本文整理汇总了Java中org.opensaml.saml.saml2.core.Conditions类的典型用法代码示例。如果您正苦于以下问题:Java Conditions类的具体用法?Java Conditions怎么用?Java Conditions使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
Conditions类属于org.opensaml.saml.saml2.core包,在下文中一共展示了Conditions类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: validate
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
public void validate(Conditions conditionsElement, String entityId) {
if (conditionsElement == null) {
throw new SamlResponseValidationException("Conditions is missing from the assertion.");
}
if (conditionsElement.getProxyRestriction() != null) {
throw new SamlResponseValidationException("Conditions should not contain proxy restriction element.");
}
if (conditionsElement.getOneTimeUse() != null) {
throw new SamlResponseValidationException("Conditions should not contain one time use element.");
}
DateTime notOnOrAfter = conditionsElement.getNotOnOrAfter();
if (notOnOrAfter != null) {
timeRestrictionValidator.validateNotOnOrAfter(notOnOrAfter);
}
timeRestrictionValidator.validateNotBefore(conditionsElement.getNotBefore());
audienceRestrictionValidator.validate(conditionsElement.getAudienceRestrictions(), entityId);
}
示例2: validateAssertionConditions
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
/**
* Validate assertionConditions
* - notBefore
* - notOnOrAfter
*
* @param conditions the conditions
* @param context the context
*/
protected final void validateAssertionConditions(final Conditions conditions, final SAML2MessageContext context) {
if (conditions == null) {
throw new SAMLException("Assertion conditions cannot be null");
}
if (conditions.getNotBefore() != null && conditions.getNotBefore().minusSeconds(acceptedSkew).isAfterNow()) {
throw new SAMLException("Assertion condition notBefore is not valid");
}
if (conditions.getNotOnOrAfter() != null && conditions.getNotOnOrAfter().plusSeconds(acceptedSkew).isBeforeNow()) {
throw new SAMLException("Assertion condition notOnOrAfter is not valid");
}
final String entityId = context.getSAMLSelfEntityContext().getEntityId();
validateAudienceRestrictions(conditions.getAudienceRestrictions(), entityId);
}
示例3: newConditions
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
/**
* New conditions element.
*
* @param notBefore the not before
* @param notOnOrAfter the not on or after
* @param audienceUri the service id
* @return the conditions
*/
public Conditions newConditions(final DateTime notBefore, final DateTime notOnOrAfter, final String audienceUri) {
final Conditions conditions = newSamlObject(Conditions.class);
conditions.setNotBefore(notBefore);
conditions.setNotOnOrAfter(notOnOrAfter);
final AudienceRestriction audienceRestriction = newSamlObject(AudienceRestriction.class);
final Audience audience = newSamlObject(Audience.class);
audience.setAudienceURI(audienceUri);
audienceRestriction.getAudiences().add(audience);
conditions.getAudienceRestrictions().add(audienceRestriction);
return conditions;
}
示例4: constructSamlResponse
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
/**
* Construct SAML response.
* <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
* @return the SAML response
*/
private String constructSamlResponse() {
final DateTime currentDateTime = DateTime.parse(new ISOStandardDateFormat().getCurrentDateAndTime());
final DateTime notBeforeIssueInstant = DateTime.parse("2003-04-17T00:46:02Z");
final RegisteredService svc = this.servicesManager.findServiceBy(this);
final String userId = svc.getUsernameAttributeProvider().resolveUsername(getPrincipal(), this);
final org.opensaml.saml.saml2.core.Response response = BUILDER.newResponse(
BUILDER.generateSecureRandomId(),
currentDateTime,
getId(), this);
response.setStatus(BUILDER.newStatus(StatusCode.SUCCESS, null));
final AuthnStatement authnStatement = BUILDER.newAuthnStatement(
AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime);
final Assertion assertion = BUILDER.newAssertion(authnStatement,
"https://www.opensaml.org/IDP",
notBeforeIssueInstant, BUILDER.generateSecureRandomId());
final Conditions conditions = BUILDER.newConditions(notBeforeIssueInstant,
currentDateTime, getId());
assertion.setConditions(conditions);
final Subject subject = BUILDER.newSubject(NameID.EMAIL, userId,
getId(), currentDateTime, this.requestId);
assertion.setSubject(subject);
response.getAssertions().add(assertion);
final StringWriter writer = new StringWriter();
BUILDER.marshalSamlXmlObject(response, writer);
final String result = writer.toString();
logger.debug("Generated Google SAML response: {}", result);
return result;
}
示例5: newConditions
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
/**
* New conditions element.
*
* @param notBefore the not before
* @param notOnOrAfter the not on or after
* @param audienceUri the service id
* @return the conditions
*/
public Conditions newConditions(final ZonedDateTime notBefore, final ZonedDateTime notOnOrAfter, final String audienceUri) {
LOGGER.debug("Building conditions for audience [{}] that enforce not-before [{}] and not-after [{}]", audienceUri, notBefore, notOnOrAfter);
final Conditions conditions = newSamlObject(Conditions.class);
conditions.setNotBefore(DateTimeUtils.dateTimeOf(notBefore));
conditions.setNotOnOrAfter(DateTimeUtils.dateTimeOf(notOnOrAfter));
final AudienceRestriction audienceRestriction = newSamlObject(AudienceRestriction.class);
final Audience audience = newSamlObject(Audience.class);
audience.setAudienceURI(audienceUri);
audienceRestriction.getAudiences().add(audience);
conditions.getAudienceRestrictions().add(audienceRestriction);
return conditions;
}
示例6: SamlProfileSamlAssertionBuilder
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
public SamlProfileSamlAssertionBuilder(final OpenSamlConfigBean configBean,
final SamlProfileObjectBuilder<AuthnStatement> samlProfileSamlAuthNStatementBuilder,
final SamlProfileObjectBuilder<AttributeStatement> samlProfileSamlAttributeStatementBuilder,
final SamlProfileObjectBuilder<Subject> samlProfileSamlSubjectBuilder,
final SamlProfileObjectBuilder<Conditions> samlProfileSamlConditionsBuilder,
final BaseSamlObjectSigner samlObjectSigner) {
super(configBean);
this.samlProfileSamlAuthNStatementBuilder = samlProfileSamlAuthNStatementBuilder;
this.samlProfileSamlAttributeStatementBuilder = samlProfileSamlAttributeStatementBuilder;
this.samlProfileSamlSubjectBuilder = samlProfileSamlSubjectBuilder;
this.samlProfileSamlConditionsBuilder = samlProfileSamlConditionsBuilder;
this.samlObjectSigner = samlObjectSigner;
}
示例7: build
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
@Override
public Conditions build(final AuthnRequest authnRequest, final HttpServletRequest request, final HttpServletResponse response,
final Assertion assertion, final SamlRegisteredService service,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor,
final String binding)
throws SamlException {
return buildConditions(authnRequest, assertion, service, adaptor);
}
示例8: buildConditions
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
/**
* Build conditions conditions.
*
* @param authnRequest the authn request
* @param assertion the assertion
* @param service the service
* @param adaptor the adaptor
* @return the conditions
* @throws SamlException the saml exception
*/
protected Conditions buildConditions(final AuthnRequest authnRequest,
final Assertion assertion,
final SamlRegisteredService service,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
final Conditions conditions = newConditions(currentDateTime,
currentDateTime.plusSeconds(casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance()),
adaptor.getEntityId());
return conditions;
}
示例9: constructSamlResponse
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
/**
* Construct SAML response.
* <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
*
* @param service the service
* @return the SAML response
*/
protected String constructSamlResponse(final GoogleAccountsService service) {
final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
final ZonedDateTime notBeforeIssueInstant = ZonedDateTime.parse("2003-04-17T00:46:02Z");
final RegisteredService registeredService = servicesManager.findServiceBy(service);
if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
}
final String userId = registeredService.getUsernameAttributeProvider().resolveUsername(service.getPrincipal(), service, registeredService);
final org.opensaml.saml.saml2.core.Response response = this.samlObjectBuilder.newResponse(
this.samlObjectBuilder.generateSecureRandomId(), currentDateTime, null, service);
response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
final String sessionIndex = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
final AuthnStatement authnStatement = this.samlObjectBuilder.newAuthnStatement(AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime, sessionIndex);
final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, casServerPrefix,
notBeforeIssueInstant, this.samlObjectBuilder.generateSecureRandomId());
final Conditions conditions = this.samlObjectBuilder.newConditions(notBeforeIssueInstant,
currentDateTime.plusSeconds(this.skewAllowance), service.getId());
assertion.setConditions(conditions);
final Subject subject = this.samlObjectBuilder.newSubject(NameID.EMAIL, userId,
service.getId(), currentDateTime.plusSeconds(this.skewAllowance), service.getRequestId());
assertion.setSubject(subject);
response.getAssertions().add(assertion);
final StringWriter writer = new StringWriter();
this.samlObjectBuilder.marshalSamlXmlObject(response, writer);
final String result = writer.toString();
LOGGER.debug("Generated Google SAML response: [{}]", result);
return result;
}
示例10: shouldValidateAssertionConditions
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
@Test
public void shouldValidateAssertionConditions() {
Conditions conditions = mock(Conditions.class);
when(assertion.getConditions()).thenReturn(conditions);
validator.validate(assertion, "any-expected-in-response-to", "some-entity-id");
verify(conditionsValidator).validate(conditions, "some-entity-id");
}
示例11: setUp
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
@Before
public void setUp() {
timeRestrictionValidator = mock(TimeRestrictionValidator.class);
audienceRestrictionValidator = mock(AudienceRestrictionValidator.class);
conditions = mock(Conditions.class);
validator = new ConditionsValidator(timeRestrictionValidator, audienceRestrictionValidator);
IdaSamlBootstrap.bootstrap();
}
示例12: retrieveUserProfile
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
@Override
protected SAML2Profile retrieveUserProfile(final SAML2Credentials credentials, final WebContext context) throws HttpAction {
final SAML2Profile profile = new SAML2Profile();
profile.setId(credentials.getNameId().getValue());
profile.addAttribute("sessionindex", credentials.getSessionIndex());
for (final Attribute attribute : credentials.getAttributes()) {
logger.debug("Processing profile attribute {}", attribute);
final List<String> values = new ArrayList<String>();
for (final XMLObject attributeValue : attribute.getAttributeValues()) {
final Element attributeValueElement = attributeValue.getDOM();
if (attributeValueElement != null) {
final String value = attributeValueElement.getTextContent();
logger.debug("Adding attribute value {} for attribute {}", value,
attribute.getFriendlyName());
values.add(value);
} else {
logger.warn("Attribute value DOM element is null for {}", attribute);
}
}
if (!values.isEmpty()) {
profile.addAttribute(attribute.getName(), values);
} else {
logger.debug("No attribute values found for {}", attribute.getName());
}
}
// Retrieve conditions attributes
