public class SAMLProtocolMessageXMLSignatureSecurityPolicyRule extends BaseSAMLXMLSignatureSecurityPolicyRule
SAMLObject which represents the
SAML protocol message being processed.
If the message is not an instance of SignableSAMLObject, then no processing is performed. If signature
validation is successful, and the SAML message context issuer was not previously authenticated, then the context's
issuer authentication state will be set to true.
If an optional Validator for Signature objects is supplied, this validator will be used to validate
the XML Signature element prior to the actual cryptographic validation of the signature. This might for example be
used to enforce certain signature profile requirements or to detect signatures upon which it would be unsafe to
attempt cryptographic processing. When using the single argument constructuor form, the validator will default to
SAMLSignatureProfileValidator.
| コンストラクタと説明 |
|---|
SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine)
Constructor.
|
SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine,
Validator<Signature> signatureValidator)
Constructor.
|
| 修飾子とタイプ | メソッドと説明 |
|---|---|
protected void |
doEvaluate(Signature signature,
SignableSAMLObject signableObject,
SAMLMessageContext samlMsgCtx)
Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust
engine.
|
void |
evaluate(MessageContext messageContext)
Evaluates the message context against the rule.
|
protected Validator<Signature> |
getSignaturePrevalidator()
Get the validator used to perform pre-validation on Signature tokens.
|
protected void |
performPreValidation(Signature signature)
Perform pre-validation on the Signature token.
|
buildCriteriaSetevaluate, evaluate, getTrustEnginepublic SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine)
SAMLSignatureProfileValidator.engine - Trust engine used to verify the signaturepublic SAMLProtocolMessageXMLSignatureSecurityPolicyRule(TrustEngine<Signature> engine, Validator<Signature> signatureValidator)
engine - Trust engine used to verify the signaturesignatureValidator - optional pre-validator used to validate Signature elements prior to the actual
cryptographic validation operationpublic void evaluate(MessageContext messageContext) throws SecurityPolicyException
messageContext - the message context being evaluatedSecurityPolicyException - thrown if the message context does not meet the requirements of the rule,
or if there is a non-recoverable error during evaluationprotected void doEvaluate(Signature signature, SignableSAMLObject signableObject, SAMLMessageContext samlMsgCtx) throws SecurityPolicyException
signature - the signature which is being evaluatedsignableObject - the signable object which contained the signaturesamlMsgCtx - the SAML message context being processedSecurityPolicyException - thrown if the signature fails validationprotected Validator<Signature> getSignaturePrevalidator()
protected void performPreValidation(Signature signature) throws SecurityPolicyException
signature - the signature to evaluateSecurityPolicyException - thrown if the signature element fails pre-validationCopyright © 2012. All Rights Reserved.