import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.apache.log4j.Logger;
-import org.opensaml.common.binding.BindingException;
+import org.opensaml.common.binding.MessageDecoder;
+import org.opensaml.common.binding.MessageEncoder;
import org.opensaml.saml2.binding.HTTPSOAP11Decoder;
import org.opensaml.saml2.binding.HTTPSOAP11Encoder;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.xml.encryption.EncryptionException;
-import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException;
-import edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethAttributeRequestContext;
-import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolver;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
-import edu.internet2.middleware.shibboleth.idp.session.ServiceInformation;
+import edu.internet2.middleware.shibboleth.idp.session.Session;
/**
* SAML 2.0 SOAP Attribute Query profile handler.
*/
public class HTTPSOAPAttributeQuery extends AbstractAttributeQuery {
- /** Class logger. */
- private static Logger log = Logger.getLogger(HTTPSOAPAttributeQuery.class);
-
- /**
- * This creates a new http soap attribute query.
- *
- * @param ar <code>AttributeResolver</code>
- */
- public HTTPSOAPAttributeQuery(AttributeResolver<ShibbolethAttributeRequestContext> ar) {
- super(ar);
+ /** Constructor. */
+ public HTTPSOAPAttributeQuery() {
+ super();
}
/** {@inheritDoc} */
- public void processRequest(ProfileRequest<ServletRequest> request, ProfileResponse<ServletResponse> response)
+ protected MessageDecoder<ServletRequest> getMessageDecoder(ProfileRequest<ServletRequest> request)
throws ProfileException {
- if (log.isDebugEnabled()) {
- log.debug("begin processRequest");
- }
-
- // check that request/response is of proper type
- if (!(request.getRawRequest() instanceof HttpServletRequest)) {
- throw new ProfileException(HTTPSOAPAttributeQuery.class.getName() + " can only process requests of type "
- + HttpServletRequest.class.getName());
- } else if (!(response.getRawResponse() instanceof HttpServletResponse)) {
- throw new ProfileException(HTTPSOAPAttributeQuery.class.getName() + " can only process responses of type "
- + HttpServletResponse.class.getName());
- }
-
- // create decoder
- HTTPSOAP11Decoder decoder = new HTTPSOAP11Decoder();
- decoder.setMetadataProvider(getMetadataProvider());
- // TODO decoder.setSecurityPolicy(policy);
- // TODO decoder.setTrustEngine(newEngine);
-
- // get message from the decoder
- org.opensaml.saml2.core.AttributeQuery message = null;
- try {
- decoder.setRequest((HttpServletRequest) request.getRawRequest());
- decoder.decode();
- if (log.isDebugEnabled()) {
- log.debug("decoded http servlet request");
- }
- message = (org.opensaml.saml2.core.AttributeQuery) decoder.getSAMLMessage();
- } catch (BindingException e) {
- log.error("Error decoding attribute query message", e);
- throw new ProfileException("Error decoding attribute query message");
- }
-
- // get the provider id from the message issuer
- String providerId = message.getIssuer().getSPProvidedID();
-
- // TODO get user data from the session, need sessionId
- // ?? getSessionManager().getSession(null).getServicesInformation().get(0);
- ServiceInformation serviceInformation = null;
- String principalName = serviceInformation.getSubjectNameID().getSPProvidedID();
- String authenticationMethod = serviceInformation.getAuthenticationMethod().getAuthenticationMethod();
-
- // create attribute request for the attribute authority
- ShibbolethAttributeRequestContext requestContext = null;
- try {
- requestContext = new ShibbolethAttributeRequestContext(getMetadataProvider(),
- getRelyingPartyConfiguration(providerId));
- requestContext.setPrincipalName(principalName);
- requestContext.setPrincipalAuthenticationMethod(authenticationMethod);
- requestContext.setRequest(request.getRawRequest());
- } catch (MetadataProviderException e) {
- log.error("Error creating ShibbolethAttributeRequestContext", e);
- throw new ProfileException("Error retrieving metadata", e);
- }
+ MessageDecoder<ServletRequest> decoder = new HTTPSOAP11Decoder();
+ decoder.setRequest(request.getRawRequest());
+ return decoder;
+ }
- // resolve attributes with the attribute authority
- AttributeStatement statement = null;
- try {
- statement = getAttributeAuthority().performAttributeQuery(requestContext);
- } catch (AttributeRequestException e) {
- log.error("Error resolving attributes", e);
- throw new ProfileException("Error resolving attributes", e);
- }
+ /** {@inheritDoc} */
+ protected MessageEncoder<ServletResponse> getMessageEncoder(ProfileResponse<ServletResponse> response)
+ throws ProfileException {
+ MessageEncoder<ServletResponse> encoder = new HTTPSOAP11Encoder();
+ encoder.setResponse(response.getRawResponse());
+ return encoder;
+ }
- // construct attribute response
- Response samlResponse = null;
- try {
- ProfileResponseContext profileResponse = new ProfileResponseContext(request, message);
- profileResponse.setAttributeStatement(statement);
- samlResponse = buildResponse(profileResponse, decoder.getSecurityPolicy().getIssuer().toString(), request
- .getRawRequest().getRemoteHost());
- } catch (EncryptionException e) {
- log.error("Error encrypting SAML response", e);
- throw new ProfileException("Error encrypting SAML response", e);
- }
- if (log.isDebugEnabled()) {
- log.debug("built saml2 response: " + samlResponse);
+ /** {@inheritDoc} */
+ protected String getUserSessionId(ProfileRequest<ServletRequest> request) {
+ HttpServletRequest rawRequest = (HttpServletRequest) request.getRawRequest();
+ if (rawRequest != null) {
+ return (String) rawRequest.getSession().getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
}
- // encode response
- try {
- HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
- encoder.setMetadataProvider(getMetadataProvider());
- encoder.setRelyingParty(getRelyingPartyConfiguration(providerId).getRelyingPartyId());
- encoder.setResponse((HttpServletResponse) response.getRawResponse());
- encoder.setSAMLMessage(samlResponse);
- encoder.encode();
- } catch (BindingException e) {
- log.error("Error encoding attribute query response", e);
- throw new ProfileException("Error encoding attribute query response", e);
- }
+ return null;
}
-}
+}
\ No newline at end of file
projects / java-idp.git / blobdiff