SAML-Toolkits
diff --git a/‎README.md‎
Lines changed: 16 additions & 10 deletions b/‎README.md‎
Lines changed: 16 additions & 10 deletions
diff --git a/‎toolkit/src/main/java/com/onelogin/saml2/Auth.java‎
Lines changed: 19 additions & 118 deletions b/‎toolkit/src/main/java/com/onelogin/saml2/Auth.java‎
Lines changed: 19 additions & 118 deletions
diff --git a/‎toolkit/src/main/java/com/onelogin/saml2/factory/SamlMessageFactory.java‎
Lines changed: 119 additions & 0 deletions b/‎toolkit/src/main/java/com/onelogin/saml2/factory/SamlMessageFactory.java‎
Lines changed: 119 additions & 0 deletions
diff --git a/‎toolkit/src/main/java/com/onelogin/saml2/factory/SamlOutgoingMessageFactory.java‎
Lines changed: 0 additions & 27 deletions b/‎toolkit/src/main/java/com/onelogin/saml2/factory/SamlOutgoingMessageFactory.java‎
Lines changed: 0 additions & 27 deletions
@@ -653,19 +653,25 @@ All the provided SAML message classes (`AuthnRequest`, `SamlResponse`, `LogoutRe
 
 In particular, the classes used to produce outgoing messages (`AuthnRequest`, `LogoutRequest`, and `LogoutResponse`) also provide a `postProcessXml` method that can be overridden to customise the generation of the corresponding SAML message XML, along with the ability to pass in proper extensions of the input parameter classes (`AuthnRequestParams`, `LogoutRequestParams`, and `LogoutResponseParams` respectively).
 
-Once you have prepared your extension classes, in order to make the `Auth` class use them, appropriate factories can then be
-specified:
+Once you have prepared your extension classes, in order to make the `Auth` class use them, an appropriate `SamlMessageFactory` implementation can be specified. As an example, assuming you've created two extension classes `AuthnRequestEx` and `SamlResponseEx` to customise the creation of AuthnRequest SAML messages and the validation of SAML responses respectively, as well as an extended `AuthnRequestParamsEx` input parameter class to drive the AuthnRequest generation post-processing, you can do the following:
 
 ```java
-// let AuthnRequestEx, SamlResponseEx, LogoutRequestEx, LogoutResponseEx be your extension classes
 Auth auth = new Auth(request, response);
-auth.setAuthnRequestFactory(AuthnRequestEx::new); // to make it build custom AuthnRequests
-auth.setSamlResponseFactory(SamlResponseEx::new); // to make it build custom SamlResponses
-auth.setOutgoingLogoutRequestFactory(LogoutRequestEx::new); // to make it build custom outgoing LogoutRequests
-auth.setReceivedLogoutRequestFactory(LogoutRequestEx::new); // to make it build custom incoming LogoutRequests
-auth.setOutgoingLogoutResponseFactory(LogoutResponseEx::new); // to make it build custom outgoing LogoutResponses
-auth.setReceivedLogoutResponseFactory(LogoutResponseEx::new); // to make it build custom incoming LogoutResponses
-// then proceed with login/processResponse/logout/processSLO...
+auth.setSamlMessageFactory(new SamlMessageFactory() {
+	@Override
+	public AuthnRequest createAuthnRequest(Saml2Settings settings, AuthnRequestParams params) {
+		return new AuthnRequestEx(settings, (AuthnRequestParamsEx) params);
+	}
+
+	@Override
+	public SamlResponse createSamlResponse(Saml2Settings settings, HttpRequest request) throws Exception {
+		return new SamlResponseEx(settings, request);
+	}
+}); 
+// then proceed with login...
+auth.login(relayState, new AuthnRequestParamsEx()); // the custom generation of AuthnReqeustEx will be executed
+// ... or process the response as usual
+auth.processResponse(); // the custom validation of SamlResponseEx will be executed
 ```
 
 ### Working behind load balancer
 
@@ -26,8 +26,7 @@
 import com.onelogin.saml2.authn.AuthnRequestParams;
 import com.onelogin.saml2.authn.SamlResponse;
 import com.onelogin.saml2.exception.SettingsException;
-import com.onelogin.saml2.factory.SamlOutgoingMessageFactory;
-import com.onelogin.saml2.factory.SamlReceivedMessageFactory;
+import com.onelogin.saml2.factory.SamlMessageFactory;
 import com.onelogin.saml2.exception.Error;
 import com.onelogin.saml2.http.HttpRequest;
 import com.onelogin.saml2.logout.LogoutRequest;
@@ -171,19 +170,9 @@ public class Auth {
 	 */
 	private String lastResponse;
 
