org.apache.ws.security.validate
Class SamlAssertionValidator

java.lang.Object
  extended by org.apache.ws.security.validate.SignatureTrustValidator
      extended by org.apache.ws.security.validate.SamlAssertionValidator
All Implemented Interfaces:
Validator

public class SamlAssertionValidator
extends SignatureTrustValidator

This class validates a SAML Assertion, which is wrapped in an "AssertionWrapper" instance. It assumes that the AssertionWrapper instance has already verified the signature on the assertion (done by the SAMLTokenProcessor). It verifies trust in the signature, and also checks that the Subject contains a KeyInfo (and processes it) for the holder-of-key case, and verifies that the Assertion is signed as well for holder-of-key.


Constructor Summary
SamlAssertionValidator()
           
 
Method Summary
 Credential validate(Credential credential, RequestData data)
          Validate the credential argument.
protected  Credential verifySignedAssertion(AssertionWrapper assertion, RequestData data)
          Verify trust in the signature of a signed Assertion.
 
Methods inherited from class org.apache.ws.security.validate.SignatureTrustValidator
getCrypto, isCertificateInKeyStore, validateCertificates, validatePublicKey, verifyTrustInCert, verifyTrustInCert, verifyTrustInCerts, verifyTrustInCerts
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SamlAssertionValidator

public SamlAssertionValidator()
Method Detail

validate

public Credential validate(Credential credential,
                           RequestData data)
                    throws WSSecurityException
Validate the credential argument. It must contain a non-null AssertionWrapper. A Crypto and a CallbackHandler implementation is also required to be set.

Specified by:
validate in interface Validator
Overrides:
validate in class SignatureTrustValidator
Parameters:
credential - the Credential to be validated
data - the RequestData associated with the request
Returns:
a validated Credential
Throws:
WSSecurityException - on a failed validation

verifySignedAssertion

protected Credential verifySignedAssertion(AssertionWrapper assertion,
                                           RequestData data)
                                    throws WSSecurityException
Verify trust in the signature of a signed Assertion. This method is separate so that the user can override if if they want.

Parameters:
assertion - The signed Assertion
data - The RequestData context
Returns:
A Credential instance
Throws:
WSSecurityException


Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.