Merge in new logging system.
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 29 Oct 2007 13:51:40 +0000 (13:51 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 29 Oct 2007 13:51:40 +0000 (13:51 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2435 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

34 files changed:
.classpath
build.xml
resources/classpath/logback.xml [new file with mode: 0644]
resources/conf/internal.xml
resources/conf/logging.xml [new file with mode: 0644]
resources/webpages/login.jsp
src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
src/edu/internet2/middleware/shibboleth/idp/authn/Saml2LoginContext.java
src/edu/internet2/middleware/shibboleth/idp/authn/provider/IPAddressLoginHandler.java
src/edu/internet2/middleware/shibboleth/idp/authn/provider/RemoteUserAuthServlet.java
src/edu/internet2/middleware/shibboleth/idp/authn/provider/RemoteUserLoginHandler.java
src/edu/internet2/middleware/shibboleth/idp/authn/provider/UsernamePasswordLoginHandler.java
src/edu/internet2/middleware/shibboleth/idp/authn/provider/UsernamePasswordLoginServlet.java
src/edu/internet2/middleware/shibboleth/idp/config/profile/AbstractSAMLProfileHandlerBeanDefinitionParser.java
src/edu/internet2/middleware/shibboleth/idp/config/profile/ProfileHandlerGroupBeanDefinitionParser.java
src/edu/internet2/middleware/shibboleth/idp/config/profile/authn/AbstractLoginHandlerBeanDefinitionParser.java
src/edu/internet2/middleware/shibboleth/idp/config/profile/authn/UsernamePasswordLoginHandlerBeanDefinitionParser.java
src/edu/internet2/middleware/shibboleth/idp/config/profile/saml2/SAML2AttributeQueryProfileHandlerBeanDefinitionParser.java
src/edu/internet2/middleware/shibboleth/idp/config/profile/saml2/SAML2SSOProfileHandlerBeanDefinitionParser.java
src/edu/internet2/middleware/shibboleth/idp/config/service/IdPConfigBeanDefinitionParser.java
src/edu/internet2/middleware/shibboleth/idp/config/service/IdPServicesBean.java
src/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/IdPProfileHandlerManager.java
src/edu/internet2/middleware/shibboleth/idp/profile/StatusProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ArtifactResolution.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSODecoder.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOEndpointSelector.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/ArtifactResolution.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java

index bfc5be9..7c70b5a 100644 (file)
@@ -6,9 +6,9 @@
        <classpathentry kind="src" path="resources/conf"/>
        <classpathentry kind="src" path="resources/classpath"/>
        <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
-       <classpathentry combineaccessrules="false" exported="true" kind="src" path="/java-shib-common"/>
        <classpathentry kind="lib" path="build-lib/servlet-2.4.jar"/>
        <classpathentry kind="lib" path="build-lib/junit-3.8.1.jar"/>
        <classpathentry kind="lib" path="build-lib/spring-2.0.5-mock.jar"/>
+       <classpathentry combineaccessrules="false" exported="true" kind="src" path="/java-shib-common-logging"/>
        <classpathentry kind="output" path="bin"/>
 </classpath>
index bc8509b..3a39de1 100755 (executable)
--- a/build.xml
+++ b/build.xml
                <jar destfile="${idp.home}/war/${war.name}" whenempty="fail">
                        <zipfileset dir="${webinf-temp.dir}" prefix="WEB-INF/" />
                        <zipfileset dir="${webpages.dir}" prefix="" />
-                       <zipfileset dir="${lib.dir}" prefix="WEB-INF/lib/" excludes="**/log4j*.jar" />
+                       <zipfileset dir="${lib.dir}" prefix="WEB-INF/lib/" excludes="**/log4j-1.2.14.jar" />
                        <zipfileset file="${dist.dir}/${jar.name}" prefix="WEB-INF/lib/" />
                </jar>
 
diff --git a/resources/classpath/logback.xml b/resources/classpath/logback.xml
new file mode 100644 (file)
index 0000000..bc61e5e
--- /dev/null
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- Basic configuration used until the IdP can load the real configuration -->
+<configuration>
+
+  <appender name="STDOUT"
+    class="ch.qos.logback.core.ConsoleAppender">
+    <layout class="ch.qos.logback.classic.PatternLayout">
+      <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+    </layout>
+  </appender>
+
+  <root>
+    <level value="warn" />
+    <appender-ref ref="STDOUT" />
+  </root>
+</configuration>
\ No newline at end of file
index 444b4e0..080b4a2 100644 (file)
@@ -5,9 +5,18 @@
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
 
+    <bean id="shibboleth.TaskTimer" class="java.util.Timer" destroy-method="cancel">
+        <constructor-arg value="true" type="boolean" />
+    </bean>
+    
+    <bean id="shibboleth.LogbackLogging" class="edu.internet2.middleware.shibboleth.common.log.LogbackLoggingService" depends-on="shibboleth.TaskTimer">
+       <constructor-arg ref="shibboleth.TaskTimer" />
+       <constructor-arg value="$IDP_HOME$/conf/logging.xml" />
+       <constructor-arg value="600000" />
+    </bean>
+    
     <!-- Spring configuration file that boostraps OpenSAML -->
-    <bean id="shibboleth.OpensamlConfig" class="edu.internet2.middleware.shibboleth.common.config.OpensamlConfigBean"
-        lazy-init="false">
+    <bean id="shibboleth.OpensamlConfig" class="edu.internet2.middleware.shibboleth.common.config.OpensamlConfigBean" depends-on="shibboleth.LogbackLogging">
         <constructor-arg>
             <list>
                 <bean id="shibMetadataExtensions" class="org.opensaml.util.resource.ClasspathResource">
         </constructor-arg>
     </bean>
 
-    <bean id="shibboleth.IdGenerator" class="org.opensaml.common.impl.SecureRandomIdentifierGenerator">
+    <bean id="shibboleth.IdGenerator" class="org.opensaml.common.impl.SecureRandomIdentifierGenerator" depends-on="shibboleth.LogbackLogging">
         <constructor-arg value="SHA1PRNG" />
     </bean>
 
-    <bean id="shibboleth.VelocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
+    <bean id="shibboleth.VelocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean" depends-on="shibboleth.LogbackLogging">
         <property name="velocityProperties">
             <props>
                 <prop key="resource.loader">classpath, string</prop>
     </bean>
 
     <bean id="shibboleth.TemplateEngine"
-        class="edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine">
+        class="edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine"
+        depends-on="shibboleth.LogbackLogging">
         <constructor-arg ref="shibboleth.VelocityEngine" />
     </bean>
 
-    <bean id="shibboleth.ParserPool" class="org.opensaml.xml.parse.BasicParserPool">
+    <bean id="shibboleth.ParserPool" class="org.opensaml.xml.parse.BasicParserPool" depends-on="shibboleth.LogbackLogging">
         <property name="maxPoolSize" value="50" />
         <property name="createBuildersAtPoolLimit" value="true" />
         <property name="coalescing" value="true" />
         <property name="namespaceAware" value="true" />
     </bean>
 
-    <bean id="shibboleth.TaskTimer" class="java.util.Timer" destroy-method="cancel">
-        <constructor-arg value="true" type="boolean" />
-    </bean>
-
-    <bean id="shibboleth.StorageService" class="org.opensaml.util.storage.MapBasedStorageService" />
+    <bean id="shibboleth.StorageService" class="org.opensaml.util.storage.MapBasedStorageService" depends-on="shibboleth.LogbackLogging" />
 
-    <bean id="shibboleth.StorageServiceSweeper" class="org.opensaml.util.storage.ExpiringObjectStorageServiceSweeper">
+    <bean id="shibboleth.StorageServiceSweeper" class="org.opensaml.util.storage.ExpiringObjectStorageServiceSweeper" depends-on="shibboleth.LogbackLogging">
         <constructor-arg ref="shibboleth.TaskTimer" />
         <constructor-arg ref="shibboleth.StorageService" />
         <constructor-arg value="600000" type="long" />
     </bean>
 
     <bean id="shibboleth.SessionManager"
-        class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl">
+          class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl"
+          depends-on="shibboleth.LogbackLogging">
         <constructor-arg ref="shibboleth.StorageService" />
         <constructor-arg value="1800000" type="long" />
     </bean>
 
-    <bean id="shibboleth.ArtifactMap" class="org.opensaml.common.binding.artifact.BasicSAMLArtifactMap">
+    <bean id="shibboleth.ArtifactMap" class="org.opensaml.common.binding.artifact.BasicSAMLArtifactMap" depends-on="shibboleth.LogbackLogging">
         <constructor-arg ref="shibboleth.StorageService" />
         <constructor-arg type="long" value="300000" />
     </bean>
     
-    <bean id="shibboleth.ReplayCache" class="org.opensaml.util.storage.ReplayCache">
+    <bean id="shibboleth.ReplayCache" class="org.opensaml.util.storage.ReplayCache" depends-on="shibboleth.LogbackLogging">
         <constructor-arg ref="shibboleth.StorageService" />
         <constructor-arg type="long" value="300000" />
     </bean>
     </util:map>
 
     <bean id="shibboleth.SAML1AttributeAuthority"
-        class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML1AttributeAuthority">
+        class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML1AttributeAuthority" depends-on="shibboleth.LogbackLogging">
         <constructor-arg ref="shibboleth.AttributeResolver" />
         <property name="filteringEngine" ref="shibboleth.AttributeFilterEngine" />
     </bean>
 
     <bean id="shibboleth.SAML2AttributeAuthority"
-        class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority">
+        class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority" depends-on="shibboleth.LogbackLogging">
         <constructor-arg ref="shibboleth.AttributeResolver" />
         <property name="filteringEngine" ref="shibboleth.AttributeFilterEngine" />
     </bean>
 