-	private static final SamlOutgoingMessageFactory<AuthnRequestParams, AuthnRequest> DEFAULT_AUTHN_REQUEST_FACTORY = AuthnRequest::new;
-	private static final SamlReceivedMessageFactory<SamlResponse> DEFAULT_SAML_RESPONSE_FACTORY = SamlResponse::new;
-	private static final SamlOutgoingMessageFactory<LogoutRequestParams, LogoutRequest> DEFAULT_OUTGOING_LOGOUT_REQUEST_FACTORY = LogoutRequest::new;
-	private static final SamlReceivedMessageFactory<LogoutRequest> DEFAULT_RECEIVED_LOGOUT_REQUEST_FACTORY = LogoutRequest::new;
-	private static final SamlOutgoingMessageFactory<LogoutResponseParams, LogoutResponse> DEFAULT_OUTGOING_LOGOUT_RESPONSE_FACTORY = LogoutResponse::new;
-	private static final SamlReceivedMessageFactory<LogoutResponse> DEFAULT_RECEIVED_LOGOUT_RESPONSE_FACTORY = LogoutResponse::new;
+	private static final SamlMessageFactory DEFAULT_SAML_MESSAGE_FACTORY = new SamlMessageFactory() {};
 
-	private SamlOutgoingMessageFactory<AuthnRequestParams, AuthnRequest> authnRequestFactory = DEFAULT_AUTHN_REQUEST_FACTORY;
-	private SamlReceivedMessageFactory<SamlResponse> samlResponseFactory = DEFAULT_SAML_RESPONSE_FACTORY;
-	private SamlOutgoingMessageFactory<LogoutRequestParams, LogoutRequest> outgoingLogoutRequestFactory = DEFAULT_OUTGOING_LOGOUT_REQUEST_FACTORY;
-	private SamlReceivedMessageFactory<LogoutRequest> receivedLogoutRequestFactory = DEFAULT_RECEIVED_LOGOUT_REQUEST_FACTORY;
-	private SamlOutgoingMessageFactory<LogoutResponseParams, LogoutResponse> outgoingLogoutResponseFactory = DEFAULT_OUTGOING_LOGOUT_RESPONSE_FACTORY;
-	private SamlReceivedMessageFactory<LogoutResponse> receivedLogoutResponseFactory = DEFAULT_RECEIVED_LOGOUT_RESPONSE_FACTORY;
+	private SamlMessageFactory samlMessageFactory = DEFAULT_SAML_MESSAGE_FACTORY;
 
 	/**
 	 * Initializes the SP SAML instance.
@@ -626,7 +615,7 @@ public String login(String relayState, AuthnRequestParams authnRequestParams, Bo
 	 * @throws SettingsException
 	 */
 	public String login(String relayState, AuthnRequestParams authnRequestParams, Boolean stay, Map<String, String> parameters) throws IOException, SettingsException {
-		AuthnRequest authnRequest = authnRequestFactory.create(settings, authnRequestParams);
+		AuthnRequest authnRequest = samlMessageFactory.createAuthnRequest(settings, authnRequestParams);
 
 		if (parameters == null) {
 			parameters = new HashMap<String, String>();
@@ -802,7 +791,7 @@ public String logout(String relayState, LogoutRequestParams logoutRequestParams,
 			parameters = new HashMap<String, String>();
 		}
 
-		LogoutRequest logoutRequest = outgoingLogoutRequestFactory.create(settings, logoutRequestParams);
+		LogoutRequest logoutRequest = samlMessageFactory.createOutgoingLogoutRequest(settings, logoutRequestParams);
 		String samlLogoutRequest = logoutRequest.getEncodedLogoutRequest();
 		parameters.put("SAMLRequest", samlLogoutRequest);
 
