|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectedu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>
edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>
edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
public abstract class AbstractSAMLProfileHandler
Base class for SAML profile handlers.
Constructor Summary | |
---|---|
protected |
AbstractSAMLProfileHandler()
Constructor. |
Method Summary | |
---|---|
protected void |
encodeResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Encodes the request's SAML response and writes it to the servlet response. |
protected org.slf4j.Logger |
getAduitLog()
Gets the audit log for this handler. |
protected List<String> |
getEntitySupportedFormats(org.opensaml.saml2.metadata.RoleDescriptor role)
Gets the list of name identifier formats supported for a given role. |
org.opensaml.common.IdentifierGenerator |
getIdGenerator()
Gets an ID generator which may be used for SAML assertions, requests, etc. |
String |
getInboundBinding()
Gets the SAML message binding used by inbound messages. |
protected org.opensaml.common.binding.decoding.SAMLMessageDecoder |
getInboundMessageDecoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Get the inbound message decoder to use. |
Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> |
getMessageDecoders()
Gets all the SAML message decoders configured for the IdP indexed by SAML binding URI. |
Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> |
getMessageEncoders()
Gets all the SAML message encoders configured for the IdP indexed by SAML binding URI. |
org.opensaml.saml2.metadata.provider.MetadataProvider |
getMetadataProvider()
A convenience method for retrieving the SAML metadata provider from the relying party manager. |
protected List<String> |
getNameFormats(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Gets the name identifier formats to use when creating identifiers for the relying party. |
protected org.opensaml.common.binding.encoding.SAMLMessageEncoder |
getOutboundMessageEncoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Get the outbound message encoder to use. |
edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration |
getRelyingPartyConfiguration(String relyingPartyId)
|
org.opensaml.ws.security.SecurityPolicyResolver |
getSecurityPolicyResolver()
Gets the resolver used to determine active security policy for an incoming request. |
List<String> |
getSupportedOutboundBindings()
Gets the SAML message bindings that may be used by outbound messages. |
protected Session |
getUserSession(org.opensaml.ws.transport.InTransport inTransport)
Gets the user's session, if there is one. |
protected Session |
getUserSession(String principalName)
Gets the user's session based on their principal name. |
protected boolean |
isSignResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Determine whether responses should be signed. |
protected void |
populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information about the asserting party. |
protected void |
populateProfileInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with the information about the profile. |
protected void |
populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information about the relying party. |
protected void |
populateRequestContext(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information. |
protected abstract void |
populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information from the inbound SAML message. |
protected abstract void |
populateUserInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with the information about the user if they have an existing session. |
protected abstract org.opensaml.saml2.metadata.Endpoint |
selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Selects the appropriate endpoint for the relying party and stores it in the request context. |
void |
setIdGenerator(org.opensaml.common.IdentifierGenerator generator)
Gets an ID generator which may be used for SAML assertions, requests, etc. |
void |
setInboundBinding(String binding)
Sets the SAML message binding used by inbound messages. |
void |
setMessageDecoders(Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> decoders)
Sets all the SAML message decoders configured for the IdP indexed by SAML binding URI. |
void |
setMessageEncoders(Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> encoders)
Sets all the SAML message encoders configured for the IdP indexed by SAML binding URI. |
void |
setSecurityPolicyResolver(org.opensaml.ws.security.SecurityPolicyResolver resolver)
Sets the resolver used to determine active security policy for an incoming request. |
void |
setSupportedOutboundBindings(List<String> bindings)
Sets the SAML message bindings that may be used by outbound messages. |
protected void |
writeAuditLogEntry(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext context)
Writes an audit log entry indicating the successful response to the attribute request. |
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler |
---|
getBuilderFactory, getParserPool, getProfileConfiguration, getProfileId, getRelyingPartyConfigurationManager, getSessionManager, setParserPool, setRelyingPartyConfigurationManager, setSessionManager |
Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler |
---|
getRequestPaths, setRequestPaths |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface edu.internet2.middleware.shibboleth.common.profile.ProfileHandler |
---|
processRequest |
Constructor Detail |
---|
protected AbstractSAMLProfileHandler()
Method Detail |
---|
public org.opensaml.ws.security.SecurityPolicyResolver getSecurityPolicyResolver()
public void setSecurityPolicyResolver(org.opensaml.ws.security.SecurityPolicyResolver resolver)
resolver
- resolver used to determine active security policy for an incoming requestprotected org.slf4j.Logger getAduitLog()
public org.opensaml.common.IdentifierGenerator getIdGenerator()
public String getInboundBinding()
public Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> getMessageDecoders()
public Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> getMessageEncoders()
public org.opensaml.saml2.metadata.provider.MetadataProvider getMetadataProvider()
public List<String> getSupportedOutboundBindings()
protected Session getUserSession(org.opensaml.ws.transport.InTransport inTransport)