     <bean id="shibboleth.ServletAttributeExporter"
-        class="org.springframework.web.context.support.ServletContextAttributeExporter">
+        class="org.springframework.web.context.support.ServletContextAttributeExporter" depends-on="shibboleth.LogbackLogging">
         <property name="attributes">
             <map>
                 <entry>
diff --git a/resources/conf/logging.xml b/resources/conf/logging.xml
new file mode 100644 (file)
index 0000000..dcfb9a2
--- /dev/null
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<configuration>
+
+    <!-- 
+        Logging appenders define where and how logging messages are logged.
+     -->
+    <appender name="IDP_ACCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <File>$IDP_HOME$/logs/idp-access.log</File>
+        <ImmediateFlush>true</ImmediateFlush>
+
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <FileNamePattern>idp-access-%d{yyyy-MM-dd}.log</FileNamePattern>
+        </rollingPolicy>
+
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>%msg%n</Pattern>
+        </layout>
+    </appender>
+
+    <appender name="IDP_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <File>$IDP_HOME$/logs/idp-audit.log</File>
+        <ImmediateFlush>true</ImmediateFlush>
+
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <FileNamePattern>idp-audit-%d{yyyy-MM-dd}.log</FileNamePattern>
+        </rollingPolicy>
+
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>%msg%n</Pattern>
+        </layout>
+    </appender>
+
+    <appender name="IDP_PROCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <File>$IDP_HOME$/logs/idp.log</File>
+        <!-- Uncomment this if application is terminating in such as way that the last few log messages are not written to disk -->
+        <!--
+        <ImmediateFlush>true</ImmediateFlush>
+        -->
+        
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <FileNamePattern>idp-%d{yyyy-MM-dd}.log</FileNamePattern>
+        </rollingPolicy>
+
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <!-- General logging pattern -->
+            <Pattern>%date{HH:mm:ss.SSS} %level [%logger] %msg%n%ex{full}%n</Pattern>
+            
+            <!-- Debug logging pattern -->
+            <!--
+            <Pattern>%date{HH:mm:ss.SSS} %level [%logger:%line] - %msg%n</Pattern>
+            -->
+        </layout>
+    </appender>
+
+    <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+        <ImmediateFlush>true</ImmediateFlush>
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>%date{HH:mm:ss.SSS} %level [%logger] %msg%n%ex{full}%n</Pattern>
+        </layout>
+    </appender>
+    
+    <!--
+        Loggers define inidicate which packages/categories are logged, at which level, and to which appender.
+        Levels: ALL, ERROR, WARN, INFO, DEBUG, OFF
+    -->
+
+    <!-- Logs IdP, but not OpenSAML, messages -->
+    <logger name="edu.internet2.shibboleth">
+        <level value="INFO" />
+        <appender-ref ref="IDP_PROCESS" />
+    </logger>
+
+    <!-- Logs OpenSAML, but not IdP, messages -->
+    <logger name="org.opensaml">
+        <level value="OFF" />
+        <appender-ref ref="IDP_PROCESS" />
+    </logger>
+    
+    
+    
+    
+
+    <!-- Do no edit the loggers below here. -->    
+    <logger name="Shibbolath-Access">
+        <level value="ALL" />
+        <appender-ref ref="IDP_ACCESS" />
+    </logger>
+    
+    <logger name="Shibbolath-Audit">
+        <level value="ALL" />
+        <appender-ref ref="IDP_AUDIT" />
+    </logger>
+
+    <root>
+        <level value="WARN" />
+        <appender-ref ref="IDP_PROCESS" />
+    </root>
+
+</configuration>
\ No newline at end of file
index 755119d..031f29a 100644 (file)
@@ -3,12 +3,6 @@
        <body>
        <img src="images/logo.jpg" />
        <h2>Shibboleth Identity Provider Login</h2>
-       
-       <% if ("true".equals(request.getParameter("loginFailed"))) { %>
-       <p>Authentication Failed</p>
-       <% } %>
-       
-       <form action="Authn/UserPassword" method="post">
        <table>
                <tr>
                        <td>Username:</td>
@@ -19,9 +13,8 @@
                        <td><input name="j_password" type="password" tabindex="2" /></td>
                </tr>
                <tr>
-                       <td rowspan="2"><input type="submit" value="Login" tabindex="3" /></td>
+                       <td rowspan="2"><button tabindex="3"/></td>
                </tr>
        </table>
-       </form>
        
 </html>
\ No newline at end of file
index d893735..5f9f77b 100644 (file)
@@ -29,10 +29,11 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.log4j.Logger;
 import org.joda.time.DateTime;
 import org.opensaml.xml.util.DatatypeHelper;
 import org.opensaml.xml.util.Pair;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.session.SessionManager;
 import edu.internet2.middleware.shibboleth.common.util.HttpHelper;
@@ -52,7 +53,7 @@ public class AuthenticationEngine extends HttpServlet {
     private static final long serialVersionUID = 8494202791991613148L;
 
     /** Class logger. */
-    private static final Logger LOG = Logger.getLogger(AuthenticationEngine.class);
+    private static final Logger LOG = LoggerFactory.getLogger(AuthenticationEngine.class);
 
     /**
      * Gets the manager used to retrieve handlers for requests.
@@ -78,20 +79,13 @@ public class AuthenticationEngine extends HttpServlet {
      * 
      * @param httpRequest current http request
      * @param httpResponse current http response
-     * 
-     * @throws ServletException thrown if unable to return to authentication engine
      */
-    public static void returnToAuthenticationEngine(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
-            throws ServletException {
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Returning control to authentication engine");
-        }
+    public static void returnToAuthenticationEngine(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
+        LOG.debug("Returning control to authentication engine");
         HttpSession httpSession = httpRequest.getSession();
         LoginContext loginContext = (LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
         if (loginContext == null) {
             LOG.error("User HttpSession did not contain a login context.  Unable to return to authentication engine");
-            throw new ServletException(
-                    "User HttpSession did not contain a login context.  Unable to return to authentication engine");
         }
         forwardRequest(loginContext.getAuthenticationEngineURL(), httpRequest, httpResponse);
     }
@@ -105,9 +99,7 @@ public class AuthenticationEngine extends HttpServlet {
      */
     public static void returnToProfileHandler(LoginContext loginContext, HttpServletRequest httpRequest,
             HttpServletResponse httpResponse) {
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Returning control to profile handler at: " + loginContext.getProfileHandlerURL());
-        }
+        LOG.debug("Returning control to profile handler at: {}", loginContext.getProfileHandlerURL());
         forwardRequest(loginContext.getProfileHandlerURL(), httpRequest, httpResponse);
     }
 
@@ -125,9 +117,9 @@ public class AuthenticationEngine extends HttpServlet {
             dispatcher.forward(httpRequest, httpResponse);
             return;
         } catch (IOException e) {
-            LOG.fatal("Unable to return control back to authentication engine", e);
+            LOG.error("Unable to return control back to authentication engine", e);
         } catch (ServletException e) {
-            LOG.fatal("Unable to return control back to authentication engine", e);
+            LOG.error("Unable to return control back to authentication engine", e);
         }
     }
 
@@ -135,9 +127,7 @@ public class AuthenticationEngine extends HttpServlet {
     @SuppressWarnings("unchecked")
     protected void service(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws ServletException,
             IOException {
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Processing incoming request");
-        }
+        LOG.debug("Processing incoming request");
 
         if (httpResponse.isCommitted()) {
             LOG.error("HTTP Response already committed");
@@ -158,24 +148,20 @@ public class AuthenticationEngine extends HttpServlet {
                 AuthenticationMethodInformation authenticationMethod = getUsableExistingAuthenticationMethod(
                         loginContext, shibSession);
                 if (authenticationMethod != null) {
-                    if (LOG.isDebugEnabled()) {
-                        LOG.debug("An active authentication method is applicable for relying party.  "
-                                + "Using authentication method " + authenticationMethod.getAuthenticationMethod()
-                                + " as authentication method to relying party without re-authenticating user.");
-                    }
+                    LOG
+                            .debug(
+                                    "An active authentication method is applicable for relying party.  "
+                                            + "Using authentication method {} as authentication method to relying party without re-authenticating user.",
+                                    authenticationMethod.getAuthenticationMethod());
                     authenticateUserWithActiveMethod(httpRequest, httpResponse, authenticationMethod);
                 }
             }
 
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("No active authentication method is applicable for relying party.  "
-                        + "Authenticating user with to be determined method.");
-            }
+            LOG.debug("No active authentication method is applicable for relying party.  "
+                    + "Authenticating user with to be determined method.");
             authenticateUserWithoutActiveMethod1(httpRequest, httpResponse);
         } else {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("Request returned from authentication handler, completing authentication process.");
-            }
+            LOG.debug("Request returned from authentication handler, completing authentication process.");
             authenticateUserWithoutActiveMethod2(httpRequest, httpResponse);
         }
 
@@ -196,9 +182,7 @@ public class AuthenticationEngine extends HttpServlet {
         String shibSessionId = (String) httpSession.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
         Session shibSession = getSessionManager().getSession(shibSessionId);
 
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Populating login context with existing session and authentication method information.");
-        }
+        LOG.debug("Populating login context with existing session and authentication method information.");
         LoginContext loginContext = (LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
         loginContext.setAuthenticationDuration(authenticationMethod.getAuthenticationDuration());
         loginContext.setAuthenticationInstant(authenticationMethod.getAuthenticationInstant());
@@ -224,10 +208,7 @@ public class AuthenticationEngine extends HttpServlet {
     protected void authenticateUserWithoutActiveMethod1(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
         HttpSession httpSession = httpRequest.getSession();
         LoginContext loginContext = (LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
-
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Selecting appropriate authentication method for request.");
-        }
+        LOG.debug("Selecting appropriate authentication method for request.");
         Pair<String, LoginHandler> handler = getProfileHandlerManager().getAuthenticationHandler(loginContext);
 
         if (handler == null) {
@@ -240,18 +221,14 @@ public class AuthenticationEngine extends HttpServlet {
             return;
         }
 
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Authentication method " + handler.getFirst() + " will be used to authenticate user.");
-        }
+        LOG.debug("Authentication method {} will be used to authenticate user.", handler.getFirst());
         loginContext.setAuthenticationAttempted();
         loginContext.setAuthenticationDuration(handler.getSecond().getAuthenticationDuration());
         loginContext.setAuthenticationMethod(handler.getFirst());
         loginContext.setAuthenticationEngineURL(HttpHelper.getRequestUriWithoutContext(httpRequest));
 
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Transferring control to authentication handler of type: "
-                    + handler.getSecond().getClass().getName());
-        }
+        LOG.debug("Transferring control to authentication handler of type: {}", handler.getSecond().getClass()
+                .getName());
         handler.getSecond().login(httpRequest, httpResponse);
     }
 
@@ -284,9 +261,7 @@ public class AuthenticationEngine extends HttpServlet {
         Session shibSession = getSessionManager().getSession(shibSessionId);
 
         if (shibSession == null) {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("Creating shibboleth session for principal " + principalName);
-            }
+            LOG.debug("Creating shibboleth session for principal {}", principalName);
 
             InetAddress addr;
             try {
@@ -300,10 +275,8 @@ public class AuthenticationEngine extends HttpServlet {
             httpSession.setAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE, shibSession.getSessionID());
         }
 
