Apache CXF API

org.apache.cxf.sts.token.delegation
Class SAMLDelegationHandler

java.lang.Object
  extended by org.apache.cxf.sts.token.delegation.SAMLDelegationHandler
All Implemented Interfaces:
TokenDelegationHandler
Direct Known Subclasses:
HOKDelegationHandler

public class SAMLDelegationHandler
extends Object
implements TokenDelegationHandler

The SAML TokenDelegationHandler implementation. It disallows ActAs or OnBehalfOf for all cases apart from the case of a Bearer SAML Token. In addition, the AppliesTo address (if supplied) must match an AudienceRestriction address (if in token), if the "checkAudienceRestriction" property is set to "true".


Constructor Summary
SAMLDelegationHandler()
           
 
Method Summary
 boolean canHandleToken(ReceivedToken delegateTarget)
          Return true if this TokenDelegationHandler implementation is capable of handling the ReceivedToken argument.
protected  List<String> getAudienceRestrictions(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)
           
 boolean isCheckAudienceRestriction()
           
protected  boolean isDelegationAllowed(ReceivedToken receivedToken, String appliesToAddress)
          Is Delegation allowed for a particular token
 TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters)
          See if delegation is allowed for a Token using the given TokenDelegationParameters.
 void setCheckAudienceRestriction(boolean checkAudienceRestriction)
          Set whether to perform a check that the received AppliesTo address is contained in the token as one of the AudienceRestriction URIs.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SAMLDelegationHandler

public SAMLDelegationHandler()
Method Detail

canHandleToken

public boolean canHandleToken(ReceivedToken delegateTarget)
Description copied from interface: TokenDelegationHandler
Return true if this TokenDelegationHandler implementation is capable of handling the ReceivedToken argument.

Specified by:
canHandleToken in interface TokenDelegationHandler

isDelegationAllowed

public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters)
Description copied from interface: TokenDelegationHandler
See if delegation is allowed for a Token using the given TokenDelegationParameters.

Specified by:
isDelegationAllowed in interface TokenDelegationHandler

isDelegationAllowed

protected boolean isDelegationAllowed(ReceivedToken receivedToken,
                                      String appliesToAddress)
Is Delegation allowed for a particular token


getAudienceRestrictions

protected List<String> getAudienceRestrictions(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)

isCheckAudienceRestriction

public boolean isCheckAudienceRestriction()

setCheckAudienceRestriction

public void setCheckAudienceRestriction(boolean checkAudienceRestriction)
Set whether to perform a check that the received AppliesTo address is contained in the token as one of the AudienceRestriction URIs. The default is false.

Parameters:
checkAudienceRestriction - whether to perform an audience restriction check or not

Apache CXF API

Apache CXF