org.springframework.security.saml.processor

Class SAMLProcessorImpl

java.lang.Object

org.springframework.security.saml.processor.SAMLProcessorImpl

All Implemented Interfaces:

SAMLProcessor

public class SAMLProcessorImpl
extends Object
implements SAMLProcessor

Processor is capable of parsing SAML message from HttpServletRequest and populate the SAMLMessageContext for further validations.

Author:

Vladimir Schäfer

Field Summary

Fields

Modifier and Type	Field and Description
protected Collection<SAMLBinding>	bindings Bindings supported by this processor.

Constructor Summary

Constructors

Constructor and Description
SAMLProcessorImpl(Collection<SAMLBinding> bindings) Creates a processor supporting multiple bindings.
SAMLProcessorImpl(SAMLBinding binding) Creates a processor supporting a single binding.

Method Summary

Modifier and Type	Method and Description
protected SAMLBinding	getBinding(org.opensaml.saml2.metadata.Endpoint endpoint) Determines binding to be used for the given endpoint.
protected SAMLBinding	getBinding(org.opensaml.ws.transport.InTransport transport) Analyzes the transport object and returns the first binding capable of sending/extracting a SAML message from to/from it.
protected SAMLBinding	getBinding(String bindingName) Finds binding with the given name.
protected void	populateSecurityPolicy(SAMLMessageContext samlContext, SAMLBinding binding) Populates security policy to use for the incoming message and sets it in the samlContext as securityPolicyResolver.
SAMLMessageContext	retrieveMessage(SAMLMessageContext samlContext) Loads incoming SAML message using one of the configured bindings and populates the SAMLMessageContext object with it.
SAMLMessageContext	retrieveMessage(SAMLMessageContext samlContext, SAMLBinding binding) Loads incoming SAML message using one of the configured bindings and populates the SAMLMessageContext object with it.
SAMLMessageContext	retrieveMessage(SAMLMessageContext samlContext, String binding) Loads incoming SAML message using one of the configured bindings and populates the SAMLMessageContext object with it.
SAMLMessageContext	sendMessage(SAMLMessageContext samlContext, boolean sign) Method sends SAML message contained in the context to the specified peerEntityEnpoint.
protected SAMLMessageContext	sendMessage(SAMLMessageContext samlContext, boolean sign, SAMLBinding binding) Sends SAML message using the given binding.
SAMLMessageContext	sendMessage(SAMLMessageContext samlContext, boolean sign, String bindingName)
protected void	verifyContext(SAMLMessageContext samlContext) Verifies that context contains all the required information related to the local entity.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

bindings

protected Collection<SAMLBinding> bindings

Bindings supported by this processor.

Constructor Detail

SAMLProcessorImpl

public SAMLProcessorImpl(SAMLBinding binding)

Creates a processor supporting a single binding.

Parameters:

binding - binding

SAMLProcessorImpl

public SAMLProcessorImpl(Collection<SAMLBinding> bindings)

Creates a processor supporting multiple bindings.

Parameters:

bindings - bindings

Method Detail

retrieveMessage

public SAMLMessageContext retrieveMessage(SAMLMessageContext samlContext,
                                          SAMLBinding binding)
                                   throws org.opensaml.common.SAMLException,
                                          org.opensaml.saml2.metadata.provider.MetadataProviderException,
                                          org.opensaml.ws.message.decoder.MessageDecodingException,
                                          org.opensaml.xml.security.SecurityException

Loads incoming SAML message using one of the configured bindings and populates the SAMLMessageContext object with it. The context is expected to contain inboundMessageTransport and outboundMessageTransport. In case localEntityId, localEntityRole or peerEntityRole is set it will be used, otherwise default SP is loaded as a local entity and IDP presumed as a peer.

Parameters:

samlContext - context

binding - to use for message extraction

Returns:

SAML message context with filled information about the message

Throws:

org.opensaml.common.SAMLException - error retrieving the message from the request

org.opensaml.saml2.metadata.provider.MetadataProviderException - error retrieving metadata

org.opensaml.ws.message.decoder.MessageDecodingException - error decoding the message

org.opensaml.xml.security.SecurityException - error verifying message

populateSecurityPolicy

protected void populateSecurityPolicy(SAMLMessageContext samlContext,
                                      SAMLBinding binding)

Populates security policy to use for the incoming message and sets it in the samlContext as securityPolicyResolver. SecurityPolicy is populated using getSecurityPolicy method of the used binding.

Parameters:

samlContext - saml context to set the policy to

binding - binding used to retrieve the message

retrieveMessage

public SAMLMessageContext retrieveMessage(SAMLMessageContext samlContext,
                                          String binding)
                                   throws org.opensaml.common.SAMLException,
                                          org.opensaml.saml2.metadata.provider.MetadataProviderException,
                                          org.opensaml.ws.message.decoder.MessageDecodingException,
                                          org.opensaml.xml.security.SecurityException

Loads incoming SAML message using one of the configured bindings and populates the SAMLMessageContext object with it.

