AA compiles again.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 29 Jan 2004 05:39:11 +0000 (05:39 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 29 Jan 2004 05:39:11 +0000 (05:39 +0000)
Mostly converted to new configuration mechanism.
Uses Name Identifier Mapper.
Uses Relying Party overrides.

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@863 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/aa/AAConfig.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/aa/AAResponder.java
src/edu/internet2/middleware/shibboleth/aa/AAServlet.java
src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java
src/edu/internet2/middleware/shibboleth/common/ShibbolethConfigurationException.java [moved from src/edu/internet2/middleware/shibboleth/hs/HSConfigurationException.java with 91% similarity]
src/edu/internet2/middleware/shibboleth/common/ShibbolethOriginConfig.java
src/edu/internet2/middleware/shibboleth/hs/HSConfig.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java

diff --git a/src/edu/internet2/middleware/shibboleth/aa/AAConfig.java b/src/edu/internet2/middleware/shibboleth/aa/AAConfig.java
new file mode 100644 (file)
index 0000000..7255e21
--- /dev/null
@@ -0,0 +1,68 @@
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation
+ * for Advanced Internet Development, Inc. All rights reserved
+ * 
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear.
+ * 
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
+ * please contact shibboleth@shibboleth.org
+ * 
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
+ * University Corporation for Advanced Internet Development.
+ * 
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.aa;
+
+import org.w3c.dom.Element;
+
+import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
+import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
+
+/**
+ * @author Walter Hoehn
+ */
+public class AAConfig extends ShibbolethOriginConfig {
+
+       public AAConfig(Element config) throws ShibbolethConfigurationException {
+
+               super(config);
+
+               dumpPropertiesToLog();
+
+       }
+
+}
index f1a8304..20b9988 100755 (executable)
@@ -68,6 +68,7 @@ import org.opensaml.SAMLException;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpProcessingException;
 import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver;
+import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 
 public class AAResponder {
 
@@ -75,7 +76,7 @@ public class AAResponder {
        private AttributeResolver resolver;
        private static Logger log = Logger.getLogger(AAResponder.class.getName());
 
-       public AAResponder(ArpEngine arpEngine, AttributeResolver resolver) throws AAException {
+       public AAResponder(ArpEngine arpEngine, AttributeResolver resolver) throws ShibbolethConfigurationException {
 
                this.arpEngine = arpEngine;
                this.resolver = resolver;
index 99f2df4..829ae94 100755 (executable)
@@ -1,50 +1,48 @@
-/* 
- * The Shibboleth License, Version 1. 
- * Copyright (c) 2002 
- * University Corporation for Advanced Internet Development, Inc. 
- * All rights reserved
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation
+ * for Advanced Internet Development, Inc. All rights reserved
  * 
  * 
- * Redistribution and use in source and binary forms, with or without 
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  * 
- * Redistributions of source code must retain the above copyright notice, this 
+ * Redistributions of source code must retain the above copyright notice, this
  * list of conditions and the following disclaimer.
  * 
- * Redistributions in binary form must reproduce the above copyright notice, 
- * this list of conditions and the following disclaimer in the documentation 
- * and/or other materials provided with the distribution, if any, must include 
- * the following acknowledgment: "This product includes software developed by 
- * the University Corporation for Advanced Internet Development 
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
- * may appear in the software itself, if and wherever such third-party 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
  * acknowledgments normally appear.
  * 
- * Neither the name of Shibboleth nor the names of its contributors, nor 
- * Internet2, nor the University Corporation for Advanced Internet Development, 
- * Inc., nor UCAID may be used to endorse or promote products derived from this 
- * software without specific prior written permission. For written permission, 
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
  * please contact shibboleth@shibboleth.org
  * 
- * Products derived from this software may not be called Shibboleth, Internet2, 
- * UCAID, or the University Corporation for Advanced Internet Development, nor 
- * may Shibboleth appear in their name, without prior written permission of the 
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
  * University Corporation for Advanced Internet Development.
  * 
  * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 package edu.internet2.middleware.shibboleth.aa;
@@ -113,6 +111,7 @@ import edu.internet2.middleware.shibboleth.common.SAMLBindingFactory;
 import edu.internet2.middleware.shibboleth.common.ServiceProviderMapper;
 import edu.internet2.middleware.shibboleth.common.ServiceProviderMapperException;
 import edu.internet2.middleware.shibboleth.common.ShibResource;
+import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
 
