org.apache.cxf.ws.security.trust

Class STSSamlAssertionValidator

java.lang.Object

org.apache.wss4j.dom.validate.SignatureTrustValidator

org.apache.wss4j.dom.validate.SamlAssertionValidator

org.apache.cxf.ws.security.trust.STSSamlAssertionValidator

All Implemented Interfaces:

org.apache.wss4j.dom.validate.Validator

public class STSSamlAssertionValidator
extends org.apache.wss4j.dom.validate.SamlAssertionValidator

This class validates a SAML Assertion by invoking the SamlAssertionValidator in WSS4J. It overrides the signature verification, so that if the signature is not trusted, it just sets a boolean. The STSTokenValidator can parse this tag and dispatch the Assertion to the STS for validation.

Constructor Summary

Constructors

Constructor and Description
STSSamlAssertionValidator()

Method Summary

Modifier and Type	Method and Description
boolean	isTrustVerificationSucceeded() Return if trust verification on the signature of the assertion succeeded.
org.apache.wss4j.dom.validate.Credential	validate(org.apache.wss4j.dom.validate.Credential credential, org.apache.wss4j.dom.handler.RequestData data) Validate the credential argument.
protected org.apache.wss4j.dom.validate.Credential	verifySignedAssertion(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion, org.apache.wss4j.dom.handler.RequestData data) Try to verify trust on the assertion.

Methods inherited from class org.apache.wss4j.dom.validate.SamlAssertionValidator

checkAuthnStatements, checkConditions, checkConditions, checkOneTimeUse, getRequiredSubjectConfirmationMethod, getTtl, isRequireBearerSignature, isRequireStandardSubjectConfirmationMethod, isValidateSignatureAgainstProfile, setFutureTTL, setRequireBearerSignature, setRequiredSubjectConfirmationMethod, setRequireStandardSubjectConfirmationMethod, setTtl, setValidateSignatureAgainstProfile, validateAssertion, verifySubjectConfirmationMethod

Methods inherited from class org.apache.wss4j.dom.validate.SignatureTrustValidator

getCrypto, validateCertificates, validatePublicKey, verifyTrustInCerts

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

STSSamlAssertionValidator

public STSSamlAssertionValidator()

Method Detail

validate

public org.apache.wss4j.dom.validate.Credential validate(org.apache.wss4j.dom.validate.Credential credential,
                                                         org.apache.wss4j.dom.handler.RequestData data)
                                                  throws org.apache.wss4j.common.ext.WSSecurityException

Validate the credential argument. It must contain a non-null AssertionWrapper. A Crypto and a CallbackHandler implementation is also required to be set.

Specified by:

validate in interface org.apache.wss4j.dom.validate.Validator

Overrides:

validate in class org.apache.wss4j.dom.validate.SamlAssertionValidator

Parameters:

credential - the Credential to be validated

data - the RequestData associated with the request

Throws:

org.apache.wss4j.common.ext.WSSecurityException - on a failed validation

verifySignedAssertion

protected org.apache.wss4j.dom.validate.Credential verifySignedAssertion(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion,
                                                                         org.apache.wss4j.dom.handler.RequestData data)
                                                                  throws org.apache.wss4j.common.ext.WSSecurityException

Try to verify trust on the assertion. If it fails, then set a boolean and return.

Overrides:

verifySignedAssertion in class org.apache.wss4j.dom.validate.SamlAssertionValidator

Parameters:

assertion - The signed Assertion

data - The RequestData context

Returns:

A Credential instance

Throws:

org.apache.wss4j.common.ext.WSSecurityException

isTrustVerificationSucceeded

public boolean isTrustVerificationSucceeded()

Return if trust verification on the signature of the assertion succeeded.

Returns:

if trust verification on the signature of the assertion succeeded