@@ -1213,7 +1202,7 @@ public void processResponse(String requestId) throws Exception {
 		final String samlResponseParameter = httpRequest.getParameter("SAMLResponse");
 
 		if (samlResponseParameter != null) {
-			SamlResponse samlResponse = samlResponseFactory.create(settings, httpRequest);
+			SamlResponse samlResponse = samlMessageFactory.createSamlResponse(settings, httpRequest);
 			lastResponse = samlResponse.getSAMLResponseXml();
 
 			if (samlResponse.isValid(requestId)) {
@@ -1286,7 +1275,7 @@ public String processSLO(Boolean keepLocalSession, String requestId, Boolean sta
 		final String samlResponseParameter = httpRequest.getParameter("SAMLResponse");
 
 		if (samlResponseParameter != null) {
-			LogoutResponse logoutResponse = receivedLogoutResponseFactory.create(settings, httpRequest);
+			LogoutResponse logoutResponse = samlMessageFactory.createIncomingLogoutResponse(settings, httpRequest);
 			lastResponse = logoutResponse.getLogoutResponseXml();
 			if (!logoutResponse.isValid(requestId)) {
 				errors.add("invalid_logout_response");
@@ -1316,7 +1305,7 @@ public String processSLO(Boolean keepLocalSession, String requestId, Boolean sta
 			}
 			return null;
 		} else if (samlRequestParameter != null) {
-			LogoutRequest logoutRequest = receivedLogoutRequestFactory.create(settings, httpRequest);
+			LogoutRequest logoutRequest = samlMessageFactory.createIncomingLogoutRequest(settings, httpRequest);
 			lastRequest = logoutRequest.getLogoutRequestXml();
 			if (!logoutRequest.isValid()) {
 				errors.add("invalid_logout_request");
@@ -1334,7 +1323,7 @@ public String processSLO(Boolean keepLocalSession, String requestId, Boolean sta
 				}
 
 				String inResponseTo = logoutRequest.id;
-				LogoutResponse logoutResponseBuilder = outgoingLogoutResponseFactory.create(settings, 
+				LogoutResponse logoutResponseBuilder = samlMessageFactory.createOutgoingLogoutResponse(settings, 
 						new LogoutResponseParams(inResponseTo, Constants.STATUS_SUCCESS));
 				lastResponse = logoutResponseBuilder.getLogoutResponseXml();
 
