|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectedu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<org.opensaml.ws.transport.http.HTTPInTransport,org.opensaml.ws.transport.http.HTTPOutTransport>
edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>
edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler
public abstract class AbstractSAMLProfileHandler
Base class for SAML profile handlers.
| Constructor Summary | |
|---|---|
protected |
AbstractSAMLProfileHandler()
Constructor. |
| Method Summary | |
|---|---|
protected void |
encodeResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Encodes the request's SAML response and writes it to the servlet response. |
protected org.slf4j.Logger |
getAduitLog()
Gets the audit log for this handler. |
protected List<String> |
getEntitySupportedFormats(org.opensaml.saml2.metadata.RoleDescriptor role)
Gets the list of name identifier formats supported for a given role. |
org.opensaml.common.IdentifierGenerator |
getIdGenerator()
Gets an ID generator which may be used for SAML assertions, requests, etc. |
String |
getInboundBinding()
Gets the SAML message binding used by inbound messages. |
protected org.opensaml.common.binding.decoding.SAMLMessageDecoder |
getInboundMessageDecoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Get the inbound message decoder to use. |
Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> |
getMessageDecoders()
Gets all the SAML message decoders configured for the IdP indexed by SAML binding URI. |
Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> |
getMessageEncoders()
Gets all the SAML message encoders configured for the IdP indexed by SAML binding URI. |
org.opensaml.saml2.metadata.provider.MetadataProvider |
getMetadataProvider()
A convenience method for retrieving the SAML metadata provider from the relying party manager. |
protected List<String> |
getNameFormats(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Gets the name identifier formats to use when creating identifiers for the relying party. |
protected org.opensaml.common.binding.encoding.SAMLMessageEncoder |
getOutboundMessageEncoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Get the outbound message encoder to use. |
edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration |
getRelyingPartyConfiguration(String relyingPartyId)
|
org.opensaml.ws.security.SecurityPolicyResolver |
getSecurityPolicyResolver()
Gets the resolver used to determine active security policy for an incoming request. |
List<String> |
getSupportedOutboundBindings()
Gets the SAML message bindings that may be used by outbound messages. |
protected Session |
getUserSession(org.opensaml.ws.transport.InTransport inTransport)
Gets the user's session, if there is one. |
protected Session |
getUserSession(String principalName)
Gets the user's session based on their principal name. |
protected boolean |
isSignResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Determine whether responses should be signed. |
protected void |
populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information about the asserting party. |
protected void |
populateProfileInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with the information about the profile. |
protected void |
populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information about the relying party. |
protected void |
populateRequestContext(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information. |
protected abstract void |
populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with information from the inbound SAML message. |
protected abstract void |
populateUserInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Populates the request context with the information about the user if they have an existing session. |
protected abstract org.opensaml.saml2.metadata.Endpoint |
selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
Selects the appropriate endpoint for the relying party and stores it in the request context. |
void |
setIdGenerator(org.opensaml.common.IdentifierGenerator generator)
Gets an ID generator which may be used for SAML assertions, requests, etc. |
void |
setInboundBinding(String binding)
Sets the SAML message binding used by inbound messages. |
void |
setMessageDecoders(Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> decoders)
Sets all the SAML message decoders configured for the IdP indexed by SAML binding URI. |
void |
setMessageEncoders(Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> encoders)
Sets all the SAML message encoders configured for the IdP indexed by SAML binding URI. |
void |
setSecurityPolicyResolver(org.opensaml.ws.security.SecurityPolicyResolver resolver)
Sets the resolver used to determine active security policy for an incoming request. |
void |
setSupportedOutboundBindings(List<String> bindings)
Sets the SAML message bindings that may be used by outbound messages. |
protected void |
writeAuditLogEntry(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext context)
Writes an audit log entry indicating the successful response to the attribute request. |
| Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler |
|---|
getBuilderFactory, getParserPool, getProfileConfiguration, getProfileId, getRelyingPartyConfigurationManager, getSessionManager, setParserPool, setRelyingPartyConfigurationManager, setSessionManager |
| Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler |
|---|
getRequestPaths, setRequestPaths |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Methods inherited from interface edu.internet2.middleware.shibboleth.common.profile.ProfileHandler |
|---|
processRequest |
| Constructor Detail |
|---|
protected AbstractSAMLProfileHandler()
| Method Detail |
|---|
public org.opensaml.ws.security.SecurityPolicyResolver getSecurityPolicyResolver()
public void setSecurityPolicyResolver(org.opensaml.ws.security.SecurityPolicyResolver resolver)
resolver - resolver used to determine active security policy for an incoming requestprotected org.slf4j.Logger getAduitLog()
public org.opensaml.common.IdentifierGenerator getIdGenerator()
public String getInboundBinding()
public Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> getMessageDecoders()
public Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> getMessageEncoders()
public org.opensaml.saml2.metadata.provider.MetadataProvider getMetadataProvider()
public List<String> getSupportedOutboundBindings()
protected Session getUserSession(org.opensaml.ws.transport.InTransport inTransport)
inTransport - current inbound transport
protected Session getUserSession(String principalName)
principalName - user's principal name
public void setIdGenerator(org.opensaml.common.IdentifierGenerator generator)
