org.apache.cxf.rs.security.saml.sso

Class AbstractRequestAssertionConsumerHandler

java.lang.Object

org.apache.cxf.rs.security.saml.sso.AbstractSSOSpHandler

org.apache.cxf.rs.security.saml.sso.AbstractRequestAssertionConsumerHandler

Direct Known Subclasses:

RequestAssertionConsumerFilter, RequestAssertionConsumerService

public abstract class AbstractRequestAssertionConsumerHandler
extends AbstractSSOSpHandler

Constructor Summary

Constructors

Constructor and Description
AbstractRequestAssertionConsumerHandler()

Method Summary

Modifier and Type	Method and Description
void	close()
protected String	createSecurityContext(RequestState requestState, String encodedSamlResponse, String relayState, boolean postBinding)
protected javax.ws.rs.core.Response	doProcessSamlResponse(String encodedSamlResponse, String relayState, boolean postBinding)
String	getApplicationURL()
String	getAssertionConsumerServiceAddress()
TokenReplayCache<String>	getReplayCache()
boolean	isCheckClientAddress()
boolean	isEnforceResponseSigned()
boolean	isParseApplicationURLFromRelayState()
protected boolean	isStateExpired(long stateCreatedAt, long expiresAt)
boolean	isSupportBase64Encoding()
boolean	isSupportDeflateEncoding()
protected RequestState	processRelayState(String relayState)
protected void	reportError(String code)
void	setApplicationURL(String applicationURL) Set the Application URL to forward to, for the unsolicited IdP case.
void	setAssertionConsumerServiceAddress(String assertionConsumerServiceAddress)
void	setCheckClientAddress(boolean checkClientAddress)
void	setEnforceAssertionsSigned(boolean enforceAssertionsSigned) Enforce that Assertions must be signed if the POST binding was used.
void	setEnforceKnownIssuer(boolean enforceKnownIssuer) Enforce that the Issuer of the received Response/Assertion is known to this RACS.
void	setEnforceResponseSigned(boolean enforceResponseSigned) Enforce that a SAML Response must be signed.
void	setKeyInfoMustBeAvailable(boolean keyInfoMustBeAvailable)
void	setMessageContext(MessageContext mc)
void	setParseApplicationURLFromRelayState(boolean parseApplicationURLFromRelayState) Whether to parse the application URL to forward to from the RelayState, for the unsolicted IdP case.
void	setReplayCache(TokenReplayCache<String> replayCache)
void	setSupportBase64Encoding(boolean supportBase64Encoding)
void	setSupportDeflateEncoding(boolean deflate)
protected void	validateSamlResponseProtocol(org.opensaml.saml.saml2.core.Response samlResponse) Validate the received SAML Response as per the protocol
protected SSOValidatorResponse	validateSamlSSOResponse(boolean postBinding, org.opensaml.saml.saml2.core.Response samlResponse, RequestState requestState) Validate the received SAML Response as per the Web SSO profile

Methods inherited from class org.apache.cxf.rs.security.saml.sso.AbstractSSOSpHandler

createCookie, getCallbackHandler, getIdpServiceAddress, getIssuerId, getSignatureCrypto, getSignatureUsername, getStateProvider, getStateTimeToLive, isSupportUnsolicited, setCallbackHandler, setCallbackHandlerClass, setIdpServiceAddress, setIssuerId, setSignatureCrypto, setSignaturePropertiesFile, setSignatureUsername, setStateProvider, setStateTimeToLive, setSupportUnsolicited

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractRequestAssertionConsumerHandler

public AbstractRequestAssertionConsumerHandler()

Method Detail

setMessageContext

@Context
public void setMessageContext(MessageContext mc)

setSupportDeflateEncoding

public void setSupportDeflateEncoding(boolean deflate)

isSupportDeflateEncoding

public boolean isSupportDeflateEncoding()

setReplayCache

public void setReplayCache(TokenReplayCache<String> replayCache)

getReplayCache

public TokenReplayCache<String> getReplayCache()
                                        throws Exception

Throws:

Exception

setEnforceAssertionsSigned

public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned)

Enforce that Assertions must be signed if the POST binding was used. The default is true.

setEnforceKnownIssuer

public void setEnforceKnownIssuer(boolean enforceKnownIssuer)

Enforce that the Issuer of the received Response/Assertion is known to this RACS. The default is true.

setSupportBase64Encoding

public void setSupportBase64Encoding(boolean supportBase64Encoding)

isSupportBase64Encoding

public boolean isSupportBase64Encoding()

close

@PreDestroy
public void close()

Overrides:

close in class AbstractSSOSpHandler

doProcessSamlResponse

protected javax.ws.rs.core.Response doProcessSamlResponse(String encodedSamlResponse,
                                                          String relayState,
                                                          boolean postBinding)

createSecurityContext

protected String createSecurityContext(RequestState requestState,
                                       String encodedSamlResponse,
                                       String relayState,
                                       boolean postBinding)

processRelayState

protected RequestState processRelayState(String relayState)

validateSamlResponseProtocol

protected void validateSamlResponseProtocol(org.opensaml.saml.saml2.core.Response samlResponse)

Validate the received SAML Response as per the protocol

validateSamlSSOResponse

protected SSOValidatorResponse validateSamlSSOResponse(boolean postBinding,
                                                       org.opensaml.saml.saml2.core.Response samlResponse,
                                                       RequestState requestState)

Validate the received SAML Response as per the Web SSO profile

reportError

protected void reportError(String code)

setKeyInfoMustBeAvailable

public void setKeyInfoMustBeAvailable(boolean keyInfoMustBeAvailable)

isEnforceResponseSigned

public boolean isEnforceResponseSigned()

setEnforceResponseSigned

public void setEnforceResponseSigned(boolean enforceResponseSigned)

Enforce that a SAML Response must be signed.

getApplicationURL

public String getApplicationURL()

setApplicationURL

public void setApplicationURL(String applicationURL)

Set the Application URL to forward to, for the unsolicited IdP case.

Parameters:

applicationURL -

isParseApplicationURLFromRelayState

public boolean isParseApplicationURLFromRelayState()

setParseApplicationURLFromRelayState

public void setParseApplicationURLFromRelayState(boolean parseApplicationURLFromRelayState)

Whether to parse the application URL to forward to from the RelayState, for the unsolicted IdP case.

Parameters:

parseApplicationURLFromRelayState -

getAssertionConsumerServiceAddress

public String getAssertionConsumerServiceAddress()

setAssertionConsumerServiceAddress

public void setAssertionConsumerServiceAddress(String assertionConsumerServiceAddress)

isCheckClientAddress

public boolean isCheckClientAddress()

setCheckClientAddress

public void setCheckClientAddress(boolean checkClientAddress)

isStateExpired

protected boolean isStateExpired(long stateCreatedAt,
                                 long expiresAt)