|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object issrg.saml.SAMLAATokenParser
public abstract class SAMLAATokenParser
Nested Class Summary | |
---|---|
class |
SAMLAATokenParser.StaticKeyInfoCredentialResolver
|
Field Summary | |
---|---|
static Credentials |
NullCreds
|
RoleHierarchyPolicy |
roleHierarchy
|
SignatureVerifier |
SV
|
Constructor Summary | |
---|---|
SAMLAATokenParser()
Creates a new instance of SAMLAuthTokenParser |
|
SAMLAATokenParser(java.util.Map m,
SignatureVerifier signatureVerifier)
The constructor takes the Map of Assignment Rules, as returned by the PolicyParser and the Signature Verifier, which can be null. |
|
SAMLAATokenParser(RoleHierarchyPolicy rhpn,
SignatureVerifier signatureVerifier)
The constructor uses the Role Hierarchy policy and the Signature Verifier to subsequently decode the Attribute Certificates. |
Method Summary | |
---|---|
Response |
buildResponseFromXML(org.w3c.dom.Element res)
this method builds a SAML response object from the given SAML |
ParsedToken |
decode(java.lang.Object token)
This method decodes a given saml response. |
ParsedToken |
decodePlainAssertions(Assertion[] assertions)
this method returns a parsed token from a SAML assertion |
ParsedToken |
decodeRawAttributes(issrg.saml.SAMLAATokenParser.RawAttributes token)
this method is used to decode an Attributes object, which represents the all attributes in a SAML assertion. |
ParsedToken |
decodeSAMLAssertions(java.lang.Object[] assertions)
to parse the assertion into a ParsedToken |
issrg.saml.SAMLAATokenParser.RawAttributes |
getAttributes(Assertion[] assertions)
this method returns RawAttributes, which represent a set of SAML attributes |
java.util.Map |
getAuthzTokenParsingRules()
This method returns the Authorisation Token Parsing Rules, as a Map with a single entry with the key issrg.pba.rbac.RoleHierarchyPolicy.class and the value being the RoleHierarchyPolicy used by this RoleBasedACParser. |
java.lang.Object[] |
getSAMLAssertions(Response response)
this method return a SAML assertions from the given SAML response |
SignatureVerifier |
getSignatureVerifier()
This method returns the SignatureVerifier used by this RoleBasedACParser. |
void |
primaryCheck(java.lang.Object token,
RoleHierarchyPolicy rh)
to check whether the token is a SAML response and the Role Hierarch is available otherwise to throw an exception. |
void |
setAuthzTokenParsingRules(java.util.Map m)
This method sets the Authorisation Token Parsing Rules. |
void |
setRoleHierarchy(RoleHierarchyPolicy rhpn)
This method sets the Authorisation Token Parsing Rules by directly specifying the Role Hierarchy to be used. |
void |
setSignatureVerifier(SignatureVerifier signatureVerifier)
This method sets the SignatureVerifier to be used to validate the X.509 Attribute Certificates. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public RoleHierarchyPolicy roleHierarchy
public static final Credentials NullCreds
public SignatureVerifier SV
Constructor Detail |
---|
public SAMLAATokenParser()
public SAMLAATokenParser(RoleHierarchyPolicy rhpn, SignatureVerifier signatureVerifier)
rhpn
- is the RoleHierarchyPolicy used to decode the role values in
the Attribute Certificates; can't be nullsignatureVerifier
- will be used to validate digital signatures;
if null, no signature verification will be performed (NOT RECOMMENDED
FOR REAL DEPLOYMENT AS INSECURE!)public SAMLAATokenParser(java.util.Map m, SignatureVerifier signatureVerifier)
m
- is the map of assignment rules to usesignatureVerifier
- will be used to validate digital signatures;
if null, no signature verification will be performed (NOT RECOMMENDED
FOR REAL DEPLOYMENT AS INSECURE!)Method Detail |
---|
public java.util.Map getAuthzTokenParsingRules()
getAuthzTokenParsingRules
in interface AuthzTokenParser
public void setSignatureVerifier(SignatureVerifier signatureVerifier)
setSignatureVerifier
in interface AuthzTokenParser
signatureVerifier
- is the SignatureVerifier used to validate the
ACs; if null, no signature verification will be performed (SHOULD NOT
BE USED IN PRODUCTION SCENARIOS!)public SignatureVerifier getSignatureVerifier()
getSignatureVerifier
in interface AuthzTokenParser
public void setAuthzTokenParsingRules(java.util.Map m)
setAuthzTokenParsingRules
in interface AuthzTokenParser
m
- - the Map of rules with a RoleHierarchyPolicy insidepublic void setRoleHierarchy(RoleHierarchyPolicy rhpn)
setRoleHierarchy
in interface RoleBasedAuthzTokenParser
rhpn
- - the RoleHierarchyPolicy to be used; if null, decoding the
ACs will always failpublic ParsedToken decode(java.lang.Object token) throws PbaException
decode
in interface AuthzTokenParser
token
- is the object of SAML PbaException,
- if no Role Hierarchy Policy has been specified
through the constructor or either of the methods, or if there was a
problem when decoding the Authorisation Token
PbaException
- if any error occurs; for example, the given object is
not a proper Authorisation Token that the implementation can handlepublic Response buildResponseFromXML(org.w3c.dom.Element res) throws PbaException
res
- is the SAML XML element
PbaException
public java.lang.Object[] getSAMLAssertions(Response response)
response
- is the SAML response object
public ParsedToken decodeSAMLAssertions(java.lang.Object[] assertions) throws PbaException
assertion
- could be either AssertionType or EncryptedElementType.
PbaException
public ParsedToken decodePlainAssertions(Assertion[] assertions) throws PbaException
is
- the SAML assertion
PbaException
public void primaryCheck(java.lang.Object token, RoleHierarchyPolicy rh) throws PbaException
token
- is an ResponseType object
PbaException
public issrg.saml.SAMLAATokenParser.RawAttributes getAttributes(Assertion[] assertions) throws PbaException
assertions
- are SAML assertions
PbaException
public ParsedToken decodeRawAttributes(issrg.saml.SAMLAATokenParser.RawAttributes token) throws PbaException
vp
- is a validity period of these attributes.attrs
- is the Attributes object
PbaException
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |