Class OneTimeUseConditionValidator
- java.lang.Object
-
- org.opensaml.saml.saml2.assertion.impl.OneTimeUseConditionValidator
-
- All Implemented Interfaces:
ConditionValidator
@ThreadSafe public class OneTimeUseConditionValidator extends Object implements ConditionValidator
ConditionValidatorused forOneTimeUseconditions.Supports the following
ValidationContextstatic parameters:-
SAML2AssertionValidationParameters.COND_ONE_TIME_USE_EXPIRES: Optional. If not supplied, defaults to the validator-wide value supplied at construction, or the default value, as retrieved viagetReplayCacheExpires().
Supports the following
ValidationContextdynamic parameters:- None.
-
-
Field Summary
Fields Modifier and Type Field Description static StringCACHE_CONTEXTCache context name.private org.slf4j.LoggerlogLogger.private ReplayCachereplayCacheReplay cache used to track which assertions have been used.private DurationreplayCacheExpiresTime for disposal of value from cache.
-
Constructor Summary
Constructors Constructor Description OneTimeUseConditionValidator(ReplayCache replay, Duration expires)Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected StringgetCacheValue(Assertion assertion)Get the string value which will be tracked in the cache for purposes of one-time use detection.protected InstantgetExpires(Assertion assertion, ValidationContext context)Get the one-time use expiration time for the assertion being evaluated.protected DurationgetReplayCacheExpires()Get the configured validator cache expiration interval.QNamegetServicedCondition()ValidationResultvalidate(Condition condition, Assertion assertion, ValidationContext context)
-
-
-
Field Detail
-
log
@Nonnull private org.slf4j.Logger log
Logger.
-
replayCache
@Nonnull private final ReplayCache replayCache
Replay cache used to track which assertions have been used.
-
replayCacheExpires
@Nonnull private Duration replayCacheExpires
Time for disposal of value from cache.
-
-
Constructor Detail
-
OneTimeUseConditionValidator
public OneTimeUseConditionValidator(@Nonnull ReplayCache replay, @Nullable Duration expires)Constructor.- Parameters:
replay- reply cache used to track which assertions have been usedexpires- time for disposal of tracked assertion from the replay cache. May be null, then defaults to 8 hours
-
-
Method Detail
-
getServicedCondition
@Nonnull public QName getServicedCondition()
- Specified by:
getServicedConditionin interfaceConditionValidator
-
validate
@Nonnull public ValidationResult validate(@Nonnull Condition condition, @Nonnull Assertion assertion, @Nonnull ValidationContext context) throws AssertionValidationException
- Specified by:
validatein interfaceConditionValidator- Throws:
AssertionValidationException
-
getReplayCacheExpires
@Nonnull protected Duration getReplayCacheExpires()
Get the configured validator cache expiration interval.- Returns:
- the configured cache expiration interval
-
getExpires
@Nonnull protected Instant getExpires(Assertion assertion, ValidationContext context)
Get the one-time use expiration time for the assertion being evaluated.Defaults to
Instant.now().plus(getReplayCacheExpires()).A subclass might override this to base expiration on data from the assertion or the validation context.
- Parameters:
assertion- the SAML 2 Assertion being evaluatedcontext- the current validation context- Returns:
- the effective one-time use expiration for the assertion being evaluated
-
getCacheValue
@Nonnull protected String getCacheValue(@Nonnull Assertion assertion) throws AssertionValidationException
Get the string value which will be tracked in the cache for purposes of one-time use detection.- Parameters:
assertion- the SAML 2 Assertion to evaluate- Returns:
- the cache value
- Throws:
AssertionValidationException- thrown if there is a problem calculating the cached value
-
-