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Recording authentication and service information in Shibboleth session for principal: "
-                    + principalName);
-        }
+        LOG.debug("Recording authentication and service information in Shibboleth session for principal: {}",
+                principalName);
         Subject subject = (Subject) httpRequest.getAttribute(LoginHandler.SUBJECT_KEY);
         AuthenticationMethodInformation authnMethodInfo = new AuthenticationMethodInformationImpl(subject, loginContext
                 .getAuthenticationMethod(), new DateTime(), loginContext.getAuthenticationDuration());
index 3a10c08..7443816 100644 (file)
@@ -25,7 +25,6 @@ import java.util.List;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
-import org.apache.log4j.Logger;
 import org.opensaml.Configuration;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
@@ -37,6 +36,8 @@ import org.opensaml.xml.io.MarshallingException;
 import org.opensaml.xml.io.Unmarshaller;
 import org.opensaml.xml.io.UnmarshallingException;
 import org.opensaml.xml.util.XMLHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.w3c.dom.Element;
 import org.xml.sax.InputSource;
 
@@ -51,7 +52,7 @@ public class Saml2LoginContext extends LoginContext implements Serializable {
     private static final long serialVersionUID = -2518779446947534977L;
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(Saml2LoginContext.class);
+    private final Logger log = LoggerFactory.getLogger(Saml2LoginContext.class);
     
     /** Relay state from authentication request. */
     private String relayState;
index 654346c..f98ad34 100644 (file)
@@ -16,7 +16,6 @@
 
 package edu.internet2.middleware.shibboleth.idp.authn.provider;
 
-import java.io.IOException;
 import java.net.Inet4Address;
 import java.net.Inet6Address;
 import java.net.InetAddress;
@@ -25,18 +24,15 @@ import java.util.BitSet;
 import java.util.List;
 import java.util.concurrent.CopyOnWriteArrayList;
 
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.log4j.Logger;
-import org.joda.time.DateTime;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
 import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
-import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
 
 /**
  * IP Address authentication handler.
@@ -50,7 +46,7 @@ import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
 public class IPAddressLoginHandler extends AbstractLoginHandler {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(IPAddressLoginHandler.class);
+    private final Logger log = LoggerFactory.getLogger(IPAddressLoginHandler.class);
 
     /** The URI of the AuthnContextDeclRef or the AuthnContextClass. */
     private String authnMethodURI = "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol";
@@ -81,7 +77,8 @@ public class IPAddressLoginHandler extends AbstractLoginHandler {
 
         for (String addr : entries) {
             try {
-                ipList.add(new edu.internet2.middleware.shibboleth.idp.authn.provider.IPAddressLoginHandler.IPEntry(addr));
+                ipList.add(new edu.internet2.middleware.shibboleth.idp.authn.provider.IPAddressLoginHandler.IPEntry(
+                        addr));
             } catch (UnknownHostException ex) {
                 log.error("IPAddressHandler: Error parsing entry \"" + addr + "\". Ignoring.");
             }
@@ -125,12 +122,7 @@ public class IPAddressLoginHandler extends AbstractLoginHandler {
             handleDefaultAllow(httpRequest, httpResponse);
         }
 
-        try {
-            AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
-        } catch (ServletException e) {
-            // this shouldn't ever happen since the handler can only be accessed through the authentication engine
-            return;
-        }
+        AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
     }
 
     protected void handleDefaultDeny(HttpServletRequest request, HttpServletResponse response) {
index 067e2e3..70d1142 100644 (file)
@@ -23,7 +23,8 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.log4j.Logger;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
 import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
@@ -37,25 +38,15 @@ public class RemoteUserAuthServlet extends HttpServlet {
     private static final long serialVersionUID = 1745454095756633626L;
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(RemoteUserAuthServlet.class);
+    private final Logger log = LoggerFactory.getLogger(RemoteUserAuthServlet.class);
 
     /** {@inheritDoc} */
     protected void service(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws ServletException,
             IOException {
         String principalName = httpRequest.getRemoteUser();
 
-        if (log.isDebugEnabled()) {
-            log.debug("Remote user identified as " + principalName
-                            + " returning control back to authentication engine");
-        }
+        log.debug("Remote user identified as {} returning control back to authentication engine", principalName);
         httpRequest.setAttribute(LoginHandler.PRINCIPAL_NAME_KEY, httpRequest.getRemoteUser());
-
-        try {
-            AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
-        } catch (ServletException e) {
-            throw new ServletException("Unable to return to authentication engine.  "
-                    + "Authentication servlet should not be accessed directly.");
-        }
-
+        AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
     }
 }
\ No newline at end of file
index 81d11a7..ff0bfff 100644 (file)
@@ -21,8 +21,9 @@ import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.log4j.Logger;
 import org.opensaml.util.URLBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Authentication Handler that redirects to servlet protected by a Web Single-Sign-On system.
@@ -30,7 +31,7 @@ import org.opensaml.util.URLBuilder;
 public class RemoteUserLoginHandler extends AbstractLoginHandler {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(RemoteUserLoginHandler.class);
+    private final Logger log = LoggerFactory.getLogger(RemoteUserLoginHandler.class);
 
     /** The URL of the SSO-protected servlet. */
     private String servletURL;
@@ -71,10 +72,7 @@ public class RemoteUserLoginHandler extends AbstractLoginHandler {
             urlBuilder.setPort(httpRequest.getLocalPort());
             urlBuilder.setPath(pathBuilder.toString());
 
-            if (log.isDebugEnabled()) {
-                log.debug("Redirecting to " + urlBuilder.buildURL());
-            }
-
+            log.debug("Redirecting to {}", urlBuilder.buildURL());
             httpResponse.sendRedirect(urlBuilder.buildURL());
             return;
         } catch (IOException ex) {
index 48c7c31..a9a9027 100644 (file)
@@ -21,14 +21,15 @@ import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.log4j.Logger;
 import org.opensaml.util.URLBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Authenticate a username and password against a JAAS source.
  * 
- * This authenticaiton handler requires a JSP to collect a username and password from the user. It also requires
- * a JAAS configuration file to validate the username and password.
+ * This authenticaiton handler requires a JSP to collect a username and password from the user. It also requires a JAAS
+ * configuration file to validate the username and password.
  * 
  * If an Authentication Context Class or DeclRef URI is not specified, it will default to
  * "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport".
@@ -36,17 +37,17 @@ import org.opensaml.util.URLBuilder;
 public class UsernamePasswordLoginHandler extends AbstractLoginHandler {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(UsernamePasswordLoginHandler.class);
+    private final Logger log = LoggerFactory.getLogger(UsernamePasswordLoginHandler.class);
 
     /** The URL of the servlet used to perform authentication. */
     private String authenticationServletURL;
 
-    /** 
+    /**
      * Constructor.
-     *
+     * 
      * @param servletURL URL to the authentication servlet
      */
-    public UsernamePasswordLoginHandler(String servletURL){
+    public UsernamePasswordLoginHandler(String servletURL) {
         super();
         setSupportsPassive(false);
         setSupportsForceAuthentication(true);
@@ -70,10 +71,7 @@ public class UsernamePasswordLoginHandler extends AbstractLoginHandler {
             urlBuilder.setPort(httpRequest.getLocalPort());
             urlBuilder.setPath(pathBuilder.toString());
 
-            if (log.isDebugEnabled()) {
-                log.debug("Redirecting to " + urlBuilder.buildURL());
-            }
-
+            log.debug("Redirecting to {}", urlBuilder.buildURL());
             httpResponse.sendRedirect(urlBuilder.buildURL());
             return;
         } catch (IOException ex) {
index 2991059..3142c29 100644 (file)
@@ -18,8 +18,6 @@ package edu.internet2.middleware.shibboleth.idp.authn.provider;
 
 import java.io.IOException;
 import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -33,10 +31,10 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.log4j.Logger;
 import org.opensaml.util.URLBuilder;
 import org.opensaml.xml.util.DatatypeHelper;
-import org.opensaml.xml.util.Pair;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
 import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
@@ -51,16 +49,13 @@ public class UsernamePasswordLoginServlet extends HttpServlet {
     private static final long serialVersionUID = -572799841125956990L;
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(RemoteUserAuthServlet.class);
+    private final Logger log = LoggerFactory.getLogger(RemoteUserAuthServlet.class);
 
     /** Name of JAAS configuration used to authenticate users. */
     private final String jaasConfigName = "ShibUserPassAuth";
 
     /** Login page name. */
     private final String loginPage = "login.jsp";
-    
-    /** Parameter name to indicate login failure. */
-    private final String failureParam = "loginFailed";
 
     /** HTTP request parameter containing the user name. */
     private final String usernameAttribute = "j_username";
@@ -75,21 +70,14 @@ public class UsernamePasswordLoginServlet extends HttpServlet {
         String password = DatatypeHelper.safeTrimOrNullString(request.getParameter(passwordAttribute));
 
         if (username == null || password == null) {
-            redirectToLoginPage(request, response, null);
+            redirectToLoginPage(request, response);
             return;
         }
 
         if (authenticateUser(request)) {
-            try {
-                AuthenticationEngine.returnToAuthenticationEngine(request, response);
-            } catch (ServletException e) {
-                throw new ServletException("Unable to return to authentication engine.  "
-                        + "Authentication servlet should not be accessed directly.");
-            }
+            AuthenticationEngine.returnToAuthenticationEngine(request, response);
         } else {
-            List<Pair<String, String>> queryParams = new ArrayList<Pair<String, String>>();
-            queryParams.add(new Pair<String, String>(failureParam, "true"));
-            redirectToLoginPage(request, response, queryParams);
+            redirectToLoginPage(request, response);
             return;
         }
     }
@@ -99,10 +87,8 @@ public class UsernamePasswordLoginServlet extends HttpServlet {
      * 
      * @param request current request
      * @param response current response
-     * @param queryParams query parameters to pass to the login page
      */
-    protected void redirectToLoginPage(HttpServletRequest request, HttpServletResponse response,
-            List<Pair<String, String>> queryParams) {
+    protected void redirectToLoginPage(HttpServletRequest request, HttpServletResponse response) {
         try {
             StringBuilder pathBuilder = new StringBuilder();
             pathBuilder.append(request.getContextPath());
@@ -114,14 +100,8 @@ public class UsernamePasswordLoginServlet extends HttpServlet {
             urlBuilder.setHost(request.getLocalName());
             urlBuilder.setPort(request.getLocalPort());
             urlBuilder.setPath(pathBuilder.toString());
-            if (queryParams != null) {
-                urlBuilder.getQueryParams().addAll(queryParams);
-            }
-            
-            if (log.isDebugEnabled()) {
-                log.debug("Redirecting to login page " + urlBuilder.buildURL());
-            }
 
