Started to rework AA request error handling. Processing now short-circuits when...
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 4 Feb 2003 23:37:30 +0000 (23:37 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 4 Feb 2003 23:37:30 +0000 (23:37 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@449 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/aa/AASaml.java
src/edu/internet2/middleware/shibboleth/aa/AAServlet.java

index 5400c89..f656895 100755 (executable)
@@ -58,16 +58,34 @@ package edu.internet2.middleware.shibboleth.aa;
  */
 
 
-import java.util.*;
 import java.io.IOException;
-import javax.servlet.*;
-import javax.servlet.http.*;
-import edu.internet2.middleware.shibboleth.*;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLAttribute;
+import org.opensaml.SAMLAttributeQuery;
+import org.opensaml.SAMLAttributeStatement;
+import org.opensaml.SAMLAudienceRestrictionCondition;
+import org.opensaml.SAMLBinding;
+import org.opensaml.SAMLCondition;
+import org.opensaml.SAMLException;
+import org.opensaml.SAMLQuery;
+import org.opensaml.SAMLRequest;
+import org.opensaml.SAMLResponse;
+import org.opensaml.SAMLStatement;
+import org.opensaml.SAMLSubject;
+import sun.misc.BASE64Decoder;
+
 import edu.internet2.middleware.shibboleth.common.Constants;
 import edu.internet2.middleware.shibboleth.common.SAMLBindingFactory;
-import org.w3c.dom.*;
-import org.opensaml.*;
-import org.apache.log4j.Logger;
 
 
 public class AASaml {
@@ -178,9 +196,19 @@ public class AASaml {
            SAMLResponse sResp = new SAMLResponse((sreq!=null) ? sreq.getRequestId() : null,
                                                  /* recipient URL*/ null,
                                                  /* an assersion*/ null,
-                                                 exception);   
+                                                 exception);
+               if (log.isDebugEnabled()) {
+                       try {
+                               log.debug(
+                                       "Dumping generated SAML Error Response:"
+                                       + System.getProperty("line.separator")
+                                       + new String(new BASE64Decoder().decodeBuffer(new String(sResp.toBase64(), "ASCII")), "UTF8"));
+                               } catch (IOException e) {
+                                       log.error("Encountered an error while decoding SAMLReponse for logging purposes.");
+                               }
+                       }
            binding.respond(resp, sResp, null);
-           log.debug("AA Successfully made an error message :)");
+           log.debug("Returning SAML Error Response.");
        }catch(SAMLException se){
            binding.respond(resp, null, exception);
            log.info("AA failed to make an error message: "+se);
index 5626da6..99d8da3 100755 (executable)
@@ -78,7 +78,6 @@ import edu.internet2.middleware.eduPerson.Init;
 import edu.internet2.middleware.shibboleth.aa.arp.AAPrincipal;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpException;
-import edu.internet2.middleware.shibboleth.hs.HandleException;
 import edu.internet2.middleware.shibboleth.hs.HandleRepository;
 import edu.internet2.middleware.shibboleth.hs.HandleRepositoryException;
 import edu.internet2.middleware.shibboleth.hs.HandleRepositoryFactory;
@@ -87,8 +86,8 @@ import edu.internet2.middleware.shibboleth.hs.HandleRepositoryFactory;
  *  Attribute Authority & Release Policy
  *  Handles Initialization and incoming requests to AA
  *
- * @author     Parviz Dousti (dousti@cmu.edu)
- * @created    June, 2002
+ * @author Parviz Dousti (dousti@cmu.edu)
+ * @author     Walter Hoehn (wassa@columbia.edu)
  */
 
 public class AAServlet extends HttpServlet {
@@ -192,26 +191,48 @@ public class AAServlet extends HttpServlet {
                return properties;
        }
 
-       public void doPost(HttpServletRequest req, HttpServletResponse resp)
-               throws ServletException, IOException {
+       public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 
                log.debug("Recieved a request.");
                MDC.put("serviceId", new SAMLIdentifier().toString());
                MDC.put("remoteAddr", req.getRemoteAddr());
                log.info("Handling request.");
 
-               List attrs = null;
-               SAMLException ourSE = null;
                AASaml saml = null;
-               Principal principal = null;
 
                try {
                        saml =
-                               new AASaml(
-                                       configuration.getProperty(
-                                               "edu.internet2.middleware.shibboleth.aa.AAServlet.authorityName"));
+                               new AASaml(configuration.getProperty("edu.internet2.middleware.shibboleth.aa.AAServlet.authorityName"));
                        saml.receive(req);
 
