2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package edu.internet2.middleware.shibboleth.idp.profile;
19 import javax.servlet.ServletRequest;
20 import javax.servlet.ServletResponse;
21 import javax.servlet.http.HttpServletRequest;
23 import org.apache.log4j.Logger;
24 import org.opensaml.common.IdentifierGenerator;
25 import org.opensaml.common.SAMLObject;
26 import org.opensaml.common.binding.decoding.MessageDecoderFactory;
27 import org.opensaml.common.binding.encoding.MessageEncoderFactory;
28 import org.opensaml.saml2.metadata.Endpoint;
29 import org.opensaml.saml2.metadata.EntityDescriptor;
30 import org.opensaml.saml2.metadata.RoleDescriptor;
31 import org.opensaml.saml2.metadata.provider.MetadataProvider;
33 import edu.internet2.middleware.shibboleth.common.log.AuditLogEntry;
34 import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
35 import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
36 import edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler;
37 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager;
38 import edu.internet2.middleware.shibboleth.idp.session.Session;
41 * Base class for SAML profile handlers.
43 public abstract class AbstractSAMLProfileHandler extends
44 AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager, Session> {
46 /** SAML message audit log. */
47 private final Logger auditLog = Logger.getLogger(AuditLogEntry.AUDIT_LOGGER_NAME);
49 /** Generator of IDs which may be used for SAML assertions, requests, etc. */
50 private IdentifierGenerator idGenerator;
52 /** Factory of message decoders. */
53 private MessageDecoderFactory decoderFactory;
55 /** Factory of message encoders. */
56 private MessageEncoderFactory encoderFactory;
59 protected AbstractSAMLProfileHandler() {
64 * Gets an ID generator which may be used for SAML assertions, requests, etc.
66 * @return ID generator
68 public IdentifierGenerator getIdGenerator() {
73 * Gets an ID generator which may be used for SAML assertions, requests, etc.
75 * @param generator an ID generator which may be used for SAML assertions, requests, etc
77 public void setIdGenerator(IdentifierGenerator generator) {
78 idGenerator = generator;
82 * Gets the factory used to build new message decoders.
84 * @return factory used to build new message decoders
86 public MessageDecoderFactory getMessageDecoderFactory() {
87 return decoderFactory;
91 * Sets the factory used to build new message decoders.
93 * @param factory factory used to build new message decoders
95 public void setMessageDecoderFactory(MessageDecoderFactory factory) {
96 decoderFactory = factory;
100 * Gets the factory used to build message encoders.
102 * @return factory used to build message encoders
104 public MessageEncoderFactory getMessageEncoderFactory() {
105 return encoderFactory;
109 * Sets the factory used to build message encoders.
111 * @param factory factory used to build message encoders
113 public void setMessageEncoderFactory(MessageEncoderFactory factory) {
114 encoderFactory = factory;
118 * A convenience method for retrieving the SAML metadata provider from the relying party manager.
120 * @return the metadata provider or null
122 public MetadataProvider getMetadataProvider() {
123 SAMLMDRelyingPartyConfigurationManager rpcManager = getRelyingPartyConfigurationManager();
124 if (rpcManager != null) {
125 return rpcManager.getMetadataProvider();
132 * Gets the audit log for this handler.
134 * @return audit log for this handler
136 protected Logger getAduitLog() {
141 * Gets the user's session ID from the current request.
143 * @param request current request
145 * @return user's session ID
147 protected String getUserSessionId(ProfileRequest<ServletRequest> request) {
148 HttpServletRequest rawRequest = (HttpServletRequest) request.getRawRequest();
149 if (rawRequest != null) {
150 return (String) rawRequest.getSession().getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
157 * Contextual object used to accumlate information as profile requests are being processed.
159 * @param <StatusType> type of Status object
161 protected class SAMLProfileRequestContext<StatusType extends SAMLObject> extends ShibbolethProfileRequestContext {
163 /** Entity descriptor for the asserting party. */
164 private EntityDescriptor assertingPartyMetadata;
166 /** Role descriptor meatadata for the asserting party. */
167 private RoleDescriptor assertingPartyRoleMetadata;
169 /** Endpoint of relying party. */
170 private Endpoint relyingPartyEndpoint;
172 /** Entity descriptor for the relying party. */
173 private EntityDescriptor relyingPartyMetadata;
175 /** Role descriptor meatadata for the relying party. */
176 private RoleDescriptor relyingPartyRoleMetadata;
181 * @param request current profile request
182 * @param response current profile response
184 public SAMLProfileRequestContext(ProfileRequest<ServletRequest> request,
185 ProfileResponse<ServletResponse> response) {
186 super(request, response);
190 * Gets the metadata for the asserting party.
192 * @return metadata for the asserting party
194 public EntityDescriptor getAssertingPartyMetadata() {
195 return assertingPartyMetadata;
199 * Sets the metadata for the asserting party.
201 * @param metadata metadata for the asserting party
203 public void setAssertingPartyMetadata(EntityDescriptor metadata) {
204 assertingPartyMetadata = metadata;
208 * Gets the role descriptor for the asserting party.
210 * @return role descriptor for the asserting party
212 public RoleDescriptor getAssertingPartyRoleMetadata() {
213 return assertingPartyRoleMetadata;
217 * Sets the role descriptor for the asserting party.
219 * @param descriptor role descriptor for the asserting party
221 public void setAssertingPartyRoleMetadata(RoleDescriptor descriptor) {
222 assertingPartyRoleMetadata = descriptor;
226 * Gets the endpoint for the relying party.
228 * @return endpoint for the relying party
230 public Endpoint getRelyingPartyEndpoint(){
231 return relyingPartyEndpoint;
235 * Sets the endpoint for the relying party.
237 * @param endpoint endpoint for the relying party
239 public void setRelyingPartyEndpoint(Endpoint endpoint){
240 relyingPartyEndpoint = endpoint;
244 * Gets the metadata for the relying party.
246 * @return metadata for the relying party
248 public EntityDescriptor getRelyingPartyMetadata() {
249 return relyingPartyMetadata;
253 * Sets the metadata for the relying party.
255 * @param metadata metadata for the relying party
257 public void setRelyingPartyMetadata(EntityDescriptor metadata) {
258 relyingPartyMetadata = metadata;
262 * Gets the role descriptor for the relying party.
264 * @return role descriptor for the relying party
266 public RoleDescriptor getRelyingPartyRoleMetadata() {
267 return relyingPartyRoleMetadata;
271 * Sets the role descriptor for the relying party.
273 * @param descriptor role descriptor for the relying party
275 public void setRelyingPartyRoleMetadata(RoleDescriptor descriptor) {
276 relyingPartyRoleMetadata = descriptor;