2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
50 package edu.internet2.middleware.shibboleth.aa;
53 * Attribute Authority & Release Policy
54 * Handles Initialization and incoming requests to AA
56 * @author Parviz Dousti (dousti@cmu.edu)
63 import javax.servlet.*;
64 import javax.servlet.http.*;
65 import javax.naming.*;
66 import javax.naming.directory.*;
67 import org.opensaml.*;
69 import edu.internet2.middleware.shibboleth.*;
70 import edu.internet2.middleware.shibboleth.common.*;
71 import edu.internet2.middleware.shibboleth.hs.*;
72 import edu.internet2.middleware.eduPerson.*;
73 import org.apache.log4j.Logger;
77 public class AAServlet extends HttpServlet {
82 String arpFactoryMethod;
83 String arpFactoryData;
85 AAResponder responder;
86 HandleRepositoryFactory hrf;
87 ArpFactory arpFactory;
88 private static Logger log = Logger.getLogger(AAServlet.class.getName());
90 public void init(ServletConfig conf)
91 throws ServletException{
95 edu.internet2.middleware.eduPerson.Init.init();
96 myName = getInitParameter("domain");
97 dirUrl = getInitParameter("dirUrl");
98 uidSyntax = getInitParameter("ldapUserDnPhrase");
99 ctxFactory = getInitParameter("ctxFactoryClass");
100 if(ctxFactory == null)
101 ctxFactory = "com.sun.jndi.ldap.LdapCtxFactory";
102 arpFactoryMethod = getInitParameter("arpFactoryMethod");
103 arpFactoryData = getInitParameter("arpFactoryData");
104 if(arpFactoryMethod.equalsIgnoreCase("file") &&
105 arpFactoryData == null){
106 String realPath = getServletContext().getRealPath("/");
108 log.debug("shib dir = "+ realPath);
109 arpFactoryData = realPath;
114 arpFactory = ArpRepository.getInstance(arpFactoryMethod, arpFactoryData);
116 log.info("Using "+ctxFactory+" as directory for attributes.");
118 Hashtable env = new Hashtable(11);
119 env.put(Context.INITIAL_CONTEXT_FACTORY, ctxFactory);
121 env.put(Context.PROVIDER_URL, dirUrl);
122 DirContext ctx = new InitialDirContext(env);
124 responder = new AAResponder(arpFactory, ctx, myName);
126 hrf = getHandleRepository();
128 log.info("AA all initialized at "+new Date());
130 }catch(NamingException ne){
131 log.fatal("AA init failed: "+ne);
132 throw new ServletException("Init failed: "+ne);
133 }catch(AAException ae){
134 log.fatal("AA init failed: "+ae);
135 throw new ServletException("Init failed: "+ae);
136 }catch(HandleException he){
137 log.fatal("AA init failed: "+he);
138 throw new ServletException("Init failed: "+he);
142 public void doGet(HttpServletRequest req, HttpServletResponse resp)
143 throws ServletException, IOException {
144 resp.setContentType("text/html");
145 PrintWriter out = resp.getWriter();
146 out.println("<HTML><BODY> Sorry! GET is not supported. </BODY></HTML>");
150 public void doPost(HttpServletRequest req, HttpServletResponse resp)
151 throws ServletException, IOException {
153 SAMLAttribute[] attrs = null;
154 SAMLException ourSE = null;
156 String userName = null;
159 saml = new AASaml(myName);
161 log.info("AA received a query");
162 String resource = saml.getResource();
163 String handle = saml.getHandle();
164 String shar = saml.getShar();
165 String issuedBy = saml.getIssuer();
166 log.info("AA: handle:"+handle);
167 log.info("AA: issuer:"+issuedBy);
168 log.info("AA: shar:"+shar);
171 if(handle.equalsIgnoreCase("foo")){
176 throw new HandleException("No HandleRepository found! Has HS initialized?");
178 HandleEntry he = hrf.getHandleEntry(handle);
179 userName = he.getUsername();
181 throw new HandleException("HandleServer returns null for user name!");
185 attrs = responder.getReleaseAttributes(userName, uidSyntax, handle, shar, resource);
186 log.info("Got "+attrs.length+" attributes for "+userName);
187 saml.respond(resp, attrs, null);
188 log.info("Successfully responded about "+userName);
190 }catch (org.opensaml.SAMLException se) {
191 log.error("AA failed for "+userName+" because of: "+se);
193 saml.fail(resp, new SAMLException(SAMLException.RESPONDER, "AA got a SAML Exception: "+se));
194 }catch(Exception ee){
195 throw new ServletException("AA failed to even make a SAML Failure message because "+ee+" Origianl problem: "+se);
197 }catch (HandleException he) {
198 log.error("AA failed for "+userName+" because of: "+he);
200 QName[] codes=new QName[2];
201 codes[0]=SAMLException.REQUESTER[0];
203 edu.internet2.middleware.shibboleth.common.XML.SHIB_NS,
205 saml.fail(resp, new SAMLException(codes, "AA got a HandleException: "+he));
206 }catch(Exception ee){
207 throw new ServletException("AA failed to even make a SAML Failure message because "+ee+" Origianl problem: "+he);
209 }catch (Exception e) {
210 log.error("AA failed for "+userName+" because of: "+e);
212 saml.fail(resp, new SAMLException(SAMLException.RESPONDER, "AA got an Exception: "+e));
213 }catch(Exception ee){
214 throw new ServletException("AA failed to even make a SAML Failure message because "+ee+" Origianl problem: "+e);
221 private synchronized HandleRepositoryFactory getHandleRepository()
222 throws HandleException, AAException{
224 ServletConfig sc = getServletConfig();
225 ServletContext sctx = sc.getServletContext();
226 HandleRepositoryFactory hrf = (HandleRepositoryFactory)sctx.getAttribute("HandleRepository");
228 log.debug("Context attribute for HandleRepository: "+hrf);
233 String repositoryType = this.getServletContext().getInitParameter("repository");
234 if(repositoryType == null)
235 throw new AAException("repository parameter not set. Unknown Handle repository type");
236 hrf = HandleRepositoryFactory.getInstance( Constants.POLICY_CLUBSHIB,
239 sctx.setAttribute("HandleRepository", hrf);
240 log.info("A new HandleRepository created by AA: "+hrf);