Package org.apache.wss4j.stax.validate
Class SamlTokenValidatorImpl
- java.lang.Object
-
- org.apache.wss4j.stax.validate.SignatureTokenValidatorImpl
-
- org.apache.wss4j.stax.validate.SamlTokenValidatorImpl
-
- All Implemented Interfaces:
SamlTokenValidator
,SignatureTokenValidator
,Validator
public class SamlTokenValidatorImpl extends SignatureTokenValidatorImpl implements SamlTokenValidator
-
-
Constructor Summary
Constructors Constructor Description SamlTokenValidatorImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
checkAuthnStatements(SamlAssertionWrapper samlAssertion)
Check the AuthnStatements of the Assertion (if any)protected void
checkConditions(SamlAssertionWrapper samlAssertion)
Check the Conditions of the Assertion.protected void
checkConditions(SamlAssertionWrapper samlAssertion, List<String> audienceRestrictions)
Check the Conditions of the Assertion.protected void
checkOneTimeUse(SamlAssertionWrapper samlAssertion, ReplayCache replayCache)
Check the "OneTimeUse" Condition of the Assertion.String
getRequiredSubjectConfirmationMethod()
int
getTtl()
boolean
isRequireBearerSignature()
boolean
isRequireStandardSubjectConfirmationMethod()
boolean
isValidateSignatureAgainstProfile()
Whether to validate the signature of the Assertion (if it exists) against the relevant profile.void
setFutureTTL(int newFutureTTL)
Set the time in seconds in the future within which the NotBefore time of an incoming Assertion is valid.void
setRequireBearerSignature(boolean requireBearerSignature)
void
setRequiredSubjectConfirmationMethod(String requiredSubjectConfirmationMethod)
void
setRequireStandardSubjectConfirmationMethod(boolean requireStandardSubjectConfirmationMethod)
void
setTtl(int ttl)
void
setValidateSignatureAgainstProfile(boolean validateSignatureAgainstProfile)
Whether to validate the signature of the Assertion (if it exists) against the relevant profile.<T extends SamlSecurityToken & org.apache.xml.security.stax.securityToken.InboundSecurityToken>
Tvalidate(SamlAssertionWrapper samlAssertionWrapper, org.apache.xml.security.stax.securityToken.InboundSecurityToken subjectSecurityToken, TokenContext tokenContext)
protected void
validateAssertion(SamlAssertionWrapper samlAssertion)
Validate the samlAssertion against schemas/profilesprotected void
verifySubjectConfirmationMethod(SamlAssertionWrapper samlAssertion)
Check the Subject Confirmation method requirements-
Methods inherited from class org.apache.wss4j.stax.validate.SignatureTokenValidatorImpl
validate
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.wss4j.stax.validate.SignatureTokenValidator
validate
-
-
-
-
Method Detail
-
setFutureTTL
public void setFutureTTL(int newFutureTTL)
Set the time in seconds in the future within which the NotBefore time of an incoming Assertion is valid. The default is 60 seconds.
-
isValidateSignatureAgainstProfile
public boolean isValidateSignatureAgainstProfile()
Whether to validate the signature of the Assertion (if it exists) against the relevant profile. Default is true.
-
setValidateSignatureAgainstProfile
public void setValidateSignatureAgainstProfile(boolean validateSignatureAgainstProfile)
Whether to validate the signature of the Assertion (if it exists) against the relevant profile. Default is true.
-
getRequiredSubjectConfirmationMethod
public String getRequiredSubjectConfirmationMethod()
-
setRequiredSubjectConfirmationMethod
public void setRequiredSubjectConfirmationMethod(String requiredSubjectConfirmationMethod)
-
validate
public <T extends SamlSecurityToken & org.apache.xml.security.stax.securityToken.InboundSecurityToken> T validate(SamlAssertionWrapper samlAssertionWrapper, org.apache.xml.security.stax.securityToken.InboundSecurityToken subjectSecurityToken, TokenContext tokenContext) throws WSSecurityException
- Specified by:
validate
in interfaceSamlTokenValidator
- Throws:
WSSecurityException
-
verifySubjectConfirmationMethod
protected void verifySubjectConfirmationMethod(SamlAssertionWrapper samlAssertion) throws WSSecurityException
Check the Subject Confirmation method requirements- Throws:
WSSecurityException
-
checkConditions
protected void checkConditions(SamlAssertionWrapper samlAssertion, List<String> audienceRestrictions) throws WSSecurityException
Check the Conditions of the Assertion.- Throws:
WSSecurityException
-
checkConditions
protected void checkConditions(SamlAssertionWrapper samlAssertion) throws WSSecurityException
Check the Conditions of the Assertion.- Throws:
WSSecurityException
-
checkAuthnStatements
protected void checkAuthnStatements(SamlAssertionWrapper samlAssertion) throws WSSecurityException
Check the AuthnStatements of the Assertion (if any)- Throws:
WSSecurityException
-
checkOneTimeUse
protected void checkOneTimeUse(SamlAssertionWrapper samlAssertion, ReplayCache replayCache) throws WSSecurityException
Check the "OneTimeUse" Condition of the Assertion. If this is set then the Assertion is cached (if a cache is defined), and must not have been previously cached- Throws:
WSSecurityException
-
validateAssertion
protected void validateAssertion(SamlAssertionWrapper samlAssertion) throws WSSecurityException
Validate the samlAssertion against schemas/profiles- Throws:
WSSecurityException
-
isRequireStandardSubjectConfirmationMethod
public boolean isRequireStandardSubjectConfirmationMethod()
-
setRequireStandardSubjectConfirmationMethod
public void setRequireStandardSubjectConfirmationMethod(boolean requireStandardSubjectConfirmationMethod)
-
isRequireBearerSignature
public boolean isRequireBearerSignature()
-
setRequireBearerSignature
public void setRequireBearerSignature(boolean requireBearerSignature)
-
getTtl
public int getTtl()
-
setTtl
public void setTtl(int ttl)
-
-