import x0.maceShibbolethTargetConfig1.PathDocument.Path;
import edu.internet2.middleware.shibboleth.aap.AAP;
import edu.internet2.middleware.shibboleth.aap.AttributeRule;
+import edu.internet2.middleware.shibboleth.aap.provider.XMLAAPProvider;
import edu.internet2.middleware.shibboleth.common.Credentials;
-import edu.internet2.middleware.shibboleth.common.ShibResource;
+import edu.internet2.middleware.shibboleth.common.PluggableConfigurationComponent;
import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
import edu.internet2.middleware.shibboleth.common.Trust;
import edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrust;
+import edu.internet2.middleware.shibboleth.metadata.EntitiesDescriptor;
import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
import edu.internet2.middleware.shibboleth.metadata.Metadata;
import edu.internet2.middleware.shibboleth.metadata.RoleDescriptor;
+import edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadataProvider;
import edu.internet2.middleware.shibboleth.xml.Parser;
/**
// Map key prefix for inline plugin configuration elements
private static final String INLINEURN = "urn:inlineBS:ID";
- private static Logger log = Logger.getLogger(ContextListener.SHIBBOLETH_INIT+".Config");
+ private static Logger initlog = Logger.getLogger(ContextListener.SHIBBOLETH_INIT+".Config");
+ private static Logger reqlog = Logger.getLogger(ServiceProviderConfig.class);
private SPConfigType // The XMLBean from the main config file
config = null;
new TreeMap/*<String, Metadata>*/();
public void addOrReplaceMetadataImplementor(String uri, Metadata m) {
+ initlog.info("addOrReplaceMetadataImplementor " + uri+ " as "+m.getClass());
entityLocators.put(uri, m);
}
new TreeMap/*<String, AAP>*/();
public void addOrReplaceAAPImplementor(String uri, AAP a) {
+ initlog.info("addOrReplaceAAPImplementor " + uri+ " as "+a.getClass());
attributePolicies.put(uri,a);
}
new TreeMap/*<String, Trust>*/();
public void addOrReplaceTrustImplementor(String uri, Trust t) {
+ initlog.info("addOrReplaceTrustImplementor " + uri+ " as "+t.getClass());
certificateValidators.put(uri,t);
}
throws ShibbolethConfigurationException {
if (config!=null) {
- log.error("ServiceProviderConfig.loadConfigObjects may not be called twice for the same object.");
+ initlog.error("ServiceProviderConfig.loadConfigObjects may not be called twice for the same object.");
throw new ShibbolethConfigurationException("Cannot reload configuration into same object.");
}
+
+ initlog.info("Loading SP configuration from "+configFilePath);
Document configDoc;
try {
configDoc = Parser.loadDom(configFilePath, true);
} catch (Exception e) {
+ initlog.error("XML Parser error "+e.toString());
throw new ShibbolethConfigurationException("XML error in "+configFilePath);
}
loadConfigBean(configDoc);
}
}
+ reqlog.debug("mapRequest mapped "+urlreq+" into "+applicationId);
return applicationId;
}
Element documentElement = configDoc.getDocumentElement();
// reprocess the already validated DOM to create a bean with typed fields
// dump the trash (comments, processing instructions, extra whitespace)
-
try {
if (documentElement.getLocalName().equals("ShibbolethTargetConfig")) {
+ initlog.debug("SP Configuration file is in 1.2 syntax.");
ShibbolethTargetConfigDocument configBeanDoc;
configBeanDoc = ShibbolethTargetConfigDocument.Factory.parse(configDoc,
new XmlOptions().setLoadStripComments().setLoadStripProcinsts().setLoadStripWhitespace());
config = configBeanDoc.getShibbolethTargetConfig();
} else if (documentElement.getLocalName().equals("SPConfig")) {
+ initlog.debug("SP Configuration file is in 1.3 syntax.");
SPConfigDocument configBeanDoc;
configBeanDoc = SPConfigDocument.Factory.parse(configDoc,
new XmlOptions().setLoadStripComments().setLoadStripProcinsts().setLoadStripWhitespace());
config = configBeanDoc.getSPConfig();
} else {
+ initlog.error("Root element not ShibbolethTargetConfig or SPConfig");
throw new XmlException("Root element not ShibbolethTargetConfig or SPConfig");
}
} catch (XmlException e) {
// Since the DOM was already validated against the schema, errors will not typically occur here
- log.error("Error while parsing shibboleth configuration");
+ initlog.error("Error while parsing shibboleth configuration");
throw new ShibbolethConfigurationException("Error while parsing shibboleth configuration");
}
- try {
- String loggerUrl = config.getLogger();
- PropertyConfigurator.configure(new URL(loggerUrl));
- } catch (Exception e) {
- log.error("Cannot process logger attribute of SP configuration file.",e);
+ String loggerUrlString = config.getLogger();
+ if (loggerUrlString!=null) {
+ try {
+ URL loggerURL = new URL(loggerUrlString);
+ initlog.warn("logging is being reconfigured by "+ loggerUrlString);
+ PropertyConfigurator.configure(loggerURL);
+ } catch (MalformedURLException e) {
+ // This error is not serious enough to prevent initialization
+ initlog.error("Ignoring invalid value for logger attribute "+loggerUrlString );
+ }
}
Applications apps = config.getApplications(); // <Applications>
anyError |= processCredentials();
anyError |= processPluggableRequestMapProvider();
- if (anyError)
+ if (anyError) {
+ initlog.error("SP Initialization terminated due to configuration errors");
