Class AbstractSamlPolicyValidator
- java.lang.Object
-
- org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSecurityPolicyValidator
-
- org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSamlPolicyValidator
-
- All Implemented Interfaces:
SecurityPolicyValidator
- Direct Known Subclasses:
IssuedTokenPolicyValidator,SamlTokenPolicyValidator
public abstract class AbstractSamlPolicyValidator extends AbstractSecurityPolicyValidator
Some abstract functionality for validating SAML Assertions
-
-
Constructor Summary
Constructors Constructor Description AbstractSamlPolicyValidator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleancheckHolderOfKey(org.apache.wss4j.common.saml.SamlAssertionWrapper assertionWrapper, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)Check the holder-of-key requirements against the received assertion.protected booleancompareCredentials(org.apache.wss4j.common.saml.SAMLKeyInfo subjectKeyInfo, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures.-
Methods inherited from class org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSecurityPolicyValidator
isTokenRequired
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator
canValidatePolicy, validatePolicies
-
-
-
-
Method Detail
-
checkHolderOfKey
public boolean checkHolderOfKey(org.apache.wss4j.common.saml.SamlAssertionWrapper assertionWrapper, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)Check the holder-of-key requirements against the received assertion. The subject credential of the SAML Assertion must have been used to sign some portion of the message, thus showing proof-of-possession of the private/secret key. Alternatively, the subject credential of the SAML Assertion must match a client certificate credential when 2-way TLS is used.- Parameters:
assertionWrapper- the SAML Assertion wrapper objectsignedResults- a list of all of the signed results
-
compareCredentials
protected boolean compareCredentials(org.apache.wss4j.common.saml.SAMLKeyInfo subjectKeyInfo, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures. Return true on a match- Parameters:
subjectKeyInfo- the SAMLKeyInfo objectsignedResults- a list of all of the signed results- Returns:
- true if the credentials of the assertion were used to verify a signature
-
-