 /**
@@ -121,7 +120,7 @@ import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
 
 public class AAServlet extends HttpServlet {
 
-       private ShibbolethOriginConfig configuration;
+       private AAConfig configuration;
        protected AAResponder responder;
        private NameMapper nameMapper;
        private SAMLBinding binding;
@@ -137,7 +136,7 @@ public class AAServlet extends HttpServlet {
                log.info("Initializing Attribute Authority.");
 
                try {
-                       
+
                        nameMapper = new NameMapper();
                        loadConfiguration();
 
@@ -158,7 +157,7 @@ public class AAServlet extends HttpServlet {
                        log.fatal(
                                "The AA could not be initialized due to a problem with the Attribute Resolver configuration: " + ne);
                        throw new UnavailableException("Attribute Authority failed to initialize.");
-               } catch (AAException ae) {
+               } catch (ShibbolethConfigurationException ae) {
                        log.fatal("The AA could not be initialized: " + ae);
                        throw new UnavailableException("Attribute Authority failed to initialize.");
                } catch (SAMLException se) {
@@ -167,7 +166,7 @@ public class AAServlet extends HttpServlet {
                }
 
        }
-       protected void loadConfiguration() throws AAException {
+       protected void loadConfiguration() throws ShibbolethConfigurationException {
 
                //TODO could maybe factor some of the common stuff up a level.
 
@@ -185,14 +184,14 @@ public class AAServlet extends HttpServlet {
 
                } catch (SAXException e) {
                        log.error("Error while parsing origin configuration: " + e);
-                       throw new AAException("Error while parsing origin configuration.");
+                       throw new ShibbolethConfigurationException("Error while parsing origin configuration.");
                } catch (IOException e) {
                        log.error("Could not load origin configuration: " + e);
-                       throw new AAException("Could not load origin configuration.");
+                       throw new ShibbolethConfigurationException("Could not load origin configuration.");
                }
 
                //Load global configuration properties
-               configuration = new ShibbolethOriginConfig(parser.getDocument().getDocumentElement());
+               configuration = new AAConfig(parser.getDocument().getDocumentElement());
 
                //Load name mappings
                NodeList itemElements =
@@ -213,94 +212,44 @@ public class AAServlet extends HttpServlet {
                        targetMapper =
                                new ServiceProviderMapper(
                                        parser.getDocument().getDocumentElement(),
-                                       configuration,
-                                       credentials,
-                                       nameMapper);
+                                       configuration);
                } catch (ServiceProviderMapperException e) {
                        log.error("Could not load origin configuration: " + e);
-                       throw new AAException("Could not load origin configuration.");
+                       throw new ShibbolethConfigurationException("Could not load origin configuration.");
                }
 