generator - an ID generator which may be used for SAML assertions, requests, etcpublic void setInboundBinding(String binding)
binding - SAML message binding used by inbound messagespublic void setMessageDecoders(Map<String,org.opensaml.common.binding.decoding.SAMLMessageDecoder> decoders)
decoders - SAML message decoders configured for the IdP indexed by SAML binding URIpublic void setMessageEncoders(Map<String,org.opensaml.common.binding.encoding.SAMLMessageEncoder> encoders)
encoders - SAML message encoders configured for the IdP indexed by SAML binding URIpublic void setSupportedOutboundBindings(List<String> bindings)
bindings - SAML message bindings that may be used by outbound messagespublic edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration getRelyingPartyConfiguration(String relyingPartyId)
getRelyingPartyConfiguration in class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager,Session>
protected void populateRequestContext(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext - current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem looking up the relying party's metadata
protected void populateRelyingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext - current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem looking up the relying party's metadata
protected void populateAssertingPartyInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
populateRequestContext(BaseSAMLProfileRequestContext) has already invoked
populateRelyingPartyInformation(BaseSAMLProfileRequestContext) has already been invoked and the
properties it provides are available in the request context.
This method requires the the following request context properties to be populated: metadata provider, relying
party configuration
This methods populates the following request context properties: local entity ID, outbound message issuer, local
entity metadata
requestContext - current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem looking up the asserting party's metadata
protected abstract void populateSAMLMessageInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
populateRequestContext(BaseSAMLProfileRequestContext) has already invoked
populateRelyingPartyInformation(BaseSAMLProfileRequestContext),and
populateAssertingPartyInformation(BaseSAMLProfileRequestContext) have already been invoked and the
properties they provide are available in the request context.
requestContext - current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem populating the request context with information
protected void populateProfileInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
populateRequestContext(BaseSAMLProfileRequestContext) has already invoked
populateRelyingPartyInformation(BaseSAMLProfileRequestContext),
populateAssertingPartyInformation(BaseSAMLProfileRequestContext), and
populateSAMLMessageInformation(BaseSAMLProfileRequestContext) have already been invoked and the
properties they provide are available in the request context.
This method requires the the following request context properties to be populated: relying party configuration
This methods populates the following request context properties: communication profile ID, profile configuration,
outbound message artifact type, peer entity endpoint
requestContext - current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem populating the profile information
protected List<String> getNameFormats(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext - current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem determining the name identifier format to useprotected List<String> getEntitySupportedFormats(org.opensaml.saml2.metadata.RoleDescriptor role)
role - the role to get the list of supported name identifier formats
protected abstract void populateUserInformation(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
populateRequestContext(BaseSAMLProfileRequestContext) has already invoked
populateRelyingPartyInformation(BaseSAMLProfileRequestContext),
populateAssertingPartyInformation(BaseSAMLProfileRequestContext),
populateProfileInformation(BaseSAMLProfileRequestContext), and
populateSAMLMessageInformation(BaseSAMLProfileRequestContext) have already been invoked and the
properties they provide are available in the request context.
This method should populate: user's session, user's principal name, and service authentication method
requestContext - current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem populating the user's information
protected abstract org.opensaml.saml2.metadata.Endpoint selectEndpoint(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext - current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if there is a problem selecting a response endpoint
protected void encodeResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext - current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - thrown if no message encoder is registered for this profiles binding
protected boolean isSignResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
requestContext - the current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - if there is a problem determining whether responses should be signed
protected org.opensaml.common.binding.encoding.SAMLMessageEncoder getOutboundMessageEncoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
The default implementation uses the binding URI from the
SAMLMessageContext.getPeerEntityEndpoint() to lookup
the encoder from the supported message encoders defined in getMessageEncoders().
Subclasses may override to implement a different mechanism to determine the encoder to use, such as for example cases where an active intermediary actor sits between this provider and the peer entity endpoint (e.g. the SAML 2 ECP case).
requestContext - current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - if the encoder to use can not be resolved based on the request context
protected org.opensaml.common.binding.decoding.SAMLMessageDecoder getInboundMessageDecoder(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext requestContext)
throws edu.internet2.middleware.shibboleth.common.profile.ProfileException
The default implementation uses the binding URI from
getInboundBinding() to lookup the decoder from the supported message decoders
defined in getMessageDecoders().
Subclasses may override to implement a different mechanism to determine the decoder to use.
requestContext - current request context
edu.internet2.middleware.shibboleth.common.profile.ProfileException - if the decoder to use can not be resolved based on the request contextprotected void writeAuditLogEntry(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext context)
context - current request context
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||