@@ -1663,107 +1652,19 @@ public String getLastResponseXML() {
 	}
 
 	/**
-	 * Sets the factory this {@link Auth} will use to create {@link AuthnRequest}
-	 * objects.
+	 * Sets the factory this {@link Auth} will use to create SAML messages.
 	 * <p>
-	 * This allows consumers to provide their own extension of {@link AuthnRequest}
-	 * possibly implementing custom features and/or XML post-processing.
+	 * This allows consumers to provide their own extension classes for SAML message
+	 * XML generation and/or processing.
 	 * 
-	 * @param authnRequestFactory
-	 *              the factory to use to create {@link AuthnRequest} objects; if
+	 * @param samlMessageFactory
+	 *              the factory to use to create SAML message objects; if
 	 *              <code>null</code>, a default provider will be used which creates
-	 *              plain {@link AuthnRequest} instances
+	 *              the standard message implementation provided by this library
+	 *              (i.e.: {@link AuthnRequest}, {@link SamlResponse},
+	 *              {@link LogoutRequest} and {@link LogoutResponse})
 	 */
-	public void setAuthnRequestFactory(
-	            final SamlOutgoingMessageFactory<AuthnRequestParams, AuthnRequest> authnRequestFactory) {
-		this.authnRequestFactory = authnRequestFactory != null ? authnRequestFactory
-		            : DEFAULT_AUTHN_REQUEST_FACTORY;
-	}
-
-	/**
-	 * Sets the factory this {@link Auth} will use to create {@link SamlResponse}
-	 * objects.
-	 * <p>
-	 * This allows consumers to provide their own extension of {@link SamlResponse}
-	 * possibly implementing custom features and/or XML validation.
-	 * 
-	 * @param samlResponseFactory
-	 *              the factory to use to create {@link SamlResponse} objects; if
-	 *              <code>null</code>, a default factory will be used which creates
-	 *              plain {@link SamlResponse} instances
-	 */
-	public void setSamlResponseFactory(final SamlReceivedMessageFactory<SamlResponse> samlResponseFactory) {
-		this.samlResponseFactory = samlResponseFactory != null? samlResponseFactory: DEFAULT_SAML_RESPONSE_FACTORY;
-	}
-
-	/**
-	 * Sets the factory this {@link Auth} will use to create outgoing
-	 * {@link LogoutRequest} objects.
-	 * <p>
-	 * This allows consumers to provide their own extension of {@link LogoutRequest}
-	 * possibly implementing custom features and/or XML post-processing.
-	 * 
-	 * @param outgoingLogoutRequestFactory
-	 *              the factory to use to create outgoing {@link LogoutRequest}
-	 *              objects; if <code>null</code>, a default provider will be used
-	 *              which creates plain {@link LogoutRequest} instances
-	 */
-	public void setOutgoingLogoutRequestFactory(final
-	            SamlOutgoingMessageFactory<LogoutRequestParams, LogoutRequest> outgoingLogoutRequestFactory) {
-		this.outgoingLogoutRequestFactory = outgoingLogoutRequestFactory != null? outgoingLogoutRequestFactory: DEFAULT_OUTGOING_LOGOUT_REQUEST_FACTORY;
-	}
-
-	/**
-	 * Sets the factory this {@link Auth} will use to create received
-	 * {@link LogoutRequest} objects.
-	 * <p>
-	 * This allows consumers to provide their own extension of {@link LogoutRequest}
-	 * possibly implementing custom features and/or XML validation.
-	 * 
-	 * @param receivedLogoutRequestFactory
-	 *              the factory to use to create received {@link LogoutRequest}
-	 *              objects; if <code>null</code>, a default provider will be used
-	 *              which creates plain {@link LogoutRequest} instances
-	 */
-	public void setReceivedLogoutRequestFactory(
-	            final SamlReceivedMessageFactory<LogoutRequest> receivedLogoutRequestFactory) {
-		this.receivedLogoutRequestFactory = receivedLogoutRequestFactory != null ? receivedLogoutRequestFactory
-		            : DEFAULT_RECEIVED_LOGOUT_REQUEST_FACTORY;
-	}
-
-	/**
-	 * Sets the factory this {@link Auth} will use to create outgoing
-	 * {@link LogoutResponse} objects.
-	 * <p>
-	 * This allows consumers to provide their own extension of
-	 * {@link LogoutResponse} possibly implementing custom features and/or XML
-	 * post-processing.
-	 * 
-	 * @param outgoingLogoutResponseFactory
-	 *              the factory to use to create outgoing {@link LogoutResponse}
-	 *              objects; if <code>null</code>, a default provider will be used
-	 *              which creates plain {@link LogoutResponse} instances
-	 */
-	public void setOutgoingLogoutResponseFactory(final
-	            SamlOutgoingMessageFactory<LogoutResponseParams, LogoutResponse> outgoingLogoutResponseFactory) {
-		this.outgoingLogoutResponseFactory = outgoingLogoutResponseFactory != null? outgoingLogoutResponseFactory: DEFAULT_OUTGOING_LOGOUT_RESPONSE_FACTORY;
-	}
-
-	/**
-	 * Sets the factory this {@link Auth} will use to create received
-	 * {@link LogoutResponse} objects.
-	 * <p>
-	 * This allows consumers to provide their own extension of
-	 * {@link LogoutResponse} possibly implementing custom features and/or XML
-	 * validation.
-	 * 
-	 * @param receivedLogoutResponseFactory
