| パッケージ | 説明 |
|---|---|
| org.opensaml.common.binding.security |
Classes responsible for performing transport-related and basic message
validation of decoded SAML messages.
|
| org.opensaml.saml2.binding.security |
Classes responsible for performing transport-related and basic message
validation of decoded SAML 2 messages.
|
| org.opensaml.ws.security |
Provides interfaces that may be used to implement policies that are evaluated against incoming messages.
|
| org.opensaml.ws.security.provider |
Basic implementations of some security policies.
|
| 修飾子とタイプ | メソッドと説明 |
|---|---|
protected CriteriaSet |
BaseSAMLXMLSignatureSecurityPolicyRule.buildCriteriaSet(String entityID,
MessageContext messageContext)
Subclasses are required to implement this method to build a criteria set for the trust engine
according to trust engine and application-specific needs.
|
protected CriteriaSet |
SAMLMDClientCertAuthRule.buildCriteriaSet(String entityID,
MessageContext messageContext)
Subclasses are required to implement this method to build a criteria set for the trust engine
according to trust engine and application-specific needs.
|
protected CriteriaSet |
BaseSAMLSimpleSignatureSecurityPolicyRule.buildCriteriaSet(String entityID,
SAMLMessageContext samlContext)
Build a criteria set suitable for input to the trust engine.
|
protected String |
BaseSAMLSimpleSignatureSecurityPolicyRule.deriveSignerEntityID(SAMLMessageContext samlContext)
Derive the signer's entity ID from the message context.
|
protected void |
SAMLProtocolMessageXMLSignatureSecurityPolicyRule.doEvaluate(Signature signature,
SignableSAMLObject signableObject,
SAMLMessageContext samlMsgCtx)
Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust
engine.
|
void |
IssueInstantRule.evaluate(MessageContext messageContext)
Evaluates the message context against the rule.
|
void |
SAMLProtocolMessageXMLSignatureSecurityPolicyRule.evaluate(MessageContext messageContext)
Evaluates the message context against the rule.
|
void |
BaseSAMLSimpleSignatureSecurityPolicyRule.evaluate(MessageContext messageContext)
Evaluates the message context against the rule.
|
void |
MessageReplayRule.evaluate(MessageContext messageContext)
Evaluates the message context against the rule.
|
protected List<Credential> |
BaseSAMLSimpleSignatureSecurityPolicyRule.getRequestCredentials(javax.servlet.http.HttpServletRequest request,
SAMLMessageContext samlContext)
Extract any candidate validation credentials from the request and/or message context.
|
protected byte[] |
BaseSAMLSimpleSignatureSecurityPolicyRule.getSignature(javax.servlet.http.HttpServletRequest request)
Extract the signature value from the request, in the form suitable for input into
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential). |
protected String |
BaseSAMLSimpleSignatureSecurityPolicyRule.getSignatureAlgorithm(javax.servlet.http.HttpServletRequest request)
Extract the signature algorithm URI value from the request.
|
protected abstract byte[] |
BaseSAMLSimpleSignatureSecurityPolicyRule.getSignedContent(javax.servlet.http.HttpServletRequest request)
Get the content over which to validate the signature, in the form suitable for input into
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential). |
protected void |
SAMLProtocolMessageXMLSignatureSecurityPolicyRule.performPreValidation(Signature signature)
Perform pre-validation on the Signature token.
|
protected abstract boolean |
BaseSAMLSimpleSignatureSecurityPolicyRule.ruleHandles(javax.servlet.http.HttpServletRequest request,
SAMLMessageContext samlMsgCtx)
Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message
context.
|
protected boolean |
BaseSAMLSimpleSignatureSecurityPolicyRule.validateSignature(byte[] signature,
byte[] signedContent,
String algorithmURI,
CriteriaSet criteriaSet,
List<Credential> candidateCredentials)
Validate the simple signature.
|
| 修飾子とタイプ | メソッドと説明 |
|---|---|
void |
SAML2AuthnRequestsSignedRule.evaluate(MessageContext messageContext)
Evaluates the message context against the rule.
|
protected List<Credential> |
SAML2HTTPPostSimpleSignRule.getRequestCredentials(javax.servlet.http.HttpServletRequest request,
SAMLMessageContext samlContext)
Extract any candidate validation credentials from the request and/or message context.