                /*
-                               //Set defaults
-                               Properties defaultProps = new Properties();
-                               defaultProps.setProperty(
-                                       "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository.Path",
-                                       "/conf/arps/");
-                               defaultProps.setProperty(
-                                       "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig",
-                                       "/conf/resolver.xml");
-                               defaultProps.setProperty(
-                                       "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
-                                       "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
-                               defaultProps.setProperty("edu.internet2.middleware.shibboleth.audiences", "urn:mace:inqueue");
-                               defaultProps.setProperty("edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors", "false");
-               
-                               //Load from file
-                               Properties properties = new Properties(defaultProps);
-                               String propertiesFileLocation = getInitParameter("OriginPropertiesFile");
-                               if (propertiesFileLocation == null) {
-                                       propertiesFileLocation = "/conf/origin.properties";
-                               }
-                               try {
-                                       log.debug("Loading Configuration from (" + propertiesFileLocation + ").");
-                                       properties.load(new ShibResource(propertiesFileLocation, this.getClass()).getInputStream());
-               
-                                       //Make sure we have all required parameters
-                                       StringBuffer missingProperties = new StringBuffer();
-                                       String[] requiredProperties =
-                                               {
-                                                       "edu.internet2.middleware.shibboleth.hs.HandleServlet.siteName",
-                                                       "edu.internet2.middleware.shibboleth.aa.AAServlet.authorityName",
-                                                       "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
-                                                       "edu.internet2.middleware.shibboleth.audiences" };
-               
-                                       for (int i = 0; i < requiredProperties.length; i++) {
-                                               if (properties.getProperty(requiredProperties[i]) == null) {
-                                                       missingProperties.append("\"");
-                                                       missingProperties.append(requiredProperties[i]);
-                                                       missingProperties.append("\" ");
-                                               }
-                                       }
-                                       if (missingProperties.length() > 0) {
-                                               log.error(
-                                                       "Missing configuration data.  The following configuration properites have not been set: "
-                                                               + missingProperties.toString());
-                                               throw new AAException("Missing configuration data.");
-                                       }
-               
-                               } catch (IOException e) {
-                                       log.error("Could not load AA servlet configuration: " + e);
-                                       throw new AAException("Could not load AA servlet configuration.");
-                               }
-               
-                               if (log.isDebugEnabled()) {
-                                       ByteArrayOutputStream debugStream = new ByteArrayOutputStream();
-                                       PrintStream debugPrinter = new PrintStream(debugStream);
-                                       properties.list(debugPrinter);
-                                       log.debug(
-                                               "Runtime configuration parameters: " + System.getProperty("line.separator") + debugStream.toString());
-                                       try {
-                                               debugStream.close();
-                                       } catch (IOException e) {
-                                               log.error("Encountered a problem cleaning up resources: could not close debug stream.");
-                                       }
-                               }
-               
-                               //Be nice and trim "extra" whitespace from config properties
-                               Enumeration propNames = properties.propertyNames();
-                               while (propNames.hasMoreElements()) {
-                                       String propName = (String) propNames.nextElement();
-                                       if (properties.getProperty(propName, "").matches(".+\\s$")) {
-                                               log.debug("The configuration property (" + propName + ") contains trailing whitespace.  Trimming... ");
-                                               properties.setProperty(propName, properties.getProperty(propName).trim());
-                                       }
-                               }
-               
-                               return properties;
-                               */
+                * //Set defaults Properties defaultProps = new Properties();
+                * defaultProps.setProperty(
+                * "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository.Path",
+                * "/conf/arps/"); defaultProps.setProperty(
+                * "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig",
+                * "/conf/resolver.xml"); defaultProps.setProperty(
+                * "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
+                * "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
+                * defaultProps.setProperty("edu.internet2.middleware.shibboleth.audiences",
+                * "urn:mace:inqueue");
+                * defaultProps.setProperty("edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors",
+                * "false");
+                * 
+                * //Load from file Properties properties = new
+                * Properties(defaultProps); String propertiesFileLocation =
+                * getInitParameter("OriginPropertiesFile"); if (propertiesFileLocation ==
+                * null) { propertiesFileLocation = "/conf/origin.properties"; } try {
+                * log.debug("Loading Configuration from (" + propertiesFileLocation +
+                * ")."); properties.load(new ShibResource(propertiesFileLocation,
+                * this.getClass()).getInputStream());
+                * 
+                * //Make sure we have all required parameters StringBuffer
+                * missingProperties = new StringBuffer(); String[] requiredProperties = {
+                * "edu.internet2.middleware.shibboleth.hs.HandleServlet.siteName",
+                * "edu.internet2.middleware.shibboleth.aa.AAServlet.authorityName",
+                * "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
+                * "edu.internet2.middleware.shibboleth.audiences" };
+                * 
+                */
        }
-       private DOMParser loadParser(boolean schemaChecking) throws AAException {
+       private DOMParser loadParser(boolean schemaChecking) throws ShibbolethConfigurationException {
 
                DOMParser parser = new DOMParser();
 
@@ -352,7 +301,7 @@ public class AAServlet extends HttpServlet {
 
                } catch (SAXException e) {
                        log.error("Unable to setup a workable XML parser: " + e);
-                       throw new AAException("Unable to setup a workable XML parser.");
+                       throw new ShibbolethConfigurationException("Unable to setup a workable XML parser.");
                }
                return parser;
        }
@@ -363,20 +312,35 @@ public class AAServlet extends HttpServlet {
                MDC.put("remoteAddr", req.getRemoteAddr());
                log.info("Handling request.");
 
+               RelyingParty relyingParty = null;
+
+               //Parse SOAP request
+               SAMLRequest samlRequest = null;
                StringBuffer credentialName = new StringBuffer();
-               SAMLRequest samlRequest = binding.receive(req, credentialName);
-               if (samlRequest.getQuery() == null || !(samlRequest.getQuery() instanceof SAMLAttributeQuery)) {
-                       //TODO better exception
-                       throw new SAMLException(
-                               SAMLException.REQUESTER,
-                               "AASaml.receive() can only respond to a SAML Attribute Query");
+               try {
+                       samlRequest = binding.receive(req, credentialName);
+
+               } catch (SAMLException e) {
+                       log.fatal("Unable to parse request: " + e);
+                       throw new ServletException("Request failed.");
                }
-               SAMLAttributeQuery attributeQuery = (SAMLAttributeQuery) samlRequest.getQuery();
 
                try {
+                       if (samlRequest.getQuery() == null || !(samlRequest.getQuery() instanceof SAMLAttributeQuery)) {
+                               throw new SAMLException(
+                                       SAMLException.REQUESTER,
+                                       "This SAML authority only responds to attribute queries.");
+                       }
+                       SAMLAttributeQuery attributeQuery = (SAMLAttributeQuery) samlRequest.getQuery();
 
