Examples of org.opensaml.ws.security.SecurityPolicyException

• org.opensaml.ws.security.SecurityPolicyException
  Exception indicating a security policy failure.

                        presenterEntityID);
                messageContext.getInboundMessageTransport().setAuthenticated(true);
            } else {
                log.error("Authentication via client certificate failed for context presenter entity ID {}",
                        presenterEntityID);
                throw new SecurityPolicyException(
                        "Client certificate authentication failed for context presenter entity ID");
            }
            return;
        }

        throws SecurityPolicyException {

        CriteriaSet criteriaSet = buildCriteriaSet(entityID, messageContext);
        if (criteriaSet == null) {
            log.error("Returned criteria set was null, can not perform trust engine evaluation of token");
            throw new SecurityPolicyException("Returned criteria set was null");
        }

        return evaluate(token, criteriaSet);
    }

    protected boolean evaluate(TokenType token, CriteriaSet criteriaSet) throws SecurityPolicyException {
        try {
            return getTrustEngine().validate(token, criteriaSet);
        } catch (SecurityException e) {
            log.error("There was an error evaluating the request's token using the trust engine", e);
            throw new SecurityPolicyException("Error during trust engine evaluation of the token", e);
        }
    }

    /** {@inheritDoc} */
    public void evaluate(MessageContext messageContext) throws SecurityPolicyException {

        if (DatatypeHelper.isEmpty(messageContext.getInboundMessageIssuer())) {
            log.error("Mandatory inbound message context issuer was not present");
            throw new SecurityPolicyException("Mandatory inbound message context issuer not present");
        }

    }

                        presenterEntityID);
                messageContext.getInboundMessageTransport().setAuthenticated(true);
            } else {
                log.error("Authentication via client certificate failed for context presenter entity ID {}",
                        presenterEntityID);
                throw new SecurityPolicyException(
                        "Client certificate authentication failed for context presenter entity ID");
            }
            return;
        }

    /** {@inheritDoc} */
    public void evaluate(MessageContext messageContext) throws SecurityPolicyException {
        if(!messageContext.isIssuerAuthenticated()) {
            log.error("Inbound message issuer was not authenticated.");
            throw new SecurityPolicyException("Inbound message issuer was not authenticated.");
        }
    }

     */
    protected void evaluateContentType(HTTPTransport transport) throws SecurityPolicyException {
        String transportContentType = transport.getHeaderValue("Content-Type");
        if (requiredContentType != null && !transportContentType.startsWith(requiredContentType)) {
            log.error("Invalid content type, expected " + requiredContentType + " but was " + transportContentType);
            throw new SecurityPolicyException("Invalid content type, expected " + requiredContentType + " but was "
                    + transportContentType);
        }
    }

     */
    protected void evaluateRequestMethod(HTTPTransport transport) throws SecurityPolicyException {
        String transportMethod = transport.getHTTPMethod();
        if (requiredRequestMethod != null && !transportMethod.equalsIgnoreCase(requiredRequestMethod)) {
            log.error("Invalid request method, expected " + requiredRequestMethod + " but was " + transportMethod);
            throw new SecurityPolicyException("Invalid request method, expected " + requiredRequestMethod + " but was "
                    + transportMethod);
        }
    }

     * @throws SecurityPolicyException thrown if the transport is not secure and was required to be
     */
    protected void evaluateSecured(HTTPTransport transport) throws SecurityPolicyException {
        if (requireSecured && !transport.isConfidential()) {
            log.error("Request was required to be secured but was not");
            throw new SecurityPolicyException("Request was required to be secured but was not");
        }
    }

        SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;

        if (samlMsgCtx.getInboundSAMLMessageIssueInstant() == null) {
            if(requiredRule){
                log.warn("Inbound SAML message issue instant not present in message context");
                throw new SecurityPolicyException("Inbound SAML message issue instant not present in message context");
            }else{
                return;
            }
        }

        DateTime issueInstant = samlMsgCtx.getInboundSAMLMessageIssueInstant();
        DateTime now = new DateTime();
        DateTime latestValid = now.plusSeconds(clockSkew);
        DateTime expiration = issueInstant.plusSeconds(clockSkew + expires);

        // Check message wasn't issued in the future
        if (issueInstant.isAfter(latestValid)) {
            log.warn("Message was not yet valid: message time was {}, latest valid is: {}", issueInstant, latestValid);
            throw new SecurityPolicyException("Message was rejected because was issued in the future");
        }

        // Check message has not expired
        if (expiration.isBefore(now)) {
            log.warn("Message was expired: message issue time was '" + issueInstant + "', message expired at: '"
                    + expiration + "', current time: '" + now + "'");
            throw new SecurityPolicyException("Message was rejected due to issue instant expiration");
        }

    }