|
protected byte[] |
SAML2HTTPRedirectDeflateSignatureRule.getSignedContent(javax.servlet.http.HttpServletRequest request)
Get the content over which to validate the signature, in the form suitable for input into
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential). |
protected byte[] |
SAML2HTTPPostSimpleSignRule.getSignedContent(javax.servlet.http.HttpServletRequest request)
Get the content over which to validate the signature, in the form suitable for input into
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential). |
protected boolean |
SAML2HTTPRedirectDeflateSignatureRule.ruleHandles(javax.servlet.http.HttpServletRequest request,
SAMLMessageContext samlMsgCtx)
Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message
context.
|
| 修飾子とタイプ | メソッドと説明 |
|---|---|
void |
SecurityPolicy.evaluate(MessageContext messageContext)
Evaluates this policy.
|
void |
SecurityPolicyRule.evaluate(MessageContext messageContext)
Evaluates the message context against the rule.
|
| 修飾子とタイプ | メソッドと説明 |
|---|---|
protected abstract CriteriaSet |
BaseTrustEngineRule.buildCriteriaSet(String entityID,
MessageContext messageContext)
Subclasses are required to implement this method to build a criteria set for the trust engine
according to trust engine and application-specific needs.
|
protected CriteriaSet |
ClientCertAuthRule.buildCriteriaSet(String entityID,
MessageContext messageContext)
Subclasses are required to implement this method to build a criteria set for the trust engine
according to trust engine and application-specific needs.
|
protected void |
HTTPRule.doEvaluate(MessageContext messageContext)
Evaluates if the message context transport, guaranteed to be of type
HTTPTransport, meets all
requirements. |
protected void |
ClientCertAuthRule.doEvaluate(X509Credential requestCredential,
MessageContext messageContext)
Evaluate the request credential.
|
void |
HTTPRule.evaluate(MessageContext messageContext)
Evaluates the message context against the rule.
|
void |
MandatoryAuthenticatedMessageRule.evaluate(MessageContext messageContext)
Evaluates the message context against the rule.
|
void |
MandatoryIssuerRule.evaluate(MessageContext messageContext)
Evaluates the message context against the rule.
|
void |
BasicSecurityPolicy.evaluate(MessageContext messageContext)
Evaluates this policy.
|
void |
ClientCertAuthRule.evaluate(MessageContext messageContext)
Evaluates the message context against the rule.
|
protected boolean |
BaseTrustEngineRule.evaluate(TokenType token,
CriteriaSet criteriaSet)
Evaluate the token against the specified criteria using the configured trust engine.
|
protected boolean |
BaseTrustEngineRule.evaluate(TokenType token,
String entityID,
MessageContext messageContext)
Evaluate the token using the configured trust engine against criteria built using
the specified candidate issuer entity ID and message context information.
|
protected String |
ClientCertAuthRule.evaluateCertificateNameDerivedIssuers(X509Credential requestCredential,
MessageContext messageContext)
推奨されていません。
|
protected String |
ClientCertAuthRule.evaluateCertificateNameDerivedPresenters(X509Credential requestCredential,
MessageContext messageContext)
Evaluate candidate presenter entity ID's which may be derived from the request credential's entity certificate
according to the options supplied via
CertificateNameOptions. |
protected void |
HTTPRule.evaluateContentType(HTTPTransport transport)
Checks if the transport is of the correct content type.
|
protected String |
ClientCertAuthRule.evaluateDerivedIssuers(X509Credential requestCredential,
MessageContext messageContext)
推奨されていません。
|
protected String |
ClientCertAuthRule.evaluateDerivedPresenters(X509Credential requestCredential,
MessageContext messageContext)
Evaluate any candidate presenter entity ID's which may be derived from the credential or other message context
information.
|
protected void |
HTTPRule.evaluateRequestMethod(HTTPTransport transport)
Checks if the transport is of the correct request method.
|
protected void |
HTTPRule.evaluateSecured(HTTPTransport transport)
Checks if the transport is secured.
|
protected String |
ClientCertAuthRule.evaluateSubjectAltNames(X509Credential requestCredential,
MessageContext messageContext)
Evaluate the presenter entity ID as derived from the cert subject alternative names specified by types enumerated
in
CertificateNameOptions.getSubjectAltNames(). |
protected String |
ClientCertAuthRule.evaluateSubjectCommonName(X509Credential requestCredential,
MessageContext messageContext)
Evaluate the presenter entity ID as derived from the cert subject common name (CN).
|
protected String |
ClientCertAuthRule.evaluateSubjectDN(X509Credential requestCredential,
MessageContext messageContext)
Evaluate the presenter entity ID as derived from the cert subject DN.
|
Copyright © 2012. All Rights Reserved.