-	 *              the factory to use to create received {@link LogoutResponse}
-	 *              objects; if <code>null</code>, a default provider will be used
-	 *              which creates plain {@link LogoutResponse} instances
-	 */
-	public void setReceivedLogoutResponseFactory(final
-	            SamlReceivedMessageFactory<LogoutResponse> receivedLogoutResponseFactory) {
-		this.receivedLogoutResponseFactory = receivedLogoutResponseFactory != null? receivedLogoutResponseFactory: DEFAULT_RECEIVED_LOGOUT_RESPONSE_FACTORY;
+	public void setSamlMessageFactory(final SamlMessageFactory samlMessageFactory) {
+		this.samlMessageFactory = samlMessageFactory != null ? samlMessageFactory : DEFAULT_SAML_MESSAGE_FACTORY;
 	}
 }
@@ -0,0 +1,119 @@
+package com.onelogin.saml2.factory;
+
+import com.onelogin.saml2.Auth;
+import com.onelogin.saml2.authn.AuthnRequest;
+import com.onelogin.saml2.authn.AuthnRequestParams;
+import com.onelogin.saml2.authn.SamlResponse;
+import com.onelogin.saml2.http.HttpRequest;
+import com.onelogin.saml2.logout.LogoutRequest;
+import com.onelogin.saml2.logout.LogoutRequestParams;
+import com.onelogin.saml2.logout.LogoutResponse;
+import com.onelogin.saml2.logout.LogoutResponseParams;
+import com.onelogin.saml2.settings.Saml2Settings;
+
+/**
+ * Factory which can create all kind of SAML message objects.
+ * <p>
+ * One such factory is used by the {@link Auth} class to orchestrate login and
+ * logout operations.
+ * <p>
+ * Default implementations for all creation methods are provided: they create
+ * instances of the standard classes provided by the library. Any extension
+ * class may simply override the desired creation methods in order to return
+ * instances of custom extensions of those standard classes.
+ */
+public interface SamlMessageFactory {
+
+	/**
+	 * Creates an {@link AuthnRequest} instance.
+	 * 
+	 * @param settings
+	 *              the settings
+	 * @param params
+	 *              the authentication request input parameters
+	 * @return the created {@link AuthnRequest} instance
+	 */
+	default AuthnRequest createAuthnRequest(final Saml2Settings settings, final AuthnRequestParams params) {
+		return new AuthnRequest(settings, params);
+	}
+
+	/**
+	 * Creates a {@link SamlResponse} instance.
+	 * 
+	 * @param settings
+	 *              the settings
+	 * @param request
+	 *              the HTTP request from which the response is to be extracted and
+	 *              parsed
+	 * @return the created {@link SamlResponse} instance
+	 * @throws Exception
+	 *               in case some error occurred while trying to create the
+	 *               {@link SamlResponse} instance
+	 */
+	default SamlResponse createSamlResponse(final Saml2Settings settings, final HttpRequest request)
+	            throws Exception {
+		return new SamlResponse(settings, request);
+	}
+
+	/**
+	 * Creates a {@link LogoutRequest} instance for an outgoing request.
+	 * 
+	 * @param settings
+	 *              the settings
+	 * @param params
+	 *              the logout request input parameters
+	 * @return the created {@link LogoutRequest} instance
+	 */
+	default LogoutRequest createOutgoingLogoutRequest(final Saml2Settings settings, final LogoutRequestParams params) {
+		return new LogoutRequest(settings, params);
+	}
+
+	/**
+	 * Creates a {@link LogoutRequest} instance for an incoming request.
+	 * 
+	 * @param settings
+	 *              the settings
+	 * @param request
+	 *              the HTTP request from which the logout request is to be
+	 *              extracted and parsed
+	 * @return the created {@link LogoutRequest} instance
+	 * @throws Exception
+	 *               in case some error occurred while trying to create the
+	 *               {@link LogoutRequest} instance
+	 */
+	default LogoutRequest createIncomingLogoutRequest(final Saml2Settings settings, final HttpRequest request)
+	            throws Exception {
+		return new LogoutRequest(settings, request);
+	}
+
+	/**
+	 * Creates a {@link LogoutResponse} instance for an outgoing response.
+	 * 
+	 * @param settings
+	 *              the settings
+	 * @param params
+	 *              the logout response input parameters
+	 * @return the created {@link LogoutResponse} instance
+	 */
+	default LogoutResponse createOutgoingLogoutResponse(final Saml2Settings settings, final LogoutResponseParams params) {
+		return new LogoutResponse(settings, params);
+	}
+
+	/**
+	 * Creates a {@link LogoutRequest} instance for an incoming response.
+	 * 
+	 * @param settings
+	 *              the settings
+	 * @param request
+	 *              the HTTP request from which the logout response is to be
+	 *              extracted and parsed
+	 * @return the created {@link LogoutResponse} instance
+	 * @throws Exception
+	 *               in case some error occurred while trying to create the
+	 *               {@link LogoutResponse} instance
+	 */
+	default LogoutResponse createIncomingLogoutResponse(final Saml2Settings settings, final HttpRequest request)
+	            throws Exception {
+		return new LogoutResponse(settings, request);
+	}
+}