/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
- * All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu>Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package edu.internet2.middleware.shibboleth.utils;
import org.apache.log4j.Logger;
import org.apache.log4j.MDC;
-import sun.security.acl.PrincipalImpl;
+import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
/**
- * Simple Servlet Filter that populates the ServletRequest with data from a client certificate. Relies
- * on external mechanisms to properly authorize the certificate.
- *
+ * Simple Servlet Filter that populates the ServletRequest with data from a client certificate. Relies on external
+ * mechanisms to properly authorize the certificate.
+ *
* @author Walter Hoehn
*/
public class ClientCertTrustFilter implements Filter {
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig config) throws ServletException {
+
if (config.getInitParameter("regex") != null) {
try {
regex = Pattern.compile(config.getInitParameter("regex"));
} catch (PatternSyntaxException e) {
- throw new ServletException("Failed to start ClientCertTrustFilter: supplied regular expression fails to compile.");
+ throw new ServletException(
+ "Failed to start ClientCertTrustFilter: supplied regular expression fails to compile.");
}
}
try {
matchGroup = Integer.parseInt(config.getInitParameter("matchGroup"));
} catch (NumberFormatException e) {
- throw new ServletException("Failed to start ClientCertTrustFilter: supplied matchGroup is not an integer.");
+ throw new ServletException(
+ "Failed to start ClientCertTrustFilter: supplied matchGroup is not an integer.");
}
}
}
/**
- * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
+ * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
+ * javax.servlet.FilterChain)
*/
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
- throws IOException, ServletException {
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+ ServletException {
MDC.put("serviceId", "[Client Cert Trust Filter]");
Matcher matches = regex.matcher(certs[0].getSubjectDN().getName());
if (!matches.find()) {
log.error("Principal could not be extracted from Certificate Subject.");
- httpResponse.sendError(
- HttpServletResponse.SC_FORBIDDEN,
- "Client certificate does not contain required data.");
+ httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN,
+ "Client certificate does not contain required data.");
return;
}
String principalName;
principalName = matches.group(matchGroup);
} catch (IndexOutOfBoundsException e) {
log.error("Principal could not be extracted from Certificate Subject: matchGroup out of bounds.");
- httpResponse.sendError(
- HttpServletResponse.SC_FORBIDDEN,
- "Client certificate does not contain required data.");
+ httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN,
+ "Client certificate does not contain required data.");
return;
}
log.debug("Extracted principal name (" + principalName + ") from Subject.");
- chain.doFilter(new ClientCertTrustWrapper(httpRequest, new PrincipalImpl(principalName)), response);
+ chain.doFilter(new ClientCertTrustWrapper(httpRequest, new AuthNPrincipal(principalName)), response);
}
/**
* @see javax.servlet.Filter#destroy()
*/
public void destroy() {
- //required by interface
- //no resources to clean
+
+ //required by interface
+ //no resources to clean
}
/**
- * <code>HttpServletRequest</code> wrapper class. Returns a locally specified principal
- * and hardcoded authType.
+ * <code>HttpServletRequest</code> wrapper class. Returns a locally specified principal and hardcoded authType.
*/
private class ClientCertTrustWrapper extends HttpServletRequestWrapper {
private Principal principal;
private ClientCertTrustWrapper(HttpServletRequest request, Principal principal) {
+
super(request);
this.principal = principal;
}
* @see javax.servlet.http.HttpServletRequest#getAuthType()
*/
public String getAuthType() {
+
return HttpServletRequest.CLIENT_CERT_AUTH;
}
* @see javax.servlet.http.HttpServletRequest#getRemoteUser()
*/
public String getRemoteUser() {
+
return principal.getName();
}
* @see javax.servlet.http.HttpServletRequest#getUserPrincipal()
*/
public Principal getUserPrincipal() {
+
return principal;
}
}
-}
+}
\ No newline at end of file
import org.apache.log4j.Logger;
import org.opensaml.SAMLException;
-import sun.security.acl.PrincipalImpl;
+
import edu.internet2.middleware.shibboleth.aa.AAAttribute;
import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ScopedStringValueHandler;
+import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
/**
* Validation suite for the <code>AttributeResolver</code>.
new Object[] { "urn:mace:example.edu:exampleEntitlement" })
});
- ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", inputAttributes);
+ ar.resolveAttributes(new AuthNPrincipal("mytestuser"), "shar.example.edu", inputAttributes);
assertEquals("Attribute Resolver returned unexpected attribute set.", inputAttributes, outputAttributes);
new ScopedStringValueHandler("example.edu"))
});
- ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", inputAttributes);
+ ar.resolveAttributes(new AuthNPrincipal("mytestuser"), "shar.example.edu", inputAttributes);
assertEquals("Attribute Resolver returned unexpected attribute set.", inputAttributes, outputAttributes);
} catch (AttributeResolverException e) {
new AAAttributeSet(new AAAttribute[] { new AAAttribute("myAffiliation", new Object[] { "member" })
});
- ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", inputAttributes);
+ ar.resolveAttributes(new AuthNPrincipal("mytestuser"), "shar.example.edu", inputAttributes);
assertEquals("Attribute Resolver returned unexpected attribute set.", inputAttributes, outputAttributes);
} catch (AttributeResolverException e) {
new Object[] { "urn:mace:example.edu:exampleEntitlement" })
});
- ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", inputAttributes);
+ ar.resolveAttributes(new AuthNPrincipal("mytestuser"), "shar.example.edu", inputAttributes);
assertEquals("Attribute Resolver returned unexpected attribute set.", inputAttributes, outputAttributes);
new ScopedStringValueHandler("example.edu"))
});
- ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", inputAttributes);
+ ar.resolveAttributes(new AuthNPrincipal("mytestuser"), "shar.example.edu", inputAttributes);
assertEquals("Attribute Resolver returned unexpected attribute set.", inputAttributes, outputAttributes);
AAAttributeSet outputAttributes = new AAAttributeSet();
- ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", inputAttributes);
+ ar.resolveAttributes(new AuthNPrincipal("mytestuser"), "shar.example.edu", inputAttributes);
assertEquals("Attribute Resolver returned unexpected attribute set.", inputAttributes, outputAttributes);
AAAttributeSet outputAttributes = new AAAttributeSet();
- ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", inputAttributes);
+ ar.resolveAttributes(new AuthNPrincipal("mytestuser"), "shar.example.edu", inputAttributes);
assertEquals("Attribute Resolver returned unexpected attribute set.", inputAttributes, outputAttributes);
} catch (ClassCastException e) {
new AAAttribute("urn:mace:shibboleth:test:eduPersonAffiliation", new Object[] { "member" })
});
- ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", inputAttributes);
+ ar.resolveAttributes(new AuthNPrincipal("mytestuser"), "shar.example.edu", inputAttributes);
assertEquals("Attribute Resolver returned unexpected attribute set.", inputAttributes, outputAttributes);
projects / java-idp.git / commitdiff