AbstractSamlPolicyValidator (Apache CXF Bundle Jar 2.6.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Apache CXF API

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.cxf.ws.security.wss4j.policyvalidators
Class AbstractSamlPolicyValidator

java.lang.Object
  org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractTokenPolicyValidator
      org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSamlPolicyValidator

Direct Known Subclasses:: IssuedTokenPolicyValidator, SamlTokenPolicyValidator

public abstract class AbstractSamlPolicyValidator
extends AbstractTokenPolicyValidator
extends AbstractTokenPolicyValidator

Some abstract functionality for validating SAML Assertions

Constructor Summary
`AbstractSamlPolicyValidator()`

Method Summary
`boolean`	`checkHolderOfKey(org.apache.ws.security.saml.ext.AssertionWrapper assertionWrapper, List<org.apache.ws.security.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)` Check the holder-of-key requirements against the received assertion.
`protected boolean`	`compareCredentials(org.apache.ws.security.saml.SAMLKeyInfo subjectKeyInfo, List<org.apache.ws.security.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)` Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures.
`protected boolean`	`isTokenRequired(Token token, Message message)` Check to see if a token is required or not.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

AbstractSamlPolicyValidator

public AbstractSamlPolicyValidator()

Method Detail

isTokenRequired

protected boolean isTokenRequired(Token token,
                                  Message message)

Check to see if a token is required or not.

Overrides:: isTokenRequired in class AbstractTokenPolicyValidator

Parameters:: token - the token; message - The message
Returns:: true if the token is required

checkHolderOfKey

public boolean checkHolderOfKey(org.apache.ws.security.saml.ext.AssertionWrapper assertionWrapper,
                                List<org.apache.ws.security.WSSecurityEngineResult> signedResults,
                                Certificate[] tlsCerts)

Check the holder-of-key requirements against the received assertion. The subject credential of the SAML Assertion must have been used to sign some portion of the message, thus showing proof-of-possession of the private/secret key. Alternatively, the subject credential of the SAML Assertion must match a client certificate credential when 2-way TLS is used.

Parameters:: assertionWrapper - the SAML Assertion wrapper object; signedResults - a list of all of the signed results

compareCredentials

protected boolean compareCredentials(org.apache.ws.security.saml.SAMLKeyInfo subjectKeyInfo,
                                     List<org.apache.ws.security.WSSecurityEngineResult> signedResults,
                                     Certificate[] tlsCerts)

Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures. Return true on a match

Parameters:: subjectKeyInfo - the SAMLKeyInfo object; signedResults - a list of all of the signed results
Returns:: true if the credentials of the assertion were used to verify a signature