+            log.debug("Redirecting to login page {}", urlBuilder.buildURL());
             response.sendRedirect(urlBuilder.buildURL());
             return;
         } catch (IOException ex) {
@@ -149,7 +129,7 @@ public class UsernamePasswordLoginServlet extends HttpServlet {
                     jaasConfigName, cbh);
 
             jaasLoginCtx.login();
-            log.debug("Successfully authenticated user " + username);
+            log.debug("Successfully authenticated user {}", username);
 
             Subject subject = jaasLoginCtx.getSubject();
             Principal principal = subject.getPrincipals().iterator().next();
@@ -158,15 +138,13 @@ public class UsernamePasswordLoginServlet extends HttpServlet {
 
             return true;
         } catch (LoginException e) {
-            if (log.isDebugEnabled()) {
-                log.debug("User authentication failed", e);
-            }
+            log.debug("User authentication failed", e);
             return false;
         }
     }
 
     /**
-     * A callback handler that provides static name and password data to a JAAS login process.
+     * A callback handler that provides static name and password data to a JAAS loging process.
      * 
      * This handler only supports {@link NameCallback} and {@link PasswordCallback}.
      */
index 9749bd1..767704f 100644 (file)
 
 package edu.internet2.middleware.shibboleth.idp.config.profile;
 
-import org.apache.log4j.Logger;
 import org.opensaml.xml.util.DatatypeHelper;
 import org.opensaml.xml.util.XMLHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
@@ -31,13 +32,11 @@ public abstract class AbstractSAMLProfileHandlerBeanDefinitionParser extends
         AbstractShibbolethProfileHandlerBeanDefinitionParser {
 
     /** Class loggger. */
-    private static Logger log = Logger.getLogger(AbstractSAMLProfileHandlerBeanDefinitionParser.class);
+    private static Logger log = LoggerFactory.getLogger(AbstractSAMLProfileHandlerBeanDefinitionParser.class);
 
     /** {@inheritDoc} */
     protected void doParse(Element config, BeanDefinitionBuilder builder) {
-        if (log.isInfoEnabled()) {
-            log.info("Parsing configuration for " + config.getLocalName() + " SAML profile handler.");
-        }
+        log.info("Parsing configuration for {} SAML profile handler.", config.getLocalName());
         super.doParse(config, builder);
 
         builder.addPropertyReference("idGenerator", config.getAttributeNS(null, "idGeneratorId"));
index 8ea8012..8aec50e 100644 (file)
@@ -21,8 +21,9 @@ import java.util.Map;
 
 import javax.xml.namespace.QName;
 
-import org.apache.log4j.Logger;
 import org.opensaml.xml.util.XMLHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.support.AbstractBeanDefinition;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
@@ -40,7 +41,7 @@ public class ProfileHandlerGroupBeanDefinitionParser extends AbstractBeanDefinit
     public static final QName SCHEMA_TYPE = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "ProfileHandlerGroup");
     
     /** Class logger. */
-    private static Logger log = Logger.getLogger(ProfileHandlerGroupBeanDefinitionParser.class);
+    private static Logger log = LoggerFactory.getLogger(ProfileHandlerGroupBeanDefinitionParser.class);
 
     /** {@inheritDoc} */
     protected AbstractBeanDefinition parseInternal(Element config, ParserContext context) {
@@ -50,21 +51,15 @@ public class ProfileHandlerGroupBeanDefinitionParser extends AbstractBeanDefinit
         List<Element> children;
 
         children = configChildren.get(new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "ErrorHandler"));
-        if(log.isDebugEnabled()){
-            log.debug(children.size() + " error handler definitions found");
-        }
+        log.debug("{} error handler definitions found", children.size());
         builder.addPropertyValue("errorHandler", SpringConfigurationUtils.parseCustomElement(children.get(0), context));
 
         children = configChildren.get(new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "ProfileHandler"));
-        if(log.isDebugEnabled()){
-            log.debug(children.size() + " profile handler definitions found");
-        }
+        log.debug("{} profile handler definitions found", children.size());
         builder.addPropertyValue("profileHandlers", SpringConfigurationUtils.parseCustomElements(children, context));
 
         children = configChildren.get(new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "LoginHandler"));
-        if(log.isDebugEnabled()){
-            log.debug(children.size() + " login handler definitions found");
-        }
+        log.debug("{} login handler definitions found", children.size());
         builder.addPropertyValue("loginHandlers", SpringConfigurationUtils.parseCustomElements(children,
                 context));
 
index 55ea2b4..6b4b687 100644 (file)
@@ -19,9 +19,10 @@ package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
 import java.util.ArrayList;
 import java.util.List;
 
-import org.apache.log4j.Logger;
 import org.opensaml.xml.util.DatatypeHelper;
 import org.opensaml.xml.util.XMLHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
 import org.w3c.dom.Element;
@@ -34,18 +35,14 @@ import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerName
 public abstract class AbstractLoginHandlerBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
 
     /** Class logger. */
-    private static Logger log = Logger.getLogger(AbstractLoginHandlerBeanDefinitionParser.class);
+    private static Logger log = LoggerFactory.getLogger(AbstractLoginHandlerBeanDefinitionParser.class);
 
     /** {@inheritDoc} */
     protected void doParse(Element config, BeanDefinitionBuilder builder) {
-        if (log.isInfoEnabled()) {
-            log.info("Parsing configuration for " + config.getLocalName() + " authentication handler.");
-        }
+        log.info("Parsing configuration for {} authentication handler.", config.getLocalName());
         
         int duration = Integer.parseInt(config.getAttributeNS(null, "authenticationDuration"));
-        if (log.isDebugEnabled()) {
-            log.debug("Authentication handler declared duration of " + duration + " minutes");
-        }
+        log.debug("Authentication handler declared duration of {} minutes", duration);
         builder.addPropertyValue("authenticationDuration", duration);
 
         String authnMethod;
@@ -54,9 +51,7 @@ public abstract class AbstractLoginHandlerBeanDefinitionParser extends AbstractS
                 ProfileHandlerNamespaceHandler.NAMESPACE, "AuthenticationMethod");
         for (Element authnMethodElem : authnMethodElems) {
             authnMethod = DatatypeHelper.safeTrimOrNullString(authnMethodElem.getTextContent());
-            if (log.isDebugEnabled()) {
-                log.debug("Authentication handler declared support for authentication method " + authnMethod);
-            }
+            log.debug("Authentication handler declared support for authentication method {}", authnMethod);
             authnMethods.add(authnMethod);
         }
         builder.addPropertyValue("authenticationMethods", authnMethods);
index 05c966f..e290d20 100644 (file)
@@ -18,9 +18,9 @@ package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
 
 import javax.xml.namespace.QName;
 
-import org.apache.log4j.Logger;
-import org.opensaml.log.Level;
 import org.opensaml.xml.util.DatatypeHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
@@ -36,7 +36,7 @@ public class UsernamePasswordLoginHandlerBeanDefinitionParser extends
     public static final QName SCHEMA_TYPE = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "UsernamePassword");
     
     /** Class logger. */
-    private final Logger log = Logger.getLogger("UsernamePasswordAuthenticationHandlerBeanDefinitionParser");
+    private final Logger log = LoggerFactory.getLogger(UsernamePasswordLoginHandlerBeanDefinitionParser.class);
 
     /** {@inheritDoc} */
     protected Class getBeanClass(Element element) {
@@ -51,7 +51,7 @@ public class UsernamePasswordLoginHandlerBeanDefinitionParser extends
                 "authenticationServletURL")));
 
         String jaasConfigurationURL = DatatypeHelper.safeTrim(config.getAttributeNS(null, "jaasConfigurationLocation"));
-        log.log(Level.CRITICAL, "Setting JAAS configuration file to: " + jaasConfigurationURL);
+        log.info("Setting JAAS configuration file to: {}", jaasConfigurationURL);
         System.setProperty("java.security.auth.login.config", jaasConfigurationURL);
     }
 }
\ No newline at end of file
index 97f8100..2a9de67 100644 (file)
@@ -19,7 +19,6 @@ package edu.internet2.middleware.shibboleth.idp.config.profile.saml2;
 import javax.xml.namespace.QName;
 
 import org.opensaml.xml.util.DatatypeHelper;
-import org.opensaml.xml.util.XMLHelper;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
index df629e4..871cd03 100644 (file)
@@ -49,14 +49,7 @@ public class IdPConfigBeanDefinitionParser extends AbstractSimpleBeanDefinitionP
     /** {@inheritDoc} */
     protected void doParse(Element config, ParserContext context, BeanDefinitionBuilder builder) {
         Map<QName, List<Element>> configChildren = XMLHelper.getChildElements(config);
-        List<Element> children;
-
-        children = configChildren.get(new QName(IdPServicesNamespaceHandler.NAMESPACE, "LoggingConfiguration"));
-        if (children != null && children.size() > 0) {
-            builder.addPropertyValue("loggingService", SpringConfigurationUtils.parseCustomElement(children.get(0), context));
-        }
-
-        children = configChildren.get(new QName(ServiceNamespaceHandler.NAMESPACE, "Service"));
+        List<Element> children = configChildren.get(new QName(ServiceNamespaceHandler.NAMESPACE, "Service"));
         builder.addConstructorArg(SpringConfigurationUtils.parseCustomElements(children, context));
     }
     
index d7738dd..8f26976 100644 (file)
@@ -24,8 +24,8 @@ import edu.internet2.middleware.shibboleth.common.config.BaseService;
  * Collection of services loaded by the IdP.
  */
 public class IdPServicesBean {
-
-    /** Serivce components loaded into the IdP. */
+    
+    /** Service components loaded into the IdP. */
     private List<BaseService> services;
 
     /**
index e9fea02..20fe0d7 100644 (file)
@@ -21,16 +21,16 @@ import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.apache.log4j.Logger;
 import org.opensaml.common.IdentifierGenerator;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
 import org.opensaml.common.binding.encoding.SAMLMessageEncoder;
-import org.opensaml.log.Level;
 import org.opensaml.saml2.metadata.Endpoint;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.ws.transport.InTransport;
 import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.log.AuditLogEntry;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
@@ -46,10 +46,10 @@ public abstract class AbstractSAMLProfileHandler extends
         AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager, Session> {
 
