Unifed NameMapper and HSNameMapper interfaces for use by the new IdPResponder servlet.
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / hs / provider / SharedMemoryShibHandle.java
index 1008021..c23e4cf 100644 (file)
@@ -1,49 +1,28 @@
 /*
- * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation
- * for Advanced Internet Development, Inc. All rights reserved
- * 
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * 
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- * 
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- * 
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- * 
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- * 
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
+
 package edu.internet2.middleware.shibboleth.hs.provider;
 
 import java.util.HashMap;
@@ -62,30 +41,28 @@ import org.w3c.dom.Element;
 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
 import edu.internet2.middleware.shibboleth.common.IdentityProvider;
 import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
+import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
 import edu.internet2.middleware.shibboleth.common.ServiceProvider;
-import edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping;
 
 /**
- * <code>HSNameIdentifierMapping</code> implementation that uses an in-memory
- * cache to store mappings between principal names and Shibboleth Attribute Query Handles.
+ * {@link HSNameIdentifierMapping}implementation that uses an in-memory cache to store mappings between principal names
+ * and Shibboleth Attribute Query Handles.
  * 
  * @author Walter Hoehn
  */
-public class SharedMemoryShibHandle extends AQHNameIdentifierMapping implements HSNameIdentifierMapping {
+public class SharedMemoryShibHandle extends AQHNameIdentifierMapping implements NameIdentifierMapping {
 
        protected HandleCache cache = HandleCache.instance();
        private static Logger log = Logger.getLogger(SharedMemoryShibHandle.class.getName());
 
        public SharedMemoryShibHandle(Element config) throws NameIdentifierMappingException {
+
                super(config);
        }
 
-       public SAMLNameIdentifier getNameIdentifierName(
-               AuthNPrincipal principal,
-               ServiceProvider sProv,
-               IdentityProvider idProv)
-               throws NameIdentifierMappingException {
+       public SAMLNameIdentifier getNameIdentifierName(AuthNPrincipal principal, ServiceProvider sProv,
+                       IdentityProvider idProv) throws NameIdentifierMappingException {
 
                if (principal == null) {
                        log.error("A principal must be supplied for Attribute Query Handle creation.");
@@ -107,12 +84,15 @@ public class SharedMemoryShibHandle extends AQHNameIdentifierMapping implements
        }
 
        public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
-               throws NameIdentifierMappingException, InvalidNameIdentifierException {
+                       throws NameIdentifierMappingException, InvalidNameIdentifierException {
+
+               verifyQualifier(nameId, idProv);
 
                synchronized (cache.handleEntries) {
                        if (!cache.handleEntries.containsKey(nameId.getName())) {
                                log.debug("The Name Mapping Cache does not contain an entry for this Attribute Query Handle.");
-                               throw new NameIdentifierMappingException("The Name Mapping Cache does not contain an entry for this Attribute Query Handle.");
+                               throw new InvalidNameIdentifierException(
+                                               "The Name Mapping Cache does not contain an entry for this Attribute Query Handle.", errorCodes);
                        }
                }
 
@@ -126,13 +106,18 @@ public class SharedMemoryShibHandle extends AQHNameIdentifierMapping implements
                        synchronized (cache.handleEntries) {
                                cache.handleEntries.remove(nameId.getName());
                        }
-                       throw new InvalidNameIdentifierException("Attribute Query Handle is expired.");
+                       throw new InvalidNameIdentifierException("Attribute Query Handle is expired.", errorCodes);
                } else {
                        log.debug("Attribute Query Handle recognized.");
                        return handleEntry.principal;
                }
        }
 
+       public void destroy() {
+
+               cache.destroy();
+       }
+
 }
 
 class HandleCache {
@@ -143,48 +128,70 @@ class HandleCache {
        private static Logger log = Logger.getLogger(HandleCache.class.getName());
 
        protected HandleCache() {
+
        }
 
        public static synchronized HandleCache instance() {
+
                if (instance == null) {
                        instance = new HandleCache();
                        return instance;
                }
                return instance;
        }
-       /**
-        * @see java.lang.Object#finalize()
-        */
+
        protected void finalize() throws Throwable {
+
                super.finalize();
+               destroy();
+       }
+
+       protected void destroy() {
+
                synchronized (cleaner) {
-                       cleaner.shutdown = true;
-                       cleaner.interrupt();
+                       if (cleaner != null) {
+                               cleaner.shutdown = true;
+                               cleaner.interrupt();
+                       }
                }
        }
 
        private class MemoryRepositoryCleaner extends Thread {
 
                private boolean shutdown = false;
+               private Thread master;
 
                public MemoryRepositoryCleaner() {
-                       super();
+
+                       super(
+                                       "edu.internet2.middleware.shibboleth.hs.provider.SharedMemoryShibHandle.HandleCache.MemoryRepositoryCleaner");
+                       this.master = Thread.currentThread();
+                       setDaemon(true);
+                       if (getPriority() > Thread.MIN_PRIORITY) {
+                               setPriority(getPriority() - 1);
+                       }
                        log.debug("Starting memory-based shib handle cache cleanup thread.");
                        start();
                }
 
                public void run() {
+
                        try {
-                               sleep(1 * 60 * 1000);
+                               sleep(60 * 1000); //one minute
                        } catch (InterruptedException e) {
                                log.debug("Memory-based shib handle cache cleanup interrupted.");
                        }
                        while (true) {
                                try {
+                                       if (!master.isAlive()) {
+                                               shutdown = true;
+                                               log.debug("Memory-based shib handle cache cleaner is orphaned.");
+                                       }
                                        if (shutdown) {
                                                log.debug("Stopping Memory-based shib handle cache cleanup thread.");
                                                return;
                                        }
+                                       log.debug("Memory cache handle cache cleanup thread searching for stale entries.");
                                        Set needsDeleting = new HashSet();
                                        synchronized (handleEntries) {
                                                Iterator iterator = handleEntries.entrySet().iterator();
@@ -204,7 +211,7 @@ class HandleCache {
                                                        }
                                                }
                                        }
-                                       sleep(1 * 60 * 1000);
+                                       sleep(60 * 1000); //one minute
                                } catch (InterruptedException e) {
                                        log.debug("Memory-based shib handle cache cleanup interrupted.");
                                }
@@ -212,4 +219,4 @@ class HandleCache {
                }
        }
 
-}
+}
\ No newline at end of file