-                       RelyingParty relyingParty = targetMapper.getRelyingParty(attributeQuery.getResource());
+                       //Identify a Relying Party
+                       if (attributeQuery.getResource() == null || attributeQuery.getResource().equals("")) {
+                               log.error("Request from an unidentified service provider.");
+                       }
+                       log.info("Request from service provider: (" + attributeQuery.getResource() + ").");
+                       relyingParty = targetMapper.getRelyingParty(attributeQuery.getResource());
 
+                       //Map Subject to local principal
                        if (relyingParty.getProviderId() != null
                                && !relyingParty.getProviderId().equals(attributeQuery.getSubject().getName().getNameQualifier())) {
                                log.error(
@@ -389,32 +353,55 @@ public class AAServlet extends HttpServlet {
                                                + ") is not valid for this identiy provider.");
                        }
 
-//TODO fix logging
-                       //log.info("Attribute Query Handle for this request: (" + saml.getHandle() + ").");
-                       
                        Principal principal = null;
-                       if (attributeQuery.getSubject().getName().getName().equalsIgnoreCase("foo")) {
-                               // for testing
-                               principal = new AuthNPrincipal("test-handle");
-                       } else {
-                               principal = handleRepository.getPrincipal(attributeQuery.getSubject().getName().getName()), attributeQuery.getSubject().getName().getFormat());
-                       }
-
-                       URL resource = null;
                        try {
-                               if (attributeQuery.getResource() != null)
-                                       resource = new URL(attributeQuery.getResource());
-                       } catch (MalformedURLException mue) {
-                               log.error(
-                                       "Request contained an improperly formatted resource identifier.  Attempting to "
-                                               + "handle request without one.");
+                               if (attributeQuery.getSubject().getName().getName().equalsIgnoreCase("foo")) {
+                                       // for testing
+                                       principal = new AuthNPrincipal("test-handle");
+                               } else {
+                                       principal =
+                                               nameMapper.getPrincipal(
+                                                       attributeQuery.getSubject().getName(),
+                                                       relyingParty,
+                                                       relyingParty.getIdentityProvider());
+                               }
+                               log.info("Request is for principal (" + principal + ").");
+
+                               //TODO Do something about these silly passthru errors
+
+                       } catch (NameIdentifierMappingException e) {
+                               log.info("Could not associate the request subject with a principal: " + e);
+                               try {
+                                       //TODO this doesn't always make sense anymore
+                                       QName[] codes =
+                                               {
+                                                       SAMLException.REQUESTER,
+                                                       new QName(edu.internet2.middleware.shibboleth.common.XML.SHIB_NS, "InvalidHandle")};
+                                       if (relyingParty
+                                               .getConfigProperty("edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors")
+                                               .equals("true")) {
+                                               sendFailure(
+                                                       resp,
+                                                       samlRequest,
+                                                       new SAMLException(Arrays.asList(codes), "The supplied Subject was unrecognized.", e));
+
+                                       } else {
+                                               sendFailure(
+                                                       resp,
+                                                       samlRequest,
+                                                       new SAMLException(Arrays.asList(codes), "The supplied Subject was unrecognized."));
+                                       }
+                                       return;
+                               } catch (Exception ee) {
+                                       log.fatal("Could not construct a SAML error response: " + ee);
+                                       throw new ServletException("Attribute Authority response failure.");
+                               }
                        }
 
                        if (credentialName == null || credentialName.toString().equals("")) {
-                               //TODO update messages
-                               log.info("Request is from an unauthenticated SHAR.");
+                               log.info("Request is from an unauthenticated service provider.");
                        } else {
-                               log.info("Request is from SHAR: (" + credentialName + ").");
+                               log.info("Request is from service provider: (" + credentialName + ").");
                        }
 
                        SAMLAttribute[] attrs;
@@ -438,59 +425,43 @@ public class AAServlet extends HttpServlet {
                                        responder.getReleaseAttributes(
                                                principal,
                                                credentialName.toString(),
-                                               resource,
+                                               null,
                                                (URI[]) requestedAttrs.toArray(new URI[0]));
                        } else {
                                log.info("Request does not designate specific attributes, resolving all available.");
-                               attrs = responder.getReleaseAttributes(principal, credentialName.toString(), resource);
+                               attrs = responder.getReleaseAttributes(principal, credentialName.toString(), null);
                        }
 
                        log.info("Found " + attrs.length + " attribute(s) for " + principal.getName());
-                       sendResponse(resp, attrs, samlRequest, null);
+                       sendResponse(resp, attrs, samlRequest, relyingParty, null);
                        log.info("Successfully responded about " + principal.getName());
 