inTransport
- current inbound transport
protected Session getUserSession(String principalName)
principalName
- user's principal name
public void setIdGenerator(org.opensaml.common.IdentifierGenerator generator)
generator
- an ID generator which may be used for SAML assertions, requests, etcpublic void setInboundBinding(String binding)
binding
- SAML message binding used by inbound messagespublic void setMessageDecoders(Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> decoders)
decoders
- SAML message decoders configured for the IdP indexed by SAML binding URIpublic void setMessageEncoders(Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> encoders)
encoders
- SAML message encoders configured for the IdP indexed by SAML binding URIpublic void setSupportedOutboundBindings(List<String> bindings)
bindings
- SAML message bindings that may be used by outbound messagespublic edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration getRelyingPartyConfiguration(String relyingPartyId)
getRelyingPartyConfiguration
in class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>
protected void populateRequestContext(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem looking up the relying party's metadataprotected void populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem looking up the relying party's metadataprotected void populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
populateRequestContext(BaseSAMLProfileRequestContext)
has already invoked
populateRelyingPartyInformation(BaseSAMLProfileRequestContext)
has already been invoked and the
properties it provides are available in the request context.
This method requires the the following request context properties to be populated: metadata provider, relying
party configuration
This methods populates the following request context properties: local entity ID, outbound message issuer, local
entity metadata
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem looking up the asserting party's metadataprotected abstract void populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
populateRequestContext(BaseSAMLProfileRequestContext)
has already invoked
populateRelyingPartyInformation(BaseSAMLProfileRequestContext)
,and
populateAssertingPartyInformation(BaseSAMLProfileRequestContext)
have already been invoked and the
properties they provide are available in the request context.
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem populating the request context with informationprotected void populateProfileInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
populateRequestContext(BaseSAMLProfileRequestContext)
has already invoked
populateRelyingPartyInformation(BaseSAMLProfileRequestContext)
,
populateAssertingPartyInformation(BaseSAMLProfileRequestContext)
, and
populateSAMLMessageInformation(BaseSAMLProfileRequestContext)
have already been invoked and the
properties they provide are available in the request context.
This method requires the the following request context properties to be populated: relying party configuration
This methods populates the following request context properties: communication profile ID, profile configuration,
outbound message artifact type, peer entity endpoint
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem populating the profile informationprotected List<String> getNameFormats(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem determining the name identifier format to useprotected List<String> getEntitySupportedFormats(org.opensaml.saml2.metadata.RoleDescriptor role)
role
- the role to get the list of supported name identifier formats
protected abstract void populateUserInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
populateRequestContext(BaseSAMLProfileRequestContext)
has already invoked
populateRelyingPartyInformation(BaseSAMLProfileRequestContext)
,
populateAssertingPartyInformation(BaseSAMLProfileRequestContext)
,
populateProfileInformation(BaseSAMLProfileRequestContext)
, and
populateSAMLMessageInformation(BaseSAMLProfileRequestContext)
have already been invoked and the
properties they provide are available in the request context.
This method should populate: user's session, user's principal name, and service authentication method
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem populating the user's informationprotected abstract org.opensaml.saml2.metadata.Endpoint selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if there is a problem selecting a response endpointprotected void encodeResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- thrown if no message encoder is registered for this profiles bindingprotected boolean isSignResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext
- the current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- if there is a problem determining whether responses should be signedprotected org.opensaml.common.binding.encoding.SAMLMessageEncoder getOutboundMessageEncoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
The default implementation uses the binding URI from the
SAMLMessageContext.getPeerEntityEndpoint()
to lookup
the encoder from the supported message encoders defined in getMessageEncoders()
.
Subclasses may override to implement a different mechanism to determine the encoder to use, such as for example cases where an active intermediary actor sits between this provider and the peer entity endpoint (e.g. the SAML 2 ECP case).
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- if the encoder to use can not be resolved based on the request contextprotected org.opensaml.common.binding.decoding.SAMLMessageDecoder getInboundMessageDecoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
The default implementation uses the binding URI from
getInboundBinding()
to lookup the decoder from the supported message decoders
defined in getMessageDecoders()
.
Subclasses may override to implement a different mechanism to determine the decoder to use.
requestContext
- current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException
- if the decoder to use can not be resolved based on the request contextprotected void writeAuditLogEntry(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext context)
context
- current request context
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |