org.opensaml.security.messaging.impl

Class BaseTrustEngineSecurityHandler<TokenType>

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.messaging.handler.AbstractMessageHandler

org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler<TokenType>

Type Parameters:

TokenType - type of token which is being evaluated by the underlying trust engine

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, MessageHandler

Direct Known Subclasses:

BaseClientCertAuthSecurityHandler, BaseSAMLXMLSignatureSecurityHandler

public abstract class BaseTrustEngineSecurityHandler<TokenType>
extends AbstractMessageHandler

Base rule which uses a trust engine to evaluate a token extracted from the request or message.

Field Summary

Fields

Modifier and Type	Field and Description
private org.slf4j.Logger	log Logger.
private TrustEngine<? super TokenType>	trustEngine Trust engine used to verify the particular token type.

Constructor Summary

Constructors

Constructor and Description
BaseTrustEngineSecurityHandler()

Method Summary

Modifier and Type	Method and Description
protected abstract net.shibboleth.utilities.java.support.resolver.CriteriaSet	buildCriteriaSet(java.lang.String entityID, MessageContext messageContext) Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.
protected boolean	doPreInvoke(MessageContext messageContext) Called prior to execution, handlers may override this method to perform pre-processing for a request.
protected boolean	evaluate(TokenType token, net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet) Evaluate the token against the specified criteria using the configured trust engine.
protected boolean	evaluate(TokenType token, java.lang.String entityID, MessageContext messageContext) Evaluate the token using the configured trust engine against criteria built using the specified candidate issuer entity ID and message context information.
protected TrustEngine<? super TokenType>	getTrustEngine() Gets the trust engine used to validate the untrusted token.
protected abstract TrustEngine<? super TokenType>	resolveTrustEngine(MessageContext messageContext) Resolve a TrustEngine instance of the appropriate type from the message context.

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

doInvoke, doPostInvoke, doPostInvoke, getLogPrefix, invoke

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Logger.

trustEngine

@Nullable
private TrustEngine<? super TokenType> trustEngine

Trust engine used to verify the particular token type.

Constructor Detail

BaseTrustEngineSecurityHandler

public BaseTrustEngineSecurityHandler()

Method Detail

getTrustEngine

@Nullable
protected TrustEngine<? super TokenType> getTrustEngine()

Gets the trust engine used to validate the untrusted token.

Returns:

trust engine used to validate the untrusted token

doPreInvoke

protected boolean doPreInvoke(@Nonnull
                              MessageContext messageContext)
                       throws MessageHandlerException

Called prior to execution, handlers may override this method to perform pre-processing for a request.

If false is returned, execution will not proceed.

If returning successfully, the last step should be to return the result of the superclass version of this method.

Overrides:

doPreInvoke in class AbstractMessageHandler

Parameters:

messageContext - the message context on which to invoke the handler

Returns:

true iff execution should proceed

Throws:

MessageHandlerException - if there is a problem executing the handler pre-routine

resolveTrustEngine

@Nullable
protected abstract TrustEngine<? super TokenType> resolveTrustEngine(@Nonnull
                                                                               MessageContext messageContext)

Resolve a TrustEngine instance of the appropriate type from the message context.

Parameters:

messageContext - the message context which is being evaluated

Returns:

the resolved TrustEngine, may be null

buildCriteriaSet

@Nullable
protected abstract net.shibboleth.utilities.java.support.resolver.CriteriaSet buildCriteriaSet(@Nullable
                                                                                                         java.lang.String entityID,
                                                                                                         @Nonnull
                                                                                                         MessageContext messageContext)
                                                                                                  throws MessageHandlerException

Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.

Parameters:

entityID - the candidate issuer entity ID which is being evaluated

messageContext - the message context which is being evaluated

Returns:

a newly constructly set of criteria suitable for the configured trust engine

Throws:

MessageHandlerException - thrown if criteria set can not be constructed

evaluate

protected boolean evaluate(@Nonnull
                           TokenType token,
                           @Nullable
                           java.lang.String entityID,
                           @Nonnull
                           MessageContext messageContext)
                    throws MessageHandlerException

Evaluate the token using the configured trust engine against criteria built using the specified candidate issuer entity ID and message context information.

Parameters:

token - the token to be evaluated

entityID - the candidate issuer entity ID which is being evaluated

messageContext - the message context which is being evaluated

Returns:

true if the token satisfies the criteria as determined by the trust engine, otherwise false

Throws:

MessageHandlerException - thrown if there is a fatal error during trust engine evaluation

evaluate

protected boolean evaluate(@Nonnull
                           TokenType token,
                           @Nullable
                           net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet)
                    throws MessageHandlerException

Evaluate the token against the specified criteria using the configured trust engine.

Parameters:

token - the token to be evaluated

criteriaSet - the set of criteria against which to evaluate the token

Returns:

true if the token satisfies the criteria as determined by the trust engine, otherwise false

Throws:

MessageHandlerException - thrown if there is a fatal error during trust engine evaluation