                        //TODO place transaction log statement here
 
-                       //TODO probably need to change a bunch of these messages to not be handle-centric
-               } catch (NameIdentifierMappingException e) {
-                       log.info("Could not associate the Attribute Query Handle with a principal: " + e);
-                       try {
-                               QName[] codes =
-                                       {
-                                               SAMLException.REQUESTER,
-                                               new QName(edu.internet2.middleware.shibboleth.common.XML.SHIB_NS, "InvalidHandle")};
-                               if (configuration
-                                       .getProperty("edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors", "false")
-                                       .equals("true")) {
-                                       saml.fail(
-                                               resp,
-                                               new SAMLException(
-                                                       Arrays.asList(codes),
-                                                       "The supplied Attribute Query Handle was unrecognized or expired.",
-                                                       e));
-
-                               } else {
-                                       saml.fail(
-                                               resp,
-                                               new SAMLException(
-                                                       Arrays.asList(codes),
-                                                       "The supplied Attribute Query Handle was unrecognized or expired."));
-                               }
-                               return;
-                       } catch (Exception ee) {
-                               log.fatal("Could not construct a SAML error response: " + ee);
-                               throw new ServletException("Attribute Authority response failure.");
-                       }
-
                } catch (Exception e) {
                        log.error("Error while processing request: " + e);
                        try {
-                               if (configuration
-                                       .getProperty("edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors", "false")
-                                       .equals("true")) {
-                                       saml.fail(resp, new SAMLException(SAMLException.RESPONDER, "General error processing request.", e));
+                               if (relyingParty != null
+                                       && relyingParty.getConfigProperty(
+                                               "edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors").equals(
+                                               "true")) {
+                                       sendFailure(
+                                               resp,
+                                               samlRequest,
+                                               new SAMLException(SAMLException.RESPONDER, "General error processing request.", e));
+                               } else if (
+                                       configuration.getConfigProperty(
+                                               "edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors").equals(
+                                               "true")) {
+                                       sendFailure(
+                                               resp,
+                                               samlRequest,
+                                               new SAMLException(SAMLException.RESPONDER, "General error processing request.", e));
                                } else {
-                                       saml.fail(resp, new SAMLException(SAMLException.RESPONDER, "General error processing request."));
+                                       sendFailure(
+                                               resp,
+                                               samlRequest,
+                                               new SAMLException(SAMLException.RESPONDER, "General error processing request."));
                                }
                                return;
                        } catch (Exception ee) {
@@ -513,19 +484,14 @@ public class AAServlet extends HttpServlet {
 
                try {
                        if (attrs == null || attrs.length == 0) {
+                               //No attribute found
                                samlResponse = new SAMLResponse(samlRequest.getId(), null, null, exception);
-
                        } else {
-                               // Determine max lifetime, and filter via query if necessary.
-                               Date now = new Date();
-                               Date then = null;
-                               long min = 0;
 
                                if (samlRequest.getQuery() == null || !(samlRequest.getQuery() instanceof SAMLAttributeQuery)) {
-                                       //TODO better exception
                                        throw new SAMLException(
                                                SAMLException.REQUESTER,
-                                               "AASaml.receive() can only respond to a SAML Attribute Query");
+                                               "This SAML authority only responds to attribute queries");
                                }
                                SAMLAttributeQuery attributeQuery = (SAMLAttributeQuery) samlRequest.getQuery();
 
@@ -545,10 +511,15 @@ public class AAServlet extends HttpServlet {
                                //Put all attributes into an assertion
                                SAMLStatement statement = new SAMLAttributeStatement(rSubject, Arrays.asList(attrs));
 
-                               //TODO double check this stuff
-                               if (min > 0) {
-                                       then = new Date(now.getTime() + (min * 1000));
+                               //Set assertion expiration to longest attribute expiration
+                               long max = 0;
+                               for (int i = 0; i < attrs.length; i++) {
+                                       if (max < attrs[i].getLifetime()) {
+                                               max = attrs[i].getLifetime();
+                                       }
                                }
+                               Date now = new Date();
+                               Date then = new Date(now.getTime() + max);
 
                                SAMLAssertion sAssertion =
                                        new SAMLAssertion(
index fba922e..60c27f0 100644 (file)
@@ -83,9 +83,28 @@ public class ServiceProviderMapper {
                        rawConfig.getElementsByTagNameNS(ShibbolethOriginConfig.originConfigNamespace, "RelyingParty");
 
                for (int i = 0; i < itemElements.getLength(); i++) {
-                       addRelyingParty((Element) itemElements.item(i));
+                       addHSRelyingParty((Element) itemElements.item(i));
                }
 
