public class SAMLProtocolMessageXMLSignatureSecurityPolicyRule extends BaseSAMLXMLSignatureSecurityPolicyRule
SAMLObject
which represents the
SAML protocol message being processed.
If the message is not an instance of SignableSAMLObject
, then no processing is performed. If signature
validation is successful, and the SAML message context issuer was not previously authenticated, then the context's
issuer authentication state will be set to true
.
If an optional Validator
for Signature
objects is supplied, this validator will be used to validate
the XML Signature element prior to the actual cryptographic validation of the signature. This might for example be
used to enforce certain signature profile requirements or to detect signatures upon which it would be unsafe to
attempt cryptographic processing. When using the single argument constructuor form, the validator will default to
SAMLSignatureProfileValidator
.
Constructor and Description |
---|
SAMLProtocolMessageXMLSignatureSecurityPolicyRule(org.opensaml.xml.security.trust.TrustEngine<org.opensaml.xml.signature.Signature> engine)
Constructor.
|
SAMLProtocolMessageXMLSignatureSecurityPolicyRule(org.opensaml.xml.security.trust.TrustEngine<org.opensaml.xml.signature.Signature> engine,
org.opensaml.xml.validation.Validator<org.opensaml.xml.signature.Signature> signatureValidator)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected void |
doEvaluate(org.opensaml.xml.signature.Signature signature,
SignableSAMLObject signableObject,
SAMLMessageContext samlMsgCtx)
Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust
engine.
|
void |
evaluate(org.opensaml.ws.message.MessageContext messageContext) |
protected org.opensaml.xml.validation.Validator<org.opensaml.xml.signature.Signature> |
getSignaturePrevalidator()
Get the validator used to perform pre-validation on Signature tokens.
|
protected void |
performPreValidation(org.opensaml.xml.signature.Signature signature)
Perform pre-validation on the Signature token.
|
buildCriteriaSet
public SAMLProtocolMessageXMLSignatureSecurityPolicyRule(org.opensaml.xml.security.trust.TrustEngine<org.opensaml.xml.signature.Signature> engine)
SAMLSignatureProfileValidator
.engine
- Trust engine used to verify the signaturepublic SAMLProtocolMessageXMLSignatureSecurityPolicyRule(org.opensaml.xml.security.trust.TrustEngine<org.opensaml.xml.signature.Signature> engine, org.opensaml.xml.validation.Validator<org.opensaml.xml.signature.Signature> signatureValidator)
engine
- Trust engine used to verify the signaturesignatureValidator
- optional pre-validator used to validate Signature elements prior to the actual
cryptographic validation operationpublic void evaluate(org.opensaml.ws.message.MessageContext messageContext) throws org.opensaml.ws.security.SecurityPolicyException
org.opensaml.ws.security.SecurityPolicyException
protected void doEvaluate(org.opensaml.xml.signature.Signature signature, SignableSAMLObject signableObject, SAMLMessageContext samlMsgCtx) throws org.opensaml.ws.security.SecurityPolicyException
signature
- the signature which is being evaluatedsignableObject
- the signable object which contained the signaturesamlMsgCtx
- the SAML message context being processedorg.opensaml.ws.security.SecurityPolicyException
- thrown if the signature fails validationprotected org.opensaml.xml.validation.Validator<org.opensaml.xml.signature.Signature> getSignaturePrevalidator()
protected void performPreValidation(org.opensaml.xml.signature.Signature signature) throws org.opensaml.ws.security.SecurityPolicyException
signature
- the signature to evaluateorg.opensaml.ws.security.SecurityPolicyException
- thrown if the signature element fails pre-validationCopyright © 1999-2013. All Rights Reserved.