     /** SAML message audit log. */
-    private final Logger auditLog = Logger.getLogger(AuditLogEntry.AUDIT_LOGGER_NAME);
+    private final Logger auditLog = LoggerFactory.getLogger(AuditLogEntry.AUDIT_LOGGER_NAME);
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(AbstractSAMLProfileHandler.class);
+    private final Logger log = LoggerFactory.getLogger(AbstractSAMLProfileHandler.class);
 
     /** Generator of IDs which may be used for SAML assertions, requests, etc. */
     private IdentifierGenerator idGenerator;
@@ -224,23 +224,20 @@ public abstract class AbstractSAMLProfileHandler extends
         try {
             Endpoint peerEndpoint = requestContext.getPeerEntityEndpoint();
             if (peerEndpoint == null) {
-                log.error("No return endpoint available for relying party " + requestContext.getInboundMessageIssuer());
+                log.error("No return endpoint available for relying party {}", requestContext
+                                .getInboundMessageIssuer());
                 throw new ProfileException("No peer endpoint available to which to send SAML response");
             }
 
             SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding());
             if (encoder == null) {
-                log.error("No outbound message encoder configured for binding "
-                        + requestContext.getPeerEntityEndpoint().getBinding());
+                log.error("No outbound message encoder configured for binding {}", requestContext
+                        .getPeerEntityEndpoint().getBinding());
                 throw new ProfileException("No outbound message encoder configured for binding "
                         + requestContext.getPeerEntityEndpoint().getBinding());
             }
-
-            if (log.isDebugEnabled()) {
-                log.debug("Encoding response to SAML request " + requestContext.getInboundSAMLMessageId()
-                        + " from relying party " + requestContext.getInboundMessageIssuer() + " with outbound binding "
-                        + encoder.getBindingURI());
-            }
+            log.debug("Encoding response to SAML request {} from relying party {}", requestContext
+                    .getInboundSAMLMessageId(), requestContext.getInboundMessageIssuer());
 
             requestContext.setMessageEncoder(encoder);
             encoder.encode(requestContext);
@@ -269,6 +266,7 @@ public abstract class AbstractSAMLProfileHandler extends
         if (context.getReleasedAttributes() != null) {
             auditLogEntry.getReleasedAttributes().addAll(context.getReleasedAttributes());
         }
-        getAduitLog().log(Level.CRITICAL, auditLogEntry);
+
+        getAduitLog().info(auditLogEntry.toString());
     }
 }
\ No newline at end of file
index 006dafd..928b95a 100644 (file)
@@ -25,9 +25,10 @@ import java.util.concurrent.locks.Lock;
 import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 
-import org.apache.log4j.Logger;
 import org.opensaml.util.resource.Resource;
 import org.opensaml.xml.util.Pair;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.context.ApplicationContext;
 
 import edu.internet2.middleware.shibboleth.common.config.BaseReloadableService;
@@ -45,7 +46,7 @@ import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
 public class IdPProfileHandlerManager extends BaseReloadableService implements ProfileHandlerManager {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(IdPProfileHandlerManager.class);
+    private final Logger log = LoggerFactory.getLogger(IdPProfileHandlerManager.class);
 
     /** Handler used for errors. */
     private AbstractErrorHandler errorHandler;
@@ -103,23 +104,18 @@ public class IdPProfileHandlerManager extends BaseReloadableService implements P
         ProfileHandler handler;
 
         String requestPath = ((HttpServletRequest) request).getPathInfo();
-        if (log.isDebugEnabled()) {
-            log.debug(getId() + ": Looking up profile handler for request path: " + requestPath);
-        }
+        log.debug("{}: Looking up profile handler for request path: {}", getId(), requestPath);
+
         Lock readLock = getReadWriteLock().readLock();
         readLock.lock();
         handler = profileHandlers.get(requestPath);
         readLock.unlock();
 
         if (handler != null) {
-            if (log.isDebugEnabled()) {
-                log.debug(getId() + ": Located profile handler of the following type for request path "
-                        + requestPath + ": " + handler.getClass().getName());
-            }
+            log.debug("{}: Located profile handler of the following type for the request path: {}", getId(), handler
+                    .getClass().getName());
         } else {
-            if (log.isDebugEnabled()) {
-                log.debug(getId() + ": No profile handler registered for request path " + requestPath);
-            }
+            log.debug("{}: No profile handler registered for request path {}", getId(), requestPath);
         }
         return handler;
     }
@@ -142,49 +138,34 @@ public class IdPProfileHandlerManager extends BaseReloadableService implements P
      * @return authentication method URI and handler appropriate for given login context
      */
     public Pair<String, LoginHandler> getAuthenticationHandler(LoginContext loginContext) {
-        if (loginContext == null) {
-            return null;
-        }
-        
-        if (log.isDebugEnabled()) {
-            log.debug(getId() + ": Looking up authentication method for relying party "
-                    + loginContext.getRelyingPartyId());
-        }
+        log.debug("{}: Looking up authentication method for relying party {}", getId(), loginContext
+                .getRelyingPartyId());
+
         List<String> requestedMethods = loginContext.getRequestedAuthenticationMethods();
         if (requestedMethods != null) {
             LoginHandler candidateHandler;
             for (String requestedMethod : requestedMethods) {
-                if (log.isDebugEnabled()) {
-                    log.debug(getId() + ": Checking for authentication handler for method " + requestedMethod
-                            + " which was requested for relying party " + loginContext.getRelyingPartyId());
-                }
+                log.debug(getId() + "{}: Checking for authentication handler for method {}", getId(), requestedMethod);
                 candidateHandler = authenticationHandlers.get(requestedMethod);
                 if (candidateHandler != null) {
-                    if (log.isDebugEnabled()) {
-                        log.debug(getId() + ": Authentication handler for method " + requestedMethod
-                                + " for relying party " + loginContext.getRelyingPartyId()
-                                + " found.  Checking if it meets othe criteria.");
-                    }
-                    if(loginContext.getPassiveAuth() && !candidateHandler.supportsPassive()){
-                        if (log.isDebugEnabled()) {
-                            log.debug(getId() + ": Authentication handler for method " + requestedMethod
-                                    + " for relying party " + loginContext.getRelyingPartyId()
-                                    + " does not meet required support for passive auth.  Skipping it");
-                        }
+                    log.debug(getId()
+                            + "{}: Authentication handler for method {} found.  Checking if it meets othe criteria.",
+                            getId(), requestedMethod);
+
+                    if (loginContext.getPassiveAuth() && !candidateHandler.supportsPassive()) {
+                        log.debug("{}: Authentication handler for method {} does not meet required support for passive auth.  Skipping it",
+                                        getId(), requestedMethod);
                         continue;
                     }
-                    
-                    if (log.isDebugEnabled()) {
-                        log.debug(getId() + ": Authentication handler for method " + requestedMethod
-                                + " for relying party " + loginContext.getRelyingPartyId()
-                                + " meets all requirements, using it.");
-                    }
+
+                    log.debug(getId() + "{}: Authentication handler for method {}  meets all requirements, using it.",
+                            getId(), requestedMethod);
                     return new Pair<String, LoginHandler>(requestedMethod, candidateHandler);
                 }
             }
         } else {
-            log.error(getId() + ": No requested authentication methods for relying party "
-                    + loginContext.getRelyingPartyId());
+            log.error("{}: No requested authentication methods for relying party {}", getId(), loginContext
+                    .getRelyingPartyId());
         }
 
         return null;
@@ -201,9 +182,7 @@ public class IdPProfileHandlerManager extends BaseReloadableService implements P
 
     /** {@inheritDoc} */
     protected void newContextCreated(ApplicationContext newServiceContext) {
-        if (log.isDebugEnabled()) {
-            log.debug(getId() + ": Loading new configuration into service");
-        }
+        log.debug("{}: Loading new configuration into service", getId());
         Lock writeLock = getReadWriteLock().writeLock();
         writeLock.lock();
         loadNewErrorHandler(newServiceContext);
@@ -219,14 +198,10 @@ public class IdPProfileHandlerManager extends BaseReloadableService implements P
      */
     protected void loadNewErrorHandler(ApplicationContext newServiceContext) {
         String[] errorBeanNames = newServiceContext.getBeanNamesForType(AbstractErrorHandler.class);
-        if (log.isDebugEnabled()) {
-            log.debug(getId() + ": Loading " + errorBeanNames.length + " new error handler.");
-        }
+        log.debug("{}: Loading {} new error handler.", getId(), errorBeanNames.length);
 
         errorHandler = (AbstractErrorHandler) newServiceContext.getBean(errorBeanNames[0]);
-        if (log.isDebugEnabled()) {
-            log.debug(getId() + ": Loaded new error handler of type: " + errorHandler.getClass().getName());
-        }
+        log.debug("{}: Loaded new error handler of type: {}", getId(), errorHandler.getClass().getName());
     }
 
     /**
@@ -236,21 +211,15 @@ public class IdPProfileHandlerManager extends BaseReloadableService implements P
      */
     protected void loadNewProfileHandlers(ApplicationContext newServiceContext) {
         String[] profileBeanNames = newServiceContext.getBeanNamesForType(AbstractRequestURIMappedProfileHandler.class);
-        if (log.isDebugEnabled()) {
-            log.debug(getId() + ": Loading " + profileBeanNames.length + " new profile handlers.");
-        }
+        log.debug("{}: Loading {} new profile handlers.", getId(), profileBeanNames.length);
 
         profileHandlers.clear();
-        AbstractRequestURIMappedProfileHandler<?,?> profileHandler;
+        AbstractRequestURIMappedProfileHandler<?, ?> profileHandler;
         for (String profileBeanName : profileBeanNames) {
             profileHandler = (AbstractRequestURIMappedProfileHandler) newServiceContext.getBean(profileBeanName);
             for (String requestPath : profileHandler.getRequestPaths()) {
                 profileHandlers.put(requestPath, profileHandler);
-                if (log.isDebugEnabled()) {
-                    log.debug(getId() + ": Loaded profile handler of type "
-                                    + profileHandler.getClass().getName() + " handling requests to request path "
-                                    + requestPath);
-                }
+                log.debug("{}: Loaded profile handler for handling requests to request path {}", getId(), requestPath);
             }
         }
     }
@@ -262,19 +231,15 @@ public class IdPProfileHandlerManager extends BaseReloadableService implements P
      */
     protected void loadNewAuthenticationHandlers(ApplicationContext newServiceContext) {
         String[] authnBeanNames = newServiceContext.getBeanNamesForType(LoginHandler.class);
-        if (log.isDebugEnabled()) {
-            log.debug(getId() + ": Loading " + authnBeanNames.length + " new authentication handlers.");
-        }
+        log.debug("{}: Loading {} new authentication handlers.", getId(), authnBeanNames.length);
 
         authenticationHandlers.clear();
         LoginHandler authnHandler;
         for (String authnBeanName : authnBeanNames) {
             authnHandler = (LoginHandler) newServiceContext.getBean(authnBeanName);
-            if (log.isDebugEnabled()) {
-                log.debug(getId() + ": Loading authentication handler of type "
-                        + authnHandler.getClass().getName() + " supporting authentication methods: "
-                        + authnHandler.getSupportedAuthenticationMethods());
-            }
+            log.debug("{}: Loading authentication handler of type supporting authentication methods: {}", getId(),
+                    authnHandler.getSupportedAuthenticationMethods());
+
             for (String authnMethod : authnHandler.getSupportedAuthenticationMethods()) {
                 authenticationHandlers.put(authnMethod, authnHandler);
             }
index 0762892..22cd73e 100644 (file)
@@ -19,9 +19,10 @@ package edu.internet2.middleware.shibboleth.idp.profile;
 import java.io.IOException;
 import java.io.OutputStreamWriter;
 