+               verifyDefaultParty(configuration);
+       }
+
+       public ServiceProviderMapper(Element rawConfig, ShibbolethOriginConfig configuration)
+               throws ServiceProviderMapperException {
+
+               this.configuration = configuration;
+
+               NodeList itemElements =
+                       rawConfig.getElementsByTagNameNS(ShibbolethOriginConfig.originConfigNamespace, "RelyingParty");
+
+               for (int i = 0; i < itemElements.getLength(); i++) {
+                       addAARelyingParty((Element) itemElements.item(i));
+               }
+
+               verifyDefaultParty(configuration);
+       }
+
+       private void verifyDefaultParty(ShibbolethOriginConfig configuration) throws ServiceProviderMapperException {
                //Verify we have a proper default party
                String defaultParty =
                        configuration.getConfigProperty(
@@ -106,7 +125,7 @@ public class ServiceProviderMapper {
                }
        }
 
-       private void addRelyingParty(Element e) throws ServiceProviderMapperException {
+       private void addHSRelyingParty(Element e) throws ServiceProviderMapperException {
 
                log.debug("Found a Relying Party.");
                try {
@@ -119,6 +138,20 @@ public class ServiceProviderMapper {
                        log.error("Encountered an error while attempting to load Relying Party configuration.  Skipping...");
                }
        }
+
+       private void addAARelyingParty(Element e) throws ServiceProviderMapperException {
+
+               log.debug("Found a Relying Party.");
+               try {
+                       if (e.getLocalName().equals("RelyingParty")) {
+                               RelyingParty party = new RelyingPartyImpl(e, configuration);
+                               log.debug("Relying Party (" + party.getName() + ") loaded.");
+                               relyingParties.put(party.getName(), party);
+                       }
+               } catch (ServiceProviderMapperException exc) {
+                       log.error("Encountered an error while attempting to load Relying Party configuration.  Skipping...");
+               }
+       }
        public RelyingParty getRelyingParty(String providerIdFromTarget) {
 
                //If the target did not send a Provider Id, then assume it is a Shib
@@ -191,16 +224,7 @@ public class ServiceProviderMapper {
                        HSNameMapper nameMapper)
                        throws ServiceProviderMapperException {
 
-                       //Use global config for defaults
-                       this.originConfig = globalConfig;
-
-                       //Get party name
-                       name = ((Element) partyConfig).getAttribute("name");
-                       if (name == null || name.equals("")) {
-                               log.error("Relying Party name not set.  Add a (name) attribute to <RelyingParty>.");
-                               throw new ServiceProviderMapperException("Required configuration not specified.");
-                       }
-                       log.debug("Loading Relying Party: (" + name + ").");
+                       this(partyConfig, globalConfig);
 
                        //Load a credential for signing
                        String credentialName = ((Element) partyConfig).getAttribute("signingCredential");
@@ -252,6 +276,25 @@ public class ServiceProviderMapper {
                                        throw new ServiceProviderMapperException("Required configuration not specified.");
                                }
                        }
+                       identityProvider =
+                               new RelyingPartyIdentityProvider(
+                                       getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId"),
+                                       credential);
+               }
+
+               public RelyingPartyImpl(Element partyConfig, ShibbolethOriginConfig globalConfig)
+                       throws ServiceProviderMapperException {
+
+                       //Use global config for defaults
+                       this.originConfig = globalConfig;
+
+                       //Get party name
+                       name = ((Element) partyConfig).getAttribute("name");
+                       if (name == null || name.equals("")) {
+                               log.error("Relying Party name not set.  Add a (name) attribute to <RelyingParty>.");
+                               throw new ServiceProviderMapperException("Required configuration not specified.");
+                       }
+                       log.debug("Loading Relying Party: (" + name + ").");
 
                        //Process overrides for global data
                        String attribute = ((Element) partyConfig).getAttribute("providerId");
@@ -279,7 +322,8 @@ public class ServiceProviderMapper {
                        identityProvider =
                                new RelyingPartyIdentityProvider(
                                        getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId"),
-                                       credential);
+                                       null);
+
                }
 
                public String getProviderId() {
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-package edu.internet2.middleware.shibboleth.hs;
+package edu.internet2.middleware.shibboleth.common;
 
 /**
- * Signals that the Handle Service has been given insufficient or improper runtime
+ * Signals that the a Shibboleth component has been given insufficient or improper runtime
  * configuration paramerts.
  *
  * @author Walter Hoehn (wassa&#064;columbia.edu)
  */
-public class HSConfigurationException extends Exception {
-       public HSConfigurationException(String message) {
+public class ShibbolethConfigurationException extends Exception {
+       public ShibbolethConfigurationException(String message) {
                super(message);
        }
 }
index 9d6c7a0..4e77647 100644 (file)
@@ -52,67 +52,49 @@ import java.io.PrintStream;
 import java.util.Properties;
 
 import org.apache.log4j.Logger;
-import org.opensaml.SAMLAuthenticationStatement;
 import org.w3c.dom.Element;
 
