Package org.opensaml.ws.security

Examples of org.opensaml.ws.security.SecurityPolicyException


    /** {@inheritDoc} */
    protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
        throws SecurityPolicyException {
        if (!(messageContext instanceof SAMLMessageContext)) {
            log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
            throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
        }
       
        SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;
       
        CriteriaSet criteriaSet = new CriteriaSet();
View Full Code Here


    protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
        throws SecurityPolicyException {
       
        if (!(messageContext instanceof SAMLMessageContext)) {
            log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
            throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
        }
       
        SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;

        CriteriaSet criteriaSet = super.buildCriteriaSet(entityID, messageContext);
View Full Code Here

                    samlMsgCtx.setInboundSAMLMessageAuthenticated(true);
                }
                return;
            } else {
                log.warn("Validation of request simple signature failed for context issuer: {}", contextIssuer);
                throw new SecurityPolicyException("Validation of request simple signature failed for context issuer");
            }
        }
           
        String derivedIssuer = deriveSignerEntityID(samlMsgCtx);
        if (derivedIssuer != null) {
            log.debug("Attempting to validate SAML protocol message simple signature using derived issuer: {}",
                    derivedIssuer);
            CriteriaSet criteriaSet = buildCriteriaSet(derivedIssuer, samlMsgCtx);
            if (validateSignature(signature, signedContent, algorithmURI, criteriaSet, candidateCredentials)) {
                log.info("Validation of request simple signature succeeded");
                if (!samlMsgCtx.isInboundSAMLMessageAuthenticated()) {
                    log.info("Authentication via request simple signature succeeded for derived issuer {}",
                            derivedIssuer);
                    samlMsgCtx.setInboundMessageIssuer(derivedIssuer);
                    samlMsgCtx.setInboundSAMLMessageAuthenticated(true);
                }
                return;
            } else {
                log.warn("Validation of request simple signature failed for derived issuer: {}", derivedIssuer);
                throw new SecurityPolicyException("Validation of request simple signature failed for derived issuer");
            }
        }
       
        log.warn("Neither context nor derived issuer available, can not attempt SAML simple signature validation");
        throw new SecurityPolicyException("No message issuer available, can not attempt simple signature validation");
    }
View Full Code Here

                log.warn("Signature validation using request-derived credentials failed");
                return false;
            }
        } catch (SecurityException e) {
            log.warn("There was an error evaluating the request's simple signature using the trust engine", e);
            throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
        }
    }
View Full Code Here

        String messageIsuer = DatatypeHelper.safeTrimOrNullString(samlMsgCtx.getInboundMessageIssuer());
        if (messageIsuer == null) {
            if (requiredRule) {
                log.warn("Message contained no Issuer ID, replay check not possible");
                throw new SecurityPolicyException("Message contained no Issuer ID, replay check not possible");
            }
            return;
        }

        String messageId = DatatypeHelper.safeTrimOrNullString(samlMsgCtx.getInboundSAMLMessageId());
        if (messageId == null) {
            if (requiredRule) {
                log.warn("Message contained no ID, replay check not possible");
                throw new SecurityPolicyException("SAML message from issuer " + messageIsuer + " did not contain an ID");
            }
            return;
        }

        if (replayCache.isReplay(messageIsuer, messageId)) {
            log.warn("Replay detected of message '" + messageId + "' from issuer " + messageIsuer);
            throw new SecurityPolicyException("Rejecting replayed message ID '" + messageId + "' from issuer "
                    + messageIsuer);
        }

    }
View Full Code Here

                    samlMsgCtx.setInboundSAMLMessageAuthenticated(true);
                }
            } else {
                log.debug("Validation of protocol message signature failed for context issuer '" + contextIssuer
                        + "', message type: " + msgType);
                throw new SecurityPolicyException("Validation of protocol message signature failed");
            }
        } else {
            log.debug("Context issuer unavailable, can not attempt SAML protocol message signature validation");
            throw new SecurityPolicyException("Context issuer unavailable, can not validate signature");
        }
    }
View Full Code Here

        if (getSignaturePrevalidator() != null) {
            try {
                getSignaturePrevalidator().validate(signature);
            } catch (ValidationException e) {
                log.debug("Protocol message signature failed signature pre-validation", e);
                throw new SecurityPolicyException("Protocol message signature failed signature pre-validation", e);
            }
        }
    }
View Full Code Here

    /** {@inheritDoc} */
    public void evaluate(MessageContext messageContext) throws SecurityPolicyException {

        if (DatatypeHelper.isEmpty(messageContext.getInboundMessageIssuer())) {
            log.error("Mandatory inbound message context issuer was not present");
            throw new SecurityPolicyException("Mandatory inbound message context issuer not present");
        }

    }
View Full Code Here

    /** {@inheritDoc} */
    public void evaluate(MessageContext messageContext) throws SecurityPolicyException {
        if(!messageContext.isIssuerAuthenticated()) {
            log.error("Inbound message issuer was not authenticated.");
            throw new SecurityPolicyException("Inbound message issuer was not authenticated.");
        }
    }
View Full Code Here

     */
    protected void evaluateContentType(HTTPTransport transport) throws SecurityPolicyException {
        String transportContentType = transport.getHeaderValue("Content-Type");
        if (requiredContentType != null && !transportContentType.startsWith(requiredContentType)) {
            log.error("Invalid content type, expected " + requiredContentType + " but was " + transportContentType);
            throw new SecurityPolicyException("Invalid content type, expected " + requiredContentType + " but was "
                    + transportContentType);
        }
    }
View Full Code Here

TOP

Related Classes of org.opensaml.ws.security.SecurityPolicyException

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.