Package org.opensaml.saml.saml2.binding.decoding.impl

Class HTTPArtifactDecoder

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.messaging.decoder.AbstractMessageDecoder

org.opensaml.messaging.decoder.servlet.AbstractHttpServletRequestMessageDecoder

org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder

org.opensaml.saml.saml2.binding.decoding.impl.HTTPArtifactDecoder

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, UnmodifiableComponent, MessageDecoder, HttpServletRequestMessageDecoder, SAMLMessageDecoder

public class HTTPArtifactDecoder
extends BaseHttpServletRequestXMLMessageDecoder
implements SAMLMessageDecoder

SAML 2 Artifact Binding decoder, support both HTTP GET and POST.

Field Summary

Fields

Modifier and Type	Field	Description
private SAML2ArtifactBuilderFactory	artifactBuilderFactory	SAML 2 artifact builder factory.
private EndpointResolver<ArtifactResolutionService>	artifactEndpointResolver	Resolver for ArtifactResolutionService endpoints.
private BindingDescriptor	bindingDescriptor	Optional BindingDescriptor to inject into SAMLBindingContext created.
private IdentifierGenerationStrategy	idStrategy	Identifier generation strategy.
private org.slf4j.Logger	log	Class logger.
private QName	peerEntityRole	The peer entity role QName.
private RoleDescriptorResolver	roleDescriptorResolver	Role descriptor resolver.
private Resolver<String,CriteriaSet>	selfEntityIDResolver	Resolver for the self entityID, based on the peer entity data.
private SOAPClient	soapClient	SOAP client.
private String	soapClientSecurityConfigurationProfileId	SOAP client security configuration profile ID.
private String	soapPipelineName	The SOAP client message pipeline name.

Constructor Summary

Constructors

Constructor	Description
HTTPArtifactDecoder()

Method Summary

Modifier and Type	Method	Description
private ArtifactResolve	buildArtifactResolveRequestMessage(SAML2Artifact artifact, String endpoint, RoleDescriptor peerRoleDescriptor, String selfEntityID)	Build the SAML protocol message for artifact resolution.
private Issuer	buildIssuer(String selfEntityID)	Build the SAML protocol message Issuer element.
private SAMLObject	dereferenceArtifact(SAML2Artifact artifact, RoleDescriptor peerRoleDescriptor, ArtifactResolutionService ars)	De-reference the supplied artifact into the corresponding SAML protocol message.
protected void	doDecode()
protected void	doDestroy()
protected void	doInitialize()
SAML2ArtifactBuilderFactory	getArtifactBuilderFactory()	Get the SAML 2 artifact builder factory.
EndpointResolver<ArtifactResolutionService>	getArtifactEndpointResolver()	Get the artifact endpoint resolver.
BindingDescriptor	getBindingDescriptor()	Get an optional BindingDescriptor to inject into SAMLBindingContext created.
String	getBindingURI()
IdentifierGenerationStrategy	getIdentifierGenerationStrategy()	Get the identifier generation strategy.
QName	getPeerEntityRole()	Get the peer entity role QName.
RoleDescriptorResolver	getRoleDescriptorResolver()	Get the role descriptor resolver.
Resolver<String,CriteriaSet>	getSelfEntityIDResolver()	Get the resolver for the self entityID.
SOAPClient	getSOAPClient()	Get the SOAP client instance.
String	getSOAPClientSecurityConfigurationProfileId()	Get the SOAP client security configuration profile ID to use.
String	getSOAPPipelineName()	Get the name of the specific SOAP client message pipeline to use, for example with PipelineFactoryHttpSOAPClient.
private SAML2Artifact	parseArtifact(String encodedArtifact)	Parse and decode the supplied encoded artifact string into a SAML2Artifact instance.
protected void	populateBindingContext(MessageContext messageContext)	Populate the context which carries information specific to this binding.
private void	processArtifact(MessageContext messageContext, javax.servlet.http.HttpServletRequest request)	Process the incoming artifact by decoding the artifacts, dereferencing it from the artifact issuer and storing the resulting protocol message in the message context.
private ArtifactResolutionService	resolveArtifactEndpoint(SAML2Artifact artifact, RoleDescriptor peerRoleDescriptor)	Resolve the artifact resolution endpoint of the peer who issued the artifact.
private RoleDescriptor	resolvePeerRoleDescriptor(SAML2Artifact artifact)	Resolve the role descriptor of the SAML peer who issued the supplied artifact.
private String	resolveSelfEntityID(RoleDescriptor peerRoleDescriptor)	Resolve the self entityID, used as the issuer of the protocol message by this entity.
void	setArtifactBuilderFactory(SAML2ArtifactBuilderFactory factory)	Set the SAML 2 artifact builder factory.
void	setArtifactEndpointResolver(EndpointResolver<ArtifactResolutionService> resolver)	Set the artifact endpoint resolver.
void	setBindingDescriptor(BindingDescriptor descriptor)	Set an optional BindingDescriptor to inject into SAMLBindingContext created.
void	setIdentifierGenerationStrategy(IdentifierGenerationStrategy strategy)	Set the identifier generation strategy.
void	setPeerEntityRole(QName role)	Set the peer entity role QName.
void	setRoleDescriptorResolver(RoleDescriptorResolver resolver)	Set the role descriptor resolver.
void	setSelfEntityIDResolver(Resolver<String,CriteriaSet> resolver)	Set the resolver for the self entityID.
void	setSOAPClient(SOAPClient client)	Set the SOAP client instance.
void	setSOAPClientSecurityConfigurationProfileId(String profileId)	Set the SOAP client security configuration profile ID to use.
void	setSOAPPipelineName(String name)	Set the name of the specific SOAP client message pipeline to use, for example with PipelineFactoryHttpSOAPClient.
private SAMLObject	validateAndExtractResponseMessage(ArtifactResponse artifactResponse)	Validate and extract the SAML protocol message from the artifact response.

