Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Apache CXF API
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.cxf.ws.security.wss4j.policyvalidators
Class AbstractSamlPolicyValidator

java.lang.Object
  extended by org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractTokenPolicyValidator
      extended by org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractSamlPolicyValidator
Direct Known Subclasses:
IssuedTokenPolicyValidator, SamlTokenPolicyValidator
public abstract class AbstractSamlPolicyValidator
extends AbstractTokenPolicyValidator

Some abstract functionality for validating SAML Assertions

Constructor Summary
AbstractSamlPolicyValidator()
           
 
Method Summary
 boolean checkHolderOfKey(org.apache.wss4j.common.saml.SamlAssertionWrapper assertionWrapper, List<org.apache.wss4j.dom.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)
          Check the holder-of-key requirements against the received assertion.
protected  boolean compareCredentials(org.apache.wss4j.common.saml.SAMLKeyInfo subjectKeyInfo, List<org.apache.wss4j.dom.WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)
          Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures.
protected  boolean isTokenRequired(org.apache.wss4j.policy.model.AbstractToken token, Message message)
          Check to see if a token is required or not.
 
Methods inherited from class org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractTokenPolicyValidator
assertPolicy, assertPolicy, getAllAssertionsByLocalname
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AbstractSamlPolicyValidator

public AbstractSamlPolicyValidator()
Method Detail

isTokenRequired

protected boolean isTokenRequired(org.apache.wss4j.policy.model.AbstractToken token,
                                  Message message)
Check to see if a token is required or not.

Overrides:
isTokenRequired in class AbstractTokenPolicyValidator
Parameters:
token - the token
message - The message
Returns:
true if the token is required

checkHolderOfKey

public boolean checkHolderOfKey(org.apache.wss4j.common.saml.SamlAssertionWrapper assertionWrapper,
                                List<org.apache.wss4j.dom.WSSecurityEngineResult> signedResults,
                                Certificate[] tlsCerts)
Check the holder-of-key requirements against the received assertion. The subject credential of the SAML Assertion must have been used to sign some portion of the message, thus showing proof-of-possession of the private/secret key. Alternatively, the subject credential of the SAML Assertion must match a client certificate credential when 2-way TLS is used.

Parameters:
assertionWrapper - the SAML Assertion wrapper object
signedResults - a list of all of the signed results

compareCredentials

protected boolean compareCredentials(org.apache.wss4j.common.saml.SAMLKeyInfo subjectKeyInfo,
                                     List<org.apache.wss4j.dom.WSSecurityEngineResult> signedResults,
                                     Certificate[] tlsCerts)
Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures. Return true on a match

Parameters:
subjectKeyInfo - the SAMLKeyInfo object
signedResults - a list of all of the signed results
Returns:
true if the credentials of the assertion were used to verify a signature
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Apache CXF API
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Apache CXF