org.springframework.security.saml.websso
Class ArtifactResolutionProfileImpl
java.lang.Object
org.springframework.security.saml.websso.AbstractProfileBase
org.springframework.security.saml.websso.ArtifactResolutionProfileBase
org.springframework.security.saml.websso.ArtifactResolutionProfileImpl
- All Implemented Interfaces:
- org.springframework.beans.factory.InitializingBean, ArtifactResolutionProfile
public class ArtifactResolutionProfileImpl
- extends ArtifactResolutionProfileBase
Implementation of the artifact resolution protocol which uses Apache HTTPClient for SOAP binding transport.
| Methods inherited from class org.springframework.security.saml.websso.AbstractProfileBase |
afterPropertiesSet, buildCommonAttributes, generateID, getEndpointBinding, getIssuer, getMaxAssertionTime, getResponseSkew, getStatus, isEndpointMatching, sendMessage, sendMessage, setArtifactMap, setMaxAssertionTime, setMetadata, setProcessor, setResponseSkew, verifyEndpoint, verifyIssuer, verifySignature |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ArtifactResolutionProfileImpl
public ArtifactResolutionProfileImpl(org.apache.commons.httpclient.HttpClient httpClient)
- Parameters:
httpClient - client used to send SOAP messages
getArtifactResponse
protected void getArtifactResponse(String endpointURI,
SAMLMessageContext context)
throws org.opensaml.common.SAMLException,
org.opensaml.ws.message.encoder.MessageEncodingException,
org.opensaml.ws.message.decoder.MessageDecodingException,
org.opensaml.saml2.metadata.provider.MetadataProviderException,
org.opensaml.xml.security.SecurityException
- Uses HTTPClient to send and retrieve ArtifactMessages.
- Specified by:
getArtifactResponse in class ArtifactResolutionProfileBase
- Parameters:
endpointURI - URI incoming artifactMessage is addressed tocontext - context with filled communicationProfileId, outboundMessage, outboundSAMLMessage, peerEntityEndpoint, peerEntityId, peerEntityMetadata, peerEntityRole, peerEntityRoleMetadata
- Throws:
org.opensaml.common.SAMLException - error processing artifact messages
org.opensaml.ws.message.encoder.MessageEncodingException - error sending artifactRequest
org.opensaml.ws.message.decoder.MessageDecodingException - error retrieving artifactResponse
org.opensaml.saml2.metadata.provider.MetadataProviderException - error resolving metadata
org.opensaml.xml.security.SecurityException - invalid message signature
getHostConfiguration
protected org.apache.commons.httpclient.HostConfiguration getHostConfiguration(org.apache.commons.httpclient.URI uri,
SAMLMessageContext context)
throws org.opensaml.ws.message.encoder.MessageEncodingException
- Method is expected to determine hostConfiguration used to send request to the server by back-channel. Configuration
should contain URI of the host and used protocol including all security settings.
Default implementation uses either default http protocol for non-SSL requests or constructs a separate
TrustManager using trust engine specified in the SAMLMessageContext - based either on MetaIOP (certificates
obtained from Metadata and ExtendedMetadata are trusted) or PKIX (certificates from metadata and ExtendedMetadata
including specified trust anchors are trusted and verified using PKIX).
Used trust engine can be customized as part of the SAMLContextProvider used to process this request.
- Parameters:
uri - uri the request should be sent tocontext - context including the peer address
- Returns:
- host configuration
- Throws:
org.opensaml.ws.message.encoder.MessageEncodingException - in case peer URI can't be parsed