org.apache.cxf.ws.security.trust
Class STSSamlAssertionValidator
java.lang.Object
org.apache.wss4j.dom.validate.SignatureTrustValidator
org.apache.wss4j.dom.validate.SamlAssertionValidator
org.apache.cxf.ws.security.trust.STSSamlAssertionValidator
- All Implemented Interfaces:
- org.apache.wss4j.dom.validate.Validator
public class STSSamlAssertionValidator
- extends org.apache.wss4j.dom.validate.SamlAssertionValidator
This class validates a SAML Assertion by invoking the SamlAssertionValidator in WSS4J. It
overrides the signature verification, so that if the signature is not trusted, it just sets
a boolean. The STSTokenValidator can parse this tag and dispatch the Assertion to the STS
for validation.
Method Summary |
boolean |
isTrustVerificationSucceeded()
Return if trust verification on the signature of the assertion succeeded. |
org.apache.wss4j.dom.validate.Credential |
validate(org.apache.wss4j.dom.validate.Credential credential,
org.apache.wss4j.dom.handler.RequestData data)
Validate the credential argument. |
protected org.apache.wss4j.dom.validate.Credential |
verifySignedAssertion(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion,
org.apache.wss4j.dom.handler.RequestData data)
Try to verify trust on the assertion. |
Methods inherited from class org.apache.wss4j.dom.validate.SamlAssertionValidator |
checkConditions, checkOneTimeUse, isValidateSignatureAgainstProfile, setFutureTTL, setValidateSignatureAgainstProfile, validateAssertion |
Methods inherited from class org.apache.wss4j.dom.validate.SignatureTrustValidator |
getCrypto, validateCertificates, validatePublicKey, verifyTrustInCerts |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
STSSamlAssertionValidator
public STSSamlAssertionValidator()
validate
public org.apache.wss4j.dom.validate.Credential validate(org.apache.wss4j.dom.validate.Credential credential,
org.apache.wss4j.dom.handler.RequestData data)
throws org.apache.wss4j.common.ext.WSSecurityException
- Validate the credential argument. It must contain a non-null AssertionWrapper.
A Crypto and a CallbackHandler implementation is also required to be set.
- Specified by:
validate
in interface org.apache.wss4j.dom.validate.Validator
- Overrides:
validate
in class org.apache.wss4j.dom.validate.SamlAssertionValidator
- Parameters:
credential
- the Credential to be validateddata
- the RequestData associated with the request
- Throws:
org.apache.wss4j.common.ext.WSSecurityException
- on a failed validation
verifySignedAssertion
protected org.apache.wss4j.dom.validate.Credential verifySignedAssertion(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion,
org.apache.wss4j.dom.handler.RequestData data)
throws org.apache.wss4j.common.ext.WSSecurityException
- Try to verify trust on the assertion. If it fails, then set a boolean and return.
- Overrides:
verifySignedAssertion
in class org.apache.wss4j.dom.validate.SamlAssertionValidator
- Parameters:
assertion
- The signed Assertiondata
- The RequestData context
- Returns:
- A Credential instance
- Throws:
org.apache.wss4j.common.ext.WSSecurityException
isTrustVerificationSucceeded
public boolean isTrustVerificationSucceeded()
- Return if trust verification on the signature of the assertion succeeded.
- Returns:
- if trust verification on the signature of the assertion succeeded
Apache CXF