Class SAMLTokenValidator
java.lang.Object
org.apache.cxf.sts.token.validator.SAMLTokenValidator
- All Implemented Interfaces:
TokenValidator
Validate a SAML Assertion. It is valid if it was issued and signed by this STS.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleancanHandleToken(ReceivedToken validateTarget) Return true if this TokenValidator implementation is capable of validating the ReceivedToken argument.booleancanHandleToken(ReceivedToken validateTarget, String realm) Return true if this TokenValidator implementation is capable of validating the ReceivedToken argument.booleanWhether to validate the signature of the Assertion (if it exists) against the relevant profile.voidsetSamlRealmCodec(SAMLRealmCodec samlRealmCodec) Set the SAMLRealmCodec instance to use to return a realm from a validated tokenvoidsetSamlRoleParser(SAMLRoleParser samlRoleParser) voidsetSubjectConstraints(List<String> subjectConstraints) Set a list of Strings corresponding to regular expression constraints on the subject DN of a certificate that was used to sign a received AssertionvoidsetValidateSignatureAgainstProfile(boolean validateSignatureAgainstProfile) Whether to validate the signature of the Assertion (if it exists) against the relevant profile.voidsetValidator(org.apache.wss4j.dom.validate.Validator validator) Set the WSS4J Validator instance to use to validate the token.protected voidvalidateAssertion(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion) Validate the assertion against schemas/profilesprotected booleanvalidateConditions(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion, ReceivedToken validateTarget) validateToken(TokenValidatorParameters tokenParameters) Validate a Token using the given TokenValidatorParameters.
-
Constructor Details
-
SAMLTokenValidator
public SAMLTokenValidator()
-
-
Method Details
-
setSubjectConstraints
Set a list of Strings corresponding to regular expression constraints on the subject DN of a certificate that was used to sign a received Assertion -
setValidator
public void setValidator(org.apache.wss4j.dom.validate.Validator validator) Set the WSS4J Validator instance to use to validate the token.- Parameters:
validator- the WSS4J Validator instance to use to validate the token
-
setSamlRealmCodec
Set the SAMLRealmCodec instance to use to return a realm from a validated token- Parameters:
samlRealmCodec- the SAMLRealmCodec instance to use to return a realm from a validated token
-
canHandleToken
Return true if this TokenValidator implementation is capable of validating the ReceivedToken argument.- Specified by:
canHandleTokenin interfaceTokenValidator
-
canHandleToken
Return true if this TokenValidator implementation is capable of validating the ReceivedToken argument. The realm is ignored in this Validator.- Specified by:
canHandleTokenin interfaceTokenValidator
-
validateToken
Validate a Token using the given TokenValidatorParameters.- Specified by:
validateTokenin interfaceTokenValidator
-
validateAssertion
protected void validateAssertion(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion) throws org.apache.wss4j.common.ext.WSSecurityException Validate the assertion against schemas/profiles- Throws:
org.apache.wss4j.common.ext.WSSecurityException
-
validateConditions
protected boolean validateConditions(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion, ReceivedToken validateTarget) -
getSamlRoleParser
-
setSamlRoleParser
-
isValidateSignatureAgainstProfile
public boolean isValidateSignatureAgainstProfile()Whether to validate the signature of the Assertion (if it exists) against the relevant profile. Default is true. -
setValidateSignatureAgainstProfile
public void setValidateSignatureAgainstProfile(boolean validateSignatureAgainstProfile) Whether to validate the signature of the Assertion (if it exists) against the relevant profile. Default is true.
-