Conditions conditions = credentials.getConditions();
if (conditions != null) {
profile.addAttribute(SAML_CONDITION_NOT_BEFORE_ATTRIBUTE, conditions.getNotBefore());
profile.addAttribute(SAML_CONDITION_NOT_ON_OR_AFTER_ATTRIBUTE, conditions.getNotOnOrAfter());
}
return profile;
}
示例13: SAML2Credentials
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
public SAML2Credentials(final NameID nameId, final List<Attribute> attributes, final Conditions conditions,
final String clientName, final String sessionIndex) {
this.nameId = nameId;
this.sessionIndex = sessionIndex;
this.attributes = attributes;
this.conditions = conditions;
setClientName(clientName);
}
示例14: apply
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
public Assertion apply(MatchingServiceAssertion originalAssertion) {
Assertion transformedAssertion = openSamlXmlObjectFactory.createAssertion();
transformedAssertion.setIssueInstant(originalAssertion.getIssueInstant());
Issuer transformedIssuer = openSamlXmlObjectFactory.createIssuer(originalAssertion.getIssuerId());
transformedAssertion.setIssuer(transformedIssuer);
transformedAssertion.setID(originalAssertion.getId());
Subject subject = outboundAssertionToSubjectTransformer.transform(originalAssertion);
transformedAssertion.setSubject(subject);
MatchingServiceAuthnStatement authnStatement = originalAssertion.getAuthnStatement();
transformedAssertion.getAuthnStatements().add(matchingServiceAuthnStatementToAuthnStatementTransformer.transform(authnStatement));
Conditions conditions = openSamlXmlObjectFactory.createConditions();
AudienceRestriction audienceRestriction = openSamlXmlObjectFactory.createAudienceRestriction(originalAssertion.getAudience());
conditions.getAudienceRestrictions().add(audienceRestriction);
transformedAssertion.setConditions(conditions);
List<Attribute> userAttributesForAccountCreation = originalAssertion.getUserAttributesForAccountCreation();
if (!userAttributesForAccountCreation.isEmpty()) {
addAttributes(transformedAssertion, userAttributesForAccountCreation);
}
return transformedAssertion;
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:30,代码来源:MatchingServiceAssertionToAssertionTransformer.java
示例15: ConditionsValidator
import org.opensaml.saml.saml2.core.Conditions; //导入依赖的package包/类
public ConditionsValidator(final Function<T, Conditions> valueProvider, final String audienceUri) {
super(
true,
valueProvider,
new RequiredValidator<>(DEFAULT_REQUIRED_MESSAGE),
new FixedErrorValidator<>(conditions -> conditions.getNotBefore() == null && conditions.getNotOnOrAfter() == null, DEFAULT_NOT_BEFORE_AND_NOT_ON_OR_AFTER_ARE_MISSING_MESSAGE),
new CompositeValidator<>(
conditions -> conditions.getNotBefore() != null && conditions.getNotOnOrAfter() != null,
false,
new FixedErrorValidator<>(conditions -> conditions.getNotOnOrAfter().isBefore(conditions.getNotOnOrAfter()) || conditions.getNotOnOrAfter().isEqual(conditions.getNotBefore()), DEFAULT_NOT_BEFORE_MUST_BE_LESS_THAN_NOT_ON_OR_AFTER_TIME_MESSAGE)
),
new CompositeValidator<>(
conditions -> conditions.getNotBefore() != null,
false,
new FixedErrorValidator<>(conditions -> DateTime.now(DateTimeZone.UTC).isBefore(conditions.getNotBefore()), DEFAULT_CURRENT_TIME_BEFORE_VALID_TIME_MESSAGE)
),
new CompositeValidator<>(
conditions -> conditions.getNotOnOrAfter() != null,
false,
new FixedErrorValidator<>(conditions -> DateTime.now(DateTimeZone.UTC).isAfter(conditions.getNotOnOrAfter()) || DateTime.now(DateTimeZone.UTC).isEqual(conditions.getNotOnOrAfter()), DEFAULT_CURRENT_TIME_IS_ON_AND_AFTER_VALID_TIME_MESSAGE)
),
new CompositeValidator<>(
true,
new FixedErrorValidator<>(conditions -> conditions.getAudienceRestrictions().size() != 1, DEFAULT_CONDITIONS_MUST_CONTAIN_ONE_AUDIENCE_RESTRICTION_MESSAGE),
new AudienceRestrictionValidator<>(conditions -> conditions.getAudienceRestrictions().get(0), audienceUri)
)
);
}