Methods inherited from class org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder

decode, getMessageToLog, getParserPool, logDecodedMessage, setParserPool, unmarshallMessage, validateHttpRequest

Methods inherited from class org.opensaml.messaging.decoder.servlet.AbstractHttpServletRequestMessageDecoder

getHttpServletRequest, setHttpServletRequest

Methods inherited from class org.opensaml.messaging.decoder.AbstractMessageDecoder

getMessageContext, setMessageContext

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.DestructableComponent

destroy, isDestroyed

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Methods inherited from interface org.opensaml.messaging.decoder.MessageDecoder

decode, getMessageContext

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

bindingDescriptor

@Nullable
private BindingDescriptor bindingDescriptor

Optional BindingDescriptor to inject into SAMLBindingContext created.

artifactBuilderFactory

@NonnullAfterInit
private SAML2ArtifactBuilderFactory artifactBuilderFactory

SAML 2 artifact builder factory.

artifactEndpointResolver

@NonnullAfterInit
private EndpointResolver<ArtifactResolutionService> artifactEndpointResolver

Resolver for ArtifactResolutionService endpoints.

roleDescriptorResolver

@NonnullAfterInit
private RoleDescriptorResolver roleDescriptorResolver

Role descriptor resolver.

peerEntityRole

@NonnullAfterInit
private QName peerEntityRole

The peer entity role QName.

selfEntityIDResolver

@NonnullAfterInit
private Resolver<String,CriteriaSet> selfEntityIDResolver

Resolver for the self entityID, based on the peer entity data.

soapClient

private SOAPClient soapClient

SOAP client.

soapPipelineName

private String soapPipelineName

The SOAP client message pipeline name.

soapClientSecurityConfigurationProfileId

private String soapClientSecurityConfigurationProfileId

SOAP client security configuration profile ID.

idStrategy

private IdentifierGenerationStrategy idStrategy

Identifier generation strategy.

Constructor Detail

HTTPArtifactDecoder

public HTTPArtifactDecoder()

Method Detail

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class BaseHttpServletRequestXMLMessageDecoder

Throws:

ComponentInitializationException

doDestroy

protected void doDestroy()

Overrides:

doDestroy in class BaseHttpServletRequestXMLMessageDecoder

getIdentifierGenerationStrategy

@NonnullAfterInit
public IdentifierGenerationStrategy getIdentifierGenerationStrategy()

Get the identifier generation strategy.

Returns:

Returns the identifier generation strategy

setIdentifierGenerationStrategy

public void setIdentifierGenerationStrategy(@Nullable
                                            IdentifierGenerationStrategy strategy)

Set the identifier generation strategy.

Parameters:

strategy - the identifier generation strategy

getSelfEntityIDResolver

@NonnullAfterInit
public Resolver<String,CriteriaSet> getSelfEntityIDResolver()

Get the resolver for the self entityID.

