Interface RequestHttpObjectBuilder<T extends org.opensaml.saml.saml2.core.RequestAbstractType>
- Type Parameters:
T
- the concrete request type
- All Superinterfaces:
SAMLObjectBuilder<T>
A request builder instance may only be used to create one request and should not be re-used. Instead a new builder should be created using a builder factory.
By default the request builder creates a Request object based on the SP and IdP settings in metadata and the configuration of the builder factory, but it is also possible to control the request by using chaining calls as illustrated below:
RequestHttpObject request =
builder.relayState("hello").binding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST").build();
- Author:
- Martin Lindström (martin@idsec.se)
-
Method Summary
Modifier and TypeMethodDescriptionbinding()
Returns the SAML binding that should be used when sending the request.The builder is created with the SAML binding to use when sending the request message (redirect or post).Compiles the request by invokingSAMLObjectBuilder.build()
, optionally signs it and encodes it according to the configured binding and returns a RequestHttpObject that can be used by the SP application to send the request to the Identity Provider.For testing purposesentityID()
Returns the entityID of the Service Provider that this builder is serving.Returns the entityID for the IdP to which we are constructing the request.boolean
Predicate that tells whether the request being created will be signed or not.performSignature
(boolean signatureFlag) The RequestBuilder reads the federation metadata and determines that a request should be signed if based on requirements from the IdP and SP.Returns the SAML RelayState that has been configured for this builder.relayState
(String relayState) Installs the SAML RelayState to use when sending the request.request()
Returns a reference to the request object that this builder object is handling.Replaces the request object that this builder currently is processing with a new and updated object.org.opensaml.security.x509.X509Credential
Returns the signature credentials this builder object has been configured to use during request signing.signatureCredentials
(org.opensaml.security.x509.X509Credential signatureCredentials) Using this method the signature credentials for the builder object may be changed.Methods inherited from interface se.swedenconnect.opensaml.common.builder.SAMLObjectBuilder
build
-
Method Details
-
buildHttpObject
RequestHttpObject<T> buildHttpObject() throws org.opensaml.xmlsec.signature.support.SignatureException, net.shibboleth.shared.resolver.ResolverException, org.opensaml.messaging.encoder.MessageEncodingExceptionCompiles the request by invokingSAMLObjectBuilder.build()
, optionally signs it and encodes it according to the configured binding and returns a RequestHttpObject that can be used by the SP application to send the request to the Identity Provider.- Returns:
- a RequestHttpObject object
- Throws:
org.opensaml.xmlsec.signature.support.SignatureException
- for signature creation errorsnet.shibboleth.shared.resolver.ResolverException
- for metadata errorsorg.opensaml.messaging.encoder.MessageEncodingException
- for encoding errors
-
entityID
String entityID()Returns the entityID of the Service Provider that this builder is serving.- Returns:
- entityID of the Service Provider
-
idpEntityID
String idpEntityID()Returns the entityID for the IdP to which we are constructing the request.- Returns:
- entityID of the Identity Provider
-
relayState
Installs the SAML RelayState to use when sending the request.- Parameters:
relayState
- the RelayState- Returns:
- an updated builder object
-
relayState
String relayState()Returns the SAML RelayState that has been configured for this builder.- Returns:
- the SAML RelayState or null if none has been configured
-
request
Replaces the request object that this builder currently is processing with a new and updated object.Note: Care should be taken when using this method, and if only a particular attribute or element of the request should be modified it is generally better to use the
request()
method that returns a reference to the contained request message, or the special purpose methods for this purpose.- Parameters:
request
- the request object to install to the builder- Returns:
- an updated builder object
- See Also:
-
request
T request()Returns a reference to the request object that this builder object is handling. In order to modify parts of the request this method should be used.Also see the methods that directly modifies attributes and elements.
- Returns:
- a reference to the request object
-
binding
RequestHttpObjectBuilder<T> binding(String binding) throws net.shibboleth.shared.resolver.ResolverException The builder is created with the SAML binding to use when sending the request message (redirect or post). This method may be used to override this setting.- Parameters:
binding
- the URI of the SAML binding to use (e.g., "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")- Returns:
- an updated builder object
- Throws:
net.shibboleth.shared.resolver.ResolverException
- if the binding supplied does not match a binding found in the IdP:s entity descriptor
-
binding
String binding()Returns the SAML binding that should be used when sending the request.- Returns:
- the URI of the SAML binding to use
-
performSignature
The RequestBuilder reads the federation metadata and determines that a request should be signed if based on requirements from the IdP and SP.Using this method it is possible to override the default behaviour by explicitly state the request should be signed, or not signed.
- Parameters:
signatureFlag
- flag telling whether the request being created should be signed or not- Returns:
- an updated builder object
-
performSignature
boolean performSignature()Predicate that tells whether the request being created will be signed or not.- Returns:
- if the request being created will be signed true is returned, and false otherwise
-
signatureCredentials
RequestHttpObjectBuilder<T> signatureCredentials(org.opensaml.security.x509.X509Credential signatureCredentials) Using this method the signature credentials for the builder object may be changed. This is typically useful when the SP has more than one signature key, or for testing purposes.- Parameters:
signatureCredentials
- the "new" signature credentials- Returns:
- an updated builder object
-
signatureCredentials
org.opensaml.security.x509.X509Credential signatureCredentials()Returns the signature credentials this builder object has been configured to use during request signing.- Returns:
- the signature credentials
-
endpoint
For testing purposesThe method will change the endpoint to where the request will be sent, but will not modify the
Destination
attribute of the request element.- Parameters:
url
- the endpoint to assign- Returns:
- an updated builder object
-