-import edu.internet2.middleware.shibboleth.hs.HSConfigurationException;
 
 /**
  * @author Walter Hoehn
  *  
  */
-public class ShibbolethOriginConfig {
+public abstract class ShibbolethOriginConfig {
 
        public static final String originConfigNamespace = "urn:mace:shibboleth:origin:1.0";
 
        private static Logger log = Logger.getLogger(ShibbolethOriginConfig.class.getName());
        protected Properties properties = new Properties();
 
-       public ShibbolethOriginConfig(Element config) throws HSConfigurationException {
+       public ShibbolethOriginConfig(Element config) throws ShibbolethConfigurationException {
+
+               //TODO more generic
 
                if (!config.getTagName().equals("ShibbolethOriginConfig")) {
-                       throw new HSConfigurationException("Unexpected configuration data.  <ShibbolethOriginConfig> is needed.");
+                       throw new ShibbolethConfigurationException("Unexpected configuration data.  <ShibbolethOriginConfig> is needed.");
                }
 
-               //Set defaults
-               //TODO need a way to set this
-               properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.username", "REMOTE_USER");
-               //TODO need a way to set this, remember to test for number format
-               properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.maxThreads", "5");
-
                log.debug("Loading global configuration properties.");
 
                String attribute = ((Element) config).getAttribute("providerId");
                if (attribute == null || attribute.equals("")) {
                        log.error("Global providerId not set.  Add a (providerId) attribute to <ShibbolethOriginConfig>.");
-                       throw new HSConfigurationException("Required configuration not specified.");
-               }
+                       throw new ShibbolethConfigurationException("Required configuration not specified.");
+               } //TODO should not be under hs namespace
                properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId", attribute);
 
                attribute = ((Element) config).getAttribute("defaultRelyingParty");
                if (attribute == null || attribute.equals("")) {
                        log.error("Global providerId not set.  Add a (defaultRelyingParty) attribute to <ShibbolethOriginConfig>.");
-                       throw new HSConfigurationException("Required configuration not specified.");
+                       throw new ShibbolethConfigurationException("Required configuration not specified.");
                }
                properties.setProperty(
                        "edu.internet2.middleware.shibboleth.common.RelyingParty.defaultRelyingParty",
                        attribute);
 
-               attribute = ((Element) config).getAttribute("AAUrl");
-               if (attribute == null || attribute.equals("")) {
-                       log.error("Global providerId not set.  Add a (AAUrl) attribute to <ShibbolethOriginConfig>.");
-                       throw new HSConfigurationException("Required configuration not specified.");
-               }
-               properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl", attribute);
-
-               attribute = ((Element) config).getAttribute("defaultAuthMethod");
-               if (attribute == null || attribute.equals("")) {
-                       properties.setProperty(
-                               "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod",
-                               "urn:oasis:names:tc:SAML:1.0:am:unspecified");
-               }
-               properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod", attribute);
+       }
 
+       protected void dumpPropertiesToLog() {
                if (log.isDebugEnabled()) {
                        ByteArrayOutputStream debugStream = new ByteArrayOutputStream();
                        PrintStream debugPrinter = new PrintStream(debugStream);
diff --git a/src/edu/internet2/middleware/shibboleth/hs/HSConfig.java b/src/edu/internet2/middleware/shibboleth/hs/HSConfig.java
new file mode 100644 (file)
index 0000000..eef95ff
--- /dev/null
@@ -0,0 +1,90 @@
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation
+ * for Advanced Internet Development, Inc. All rights reserved
+ * 
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear.
+ * 
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
+ * please contact shibboleth@shibboleth.org
+ * 
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
+ * University Corporation for Advanced Internet Development.
+ * 
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.hs;
+
+import org.apache.log4j.Logger;
+import org.w3c.dom.Element;
+
+import edu.internet2.middleware.shibboleth.common.*;
+import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
+
+/**
+ * @author Walter Hoehn
+ */
+public class HSConfig extends ShibbolethOriginConfig {
+
+       private static Logger log = Logger.getLogger(HSConfig.class.getName());
+
+       public HSConfig(Element config) throws ShibbolethConfigurationException {
+               super(config);
+
+               //Set defaults
+               //TODO need a way to set this
+               properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.username", "REMOTE_USER");
+               //TODO need a way to set this, remember to test for number format
+               properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.maxThreads", "5");
+
+               String attribute = ((Element) config).getAttribute("AAUrl");
+               if (attribute == null || attribute.equals("")) {
+                       log.error("Global providerId not set.  Add a (AAUrl) attribute to <ShibbolethOriginConfig>.");
+                       throw new ShibbolethConfigurationException("Required configuration not specified.");
+               }
+               properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl", attribute);
+
+               attribute = ((Element) config).getAttribute("defaultAuthMethod");
+               if (attribute == null || attribute.equals("")) {
+                       properties.setProperty(
+                               "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod",
+                               "urn:oasis:names:tc:SAML:1.0:am:unspecified");
+               }
+               properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod", attribute);
+
+               dumpPropertiesToLog();
+       }
+
+}
index 0ac1284..d75e3bc 100644 (file)
@@ -80,6 +80,7 @@ import org.xml.sax.SAXException;
 import org.xml.sax.SAXParseException;
 