Returns:

the resolver

setSelfEntityIDResolver

public void setSelfEntityIDResolver(@Nonnull
                                    Resolver<String,CriteriaSet> resolver)

Set the resolver for the self entityID.

Parameters:

resolver - the resolver instance

getPeerEntityRole

@NonnullAfterInit
public QName getPeerEntityRole()

Get the peer entity role QName.

Returns:

the peer entity role

setPeerEntityRole

public void setPeerEntityRole(@Nonnull
                              QName role)

Set the peer entity role QName.

Parameters:

role - the peer entity role

getArtifactEndpointResolver

@NonnullAfterInit
public EndpointResolver<ArtifactResolutionService> getArtifactEndpointResolver()

Get the artifact endpoint resolver.

Returns:

the endpoint resolver

setArtifactEndpointResolver

public void setArtifactEndpointResolver(@Nullable
                                        EndpointResolver<ArtifactResolutionService> resolver)

Set the artifact endpoint resolver.

Parameters:

resolver - the new resolver

getRoleDescriptorResolver

@NonnullAfterInit
public RoleDescriptorResolver getRoleDescriptorResolver()

Get the role descriptor resolver.

Must be capable of resolving descriptors based on ArtifactCriterion.

Returns:

the role descriptor resolver

setRoleDescriptorResolver

public void setRoleDescriptorResolver(@Nullable
                                      RoleDescriptorResolver resolver)

Set the role descriptor resolver.

Must be capable of resolving descriptors based on ArtifactCriterion.

Parameters:

resolver - the role descriptor resolver

getArtifactBuilderFactory

@NonnullAfterInit
public SAML2ArtifactBuilderFactory getArtifactBuilderFactory()

Get the SAML 2 artifact builder factory.

Returns:

the artifact builder factory in use

setArtifactBuilderFactory

public void setArtifactBuilderFactory(@Nullable
                                      SAML2ArtifactBuilderFactory factory)

Set the SAML 2 artifact builder factory.

Parameters:

factory - the artifact builder factory

getSOAPClient

@NonnullAfterInit
public SOAPClient getSOAPClient()

Get the SOAP client instance.

Returns:

the SOAP client

setSOAPClient

public void setSOAPClient(@Nonnull
                          SOAPClient client)

Set the SOAP client instance.

Parameters:

client - the SOAP client

getSOAPPipelineName

@Nullable
public String getSOAPPipelineName()

Get the name of the specific SOAP client message pipeline to use, for example with PipelineFactoryHttpSOAPClient.

Returns:

the pipeline name, or null

setSOAPPipelineName

public void setSOAPPipelineName(@Nullable
                                String name)

Set the name of the specific SOAP client message pipeline to use, for example with PipelineFactoryHttpSOAPClient.

Parameters:

name - the pipeline name, or null

getSOAPClientSecurityConfigurationProfileId

@Nullable
public String getSOAPClientSecurityConfigurationProfileId()

Get the SOAP client security configuration profile ID to use.

Returns:

the client security configuration profile ID, or null

setSOAPClientSecurityConfigurationProfileId

@Nonnull
public void setSOAPClientSecurityConfigurationProfileId(@Nullable
                                                        String profileId)

Set the SOAP client security configuration profile ID to use.

Parameters:

profileId - the profile ID, or null

getBindingURI

@Nonnull
@NotEmpty
public String getBindingURI()

Specified by:

getBindingURI in interface SAMLMessageDecoder

getBindingDescriptor

@Nullable
public BindingDescriptor getBindingDescriptor()

Get an optional BindingDescriptor to inject into SAMLBindingContext created.

Returns:

binding descriptor

setBindingDescriptor

public void setBindingDescriptor(@Nullable
                                 BindingDescriptor descriptor)

Set an optional BindingDescriptor to inject into SAMLBindingContext created.

Parameters:

descriptor - a binding descriptor

doDecode

protected void doDecode()
                 throws MessageDecodingException

Specified by:

doDecode in class AbstractMessageDecoder

Throws:

MessageDecodingException

processArtifact

private void processArtifact(MessageContext messageContext,
                             javax.servlet.http.HttpServletRequest request)
                      throws MessageDecodingException

Process the incoming artifact by decoding the artifacts, dereferencing it from the artifact issuer and storing the resulting protocol message in the message context.

