Apache CXF API

org.apache.cxf.ws.security.trust
Class STSSamlAssertionValidator

java.lang.Object
  extended by org.apache.ws.security.validate.SignatureTrustValidator
      extended by org.apache.ws.security.validate.SamlAssertionValidator
          extended by org.apache.cxf.ws.security.trust.STSSamlAssertionValidator
All Implemented Interfaces:
org.apache.ws.security.validate.Validator

public class STSSamlAssertionValidator
extends org.apache.ws.security.validate.SamlAssertionValidator

This class validates a SAML Assertion by invoking the SamlAssertionValidator in WSS4J. It overrides the signature verification, so that if the signature is not trusted, it just sets a boolean. The STSTokenValidator can parse this tag and dispatch the Assertion to the STS for validation.


Constructor Summary
STSSamlAssertionValidator()
           
 
Method Summary
 boolean isTrustVerificationSucceeded()
          Return if trust verification on the signature of the assertion succeeded.
 org.apache.ws.security.validate.Credential validate(org.apache.ws.security.validate.Credential credential, org.apache.ws.security.handler.RequestData data)
          Validate the credential argument.
protected  org.apache.ws.security.validate.Credential verifySignedAssertion(org.apache.ws.security.saml.ext.AssertionWrapper assertion, org.apache.ws.security.handler.RequestData data)
          Try to verify trust on the assertion.
 
Methods inherited from class org.apache.ws.security.validate.SignatureTrustValidator
getCrypto, isCertificateInKeyStore, validateCertificates, validatePublicKey, verifyTrustInCert, verifyTrustInCert, verifyTrustInCerts, verifyTrustInCerts
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

STSSamlAssertionValidator

public STSSamlAssertionValidator()
Method Detail

validate

public org.apache.ws.security.validate.Credential validate(org.apache.ws.security.validate.Credential credential,
                                                           org.apache.ws.security.handler.RequestData data)
                                                    throws org.apache.ws.security.WSSecurityException
Validate the credential argument. It must contain a non-null AssertionWrapper. A Crypto and a CallbackHandler implementation is also required to be set.

Specified by:
validate in interface org.apache.ws.security.validate.Validator
Overrides:
validate in class org.apache.ws.security.validate.SamlAssertionValidator
Parameters:
credential - the Credential to be validated
data - the RequestData associated with the request
Throws:
org.apache.ws.security.WSSecurityException - on a failed validation

verifySignedAssertion

protected org.apache.ws.security.validate.Credential verifySignedAssertion(org.apache.ws.security.saml.ext.AssertionWrapper assertion,
                                                                           org.apache.ws.security.handler.RequestData data)
                                                                    throws org.apache.ws.security.WSSecurityException
Try to verify trust on the assertion. If it fails, then set a boolean and return.

Overrides:
verifySignedAssertion in class org.apache.ws.security.validate.SamlAssertionValidator
Parameters:
assertion - The signed Assertion
data - The RequestData context
Returns:
A Credential instance
Throws:
org.apache.ws.security.WSSecurityException

isTrustVerificationSucceeded

public boolean isTrustVerificationSucceeded()
Return if trust verification on the signature of the assertion succeeded.

Returns:
if trust verification on the signature of the assertion succeeded

Apache CXF API

Apache CXF