Package org.opensaml.ws.security

Examples of org.opensaml.ws.security.SecurityPolicyException


     */
    protected void evaluateRequestMethod(HTTPTransport transport) throws SecurityPolicyException {
        String transportMethod = transport.getHTTPMethod();
        if (requiredRequestMethod != null && !transportMethod.equalsIgnoreCase(requiredRequestMethod)) {
            log.error("Invalid request method, expected " + requiredRequestMethod + " but was " + transportMethod);
            throw new SecurityPolicyException("Invalid request method, expected " + requiredRequestMethod + " but was "
                    + transportMethod);
        }
    }
View Full Code Here


     * @throws SecurityPolicyException thrown if the transport is not secure and was required to be
     */
    protected void evaluateSecured(HTTPTransport transport) throws SecurityPolicyException {
        if (requireSecured && !transport.isConfidential()) {
            log.error("Request was required to be secured but was not");
            throw new SecurityPolicyException("Request was required to be secured but was not");
        }
    }
View Full Code Here

        throws SecurityPolicyException {
       
        CriteriaSet criteriaSet = buildCriteriaSet(entityID, messageContext);
        if (criteriaSet == null) {
            log.error("Returned criteria set was null, can not perform trust engine evaluation of token");
            throw new SecurityPolicyException("Returned criteria set was null");
        }
       
        return evaluate(token, criteriaSet);
    }
View Full Code Here

    protected boolean evaluate(TokenType token, CriteriaSet criteriaSet) throws SecurityPolicyException {
        try {
            return getTrustEngine().validate(token, criteriaSet);
        } catch (SecurityException e) {
            log.error("There was an error evaluating the request's token using the trust engine", e);
            throw new SecurityPolicyException("Error during trust engine evaluation of the token", e);
        }
    }
View Full Code Here

        try {
            spssoRole = (SPSSODescriptor) metadataProvider
                .getRole(messageIssuer, SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS);
        } catch (MetadataProviderException e) {
            log.warn("Error resolving SPSSODescriptor metadata for entityID '{}': {}", messageIssuer, e.getMessage());
            throw new SecurityPolicyException("Error resolving metadata for entity ID", e);
        }
       
        if (spssoRole == null) {
            log.warn("SPSSODescriptor role metadata for entityID '{}' could not be resolved", messageIssuer);
            return;
        }
       
        if (spssoRole.isAuthnRequestsSigned() == Boolean.TRUE) {
            if (! isMessageSigned(samlMsgCtx)) {
                log.error("SPSSODescriptor for entity ID '{}' indicates AuthnRequests must be signed, "
                        + "but inbound message was not signed", messageIssuer);
                throw new SecurityPolicyException("Inbound AuthnRequest was required to be signed but was not");
            }
        } else {
            log.debug("SPSSODescriptor for entity ID '{}' does not require AuthnRequests to be signed", messageIssuer);
        }
View Full Code Here

        // One of these two is mandatory
        if (!appendParameter(builder, queryString, "SAMLRequest")) {
            if (!appendParameter(builder, queryString, "SAMLResponse")) {
                log.warn("Could not extract either a SAMLRequest or a SAMLResponse from the query string");
                throw new SecurityPolicyException("Extract of SAMLRequest or SAMLResponse from query string failed");
            }
        }
        // This is optional
        appendParameter(builder, queryString, "RelayState");
        // This is mandatory, but has already been checked in superclass
View Full Code Here

            } else if (request.getParameter("SAMLResponse") != null) {
                samlMsg = new String(Base64.decode(request.getParameter("SAMLResponse")), "UTF-8");
                builder.append("SAMLResponse=" + samlMsg);
            } else {
                log.warn("Could not extract either a SAMLRequest or a SAMLResponse from the form control data");
                throw new SecurityPolicyException("Extract of SAMLRequest or SAMLResponse from form control data");
            }
        } catch (UnsupportedEncodingException e) {
            // All JVM's required to support UTF-8
        }
View Full Code Here

        }

        Unmarshaller unmarshaller = Configuration.getUnmarshallerFactory()
                .getUnmarshaller(KeyInfo.DEFAULT_ELEMENT_NAME);
        if (unmarshaller == null) {
            throw new SecurityPolicyException("Could not obtain a KeyInfo unmarshaller");
        }

        ByteArrayInputStream is = new ByteArrayInputStream(Base64.decode(kiBase64));
        KeyInfo keyInfo = null;
        try {
            Document doc = parser.parse(is);
            keyInfo = (KeyInfo) unmarshaller.unmarshall(doc.getDocumentElement());
        } catch (XMLParserException e) {
            log.warn("Error parsing KeyInfo data", e);
            throw new SecurityPolicyException("Error parsing KeyInfo data", e);
        } catch (UnmarshallingException e) {
            log.warn("Error unmarshalling KeyInfo data", e);
            throw new SecurityPolicyException("Error unmarshalling KeyInfo data", e);
        }

        if (keyInfo == null) {
            log.warn("Could not successfully extract KeyInfo object from the form control data");
            return null;
        }

        List<Credential> credentials = new ArrayList<Credential>();
        CriteriaSet criteriaSet = new CriteriaSet(new KeyInfoCriteria(keyInfo));
        try {
            for (Credential cred : keyInfoResolver.resolve(criteriaSet)) {
                credentials.add(cred);
            }
        } catch (SecurityException e) {
            log.warn("Error resolving credentials from KeyInfo", e);
            throw new SecurityPolicyException("Error resolving credentials from KeyInfo", e);
        }

        return credentials;
    }
View Full Code Here

        // One of these two is mandatory
        if (!appendParameter(builder, queryString, "SAMLRequest")) {
            if (!appendParameter(builder, queryString, "SAMLResponse")) {
                log.error("Could not extract either a SAMLRequest or a SAMLResponse from the query string");
                throw new SecurityPolicyException("Extract of SAMLRequest or SAMLResponse from query string failed");
            }
        }
        // This is optional
        appendParameter(builder, queryString, "RelayState");
        // This is mandatory, but has already been checked in superclass
View Full Code Here

            } else if (request.getParameter("SAMLResponse") != null) {
                samlMsg = new String(Base64.decode(request.getParameter("SAMLResponse")), "UTF-8");
                builder.append("SAMLResponse=" + samlMsg);
            } else {
                log.error("Could not extract either a SAMLRequest or a SAMLResponse from the form control data");
                throw new SecurityPolicyException("Extract of SAMLRequest or SAMLResponse from form control data");
            }
        } catch (UnsupportedEncodingException e) {
            // All JVM's required to support UTF-8
        }
View Full Code Here

TOP

Related Classes of org.opensaml.ws.security.SecurityPolicyException

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.