+                       log.info("Attribute Query Handle for this request: (" + saml.getHandle() + ").");
+                       Principal principal = null;
+                       if (saml.getHandle().equalsIgnoreCase("foo")) {
+                               // for testing
+                               principal = new AAPrincipal("test-handle");
+                       } else {
+                               principal = handleRepository.getPrincipal(saml.getHandle());
+                               if (principal == null) {
+                                       log.info("Could not associate the Attribute Query Handle with a principal.");
+                                       try {
+                                               QName[] codes =
+                                                       {
+                                                               SAMLException.REQUESTER,
+                                                               new QName(edu.internet2.middleware.shibboleth.common.XML.SHIB_NS, "InvalidHandle")};
+                                               saml.fail(
+                                                       resp,
+                                                       new SAMLException(
+                                                               Arrays.asList(codes),
+                                                               "The supplied Attribute Query Handle was unrecognized or expired."));
+                                               return;
+                                       } catch (Exception ee) {
+                                               log.fatal("Could not construct a SAML error response: " + ee);
+                                               throw new ServletException("Attribute Authority response failure.");
+                                       }
+                               }
+                               throw new Exception("asdf");
+                       }
+
                        URL resource = null;
                        try {
                                resource = new URL(saml.getResource());
@@ -223,81 +244,35 @@ public class AAServlet extends HttpServlet {
 
                        String shar = saml.getShar();
                        log.info("AA: shar:" + shar);
-                       String handle = saml.getHandle();
-                       log.info("AA: handle:" + handle);
-                       if (handle.equalsIgnoreCase("foo")) {
-                               // for testing only
-                               new AAPrincipal("dummy");
-                       } else {
-                               principal = handleRepository.getPrincipal(handle);
-                               if (principal == null) {
-                                       throw new HandleException("Received a request for an invalid/unknown handle.");
-                               }
-                       }
 
-                       attrs =
+                       List attrs =
                                Arrays.asList(
                                        responder.getReleaseAttributes(
                                                principal,
-                                               configuration.getProperty(
-                                                       "edu.internet2.middleware.shibboleth.aa.AAServlet.ldapUserDnPhrase"),
+                                               configuration.getProperty("edu.internet2.middleware.shibboleth.aa.AAServlet.ldapUserDnPhrase"),
                                                shar,
                                                resource));
                        log.info("Got " + attrs.size() + " attributes for " + principal.getName());
                        saml.respond(resp, attrs, null);
                        log.info("Successfully responded about " + principal.getName());
 
-               } catch (org.opensaml.SAMLException se) {
-                       log.error("AA failed for " + principal.getName() + " because of: " + se);
-                       try {
+               } catch (SAMLException se) {
+                       //log.error("AA failed for " + principal.getName() + " because of: " + se);
+                       try { 
                                saml.fail(resp, se);
+                               return;
                        } catch (Exception ee) {
-                               throw new ServletException(
-                                       "AA failed to even make a SAML Failure message because "
-                                               + ee
-                                               + "  Origianl problem: "
-                                               + se);
-                       }
-               } catch (HandleException he) {
-                       log.error("AA failed for " + principal.getName() + " because of: " + he);
-                       try {
-                               QName[] codes = new QName[2];
-                               codes[0] = SAMLException.REQUESTER;
-                               codes[1] =
-                                       new QName(
-                                               edu.internet2.middleware.shibboleth.common.XML.SHIB_NS,
-                                               "InvalidHandle");
-                               saml.fail(
-                                       resp,
-                                       new SAMLException(Arrays.asList(codes), "AA got a HandleException: " + he));
-                       } catch (Exception ee) {
-                               throw new ServletException(
-                                       "AA failed to even make a SAML Failure message because "
-                                               + ee
-                                               + "  Original problem: "
-                                               + he);
+                               log.fatal("Could not construct a SAML error response: " + ee);
+                               throw new ServletException("Attribute Authority response failure.");
                        }
                } catch (Exception e) {
-                       e.printStackTrace();
-                       log.error(
-                               "Attribute Authority Error for principal ("
-                                       + principal.getName()
-                                       + ") : "
-                                       + e.getClass().getName()
-                                       + " : "
-                                       + e.getMessage());
+                       log.error("Error while processing request: " + e);
                        try {
-                               saml.fail(
-                                       resp,
-                                       new SAMLException(
-                                               SAMLException.RESPONDER,
-                                               "Attribute Authority Error: " + e.getMessage()));
+                               saml.fail(resp, new SAMLException(SAMLException.RESPONDER, "General error processing request."));
+                               return;
                        } catch (Exception ee) {
-                               throw new ServletException(
-                                       "AA failed to even make a SAML Failure message because "
-                                               + ee
-                                               + "  Original problem: "
-                                               + e);
+                               log.fatal("Could not construct a SAML error response: " + ee);
+                               throw new ServletException("Attribute Authority response failure.");
                        }
 
                }