull
                              MessageContext messageContext)
                       throws MessageHandlerException

Called prior to execution, handlers may override this method to perform pre-processing for a request.

If false is returned, execution will not proceed.

If returning successfully, the last step should be to return the result of the superclass version of this method.

Overrides:

doPreInvoke in class BaseTrustEngineSecurityHandler<Signature>

Parameters:

messageContext - the message context on which to invoke the handler

Returns:

true iff execution should proceed

Throws:

MessageHandlerException - if there is a problem executing the handler pre-routine

resolveTrustEngine

@Nullable
protected TrustEngine<Signature> resolveTrustEngine(@Nonnull
                                                              MessageContext messageContext)

Resolve a TrustEngine instance of the appropriate type from the message context.

Specified by:

resolveTrustEngine in class BaseTrustEngineSecurityHandler<Signature>

Parameters:

messageContext - the message context which is being evaluated

Returns:

the resolved TrustEngine, may be null

buildCriteriaSet

@Nonnull
protected net.shibboleth.utilities.java.support.resolver.CriteriaSet buildCriteriaSet(@Nullable
                                                                                               java.lang.String entityID,
                                                                                               @Nonnull
                                                                                               MessageContext messageContext)
                                                                                        throws MessageHandlerException

Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.

Specified by:

buildCriteriaSet in class BaseTrustEngineSecurityHandler<Signature>

Parameters:

entityID - the candidate issuer entity ID which is being evaluated

messageContext - the message context which is being evaluated

Returns:

a newly constructly set of criteria suitable for the configured trust engine

Throws:

MessageHandlerException - thrown if criteria set can not be constructed