 import sun.misc.BASE64Decoder;
+import edu.internet2.middleware.shibboleth.common.*;
 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
 import edu.internet2.middleware.shibboleth.common.Credentials;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
@@ -97,13 +98,13 @@ public class HandleServlet extends HttpServlet {
        private static Logger transactionLog = Logger.getLogger("edu.internet2.middleware.shibboleth.TRANSACTION");
 
        private Semaphore throttle;
-       private ShibbolethOriginConfig configuration;
+       private HSConfig configuration;
        private Credentials credentials;
        private HSNameMapper nameMapper;
        private ShibPOSTProfile postProfile = new ShibPOSTProfile();
        private ServiceProviderMapper targetMapper;
 
-       protected void loadConfiguration() throws HSConfigurationException {
+       protected void loadConfiguration() throws ShibbolethConfigurationException {
 
                DOMParser parser = loadParser(true);
 
@@ -118,14 +119,14 @@ public class HandleServlet extends HttpServlet {
 
                } catch (SAXException e) {
                        log.error("Error while parsing origin configuration: " + e);
-                       throw new HSConfigurationException("Error while parsing origin configuration.");
+                       throw new ShibbolethConfigurationException("Error while parsing origin configuration.");
                } catch (IOException e) {
                        log.error("Could not load origin configuration: " + e);
-                       throw new HSConfigurationException("Could not load origin configuration.");
+                       throw new ShibbolethConfigurationException("Could not load origin configuration.");
                }
 
                //Load global configuration properties
-               configuration = new ShibbolethOriginConfig(parser.getDocument().getDocumentElement());
+               configuration = new HSConfig(parser.getDocument().getDocumentElement());
 
                //Load signing credentials
                NodeList itemElements =
@@ -134,7 +135,7 @@ public class HandleServlet extends HttpServlet {
                                "Credentials");
                if (itemElements.getLength() < 1) {
                        log.error("Credentials not specified.");
-                       throw new HSConfigurationException("The Handle Service requires that signing credentials be supplied in the <Credentials> configuration element.");
+                       throw new ShibbolethConfigurationException("The Handle Service requires that signing credentials be supplied in the <Credentials> configuration element.");
                }
 
                if (itemElements.getLength() > 1) {
@@ -167,12 +168,12 @@ public class HandleServlet extends HttpServlet {
                                        nameMapper);
                } catch (ServiceProviderMapperException e) {
                        log.error("Could not load origin configuration: " + e);
-                       throw new HSConfigurationException("Could not load origin configuration.");
+                       throw new ShibbolethConfigurationException("Could not load origin configuration.");
                }
 
        }
 
-       private DOMParser loadParser(boolean schemaChecking) throws HSConfigurationException {
+       private DOMParser loadParser(boolean schemaChecking) throws ShibbolethConfigurationException {
 
                DOMParser parser = new DOMParser();
 
@@ -224,7 +225,7 @@ public class HandleServlet extends HttpServlet {
 
                } catch (SAXException e) {
                        log.error("Unable to setup a workable XML parser: " + e);
-                       throw new HSConfigurationException("Unable to setup a workable XML parser.");
+                       throw new ShibbolethConfigurationException("Unable to setup a workable XML parser.");
                }
                return parser;
        }
@@ -247,7 +248,7 @@ public class HandleServlet extends HttpServlet {
 
                        log.info("Handle Service initialization complete.");
 
-               } catch (HSConfigurationException ex) {
+               } catch (ShibbolethConfigurationException ex) {
                        log.fatal("Handle Service runtime configuration error.  Please fix and re-initialize. Cause: " + ex);
                        throw new UnavailableException("Handle Service failed to initialize.");
                }