Parameters:

messageContext - the message context being processed

request - the HTTP servlet request

Throws:

MessageDecodingException - thrown if there is a problem decoding or dereferencing the artifact

dereferenceArtifact

@Nonnull
private SAMLObject dereferenceArtifact(@Nonnull
                                       SAML2Artifact artifact,
                                       @Nonnull
                                       RoleDescriptor peerRoleDescriptor,
                                       @Nonnull
                                       ArtifactResolutionService ars)
                                throws MessageDecodingException

De-reference the supplied artifact into the corresponding SAML protocol message.

Parameters:

artifact - the artifact to de-reference

peerRoleDescriptor - the peer RoleDescriptor

ars - the peer's artifact resolution service endpoint

Returns:

the de-referenced artifact

Throws:

MessageDecodingException - if there is fatal error, or if the artifact was not successfully resolved

validateAndExtractResponseMessage

@Nonnull
private SAMLObject validateAndExtractResponseMessage(@Nonnull
                                                     ArtifactResponse artifactResponse)
                                              throws MessageDecodingException

Validate and extract the SAML protocol message from the artifact response.

Parameters:

artifactResponse - the response to process

Returns:

the SAML protocol message

Throws:

MessageDecodingException - if the protocol message was not sent or there was a non-success status response

buildArtifactResolveRequestMessage

@Nonnull
private ArtifactResolve buildArtifactResolveRequestMessage(@Nonnull
                                                           SAML2Artifact artifact,
                                                           @Nonnull
                                                           String endpoint,
                                                           @Nonnull
                                                           RoleDescriptor peerRoleDescriptor,
                                                           @Nonnull
                                                           String selfEntityID)
                                                    throws EncodingException

Build the SAML protocol message for artifact resolution.

Parameters:

artifact - the artifact being de-referenced

endpoint - the peer artifact resolution service endpoint

peerRoleDescriptor - the peer RoleDescriptor

selfEntityID - the entityID of this party, the issuer of the protocol request message

Returns:

the SAML protocol message for artifact resolution

Throws:

EncodingException - if the artifact can not be base64 encoded.

resolveSelfEntityID

@Nonnull
private String resolveSelfEntityID(@Nonnull
                                   RoleDescriptor peerRoleDescriptor)
                            throws MessageDecodingException

Resolve the self entityID, used as the issuer of the protocol message by this entity.

Parameters:

peerRoleDescriptor - the peer RoleDescriptor

Returns:

the resolved self entityID

Throws:

MessageDecodingException - if there was a fatal error during resolution, or the entityID could not be resolved

buildIssuer

@Nonnull
private Issuer buildIssuer(@Nonnull
                           String selfEntityID)

Build the SAML protocol message Issuer element.

Parameters:

selfEntityID - the entity ID of the protocol message issuer (this entity)

Returns:

the Issuer element

resolveArtifactEndpoint

@Nonnull
private ArtifactResolutionService resolveArtifactEndpoint(@Nonnull
                                                          SAML2Artifact artifact,
                                                          @Nonnull
                                                          RoleDescriptor peerRoleDescriptor)
                                                   throws MessageDecodingException

Resolve the artifact resolution endpoint of the peer who issued the artifact.

Parameters:

artifact - the artifact

peerRoleDescriptor - the peer RoleDescriptor

Returns:

the peer artifact resolution service endpoint

Throws:

MessageDecodingException - if there is a fatal error resolving the endpoint, or the endpoint could not be resolved

resolvePeerRoleDescriptor

@Nonnull
private RoleDescriptor resolvePeerRoleDescriptor(@Nonnull
                                                 SAML2Artifact artifact)
                                          throws MessageDecodingException

Resolve the role descriptor of the SAML peer who issued the supplied artifact.

Parameters:

artifact - the artifact to process

Returns:

the peer RoleDescriptor

Throws:

MessageDecodingException - if there was a fatal error resolving the role descriptor, or the descriptor could not be resolved

parseArtifact

@Nonnull
private SAML2Artifact parseArtifact(@Nonnull
                                    String encodedArtifact)
                             throws MessageDecodingException

Parse and decode the supplied encoded artifact string into a SAML2Artifact instance.

Parameters:

encodedArtifact - the encoded artifact which was received

Returns:

the decoded artifact instance

Throws:

MessageDecodingException - if the encoded artifact could not be decoded

populateBindingContext

protected void populateBindingContext(MessageContext messageContext)

Populate the context which carries information specific to this binding.

Parameters:

messageContext - the current message context