org.apache.ws.security.validate
Class SamlAssertionValidator
java.lang.Object
org.apache.ws.security.validate.SignatureTrustValidator
org.apache.ws.security.validate.SamlAssertionValidator
- All Implemented Interfaces:
- Validator
public class SamlAssertionValidator
- extends SignatureTrustValidator
This class validates a SAML Assertion, which is wrapped in an "AssertionWrapper" instance.
It assumes that the AssertionWrapper instance has already verified the signature on the
assertion (done by the SAMLTokenProcessor). It verifies trust in the signature, and also
checks that the Subject contains a KeyInfo (and processes it) for the holder-of-key case,
and verifies that the Assertion is signed as well for holder-of-key.
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SamlAssertionValidator
public SamlAssertionValidator()
validate
public Credential validate(Credential credential,
RequestData data)
throws WSSecurityException
- Validate the credential argument. It must contain a non-null AssertionWrapper.
A Crypto and a CallbackHandler implementation is also required to be set.
- Specified by:
validate
in interface Validator
- Overrides:
validate
in class SignatureTrustValidator
- Parameters:
credential
- the Credential to be validateddata
- the RequestData associated with the request
- Returns:
- a validated Credential
- Throws:
WSSecurityException
- on a failed validation
verifySignedAssertion
protected Credential verifySignedAssertion(AssertionWrapper assertion,
RequestData data)
throws WSSecurityException
- Verify trust in the signature of a signed Assertion. This method is separate so that
the user can override if if they want.
- Parameters:
assertion
- The signed Assertiondata
- The RequestData context
- Returns:
- A Credential instance
- Throws:
WSSecurityException
Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.