1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 package org.opensaml.saml2.core.validator;
22
23 import org.opensaml.saml2.core.Assertion;
24 import org.opensaml.xml.validation.ValidationException;
25 import org.opensaml.xml.validation.Validator;
26
27
28
29
30 public class AssertionSpecValidator implements Validator<Assertion> {
31
32
33 public AssertionSpecValidator() {
34
35 }
36
37
38 public void validate(Assertion assertion) throws ValidationException {
39 validateSubject(assertion);
40 }
41
42
43
44
45
46
47
48 protected void validateSubject(Assertion assertion) throws ValidationException {
49 if ((assertion.getStatements() == null || assertion.getStatements().size() == 0)
50 && (assertion.getAuthnStatements() == null || assertion.getAuthnStatements().size() == 0)
51 && (assertion.getAttributeStatements() == null || assertion.getAttributeStatements().size() == 0)
52 && (assertion.getAuthzDecisionStatements() == null || assertion.getAuthzDecisionStatements().size() == 0)
53 && assertion.getSubject() == null) {
54 throw new ValidationException("Subject is required when Statements are absent");
55 }
56
57 if (assertion.getAuthnStatements().size() > 0 && assertion.getSubject() == null) {
58 throw new ValidationException("Assertions containing AuthnStatements require a Subject");
59 }
60 if (assertion.getAuthzDecisionStatements().size() > 0 && assertion.getSubject() == null) {
61 throw new ValidationException("Assertions containing AuthzDecisionStatements require a Subject");
62 }
63 if (assertion.getAttributeStatements().size() > 0 && assertion.getSubject() == null) {
64 throw new ValidationException("Assertions containing AttributeStatements require a Subject");
65 }
66 }
67 }