-import org.apache.log4j.Logger;
 import org.opensaml.ws.transport.InTransport;
 import org.opensaml.ws.transport.OutTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler;
 
@@ -32,7 +33,7 @@ import edu.internet2.middleware.shibboleth.common.profile.provider.AbstractReque
 public class StatusProfileHandler extends AbstractRequestURIMappedProfileHandler {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(StatusProfileHandler.class);
+    private final Logger log = LoggerFactory.getLogger(StatusProfileHandler.class);
 
     /** {@inheritDoc} */
     public String getProfileId() {
index a03957e..ba02eae 100644 (file)
@@ -23,7 +23,6 @@ import java.util.Map;
 
 import javax.xml.namespace.QName;
 
-import org.apache.log4j.Logger;
 import org.joda.time.DateTime;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.SAMLObjectBuilder;
@@ -58,6 +57,8 @@ import org.opensaml.xml.security.SecurityHelper;
 import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.Signer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException;
 import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
@@ -76,7 +77,7 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
     public static final SAMLVersion SAML_VERSION = SAMLVersion.VERSION_11;
 
     /** Class logger. */
-    private static Logger log = Logger.getLogger(AbstractSAML1ProfileHandler.class);
+    private static Logger log = LoggerFactory.getLogger(AbstractSAML1ProfileHandler.class);
 
     /** Builder of Response objects. */
     private SAMLObjectBuilder<Response> responseBuilder;
@@ -301,17 +302,12 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
      */
     protected NameIdentifier buildNameId(BaseSAML1ProfileRequestContext<?, ?, ?> requestContext)
             throws ProfileException {
-        if (log.isDebugEnabled()) {
-            log.debug("Building assertion NameIdentifier to relying party " + requestContext.getInboundMessageIssuer()
-                    + " for principal " + requestContext.getPrincipalName());
-        }
+        log.debug("Building assertion NameIdentifier to relying party {} for principal {}", requestContext
+                .getInboundMessageIssuer(), requestContext.getPrincipalName());
         Map<String, BaseAttribute> principalAttributes = requestContext.getPrincipalAttributes();
         List<String> supportedNameFormats = getNameFormats(requestContext);
 
-        if (log.isDebugEnabled()) {
-            log.debug("Supported name formats: " + supportedNameFormats);
-        }
-
+        log.debug("Supported name formats: {}", supportedNameFormats);
         if (principalAttributes == null || supportedNameFormats == null) {
             log.error("No attributes for principal " + requestContext.getPrincipalName()
                     + " support constructions of NameIdentifier");
@@ -328,12 +324,8 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
                     if (encoder instanceof SAML1NameIdentifierEncoder) {
                         nameIdEncoder = (SAML1NameIdentifierEncoder) encoder;
                         if (supportedNameFormats.contains(nameIdEncoder.getNameFormat())) {
-                            if (log.isDebugEnabled()) {
-                                log.debug("Using attribute " + attribute.getId() + " suppoting name format "
-                                        + nameIdEncoder.getNameFormat()
-                                        + " to create the NameIdentifier for principal "
-                                        + requestContext.getPrincipalName());
-                            }
+                            log.debug("Using attribute {} suppoting name format {} to create the NameIdentifier for principal",
+                                            attribute.getId(), nameIdEncoder.getNameFormat());
                             return nameIdEncoder.encode(attribute);
                         }
                     }
@@ -489,10 +481,8 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
         SAML1AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
 
         try {
-            if (log.isDebugEnabled()) {
-                log.debug("Resolving attributes for principal " + requestContext.getPrincipalName()
-                        + " of SAML request from relying party " + requestContext.getInboundMessageIssuer());
-            }
+            log.debug("Resolving attributes for principal {} of SAML request from relying party {}", requestContext
+                    .getPrincipalName(), requestContext.getInboundMessageIssuer());
             Map<String, BaseAttribute> principalAttributes = attributeAuthority.getAttributes(requestContext);
 
             requestContext.setAttributes(principalAttributes);
@@ -518,11 +508,8 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
     protected AttributeStatement buildAttributeStatement(BaseSAML1ProfileRequestContext<?, ?, ?> requestContext,
             String subjectConfMethod) throws ProfileException {
 
-        if (log.isDebugEnabled()) {
-            log.debug("Creating attribute statement in response to SAML request from relying party "
-                    + requestContext.getInboundMessageIssuer());
-        }
-
+        log.debug("Creating attribute statement in response to SAML request from relying party {}", requestContext
+                .getInboundMessageIssuer());
         AbstractSAML1ProfileConfiguration profileConfiguration = requestContext.getProfileConfiguration();
         SAML1AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
 
@@ -559,10 +546,8 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
         AbstractSAML1ProfileConfiguration profileConfiguration = requestContext.getProfileConfiguration();
         SAML1AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
 
-        if (log.isDebugEnabled()) {
-            log.debug("Resolving principal name for subject of SAML request from relying party "
-                    + requestContext.getInboundMessageIssuer());
-        }
+        log.debug("Resolving principal name for subject of SAML request from relying party {}", requestContext
+                .getInboundMessageIssuer());
 
         try {
             String principal = attributeAuthority.getPrincipal(requestContext);
@@ -589,10 +574,8 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
      */
     protected void signAssertion(BaseSAML1ProfileRequestContext<?, ?, ?> requestContext, Assertion assertion)
             throws ProfileException {
-        if (log.isDebugEnabled()) {
-            log.debug("Determining if SAML assertion to relying party " + requestContext.getInboundMessageIssuer()
-                    + " should be signed");
-        }
+        log.debug("Determining if SAML assertion to relying party {} should be signed", requestContext
+                .getInboundMessageIssuer());
 
         boolean signAssertion = false;
 
@@ -603,26 +586,21 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
             SPSSODescriptor ssoDescriptor = (SPSSODescriptor) relyingPartyRole;
             if (ssoDescriptor.getWantAssertionsSigned() != null) {
                 signAssertion = ssoDescriptor.getWantAssertionsSigned().booleanValue();
-                if (log.isDebugEnabled()) {
-                    log.debug("Entity metadata for relying party " + requestContext.getInboundMessageIssuer()
-                            + " indicates to sign assertions: " + signAssertion);
-                }
+                log.debug("Entity metadata for relying party {} indicates to sign assertions: {}", requestContext
+                        .getInboundMessageIssuer(), signAssertion);
             }
         } else if (profileConfig.getSignAssertions()) {
             signAssertion = true;
-            log.debug("IdP relying party configuration "
-                    + requestContext.getRelyingPartyConfiguration().getRelyingPartyId()
-                    + " indicates to sign assertions: " + signAssertion);
+            log.debug("IdP relying party configuration {} indicates to sign assertions: {}", requestContext
+                    .getRelyingPartyConfiguration().getRelyingPartyId(), signAssertion);
         }
 
         if (!signAssertion) {
             return;
         }
 
-        if (log.isDebugEnabled()) {
-            log.debug("Determining signing credntial for assertion to relying party "
-                    + requestContext.getInboundMessageIssuer());
-        }
+        log.debug("Determining signing credntial for assertion to relying party {}", requestContext
+                .getInboundMessageIssuer());
         Credential signatureCredential = profileConfig.getSigningCredential();
         if (signatureCredential == null) {
             signatureCredential = requestContext.getRelyingPartyConfiguration().getDefaultSigningCredential();
@@ -634,20 +612,18 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
                     + " or it's SAML2 attribute query profile configuration");
         }
 
-        if (log.isDebugEnabled()) {
-            log.debug("Signing assertion to relying party " + requestContext.getInboundMessageIssuer());
-        }
+        log.debug("Signing assertion to relying party {}", requestContext.getInboundMessageIssuer());
         Signature signature = signatureBuilder.buildObject(Signature.DEFAULT_ELEMENT_NAME);
-        
+
         signature.setSigningCredential(signatureCredential);
         try {
-            //TODO pull SecurityConfiguration from SAMLMessageContext?  needs to be added
-            //TODO how to pull what keyInfoGenName to use?
+            // TODO pull SecurityConfiguration from SAMLMessageContext? needs to be added
+            // TODO how to pull what keyInfoGenName to use?
             SecurityHelper.prepareSignatureParams(signature, signatureCredential, null, null);
         } catch (SecurityException e) {
             throw new ProfileException("Error preparing signature for signing", e);
         }
-        
+
         assertion.setSignature(signature);
 
         Signer.signObject(signature);
index 103cd5f..73b7716 100644 (file)
@@ -20,7 +20,6 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
-import org.apache.log4j.Logger;
 import org.joda.time.DateTime;
 import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.binding.BasicEndpointSelector;
@@ -39,7 +38,6 @@ import org.opensaml.saml1.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -47,6 +45,8 @@ import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.security.SecurityPolicyException;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
@@ -58,7 +58,7 @@ import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml1.Ar
 public class ArtifactResolution extends AbstractSAML1ProfileHandler {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(ArtifactResolution.class);
+    private final Logger log = LoggerFactory.getLogger(ArtifactResolution.class);
 
     /** Builder of Response objects. */
     private SAMLObjectBuilder<Response> responseBuilder;
@@ -136,9 +136,7 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
      */
     protected ArtifactResolutionRequestContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
             throws ProfileException {
-        if (log.isDebugEnabled()) {
-            log.debug("Decoding incomming request");
-        }
+        log.debug("Decoding incomming request");
 
         MetadataProvider metadataProvider = getMetadataProvider();
 