throw new ShibbolethConfigurationException("Errors processing configuration file, see log");
+ }
}
String pluggabletype = pluggable[i].getType();
if (!pluggabletype.equals(
"edu.internet2.middleware.shibboleth.common.Credentials")) {
- log.error("Unsupported CredentialsProvider type "+pluggabletype);
+ initlog.error("Unsupported CredentialsProvider type "+pluggabletype);
anyError=true;
continue;
}
Node credentialsNode=credentialsProviderNode.getFirstChild();
credentials = new Credentials((Element)credentialsNode);
} catch(Exception e) {
- log.error("Cannot process Credentials element of Shibboleth configuration");
- log.error(e);
+ initlog.error("Cannot process Credentials element of Shibboleth configuration",e);
anyError=true;
continue;
}
if (!pluggabletype.equals(builtinName)) {
// Not the builtin type, try to load user class by name
+ initlog.info("loading user-specified pluggable class "+pluggabletype);
try {
implclass = Class.forName(pluggabletype);
} catch (ClassNotFoundException e) {
- log.error("Type value "+pluggabletype+" not found as supplied Java class");
+ initlog.error("Type value "+pluggabletype+" not found as supplied Java class");
return null;
}
if (!interfaceClass.isAssignableFrom(implclass)||
!PluggableConfigurationComponent.class.isAssignableFrom(implclass)) {
- log.error(pluggabletype+" class does not support required interfaces.");
+ initlog.error(pluggabletype+" class does not support required interfaces.");
return null;
}
}
try {
impl = (PluggableConfigurationComponent) implclass.newInstance();
} catch (Exception e) {
- log.error("Unable to instantiate "+pluggabletype);
+ initlog.error("Unable to instantiate "+pluggabletype);
return null;
}
try {
Node fragment = pluggable.newDomNode(); // XML-Fragment node
Node pluggableNode = fragment.getFirstChild(); // PluggableType
- Node contentNode=pluggableNode.getFirstChild();// root element
+ Element contentNode=(Element) pluggableNode.getFirstChild();// root element
impl.initialize(contentNode);
} catch (Exception e) {
- log.error("XML error " + e);
+ initlog.error("XML error " + e);
return null;
}
Document extdoc = Parser.loadDom(uri,true);
if (extdoc==null)
return null;
- impl.initialize(extdoc);
+ impl.initialize(extdoc.getDocumentElement());
} catch (Exception e) {
- log.error("XML error " + e);
+ initlog.error("XML error " + e);
return null;
}
}
}
for (int i = 0;i<pluggable.length;i++) {
String uri = processPluggable(pluggable[i],
- XMLMetadataImpl.class,
+ XMLMetadataProvider.class,
Metadata.class,
XMLFEDERATIONPROVIDERTYPE,
entityLocators);
Document sitedoc = Parser.loadDom(uri,true);
if (sitedoc==null)
return false;
- XMLMetadataImpl impl = new XMLMetadataImpl();
- impl.initialize(sitedoc);
+ XMLMetadataProvider impl = new XMLMetadataProvider();
+ impl.initialize(sitedoc.getDocumentElement());
addOrReplaceMetadataImplementor(uri,impl);
} catch (Exception e) {
- log.error("Error while parsing Metadata file "+uri);
- log.error("XML error " + e);
+ initlog.error("Error while parsing Metadata file "+uri);
+ initlog.error("XML error " + e);
return false;
}
return true;
PluggableType[] pluggable = appinfo.getApplicationConfig().getAAPProviderArray();
for (int i = 0;i<pluggable.length;i++) {
String uri = processPluggable(pluggable[i],
- XMLAAPImpl.class,
+ XMLAAPProvider.class,
AAP.class,
XMLAAPPROVIDERTYPE,
attributePolicies);
if (aapdoc==null)
return false;
AttributeAcceptancePolicyDocument aap = AttributeAcceptancePolicyDocument.Factory.parse(aapdoc);
- XMLAAPImpl impl = new XMLAAPImpl();
- impl.initialize(aapdoc);
+ XMLAAPProvider impl = new XMLAAPProvider();
+ impl.initialize(aapdoc.getDocumentElement());
addOrReplaceAAPImplementor(uri,impl);
} catch (Exception e) {
- log.error("Error while parsing AAP file "+uri);
- log.error("XML error " + e);
+ initlog.error("Error while parsing AAP file "+uri);
+ initlog.error("XML error " + e);
return false;
}
return true;
PluggableType[] pluggable = appinfo.getApplicationConfig().getTrustProviderArray();
for (int i = 0;i<pluggable.length;i++) {
String uri = processPluggable(pluggable[i],
- ShibbolethTrustPluggable.class,
+ ShibbolethTrust.class,
Trust.class,
XMLTRUSTPROVIDERTYPE,
certificateValidators);
if (shire==null)
shire = config.getLocal();
if (shire==null) {
- log.error("No Local element.");
+ initlog.error("No SHIRE or Local element.");
return true;
}
PluggableType mapProvider = shire.getRequestMapProvider();
String pluggabletype = mapProvider.getType();
if (!pluggabletype.equals(XMLREQUESTMAPPROVIDERTYPE)) {
- log.error("Unsupported RequestMapProvider type "+pluggabletype);
+ initlog.error("Unsupported RequestMapProvider type "+pluggabletype);
return true;
}
requestMapDoc = RequestMapDocument.Factory.parse(contentNode);
} catch (Exception e) {
- log.error("Error while parsing inline RequestMap");
- log.error("XML error " + e);
+ initlog.error("Error while parsing inline RequestMap");
+ initlog.error("XML error " + e);
return true;
}
return true;
requestMapDoc = RequestMapDocument.Factory.parse(mapdoc);
} catch (Exception e) {
- log.error("Error while parsing RequestMap file "+uri);
- log.error("XML error " + e);
+ initlog.error("Error while parsing RequestMap file "+uri);
+ initlog.error("XML error " + e);
return true;
}
}
* @param id ID of the IdP entity
* @return EntityDescriptor metadata object for that site.