Specified by:

retrieveMessage in interface SAMLProcessor

Parameters:

samlContext - saml context

binding - to use for message extraction

Returns:

SAML message context with filled information about the message

Throws:

org.opensaml.common.SAMLException - error retrieving the message from the request

org.opensaml.saml2.metadata.provider.MetadataProviderException - error retrieving metadat

org.opensaml.ws.message.decoder.MessageDecodingException - error decoding the message

org.opensaml.xml.security.SecurityException - error verifying message

retrieveMessage

public SAMLMessageContext retrieveMessage(SAMLMessageContext samlContext)
                                   throws org.opensaml.common.SAMLException,
                                          org.opensaml.saml2.metadata.provider.MetadataProviderException,
                                          org.opensaml.ws.message.decoder.MessageDecodingException,
                                          org.opensaml.xml.security.SecurityException

Loads incoming SAML message using one of the configured bindings and populates the SAMLMessageContext object with it.

Specified by:

retrieveMessage in interface SAMLProcessor

Parameters:

samlContext - saml context

Returns:

SAML message context with filled information about the message

Throws:

org.opensaml.common.SAMLException - error retrieving the message from the request

org.opensaml.saml2.metadata.provider.MetadataProviderException - error retrieving metadat

org.opensaml.ws.message.decoder.MessageDecodingException - error decoding the message

org.opensaml.xml.security.SecurityException - error verifying message

sendMessage

public SAMLMessageContext sendMessage(SAMLMessageContext samlContext,
                                      boolean sign)
                               throws org.opensaml.common.SAMLException,
                                      org.opensaml.saml2.metadata.provider.MetadataProviderException,
                                      org.opensaml.ws.message.encoder.MessageEncodingException

Method sends SAML message contained in the context to the specified peerEntityEnpoint. Binding is automatically determined based on the selected endpoint.

Specified by:

sendMessage in interface SAMLProcessor

Parameters:

samlContext - context

sign - true when sent message should be signed

Returns:

resulting context, might be a copy

Throws:

org.opensaml.common.SAMLException

org.opensaml.saml2.metadata.provider.MetadataProviderException

org.opensaml.ws.message.encoder.MessageEncodingException

sendMessage

public SAMLMessageContext sendMessage(SAMLMessageContext samlContext,
                                      boolean sign,
                                      String bindingName)
                               throws org.opensaml.common.SAMLException,
                                      org.opensaml.saml2.metadata.provider.MetadataProviderException,
                                      org.opensaml.ws.message.encoder.MessageEncodingException

Specified by:

sendMessage in interface SAMLProcessor

Throws:

org.opensaml.common.SAMLException

org.opensaml.saml2.metadata.provider.MetadataProviderException

org.opensaml.ws.message.encoder.MessageEncodingException

sendMessage

protected SAMLMessageContext sendMessage(SAMLMessageContext samlContext,
                                         boolean sign,
                                         SAMLBinding binding)
                                  throws org.opensaml.common.SAMLException,
                                         org.opensaml.saml2.metadata.provider.MetadataProviderException,
                                         org.opensaml.ws.message.encoder.MessageEncodingException

Sends SAML message using the given binding. Context is expected to contain outboundMessageTransport. In case localEntityId or localEntityRole is set, it is used, default SP is used otherwise.

Parameters:

samlContext - context

sign - if true sent message is signed

binding - binding to use

Returns:

context

Throws:

org.opensaml.common.SAMLException - in case message can't be sent

org.opensaml.ws.message.encoder.MessageEncodingException - in case message encoding fails

org.opensaml.saml2.metadata.provider.MetadataProviderException - in case metadata for required entities is not found

verifyContext

protected void verifyContext(SAMLMessageContext samlContext)
                      throws org.opensaml.saml2.metadata.provider.MetadataProviderException

Verifies that context contains all the required information related to the local entity.

Parameters:

samlContext - context to populate

Throws:

org.opensaml.saml2.metadata.provider.MetadataProviderException - in case metadata do not contain expected entities

getBinding

protected SAMLBinding getBinding(org.opensaml.ws.transport.InTransport transport)
                          throws org.opensaml.common.SAMLException

Analyzes the transport object and returns the first binding capable of sending/extracting a SAML message from to/from it. In case no binding is found SAMLException is thrown.

Parameters:

transport - transport type to get binding for

Returns:

decoder

Throws:

org.opensaml.common.SAMLException - in case no suitable decoder is found for given request

getBinding

protected SAMLBinding getBinding(org.opensaml.saml2.metadata.Endpoint endpoint)
                          throws org.opensaml.common.SAMLException,
                                 org.opensaml.saml2.metadata.provider.MetadataProviderException

Determines binding to be used for the given endpoint. By default binding returned from getBinding call on the endpoint is used. Speciall handling is used for Holder of Key WebSSO profile endpoints where real binding is stored under hoksso:ProtocolBinding attribute.

Parameters:

endpoint - endpoint t

Returns:

binding

Throws:

org.opensaml.common.SAMLException - in case binding can't be found

org.opensaml.saml2.metadata.provider.MetadataProviderException - in case binding of the endpoint can't be determined

See Also:

SAMLUtil.getBindingForEndpoint(org.opensaml.saml2.metadata.Endpoint)

getBinding

protected SAMLBinding getBinding(String bindingName)
                          throws org.opensaml.common.SAMLException

Finds binding with the given name.

Parameters:

bindingName - name

Returns:

binding

Throws:

org.opensaml.common.SAMLException - in case binding can't be found