@@ -156,9 +154,7 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
             SAMLMessageDecoder decoder = getMessageDecoders().get(getInboundBinding());
             requestContext.setMessageDecoder(decoder);
             decoder.decode(requestContext);
-            if (log.isDebugEnabled()) {
-                log.debug("Decoded request");
-            }
+            log.debug("Decoded request");
             return requestContext;
         } catch (MessageDecodingException e) {
             log.error("Error decoding artifact resolve message", e);
@@ -179,19 +175,14 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
 
                 String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
                 requestContext.setLocalEntityId(assertingPartyId);
-                EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
-                if (assertingPartyMetadata == null) {
-                    throw new MetadataProviderException("Unable to locate metadata for asserting party "
-                            + assertingPartyId);
-                }
-                requestContext.setLocalEntityMetadata(assertingPartyMetadata);
+                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
                 requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
+                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
                         .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
 
                 ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
                         .getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
-                if (profileConfig != null) {
+                if(profileConfig != null){
                     requestContext.setProfileConfiguration(profileConfig);
                     if (profileConfig.getSigningCredential() != null) {
                         requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
@@ -201,7 +192,7 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
                 }
 
             } catch (MetadataProviderException e) {
-                log.error(e.getMessage());
+                log.error("Unable to locate metadata for asserting or relying party");
                 requestContext
                         .setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
                 throw new ProfileException("Error locating party metadata");
@@ -268,7 +259,7 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
             artifactMap.remove(assertionArtifact.getAssertionArtifact());
             assertions.add((Assertion) artifactEntry.getSamlMessage());
         }
-
+        
         requestContext.setReferencedAssertions(assertions);
     }
 
index 51c79df..f50c1cd 100644 (file)
@@ -18,7 +18,6 @@ package edu.internet2.middleware.shibboleth.idp.profile.saml1;
 
 import java.util.ArrayList;
 
-import org.apache.log4j.Logger;
 import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.binding.BasicEndpointSelector;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
@@ -31,7 +30,6 @@ import org.opensaml.saml1.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -39,6 +37,8 @@ import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.security.SecurityPolicyException;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
@@ -50,7 +50,7 @@ import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml1.At
 public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(AttributeQueryProfileHandler.class);
+    private final Logger log = LoggerFactory.getLogger(AttributeQueryProfileHandler.class);
 
     /** Builder of assertion consumer service endpoints. */
     private SAMLObjectBuilder<AssertionConsumerService> acsEndpointBuilder;
@@ -115,9 +115,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
      */
     protected AttributeQueryContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
             throws ProfileException {
-        if (log.isDebugEnabled()) {
-            log.debug("Decoding incomming request");
-        }
+        log.debug("Decoding incomming request");
 
         MetadataProvider metadataProvider = getMetadataProvider();
 
@@ -138,9 +136,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
             }
             requestContext.setMessageDecoder(decoder);
             decoder.decode(requestContext);
-            if (log.isDebugEnabled()) {
-                log.debug("Decoded request");
-            }
+            log.debug("Decoded request");
             return requestContext;
         } catch (MessageDecodingException e) {
             log.error("Error decoding attribute query message", e);
@@ -155,9 +151,6 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
             // Set as much information as can be retrieved from the decoded message
             try {
                 Request request = requestContext.getInboundSAMLMessage();
-                if (request == null) {
-                    throw new ProfileException("No inbound SAML message found.");
-                }
                 AttributeQuery query = request.getAttributeQuery();
                 requestContext.setSubjectNameIdentifier(query.getSubject().getNameIdentifier());
 
@@ -168,14 +161,9 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
 
                 String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
                 requestContext.setLocalEntityId(assertingPartyId);
-                EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
-                if (assertingPartyMetadata == null) {
-                    throw new MetadataProviderException("Unable to locate metadata for asserting party "
-                            + assertingPartyId);
-                }
-                requestContext.setLocalEntityMetadata(assertingPartyMetadata);
+                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
                 requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
+                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
                         .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
 
                 AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
@@ -191,7 +179,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
                 }
 
             } catch (MetadataProviderException e) {
-                log.error(e.getMessage());
+                log.error("Unable to locate metadata for asserting or relying party");
                 requestContext
                         .setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
                 throw new ProfileException("Error locating party metadata");
index d372ea0..9836d8e 100644 (file)
@@ -16,7 +16,6 @@
 
 package edu.internet2.middleware.shibboleth.idp.profile.saml1;
 
-import org.apache.log4j.Logger;
 import org.joda.time.DateTime;
 import org.joda.time.chrono.ISOChronology;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
@@ -25,6 +24,8 @@ import org.opensaml.ws.message.MessageContext;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.xml.util.DatatypeHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler.ShibbolethSSORequestContext;
 
@@ -34,7 +35,7 @@ import edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfil
 public class ShibbolethSSODecoder extends BaseSAML1MessageDecoder implements SAMLMessageDecoder {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(ShibbolethSSODecoder.class);
+    private final Logger log = LoggerFactory.getLogger(ShibbolethSSODecoder.class);
 
     /** Constructor. */
     public ShibbolethSSODecoder(){
index 39a262b..890e498 100644 (file)
@@ -18,10 +18,11 @@ package edu.internet2.middleware.shibboleth.idp.profile.saml1;
 
 import java.util.List;
 
-import org.apache.log4j.Logger;
 import org.opensaml.common.binding.BasicEndpointSelector;
 import org.opensaml.saml2.metadata.Endpoint;
 import org.opensaml.xml.util.DatatypeHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * An endpoint selector that may optionally take a SP-provided assertion consumer service URL, validate it against
@@ -31,7 +32,7 @@ import org.opensaml.xml.util.DatatypeHelper;
 public class ShibbolethSSOEndpointSelector extends BasicEndpointSelector {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(ShibbolethSSOEndpointSelector.class);
+    private final Logger log = LoggerFactory.getLogger(ShibbolethSSOEndpointSelector.class);
 
     /** Assertion consumer service URL provided by SP. */
     private String spAssertionConsumerService;
@@ -70,31 +71,28 @@ public class ShibbolethSSOEndpointSelector extends BasicEndpointSelector {
      */
     protected Endpoint selectEndpointByACS() {
         List<Endpoint> endpoints = getEntityRoleMetadata().getEndpoints();
-        if (log.isDebugEnabled()) {
-            log.debug("Relying party role contains " + endpoints.size() + " endpoints");
-            log.debug("Selecting endpoint from metadata corresponding to provided ACS URL: "
-                    + getSpAssertionConsumerService());
-        }
+        log.debug("Relying party role contains {} endpoints", endpoints.size());
+        log.debug("Selecting endpoint from metadata corresponding to provided ACS URL: {}",
+                getSpAssertionConsumerService());
+
         if (endpoints != null && endpoints.size() > 0) {
             for (Endpoint endpoint : endpoints) {
-                if(endpoint == null || !getSupportedIssuerBindings().contains(endpoint.getBinding())){
+                if (endpoint == null || !getSupportedIssuerBindings().contains(endpoint.getBinding())) {
                     continue;
                 }
-                
-                if(endpoint.getLocation().equalsIgnoreCase(spAssertionConsumerService)){
+
+                if (endpoint.getLocation().equalsIgnoreCase(spAssertionConsumerService)) {
                     return endpoint;
                 }
-                
-                if(!DatatypeHelper.isEmpty(endpoint.getResponseLocation()) && endpoint
-                                .getResponseLocation().equalsIgnoreCase(spAssertionConsumerService)){
+
+                if (!DatatypeHelper.isEmpty(endpoint.getResponseLocation())
+                        && endpoint.getResponseLocation().equalsIgnoreCase(spAssertionConsumerService)) {
                     return endpoint;
                 }
             }
         }
 
-        if(log.isDebugEnabled()){
-            log.debug("No endpoint meets selection criteria for SAML entity " + getEntityMetadata().getEntityID());
-        }
+        log.debug("No endpoint meets selection criteria for SAML entity {}", getEntityMetadata().getEntityID());
         return null;
     }
 }
\ No newline at end of file
index 693bf4d..bdf8b83 100644 (file)
@@ -25,7 +25,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.log4j.Logger;
 import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
 import org.opensaml.common.xml.SAMLConstants;
@@ -50,6 +49,8 @@ import org.opensaml.ws.transport.http.HTTPOutTransport;
 import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
 import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
 import org.opensaml.xml.util.DatatypeHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.ShibbolethConstants;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
@@ -64,7 +65,7 @@ import edu.internet2.middleware.shibboleth.idp.authn.ShibbolethSSOLoginContext;
 public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(ShibbolethSSOProfileHandler.class);
+    private final Logger log = LoggerFactory.getLogger(ShibbolethSSOProfileHandler.class);
 
     /** Builder of AuthenticationStatement objects. */
     private SAMLObjectBuilder<AuthenticationStatement> authnStatementBuilder;
@@ -103,22 +104,16 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
 
     /** {@inheritDoc} */
     public void processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport) throws ProfileException {
-        if (log.isDebugEnabled()) {
-            log.debug("Processing incomming request");
-        }
+        log.debug("Processing incomming request");
 
         HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
         HttpSession httpSession = httpRequest.getSession();
 
         if (httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY) == null) {
-            if (log.isDebugEnabled()) {
-                log.debug("User session does not contain a login context, processing as first leg of request");
-            }
+            log.debug("User session does not contain a login context, processing as first leg of request");
             performAuthentication(inTransport, outTransport);
         } else {
-            if (log.isDebugEnabled()) {
-                log.debug("User session contains a login context, processing as second leg of request");
-            }
+            log.debug("User session contains a login context, processing as second leg of request");
             completeAuthenticationRequest(inTransport, outTransport);
         }
     }
@@ -159,11 +154,9 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
             dispatcher.forward(httpRequest, httpResponse);
             return;
         } catch (IOException ex) {
-            httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
             log.error("Error forwarding Shibboleth SSO request to AuthenticationManager", ex);
             throw new ProfileException("Error forwarding Shibboleth SSO request to AuthenticationManager", ex);
         } catch (ServletException ex) {
-            httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
             log.error("Error forwarding Shibboleth SSO request to AuthenticationManager", ex);
             throw new ProfileException("Error forwarding Shibboleth SSO request to AuthenticationManager", ex);
         }
@@ -185,11 +178,11 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
 
