Be sure not to add null values to list

[java-idp.git] / src / edu / internet2 / middleware / shibboleth / idp / authn / Saml2LoginContext.java
diff --git a/src/edu/internet2/middleware/shibboleth/idp/authn/Saml2LoginContext.java b/src/edu/internet2/middleware/shibboleth/idp/authn/Saml2LoginContext.java

index 7443816..7173e98 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/authn/Saml2LoginContext.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/authn/Saml2LoginContext.java
@@ -26,6 +26,7 @@ import javax.xml.parsers.DocumentBuilder;
  import javax.xml.parsers.DocumentBuilderFactory;
  
  import org.opensaml.Configuration;
+import org.opensaml.saml2.core.AuthnContext;
  import org.opensaml.saml2.core.AuthnContextClassRef;
  import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
  import org.opensaml.saml2.core.AuthnContextDeclRef;
@@ -35,6 +36,7 @@ import org.opensaml.xml.io.Marshaller;
  import org.opensaml.xml.io.MarshallingException;
  import org.opensaml.xml.io.Unmarshaller;
  import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.util.DatatypeHelper;
  import org.opensaml.xml.util.XMLHelper;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
@@ -83,8 +85,8 @@ public class Saml2LoginContext extends LoginContext implements Serializable {
          authnRequest = request;
          serialAuthnRequest = serializeRequest(request);
          
-        setForceAuth(authnRequest.isForceAuthn());
-        setPassiveAuth(authnRequest.isPassive());
+        setForceAuthRequired(authnRequest.isForceAuthn());
+        setPassiveAuthRequired(authnRequest.isPassive());
          getRequestedAuthenticationMethods().addAll(extractRequestedAuthenticationMethods());
      }
  
@@ -168,7 +170,7 @@ public class Saml2LoginContext extends LoginContext implements Serializable {
      /**
       * Extracts the authentication methods requested within the request.
       * 
-     * @return requested authentication methods
+     * @return requested authentication methods, or an empty list if no preference
       */
      protected List<String> extractRequestedAuthenticationMethods(){
          ArrayList<String> requestedMethods = new ArrayList<String>();
@@ -188,23 +190,26 @@ public class Saml2LoginContext extends LoginContext implements Serializable {
  
          // build a list of all requested authn classes and declrefs
          List<AuthnContextClassRef> authnClasses = authnContext.getAuthnContextClassRefs();
-        List<AuthnContextDeclRef> authnDeclRefs = authnContext.getAuthnContextDeclRefs();
-
          if (authnClasses != null) {
              for (AuthnContextClassRef classRef : authnClasses) {
-                if (classRef != null) {
+                if (classRef != null && !DatatypeHelper.isEmpty(classRef.getAuthnContextClassRef())) {
                      requestedMethods.add(classRef.getAuthnContextClassRef());
                  }
              }
          }
  
+        List<AuthnContextDeclRef> authnDeclRefs = authnContext.getAuthnContextDeclRefs();
          if (authnDeclRefs != null) {
              for (AuthnContextDeclRef declRef : authnDeclRefs) {
-                if (declRef != null) {
+                if (declRef != null&& !DatatypeHelper.isEmpty(declRef.getAuthnContextDeclRef())) {
                      requestedMethods.add(declRef.getAuthnContextDeclRef());
                  }
              }
          }
+        
+        if(requestedMethods.contains(AuthnContext.UNSPECIFIED_AUTHN_CTX)){
+            requestedMethods.clear();
+        }
  
          return requestedMethods;
      }