Spring Security SAML

org.springframework.security.saml.websso
Class ArtifactResolutionProfileBase

java.lang.Object
  extended by org.springframework.security.saml.websso.AbstractProfileBase
      extended by org.springframework.security.saml.websso.ArtifactResolutionProfileBase
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, ArtifactResolutionProfile
Direct Known Subclasses:
ArtifactResolutionProfileImpl

public abstract class ArtifactResolutionProfileBase
extends AbstractProfileBase
implements ArtifactResolutionProfile

Base implementation of the artifactResolution profile. Subclasses need to implement sending of ArtifactRequest using custom transport and retrieving the ArtifactResponse.

Author:
Vladimir Schaefer

Field Summary
 
Fields inherited from class org.springframework.security.saml.websso.AbstractProfileBase
artifactMap, builderFactory, log, metadata, processor
 
Constructor Summary
ArtifactResolutionProfileBase()
           
 
Method Summary
protected  org.opensaml.saml2.core.ArtifactResolve createArtifactResolve(SAMLMessageContext context, String artifactId, org.opensaml.saml2.metadata.Endpoint endpoint)
           
protected abstract  void getArtifactResponse(String endpointURI, SAMLMessageContext context)
          Method is expected to send ArtifactRequest to the artifactResolution service and store the ArtifactResponse.
 String getProfileIdentifier()
          Implementation are expected to provide an unique identifier for the profile this class implements.
 org.opensaml.common.SAMLObject resolveArtifact(SAMLMessageContext context, String artifactId, String endpointURI)
          Creates ArtifactResolve message based in the artifactId, locates ArtifactResolutionService, populates SAMLContext and performs artifact retrieval.
 
Methods inherited from class org.springframework.security.saml.websso.AbstractProfileBase
afterPropertiesSet, buildCommonAttributes, generateID, getEndpointBinding, getIssuer, getMaxAssertionTime, getResponseSkew, getStatus, isEndpointMatching, sendMessage, sendMessage, setArtifactMap, setMaxAssertionTime, setMetadata, setProcessor, setResponseSkew, verifyEndpoint, verifyIssuer, verifySignature
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ArtifactResolutionProfileBase

public ArtifactResolutionProfileBase()
Method Detail

getProfileIdentifier

public String getProfileIdentifier()
Description copied from class: AbstractProfileBase
Implementation are expected to provide an unique identifier for the profile this class implements.

Specified by:
getProfileIdentifier in class AbstractProfileBase
Returns:
profile name

resolveArtifact

public org.opensaml.common.SAMLObject resolveArtifact(SAMLMessageContext context,
                                                      String artifactId,
                                                      String endpointURI)
                                               throws org.opensaml.ws.message.decoder.MessageDecodingException
Creates ArtifactResolve message based in the artifactId, locates ArtifactResolutionService, populates SAMLContext and performs artifact retrieval. Message included in the response is returned.

Specified by:
resolveArtifact in interface ArtifactResolutionProfile
Parameters:
context - context containing information about local SP/IDP entity
artifactId - artifact to resolve
endpointURI - URI of the endpoint the message was sent to
Returns:
message from the resolve artifact
Throws:
org.opensaml.ws.message.decoder.MessageDecodingException - error decoding the artifact

getArtifactResponse

protected abstract void getArtifactResponse(String endpointURI,
                                            SAMLMessageContext context)
                                     throws org.opensaml.common.SAMLException,
                                            org.opensaml.ws.message.encoder.MessageEncodingException,
                                            org.opensaml.ws.message.decoder.MessageDecodingException,
                                            org.opensaml.saml2.metadata.provider.MetadataProviderException,
                                            org.opensaml.xml.security.SecurityException
Method is expected to send ArtifactRequest to the artifactResolution service and store the ArtifactResponse. InboundMessageTransport and OutboundMessageTransport in the context need to be filled by the implementation, the rest of the context is already available.

Parameters:
endpointURI - URI incoming artifactMessage is addressed to
context - context with filled communicationProfileId, outboundMessage, outboundSAMLMessage, peerEntityEndpoint, peerEntityId, peerEntityMetadata, peerEntityRole, peerEntityRoleMetadata
Throws:
org.opensaml.common.SAMLException - error processing artifact messages
org.opensaml.ws.message.encoder.MessageEncodingException - error sending artifactRequest
org.opensaml.ws.message.decoder.MessageDecodingException - error retrieveing articatResponse
org.opensaml.saml2.metadata.provider.MetadataProviderException - error resolving metadata
org.opensaml.xml.security.SecurityException - invalid message signature

createArtifactResolve

protected org.opensaml.saml2.core.ArtifactResolve createArtifactResolve(SAMLMessageContext context,
                                                                        String artifactId,
                                                                        org.opensaml.saml2.metadata.Endpoint endpoint)

Spring Security SAML