public class SAMLProtocolMessageXMLSignatureSecurityHandler extends BaseSAMLXMLSignatureSecurityHandler
SAMLObject
which represents
the SAML protocol message being processed.
If the message is not an instance of SignableSAMLObject
, then no processing is performed. If signature
validation is successful, and the SAML message context issuer was not previously authenticated, then the context's
authentication state will be set to true
.
If an optional SAMLSignatureProfileValidator
or subclass is supplied, this validator will be used to validate
the XML Signature element prior to the actual cryptographic validation of the signature. This might for example be
used to enforce certain signature profile requirements or to detect signatures upon which it would be unsafe to
attempt cryptographic processing. The validator will default to SAMLSignatureProfileValidator
.
Constructor and Description |
---|
SAMLProtocolMessageXMLSignatureSecurityHandler()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected void |
doEvaluate(Signature signature,
SignableSAMLObject signableObject,
org.opensaml.messaging.context.MessageContext messageContext)
Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature
trust engine.
|
void |
doInvoke(org.opensaml.messaging.context.MessageContext messageContext) |
SignaturePrevalidator |
getSignaturePrevalidator()
Get the prevalidator for XML Signature instances.
|
protected void |
performPrevalidation(Signature signature)
Perform pre-validation on the Signature token.
|
void |
setSignaturePrevalidator(SignaturePrevalidator validator)
Set the prevalidator for XML Signature instances.
|
buildCriteriaSet, doPreInvoke, getSAMLPeerEntityContext, getSAMLProtocolContext, resolveTrustEngine
evaluate, evaluate, getTrustEngine
doPostInvoke, doPostInvoke, getLogPrefix, invoke
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
initialize, isInitialized
public SAMLProtocolMessageXMLSignatureSecurityHandler()
SAMLSignatureProfileValidator
.@Nullable public SignaturePrevalidator getSignaturePrevalidator()
public void setSignaturePrevalidator(@Nullable SignaturePrevalidator validator)
validator
- The prevalidator to set.public void doInvoke(@Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
doInvoke
in class org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.messaging.handler.MessageHandlerException
protected void doEvaluate(@Nonnull Signature signature, @Nonnull SignableSAMLObject signableObject, @Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
signature
- the signature which is being evaluatedsignableObject
- the signable object which contained the signaturemessageContext
- the SAML message context being processedorg.opensaml.messaging.handler.MessageHandlerException
- thrown if the signature fails validationprotected void performPrevalidation(@Nonnull Signature signature) throws org.opensaml.messaging.handler.MessageHandlerException
signature
- the signature to evaluateorg.opensaml.messaging.handler.MessageHandlerException
- thrown if the signature element fails pre-validationCopyright © 2016 JBoss by Red Hat. All rights reserved.