*/
- public EntityDescriptor lookup(String id) {
+ public EntityDescriptor lookup(String id, boolean strict) {
Iterator iuris = groupUris.iterator();
while (iuris.hasNext()) {
String uri =(String) iuris.next();
Metadata locator=getMetadataImplementor(uri);
- EntityDescriptor entity = locator.lookup(id);
- if (entity!=null)
+ EntityDescriptor entity = locator.lookup(id, strict);
+ if (entity!=null) {
+ reqlog.debug("Metadata.lookup resolved Entity "+ id);
return entity;
+ }
}
+ reqlog.warn("Metadata.lookup failed to resolve Entity "+ id);
return null;
}
- public EntityDescriptor lookup(Artifact artifact) {
+ public EntityDescriptor lookup(Artifact artifact, boolean strict) {
Iterator iuris = groupUris.iterator();
while (iuris.hasNext()) {
String uri =(String) iuris.next();
Metadata locator=getMetadataImplementor(uri);
- EntityDescriptor entity = locator.lookup(artifact);
- if (entity!=null)
+ EntityDescriptor entity = locator.lookup(artifact, strict);
+ if (entity!=null) {
+ reqlog.debug("Metadata.lookup resolved Artifact "+ artifact);
return entity;
+ }
}
+ reqlog.warn("Metadata.lookup failed to resolve Artifact "+ artifact);
return null;
}
+
+ public EntityDescriptor lookup(String id) {
+ return lookup(id,true);
+ }
+
+ public EntityDescriptor lookup(Artifact artifact) {
+ return lookup(artifact,true);
+ }
+
+ public EntityDescriptor getRootEntity() {
+ return null;
+ }
+
+ public EntitiesDescriptor getRootEntities() {
+ return null;
+ }
/**
* Return the current array of objects that implement the Trust interface
// Foreach AAP in the collection
AAP[] providers = getAAPProviders();
if (providers.length == 0) {
- log.info("no filters specified, accepting entire assertion");
+ reqlog.info("no filters specified, accepting entire assertion");
return;
}
for (int i=0;i<providers.length;i++) {
AAP aap = providers[i];
if (aap.anyAttribute()) {
- log.info("any attribute enabled, accepting entire assertion");
+ reqlog.info("any attribute enabled, accepting entire assertion");
continue;
}
}
rule.apply(attribute,role);
}
catch (SAMLException ex) {
- log.info("no values remain, removing attribute");
+ reqlog.info("no values remain, removing attribute");
attributeStatement.removeAttribute(iattribute--);
break;
}
}
}
if (!ruleFound) {
- log.warn("no rule found for attribute (" + attribute.getName() + "), filtering it out");
+ reqlog.warn("no rule found for attribute (" + attribute.getName() + "), filtering it out");
attributeStatement.removeAttribute(iattribute--);
}
iattribute++;
}
catch (SAMLException ex) {
// The statement is now defunct.
- log.info("no attributes remain, removing statement");
+ reqlog.info("no attributes remain, removing statement");
assertion.removeStatement(istatement);
}
}
if (trust.validate(token,role))
return true;
}
+ reqlog.warn("SAML object failed Trust validation.");
return false;
}
if (trust.validate(certificateEE,certificateChain,descriptor))
return true;
}
+ reqlog.warn("X.509 Certificate failed Trust validate");
return false;
}
if (trust.validate(certificateEE,certificateChain,descriptor,checkName))
return true;
}
+ reqlog.warn("X.509 Certificate failed Trust validate");
return false;
}
projects / java-idp.git / blobdiff