Refactor outbound message encoder selection into a distinct method to:

1) consolidate logic and avoid duplication of code
2) check and avoid NPE's if endpoint or binding is null due to misconfiguration
3) allow subclasses to override encoder selection mechanism (re: uPortal work)

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2865 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java
index 76078d9..a7413f9 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java
@@ -23,6 +23,7 @@ import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 
 import org.opensaml.common.IdentifierGenerator;
+import org.opensaml.common.binding.SAMLMessageContext;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
 import org.opensaml.common.binding.encoding.SAMLMessageEncoder;
 import org.opensaml.saml1.core.NameIdentifier;
@@ -495,23 +496,7 @@ public abstract class AbstractSAMLProfileHandler extends
      */
     protected void encodeResponse(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
         try {
-            SAMLMessageEncoder encoder = null;
-
-            Endpoint endpoint = requestContext.getPeerEntityEndpoint();
-            if (endpoint == null) {
-                log.warn("No peer endpoint available for peer. Unable to send response.");
-                throw new ProfileException("No peer endpoint available for peer. Unable to send response.");
-            }
-
-            if (endpoint != null) {
-                encoder = getMessageEncoders().get(endpoint.getBinding());
-                if (encoder == null) {
-                    log.error("No outbound message encoder configured for binding: {}", requestContext
-                            .getPeerEntityEndpoint().getBinding());
-                    throw new ProfileException("No outbound message encoder configured for binding: "
-                            + requestContext.getPeerEntityEndpoint().getBinding());
-                }
-            }
+            SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext);
 
             AbstractSAMLProfileConfiguration profileConfig = (AbstractSAMLProfileConfiguration) requestContext
                     .getProfileConfiguration();
@@ -550,6 +535,46 @@ public abstract class AbstractSAMLProfileHandler extends
     }
 
     /**
+     * Get the outbound message encoder to use.
+     * 
+     * <p>The default implementation uses the binding URI from the 
+     * {@link SAMLMessageContext#getPeerEntityEndpoint()} to lookup
+     * the encoder from the supported message encoders defined in {@link #getMessageEncoders()}.
+     * </p>
+     * 
+     * <p>
+     * Subclasses may override to implement a different mechanism to determine the 
+     * encoder to use, such as for example cases where an active intermediary actor
+     * sits between this provider and the peer entity endpoint (e.g. the SAML 2 ECP case).
+     * </p>
+     * 
+     * @param requestContext current request context
+     * @return the message encoder to use
+     * @throws ProfileException if the encoder to use can not be resolved based on the request context
+     */
+    protected SAMLMessageEncoder getOutboundMessageEncoder(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        SAMLMessageEncoder encoder = null;
+
+        Endpoint endpoint = requestContext.getPeerEntityEndpoint();
+        if (endpoint == null) {
+            log.warn("No peer endpoint available for peer. Unable to send response.");
+            throw new ProfileException("No peer endpoint available for peer. Unable to send response.");
+        }
+
+        if (endpoint != null) {
+            encoder = getMessageEncoders().get(endpoint.getBinding());
+            if (encoder == null) {
+                log.error("No outbound message encoder configured for binding: {}", requestContext
+                        .getPeerEntityEndpoint().getBinding());
+                throw new ProfileException("No outbound message encoder configured for binding: "
+                        + requestContext.getPeerEntityEndpoint().getBinding());
+            }
+        }
+        return encoder;
+    }
+
+    /**
      * Writes an audit log entry indicating the successful response to the attribute request.
      * 
      * @param context current request context

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
index d3fed40..41758ad 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
@@ -606,7 +606,7 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
         boolean signAssertion = false;
 
         RoleDescriptor relyingPartyRole = requestContext.getPeerEntityRoleMetadata();
-        SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding());
+        SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext);
         AbstractSAML1ProfileConfiguration profileConfig = requestContext.getProfileConfiguration();
 
         try {

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
index 22a4709..d987f0f 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
@@ -266,7 +266,7 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
 
             signAssertion(requestContext, assertion);
 
-            SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding());
+            SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext);
             try {
                 if (requestContext.getProfileConfiguration().getEncryptAssertion() == CryptoOperationRequirementLevel.always
                         || (requestContext.getProfileConfiguration().getEncryptAssertion() == CryptoOperationRequirementLevel.conditional && !encoder
@@ -543,7 +543,7 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
 
         boolean signAssertion = false;
 
-        SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding());
+        SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext);
         AbstractSAML2ProfileConfiguration profileConfig = requestContext.getProfileConfiguration();
         try {
             if (profileConfig.getSignAssertions() == CryptoOperationRequirementLevel.always
@@ -684,7 +684,7 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
             }
         }
 
-        SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding());
+        SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext);
         try {
             if (nameIdEncRequiredByAuthnRequest
                     || requestContext.getProfileConfiguration().getEncryptNameID() == CryptoOperationRequirementLevel.always