Package org.apache.cxf.sts.token.delegation

Class SAMLDelegationHandler

java.lang.Object

org.apache.cxf.sts.token.delegation.SAMLDelegationHandler

All Implemented Interfaces:

TokenDelegationHandler

Direct Known Subclasses:

HOKDelegationHandler

public class SAMLDelegationHandler
extends Object
implements TokenDelegationHandler

The SAML TokenDelegationHandler implementation. It disallows ActAs or OnBehalfOf for all cases apart from the case of a Bearer SAML Token. In addition, the AppliesTo address (if supplied) must match an AudienceRestriction address (if in token), if the "checkAudienceRestriction" property is set to "true".

Constructor Summary

Constructors

Constructor	Description
SAMLDelegationHandler()

Method Summary

Modifier and Type	Method	Description
boolean	canHandleToken(ReceivedToken delegateTarget)	Return true if this TokenDelegationHandler implementation is capable of handling the ReceivedToken argument.
protected List<String>	getAudienceRestrictions(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)
boolean	isCheckAudienceRestriction()
protected boolean	isDelegationAllowed(ReceivedToken receivedToken, String appliesToAddress)	Is Delegation allowed for a particular token
TokenDelegationResponse	isDelegationAllowed(TokenDelegationParameters tokenParameters)	See if delegation is allowed for a Token using the given TokenDelegationParameters.
void	setCheckAudienceRestriction(boolean checkAudienceRestriction)	Set whether to perform a check that the received AppliesTo address is contained in the token as one of the AudienceRestriction URIs.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SAMLDelegationHandler

public SAMLDelegationHandler()

Method Details

canHandleToken

public boolean canHandleToken(ReceivedToken delegateTarget)

Description copied from interface: TokenDelegationHandler

Return true if this TokenDelegationHandler implementation is capable of handling the ReceivedToken argument.

Specified by:

canHandleToken in interface TokenDelegationHandler

isDelegationAllowed

public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters)

Description copied from interface: TokenDelegationHandler

See if delegation is allowed for a Token using the given TokenDelegationParameters.

Specified by:

isDelegationAllowed in interface TokenDelegationHandler

isDelegationAllowed

protected boolean isDelegationAllowed(ReceivedToken receivedToken,
 String appliesToAddress)

Is Delegation allowed for a particular token

getAudienceRestrictions

protected List<String> getAudienceRestrictions(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)

isCheckAudienceRestriction

public boolean isCheckAudienceRestriction()

setCheckAudienceRestriction

public void setCheckAudienceRestriction(boolean checkAudienceRestriction)

Set whether to perform a check that the received AppliesTo address is contained in the token as one of the AudienceRestriction URIs. The default is false.

Parameters:

checkAudienceRestriction - whether to perform an audience restriction check or not