Spring Security SAML

org.springframework.security.saml.websso
Class ArtifactResolutionProfileImpl

java.lang.Object
  extended by org.springframework.security.saml.websso.AbstractProfileBase
      extended by org.springframework.security.saml.websso.ArtifactResolutionProfileBase
          extended by org.springframework.security.saml.websso.ArtifactResolutionProfileImpl
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, ArtifactResolutionProfile

public class ArtifactResolutionProfileImpl
extends ArtifactResolutionProfileBase

Implementation of the artifact resolution protocol which uses Apache HTTPClient for SOAP binding transport.


Field Summary
 
Fields inherited from class org.springframework.security.saml.websso.AbstractProfileBase
artifactMap, builderFactory, log, metadata, processor
 
Constructor Summary
ArtifactResolutionProfileImpl(org.apache.commons.httpclient.HttpClient httpClient)
           
 
Method Summary
protected  void getArtifactResponse(String endpointURI, SAMLMessageContext context)
          Uses HTTPClient to send and retrieve ArtifactMessages.
protected  org.apache.commons.httpclient.HostConfiguration getHostConfiguration(org.apache.commons.httpclient.URI uri, SAMLMessageContext context)
          Method is expected to determine hostConfiguration used to send request to the server by back-channel.
 
Methods inherited from class org.springframework.security.saml.websso.ArtifactResolutionProfileBase
createArtifactResolve, getProfileIdentifier, resolveArtifact
 
Methods inherited from class org.springframework.security.saml.websso.AbstractProfileBase
afterPropertiesSet, buildCommonAttributes, generateID, getEndpointBinding, getIssuer, getMaxAssertionTime, getResponseSkew, getStatus, isEndpointMatching, sendMessage, sendMessage, setArtifactMap, setMaxAssertionTime, setMetadata, setProcessor, setResponseSkew, verifyEndpoint, verifyIssuer, verifySignature
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ArtifactResolutionProfileImpl

public ArtifactResolutionProfileImpl(org.apache.commons.httpclient.HttpClient httpClient)
Parameters:
httpClient - client used to send SOAP messages
Method Detail

getArtifactResponse

protected void getArtifactResponse(String endpointURI,
                                   SAMLMessageContext context)
                            throws org.opensaml.common.SAMLException,
                                   org.opensaml.ws.message.encoder.MessageEncodingException,
                                   org.opensaml.ws.message.decoder.MessageDecodingException,
                                   org.opensaml.saml2.metadata.provider.MetadataProviderException,
                                   org.opensaml.xml.security.SecurityException
Uses HTTPClient to send and retrieve ArtifactMessages.

Specified by:
getArtifactResponse in class ArtifactResolutionProfileBase
Parameters:
endpointURI - URI incoming artifactMessage is addressed to
context - context with filled communicationProfileId, outboundMessage, outboundSAMLMessage, peerEntityEndpoint, peerEntityId, peerEntityMetadata, peerEntityRole, peerEntityRoleMetadata
Throws:
org.opensaml.common.SAMLException - error processing artifact messages
org.opensaml.ws.message.encoder.MessageEncodingException - error sending artifactRequest
org.opensaml.ws.message.decoder.MessageDecodingException - error retrieving artifactResponse
org.opensaml.saml2.metadata.provider.MetadataProviderException - error resolving metadata
org.opensaml.xml.security.SecurityException - invalid message signature

getHostConfiguration

protected org.apache.commons.httpclient.HostConfiguration getHostConfiguration(org.apache.commons.httpclient.URI uri,
                                                                               SAMLMessageContext context)
                                                                        throws org.opensaml.ws.message.encoder.MessageEncodingException
Method is expected to determine hostConfiguration used to send request to the server by back-channel. Configuration should contain URI of the host and used protocol including all security settings.

Default implementation uses either default http protocol for non-SSL requests or constructs a separate TrustManager using trust engine specified in the SAMLMessageContext - based either on MetaIOP (certificates obtained from Metadata and ExtendedMetadata are trusted) or PKIX (certificates from metadata and ExtendedMetadata including specified trust anchors are trusted and verified using PKIX).

Used trust engine can be customized as part of the SAMLContextProvider used to process this request.

Parameters:
uri - uri the request should be sent to
context - context including the peer address
Returns:
host configuration
Throws:
org.opensaml.ws.message.encoder.MessageEncodingException - in case peer URI can't be parsed

Spring Security SAML