SAML2HTTPPostSimpleSignRule (OpenSAML-J 2.5.1-1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.opensaml.saml2.binding.security
Class SAML2HTTPPostSimpleSignRule

java.lang.Object
  org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule
      org.opensaml.saml2.binding.security.SAML2HTTPPostSimpleSignRule

All Implemented Interfaces:: org.opensaml.ws.security.SecurityPolicyRule

public class SAML2HTTPPostSimpleSignRule
extends BaseSAMLSimpleSignatureSecurityPolicyRule
extends BaseSAMLSimpleSignatureSecurityPolicyRule

Security policy which evaluates simple "blob" signatures according to the SAML 2 HTTP-POST-SimpleSign binding.

Constructor Summary
`SAML2HTTPPostSimpleSignRule(org.opensaml.xml.signature.SignatureTrustEngine engine, org.opensaml.xml.parse.ParserPool parserPool, org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver keyInfoCredResolver)` Constructor.

Method Summary
`protected java.util.List<org.opensaml.xml.security.credential.Credential>`	`getRequestCredentials(javax.servlet.http.HttpServletRequest request, SAMLMessageContext samlContext)` Extract any candidate validation credentials from the request and/or message context.
`protected byte[]`	`getSignedContent(javax.servlet.http.HttpServletRequest request)` Get the content over which to validate the signature, in the form suitable for input into `SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential)`.
`protected boolean`	`ruleHandles(javax.servlet.http.HttpServletRequest request, SAMLMessageContext samlMsgCtx)` Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.

Methods inherited from class org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule
`buildCriteriaSet, deriveSignerEntityID, evaluate, getSignature, getSignatureAlgorithm, getTrustEngine, validateSignature`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

SAML2HTTPPostSimpleSignRule

public SAML2HTTPPostSimpleSignRule(org.opensaml.xml.signature.SignatureTrustEngine engine,
                                   org.opensaml.xml.parse.ParserPool parserPool,
                                   org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver keyInfoCredResolver)

Constructor.

Parameters:: engine - the trust engine to use; parserPool - the parser pool used to parse the KeyInfo request parameter; keyInfoCredResolver - the KeyInfo credential resovler to use to extract credentials from the KeyInfo request parameter

Method Detail

ruleHandles

protected boolean ruleHandles(javax.servlet.http.HttpServletRequest request,
                              SAMLMessageContext samlMsgCtx)

Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.

Specified by:: ruleHandles in class BaseSAMLSimpleSignatureSecurityPolicyRule

Parameters:: request - the HTTP servlet request being processed; samlMsgCtx - the SAML message context being processed
Returns:: true if the rule should attempt to process the request, otherwise false

getSignedContent

protected byte[] getSignedContent(javax.servlet.http.HttpServletRequest request)
                           throws org.opensaml.ws.security.SecurityPolicyException

Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).

Specified by:: getSignedContent in class BaseSAMLSimpleSignatureSecurityPolicyRule

Parameters:: request - the HTTP servlet request being processed
Returns:: the signed content extracted from the request, in the format suitable for input to the trust engine.
Throws:: org.opensaml.ws.security.SecurityPolicyException - thrown if there is an error during request processing

getRequestCredentials

protected java.util.List<org.opensaml.xml.security.credential.Credential> getRequestCredentials(javax.servlet.http.HttpServletRequest request,
                                                                                                SAMLMessageContext samlContext)
                                                                                         throws org.opensaml.ws.security.SecurityPolicyException

Extract any candidate validation credentials from the request and/or message context. Some bindings allow validataion keys for the simple signature to be supplied, and others do not.

Overrides:: getRequestCredentials in class BaseSAMLSimpleSignatureSecurityPolicyRule

Parameters:: request - the HTTP servlet request being processed; samlContext - the SAML message context being processed
Returns:: a list of candidate validation credentials in the request, or null if none were present
Throws:: org.opensaml.ws.security.SecurityPolicyException - thrown if there is an error during request processing