Recognize Attribute Push
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / serviceprovider / AssertionConsumerServlet.java
index 970073a..750de42 100644 (file)
@@ -60,10 +60,13 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.log4j.Logger;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLAttributeStatement;
 import org.opensaml.SAMLAudienceRestrictionCondition;
 import org.opensaml.SAMLCondition;
 import org.opensaml.SAMLException;
 import org.opensaml.SAMLResponse;
+import org.opensaml.SAMLStatement;
 import org.opensaml.SAMLBrowserProfile.BrowserProfileResponse;
 
 import x0.maceShibbolethTargetConfig1.ApplicationDocument.Application;
@@ -219,20 +222,21 @@ public class AssertionConsumerServlet extends HttpServlet {
         String sessionid=null;
         StringBuffer pproviderId = // Get back IdP Entity name from SAML
             new StringBuffer();
+        ServiceProviderConfig config = context.getServiceProviderConfig();
+        ApplicationInfo application = config.getApplication(applicationId);
+        Application applicationConfig = application.getApplicationConfig();
         
         ShibBrowserProfile profile = new ShibBrowserProfile(applicationId);
+        SPArtifactMapper mapper = new SPArtifactMapper(application,config);
         BrowserProfileResponse samldata = profile.receive(
                 pproviderId,
                 req,
                 shireURL,   // My URL (Why??) To prevent attackers from redirecting messages. 
                 context.getReplayCache(),
-                null,
+                mapper,
                 1
         );
         
-        ServiceProviderConfig config = context.getServiceProviderConfig();
-        ApplicationInfo application = config.getApplication(applicationId);
-        Application applicationConfig = application.getApplicationConfig();
         String[] audienceArray = applicationConfig.getAudienceArray();
         
         
@@ -298,16 +302,50 @@ public class AssertionConsumerServlet extends HttpServlet {
         // Very agressive attribute fetch rule 
         // Get the Attributes immediately! [good for debugging]
         Session session = sessionManager.findSession(sessionid, applicationId);
+        
+        checkForAttributePush(samldata, session);
+        
         AttributeRequestor.fetchAttributes(session);
 
         return sessionid;
     }
 
 
+    /**
+     * Scan the POST data for Attribute Assertions. If any are found,
+     * then attributes have been pushed and we don't need to go to 
+     * the AA to get them. 
+     * @param samldata The BrowserProfileResponse containing the SAMLResponse
+     * @param session The Session just created
+     */
+    private static void checkForAttributePush(BrowserProfileResponse samldata, Session session) {
+        SAMLResponse samlresponse = samldata.response;
+        Iterator assertions = samlresponse.getAssertions();
+        while (assertions.hasNext()) {
+            SAMLAssertion assertion = (SAMLAssertion) assertions.next();
+            Iterator statements = assertion.getStatements();
+            while (statements.hasNext()) {
+                SAMLStatement statement = (SAMLStatement) statements.next();
+                if (statement instanceof SAMLAttributeStatement) {
+                    log.info("Found Attributes with Authenticaiton data (Attribute Push).");
+                    session.setAttributeResponse(samlresponse);
+                    // Note, the Attribute Statements have not been checked for 
+                    // AAP or Signatures. AttributeRequestor will bypass calling
+                    // the AA and will reprocess the POST Response for Attributes.
+                    return;
+                }
+            }
+        }
+    }
+
 
+    /**
+     * Artifact comes as a GET
+     */
     protected void doGet(HttpServletRequest arg0, HttpServletResponse arg1)
        throws ServletException, IOException {
-       // Currently the Assertion Consumer does not receive a GET
+        log.debug("Received GET: "+ arg0.getQueryString());
+       doPost(arg0,arg1);
     }