org.opensaml.ws.security.provider
Class HTTPRule

java.lang.Object
  org.opensaml.ws.security.provider.HTTPRule

All Implemented Interfaces:

SecurityPolicyRule

public class HTTPRule
extends Object
implements SecurityPolicyRule

A security rule that checks basic HTTP connection properties.

Field Summary

private org.slf4j.Logger	log Class logger.
private String	requiredContentType Expected content type of the request.
private String	requiredRequestMethod Expected method of the request.
private boolean	requireSecured Whether the request must be secure.

Constructor Summary

HTTPRule(String type, String method, boolean secured)
Constructor.

Method Summary

protected void	doEvaluate(MessageContext messageContext) Evaluates if the message context transport, guaranteed to be of type HTTPTransport, meets all requirements.
void	evaluate(MessageContext messageContext) Evaluates the message context against the rule.
protected void	evaluateContentType(HTTPTransport transport) Checks if the transport is of the correct content type.
protected void	evaluateRequestMethod(HTTPTransport transport) Checks if the transport is of the correct request method.
protected void	evaluateSecured(HTTPTransport transport) Checks if the transport is secured.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

private final org.slf4j.Logger log

Class logger.

requiredContentType

private String requiredContentType

Expected content type of the request.

requiredRequestMethod

private String requiredRequestMethod

Expected method of the request.

requireSecured

private boolean requireSecured

Whether the request must be secure.

Constructor Detail

HTTPRule

public HTTPRule(String type,
                String method,
                boolean secured)

Constructor.

Parameters:

type - expected content type

method - expected request method

secured - whether the request must be secured

Method Detail

evaluate

public void evaluate(MessageContext messageContext)
              throws SecurityPolicyException

Evaluates the message context against the rule.

Specified by:

evaluate in interface SecurityPolicyRule

Parameters:

messageContext - the message context being evaluated

Throws:

SecurityPolicyException - thrown if the message context does not meet the requirements of the rule, or if there is a non-recoverable error during evaluation

doEvaluate

protected void doEvaluate(MessageContext messageContext)
                   throws SecurityPolicyException

Evaluates if the message context transport, guaranteed to be of type HTTPTransport, meets all requirements.

Parameters:

messageContext - message context being evaluated

Throws:

SecurityPolicyException - thrown if the message context does not meet the requirements of an evaluated rule

evaluateContentType

protected void evaluateContentType(HTTPTransport transport)
                            throws SecurityPolicyException

Checks if the transport is of the correct content type.

Parameters:

transport - transport being evalauted

Throws:

SecurityPolicyException - thrown if the content type was an unexpected value

evaluateRequestMethod

protected void evaluateRequestMethod(HTTPTransport transport)
                              throws SecurityPolicyException

Checks if the transport is of the correct request method.

Parameters:

transport - transport being evalauted

Throws:

SecurityPolicyException - thrown if the request method was an unexpected value

evaluateSecured

protected void evaluateSecured(HTTPTransport transport)
                        throws SecurityPolicyException

Checks if the transport is secured.

Parameters:

transport - transport being evalauted

Throws:

SecurityPolicyException - thrown if the transport is not secure and was required to be