|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.ws.security.validate.SignatureTrustValidator
org.apache.ws.security.validate.SamlAssertionValidator
public class SamlAssertionValidator
This class validates a SAML Assertion, which is wrapped in an "AssertionWrapper" instance. It assumes that the AssertionWrapper instance has already verified the signature on the assertion (done by the SAMLTokenProcessor). It verifies trust in the signature, and also checks that the Subject contains a KeyInfo (and processes it) for the holder-of-key case, and verifies that the Assertion is signed as well for holder-of-key.
Constructor Summary | |
---|---|
SamlAssertionValidator()
|
Method Summary | |
---|---|
void |
checkAudienceRestrictions(AssertionWrapper assertion,
List<String> audienceRestrictions)
Check the AudienceRestrictions of the Assertion |
protected void |
checkAuthnStatements(AssertionWrapper assertion)
Check the AuthnStatements of the Assertion (if any) |
protected void |
checkConditions(AssertionWrapper assertion)
Check the Conditions of the Assertion. |
protected void |
checkOneTimeUse(AssertionWrapper samlAssertion,
RequestData data)
Check the "OneTimeUse" Condition of the Assertion. |
String |
getRequiredSubjectConfirmationMethod()
|
int |
getTtl()
|
boolean |
isRequireBearerSignature()
|
boolean |
isRequireStandardSubjectConfirmationMethod()
|
boolean |
isValidateSignatureAgainstProfile()
Whether to validate the signature of the Assertion (if it exists) against the relevant profile. |
void |
setFutureTTL(int newFutureTTL)
Set the time in seconds in the future within which the NotBefore time of an incoming Assertion is valid. |
void |
setRequireBearerSignature(boolean requireBearerSignature)
|
void |
setRequiredSubjectConfirmationMethod(String requiredSubjectConfirmationMethod)
|
void |
setRequireStandardSubjectConfirmationMethod(boolean requireStandardSubjectConfirmationMethod)
|
void |
setTtl(int ttl)
|
void |
setValidateSignatureAgainstProfile(boolean validateSignatureAgainstProfile)
Whether to validate the signature of the Assertion (if it exists) against the relevant profile. |
Credential |
validate(Credential credential,
RequestData data)
Validate the credential argument. |
protected void |
validateAssertion(AssertionWrapper assertion)
Validate the assertion against schemas/profiles |
protected Credential |
verifySignedAssertion(AssertionWrapper assertion,
RequestData data)
Verify trust in the signature of a signed Assertion. |
protected void |
verifySubjectConfirmationMethod(AssertionWrapper samlAssertion)
Check the Subject Confirmation method requirements |
Methods inherited from class org.apache.ws.security.validate.SignatureTrustValidator |
---|
getCrypto, isCertificateInKeyStore, matches, validateCertificates, validatePublicKey, verifyTrustInCert, verifyTrustInCert, verifyTrustInCert, verifyTrustInCerts, verifyTrustInCerts, verifyTrustInCerts |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SamlAssertionValidator()
Method Detail |
---|
public void setFutureTTL(int newFutureTTL)
public Credential validate(Credential credential, RequestData data) throws WSSecurityException
validate
in interface Validator
validate
in class SignatureTrustValidator
credential
- the Credential to be validateddata
- the RequestData associated with the request
WSSecurityException
- on a failed validationprotected void verifySubjectConfirmationMethod(AssertionWrapper samlAssertion) throws WSSecurityException
WSSecurityException
protected Credential verifySignedAssertion(AssertionWrapper assertion, RequestData data) throws WSSecurityException
assertion
- The signed Assertiondata
- The RequestData context
WSSecurityException
protected void checkConditions(AssertionWrapper assertion) throws WSSecurityException
WSSecurityException
public void checkAudienceRestrictions(AssertionWrapper assertion, List<String> audienceRestrictions) throws WSSecurityException
WSSecurityException
protected void checkAuthnStatements(AssertionWrapper assertion) throws WSSecurityException
WSSecurityException
protected void checkOneTimeUse(AssertionWrapper samlAssertion, RequestData data) throws WSSecurityException
WSSecurityException
protected void validateAssertion(AssertionWrapper assertion) throws WSSecurityException
WSSecurityException
public boolean isValidateSignatureAgainstProfile()
public void setValidateSignatureAgainstProfile(boolean validateSignatureAgainstProfile)
public String getRequiredSubjectConfirmationMethod()
public void setRequiredSubjectConfirmationMethod(String requiredSubjectConfirmationMethod)
public boolean isRequireStandardSubjectConfirmationMethod()
public void setRequireStandardSubjectConfirmationMethod(boolean requireStandardSubjectConfirmationMethod)
public boolean isRequireBearerSignature()
public void setRequireBearerSignature(boolean requireBearerSignature)
public int getTtl()
public void setTtl(int ttl)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |