SAMLContextProviderImpl (Spring Security SAML 1.0.0.RC2 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

Spring Security SAML

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.saml.context
Class SAMLContextProviderImpl

java.lang.Object
  org.springframework.security.saml.context.SAMLContextProviderImpl

All Implemented Interfaces:: org.springframework.beans.factory.InitializingBean, SAMLContextProvider

Direct Known Subclasses:: SAMLContextProviderLB

public class SAMLContextProviderImpl
extends Object
implements SAMLContextProvider, org.springframework.beans.factory.InitializingBean
extends Object
implements SAMLContextProvider, org.springframework.beans.factory.InitializingBean

Class is responsible for parsing HttpRequest/Response and determining which local entity (IDP/SP) is responsible for it's handling.

Author:: Vladimir Schaefer

Field Summary
`protected KeyManager`	`keyManager`
`protected static org.slf4j.Logger`	`logger`
`protected MetadataManager`	`metadata`
`protected MetadataCredentialResolver`	`metadataResolver`
`protected PKIXInformationResolver`	`pkixResolver`
`protected SAMLMessageStorageFactory`	`storageFactory`

Constructor Summary
`SAMLContextProviderImpl()`

Method Summary
`void`	`afterPropertiesSet()` Verifies that required entities were autowired or set and initializes resolvers used to construct trust engines.
`SAMLMessageContext`	`getLocalAndPeerEntity(HttpServletRequest request, HttpServletResponse response)` Creates a SAMLContext with local entity and peer values filled.
`SAMLMessageContext`	`getLocalEntity(HttpServletRequest request, HttpServletResponse response)` Creates a SAMLContext with local entity values filled.
`protected void`	`populateDecrypter(SAMLMessageContext samlContext)` Populates a decrypter based on settings in the extended metadata or using a default credential when no encryption credential is specified in the extended metadata.
`protected void`	`populateGenericContext(HttpServletRequest request, HttpServletResponse response, SAMLMessageContext context)`
`protected void`	`populateLocalContext(SAMLMessageContext context)`
`protected void`	`populateLocalEntity(SAMLMessageContext samlContext)` Method populates fields localEntityId, localEntityRole, localEntityMetadata, localEntityRoleMetadata and peerEntityRole.
`protected void`	`populateLocalEntityId(SAMLMessageContext context, String requestURI)` Method tries to load localEntityAlias and localEntityRole from the request path.
`protected void`	`populatePeerContext(SAMLMessageContext samlContext)` Populates additional information about the peer based on the previously loaded peerEntityId.
`protected void`	`populatePeerEntityId(SAMLMessageContext context)` First tries to find pre-configured IDP from the request attribute.
`protected void`	`populatePeerSSLCredential(SAMLMessageContext samlContext)` Tries to load peer SSL certificate from the inbound message transport using attribute "javax.servlet.request.X509Certificate".
`protected void`	`populateSSLCredential(SAMLMessageContext samlContext)` Populates X509 Credential used to authenticate this machine against peer servers.
`protected void`	`populateSSLTrustEngine(SAMLMessageContext samlContext)` Based on the settings in the extended metadata either creates a PKIX trust engine with trusted keys specified in the extended metadata as anchors or (by default) an explicit trust engine using data from the metadata or from the values overridden in the ExtendedMetadata.
`protected void`	`populateTrustEngine(SAMLMessageContext samlContext)` Based on the settings in the extended metadata either creates a PKIX trust engine with trusted keys specified in the extended metadata as anchors or (by default) an explicit trust engine using data from the metadata or from the values overridden in the ExtendedMetadata.
`void`	`setKeyManager(KeyManager keyManager)`
`void`	`setMetadata(MetadataManager metadata)`
`void`	`setStorageFactory(SAMLMessageStorageFactory storageFactory)` Implementation of the SAML message storage factory providing custom mechanism for storage of SAML messages such as http session, cookies or no storage at all.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

logger

protected static final org.slf4j.Logger logger

keyManager

protected KeyManager keyManager

metadata

protected MetadataManager metadata

metadataResolver

protected MetadataCredentialResolver metadataResolver

pkixResolver

protected PKIXInformationResolver pkixResolver

storageFactory

protected SAMLMessageStorageFactory storageFactory

Constructor Detail

SAMLContextProviderImpl

public SAMLContextProviderImpl()

Method Detail

getLocalEntity

public SAMLMessageContext getLocalEntity(HttpServletRequest request,
                                         HttpServletResponse response)
                                  throws org.opensaml.saml2.metadata.provider.MetadataProviderException

Creates a SAMLContext with local entity values filled. Also request and response must be stored in the context as message transports.

Specified by:: getLocalEntity in interface SAMLContextProvider

Parameters:: request - request; response - response
Returns:: context
Throws:: org.opensaml.saml2.metadata.provider.MetadataProviderException - in case of metadata problems

getLocalAndPeerEntity

public SAMLMessageContext getLocalAndPeerEntity(HttpServletRequest request,
                                                HttpServletResponse response)
                                         throws org.opensaml.saml2.metadata.provider.MetadataProviderException

Creates a SAMLContext with local entity and peer values filled. Also request and response must be stored in the context as message transports. Should be used when both local entity and peer entity can be determined from the request.

Specified by:: getLocalAndPeerEntity in interface SAMLContextProvider

Parameters:: request - request; response - response
Returns:: context
Throws:: org.opensaml.saml2.metadata.provider.MetadataProviderException - in case of metadata problems

populatePeerEntityId

protected void populatePeerEntityId(SAMLMessageContext context)
                             throws org.opensaml.saml2.metadata.provider.MetadataProviderException

First tries to find pre-configured IDP from the request attribute. If not found loads the IDP_PARAMETER from the request and if it is not null verifies whether IDP with this value is valid IDP in our circle of trust. Processing fails when IDP is not valid. IDP is set as PeerEntityId in the context.

If request parameter is null the default IDP is returned.

Parameters:: context - context to populate ID for
Throws:: org.opensaml.saml2.metadata.provider.MetadataProviderException - in case provided IDP value is invalid

populatePeerContext

protected void populatePeerContext(SAMLMessageContext samlContext)
                            throws org.opensaml.saml2.metadata.provider.MetadataProviderException

Populates additional information about the peer based on the previously loaded peerEntityId.

Parameters:: samlContext - to populate
Throws:: org.opensaml.saml2.metadata.provider.MetadataProviderException - in case metadata problem is encountered

populateGenericContext

protected void populateGenericContext(HttpServletRequest request,
                                      HttpServletResponse response,
                                      SAMLMessageContext context)
                               throws org.opensaml.saml2.metadata.provider.MetadataProviderException

Throws:: org.opensaml.saml2.metadata.provider.MetadataProviderException

populateLocalContext

protected void populateLocalContext(SAMLMessageContext context)
                             throws org.opensaml.saml2.metadata.provider.MetadataProviderException

Throws:: org.opensaml.saml2.metadata.provider.MetadataProviderException

populateLocalEntityId

protected void populateLocalEntityId(SAMLMessageContext context,
                                     String requestURI)
                              throws org.opensaml.saml2.metadata.provider.MetadataProviderException

Method tries to load localEntityAlias and localEntityRole from the request path. Path is supposed to be in format: https(s)://server:port/application/saml/filterName/alias/aliasName/idp|sp?query. In case alias is missing from the path defaults are used. Otherwise localEntityId and sp or idp localEntityRole is entered into the context.

In case alias entity id isn't found an exception is raised.

Parameters:: context - context to populate fields localEntityId and localEntityRole for; requestURI - context path to parse entityId and entityRole from
Throws:: org.opensaml.saml2.metadata.provider.MetadataProviderException - in case entityId can't be populated

populateLocalEntity

protected void populateLocalEntity(SAMLMessageContext samlContext)
                            throws org.opensaml.saml2.metadata.provider.MetadataProviderException

Method populates fields localEntityId, localEntityRole, localEntityMetadata, localEntityRoleMetadata and peerEntityRole. In case fields localAlias, localEntityId, localEntiyRole or peerEntityRole are set they are used, defaults of default SP and IDP as a peer are used instead.

Parameters:: samlContext - context to populate
Throws:: org.opensaml.saml2.metadata.provider.MetadataProviderException - in case metadata do not contain expected entities or localAlias is specified but not found

populateSSLCredential

protected void populateSSLCredential(SAMLMessageContext samlContext)

Populates X509 Credential used to authenticate this machine against peer servers. Uses key with alias specified in extended metadata under TlsKey, when not set uses the default credential.

Parameters:: samlContext - context to populate

populatePeerSSLCredential

protected void populatePeerSSLCredential(SAMLMessageContext samlContext)

Tries to load peer SSL certificate from the inbound message transport using attribute "javax.servlet.request.X509Certificate". If found sets peerSSLCredential in the context.

Parameters:: samlContext - context to populate

populateDecrypter

protected void populateDecrypter(SAMLMessageContext samlContext)

Populates a decrypter based on settings in the extended metadata or using a default credential when no encryption credential is specified in the extended metadata.

Parameters:: samlContext - context to populate decryptor for.

populateTrustEngine

protected void populateTrustEngine(SAMLMessageContext samlContext)

Based on the settings in the extended metadata either creates a PKIX trust engine with trusted keys specified in the extended metadata as anchors or (by default) an explicit trust engine using data from the metadata or from the values overridden in the ExtendedMetadata.

Parameters:: samlContext - context to populate

populateSSLTrustEngine

protected void populateSSLTrustEngine(SAMLMessageContext samlContext)

Parameters:: samlContext - context to populate

setMetadata

@Autowired
public void setMetadata(MetadataManager metadata)

setKeyManager

@Autowired
public void setKeyManager(KeyManager keyManager)

setStorageFactory

@Autowired(required=false)
public void setStorageFactory(SAMLMessageStorageFactory storageFactory)

Implementation of the SAML message storage factory providing custom mechanism for storage of SAML messages such as http session, cookies or no storage at all.

Parameters:: storageFactory - storage factory

afterPropertiesSet

public void afterPropertiesSet()
                        throws ServletException

Verifies that required entities were autowired or set and initializes resolvers used to construct trust engines.

Specified by:: afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:: ServletException