         ShibbolethSSORequestContext requestContext = new ShibbolethSSORequestContext();
         requestContext.setMetadataProvider(getMetadataProvider());
-
+        
         requestContext.setInboundMessageTransport(inTransport);
-        requestContext.setInboundSAMLProtocol(ShibbolethConstants.SHIB_SSO_PROFILE_URI);
+        requestContext.setInboundSAMLProtocol(ShibbolethConstants.SHIB_SSO_PROFILE_URI);        
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
+        
         requestContext.setOutboundMessageTransport(outTransport);
         requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML11P_NS);
 
@@ -282,27 +275,22 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
 
         try {
             requestContext.setMessageDecoder(getMessageDecoders().get(getInboundBinding()));
-
+            
             requestContext.setLoginContext(loginContext);
             requestContext.setPrincipalName(loginContext.getPrincipalName());
             requestContext.setPrincipalAuthenticationMethod(loginContext.getAuthenticationMethod());
             requestContext.setUserSession(getUserSession(in));
             requestContext.setRelayState(loginContext.getSpTarget());
 
-            // inbound message
             requestContext.setInboundMessageTransport(in);
             requestContext.setInboundSAMLProtocol(ShibbolethConstants.SHIB_SSO_PROFILE_URI);
 
             MetadataProvider metadataProvider = getMetadataProvider();
             requestContext.setMetadataProvider(metadataProvider);
 
-            // relying party
             String relyingPartyId = loginContext.getRelyingPartyId();
             requestContext.setInboundMessageIssuer(relyingPartyId);
             EntityDescriptor relyingPartyMetadata = metadataProvider.getEntityDescriptor(relyingPartyId);
-            if (relyingPartyMetadata == null) {
-                throw new MetadataProviderException("Unable to locate metadata for relying party " + relyingPartyId);
-            }
             requestContext.setPeerEntityMetadata(relyingPartyMetadata);
             requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
             requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML11P_NS));
@@ -310,19 +298,14 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
             requestContext.setRelyingPartyConfiguration(rpConfig);
             requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
 
-            // asserting party
             String assertingPartyId = rpConfig.getProviderId();
             requestContext.setLocalEntityId(assertingPartyId);
             EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
-            if (assertingPartyMetadata == null) {
-                throw new MetadataProviderException("Unable to locate metadata for asserting party " + assertingPartyId);
-            }
             requestContext.setLocalEntityMetadata(assertingPartyMetadata);
             requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
             requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
                     .getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
 
-            // outbound message
             requestContext.setOutboundMessageTransport(out);
             requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
             ShibbolethSSOConfiguration profileConfig = (ShibbolethSSOConfiguration) rpConfig
@@ -337,7 +320,7 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
 
             return requestContext;
         } catch (MetadataProviderException e) {
-            log.error(e.getMessage());
+            log.error("Unable to locate metadata for asserting or relying party");
             requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
             throw new ProfileException("Error locating party metadata");
         }
index f589fb5..c5f8ba3 100644 (file)
@@ -21,11 +21,9 @@ import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 
-import org.apache.log4j.Logger;
 import org.joda.time.DateTime;
 import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.impl.SAMLObjectContentReference;
 import org.opensaml.saml2.core.Assertion;
 import org.opensaml.saml2.core.AttributeQuery;
 import org.opensaml.saml2.core.AttributeStatement;
@@ -61,6 +59,8 @@ import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.Signer;
 import org.opensaml.xml.util.DatatypeHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException;
 import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
@@ -79,7 +79,7 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
     public static final SAMLVersion SAML_VERSION = SAMLVersion.VERSION_20;
 
     /** Class logger. */
-    private Logger log = Logger.getLogger(AbstractSAML2ProfileHandler.class);
+    private Logger log = LoggerFactory.getLogger(AbstractSAML2ProfileHandler.class);
 
     /** For building response. */
     private SAMLObjectBuilder<Response> responseBuilder;
@@ -325,11 +325,8 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
         SAML2AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
 
         try {
-            if (log.isDebugEnabled()) {
-                log.debug("Resolving attributes for principal " + requestContext.getPrincipalName()
-                        + " of SAML request " + requestContext.getInboundSAMLMessageId() + " from relying party "
-                        + requestContext.getInboundMessageIssuer());
-            }
+            log.debug("Resolving attributes for principal {} of SAML request from relying party {}", requestContext
+                    .getPrincipalName(), requestContext.getInboundMessageIssuer());
             Map<String, BaseAttribute> principalAttributes = attributeAuthority.getAttributes(requestContext);
 
             requestContext.setAttributes(principalAttributes);
@@ -354,11 +351,9 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
      */
     protected AttributeStatement buildAttributeStatement(BaseSAML2ProfileRequestContext<?, ?, ?> requestContext)
             throws ProfileException {
-        if (log.isDebugEnabled()) {
-            log.debug("Creating attribute statement in response to SAML request "
-                    + requestContext.getInboundSAMLMessageId() + " from relying party "
-                    + requestContext.getInboundMessageIssuer());
-        }
+        log.debug("Creating attribute statement in response to SAML request {} from relying party {}", requestContext
+                .getInboundSAMLMessageId(), requestContext.getInboundMessageIssuer());
+
         AbstractSAML2ProfileConfiguration profileConfiguration = requestContext.getProfileConfiguration();
         SAML2AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
         try {
@@ -396,12 +391,8 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
                             + requestContext.getInboundMessageIssuer());
         }
         SAML2AttributeAuthority attributeAuthority = profileConfiguration.getAttributeAuthority();
-
-        if (log.isDebugEnabled()) {
-            log.debug("Resolving principal name for subject of SAML request "
-                    + requestContext.getInboundSAMLMessageId() + " from relying party "
-                    + requestContext.getInboundMessageIssuer());
-        }
+        log.debug("Resolving principal name for subject of SAML request {} from relying party {}", requestContext
+                .getInboundSAMLMessageId(), requestContext.getInboundMessageIssuer());
 
         try {
             String principal = attributeAuthority.getPrincipal(requestContext);
@@ -429,10 +420,8 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
      */
     protected void signAssertion(BaseSAML2ProfileRequestContext<?, ?, ?> requestContext, Assertion assertion)
             throws ProfileException {
-        if (log.isDebugEnabled()) {
-            log.debug("Determining if SAML assertion to relying party " + requestContext.getInboundMessageIssuer()
-                    + " should be signed");
-        }
+        log.debug("Determining if SAML assertion to relying party {} should be signed", requestContext
+                .getInboundMessageIssuer());
 
         boolean signAssertion = false;
 
@@ -442,26 +431,21 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
             SPSSODescriptor ssoDescriptor = (SPSSODescriptor) requestContext.getPeerEntityRoleMetadata();
             if (ssoDescriptor.getWantAssertionsSigned() != null) {
                 signAssertion = ssoDescriptor.getWantAssertionsSigned().booleanValue();
-                if (log.isDebugEnabled()) {
-                    log.debug("Entity metadata for relying party " + requestContext.getInboundMessageIssuer()
-                            + " indicates to sign assertions: " + signAssertion);
-                }
+                log.debug("Entity metadata for relying party {} indicates to sign assertions: {}", requestContext
+                        .getInboundMessageIssuer(), signAssertion);
             }
         } else if (profileConfig.getSignAssertions()) {
             signAssertion = true;
-            log.debug("IdP relying party configuration "
-                    + requestContext.getRelyingPartyConfiguration().getRelyingPartyId()
-                    + " indicates to sign assertions: " + signAssertion);
+            log.debug("IdP relying party configuration {} indicates to sign assertions: {}", requestContext
+                    .getRelyingPartyConfiguration().getRelyingPartyId(), signAssertion);
         }
 
         if (!signAssertion) {
             return;
         }
 
-        if (log.isDebugEnabled()) {
-            log.debug("Determining signing credntial for assertion to relying party "
-                    + requestContext.getInboundMessageIssuer());
-        }
+        log.debug("Determining signing credntial for assertion to relying party {}", requestContext
+                .getInboundMessageIssuer());
         Credential signatureCredential = profileConfig.getSigningCredential();
         if (signatureCredential == null) {
             signatureCredential = requestContext.getRelyingPartyConfiguration().getDefaultSigningCredential();
@@ -473,20 +457,18 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
                     + " or it's SAML2 attribute query profile configuration");
         }
 
-        if (log.isDebugEnabled()) {
-            log.debug("Signing assertion to relying party " + requestContext.getInboundMessageIssuer());
-        }
+        log.debug("Signing assertion to relying party {}", requestContext.getInboundMessageIssuer());
         Signature signature = signatureBuilder.buildObject(Signature.DEFAULT_ELEMENT_NAME);
-        
+
         signature.setSigningCredential(signatureCredential);
         try {
-            //TODO pull SecurityConfiguration from SAMLMessageContext?  needs to be added
-            //TODO how to pull what keyInfoGenName to use?
+            // TODO pull SecurityConfiguration from SAMLMessageContext? needs to be added
+            // TODO how to pull what keyInfoGenName to use?
             SecurityHelper.prepareSignatureParams(signature, signatureCredential, null, null);
         } catch (SecurityException e) {
             throw new ProfileException("Error preparing signature for signing", e);
         }
-        
+
         assertion.setSignature(signature);
 
         Signer.signObject(signature);
@@ -584,16 +566,12 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
      *             name ID attribute or because there are no supported name formats
      */
     protected NameID buildNameId(BaseSAML2ProfileRequestContext<?, ?, ?> requestContext) throws ProfileException {
-        if (log.isDebugEnabled()) {
-            log.debug("Building assertion NameID for principal/relying party:" + requestContext.getPrincipalName()
-                    + "/" + requestContext.getInboundMessageIssuer());
-        }
+        log.debug("Building assertion NameID for principal/relying party:{}/{}", requestContext.getPrincipalName(),
+                requestContext.getInboundMessageIssuer());
         Map<String, BaseAttribute> principalAttributes = requestContext.getPrincipalAttributes();
         List<String> supportedNameFormats = getNameFormats(requestContext);
 
-        if (log.isDebugEnabled()) {
-            log.debug("Supported NameID formats: " + supportedNameFormats);
-        }
+        log.debug("Supported NameID formats: {}", supportedNameFormats);
 
         if (principalAttributes == null || supportedNameFormats == null) {
             log.error("No attributes for principal " + requestContext.getPrincipalName()
@@ -610,11 +588,8 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
                     if (encoder instanceof SAML2NameIDAttributeEncoder) {
                         nameIdEncoder = (SAML2NameIDAttributeEncoder) encoder;
                         if (supportedNameFormats.contains(nameIdEncoder.getNameFormat())) {
-                            if (log.isDebugEnabled()) {
-                                log.debug("Using attribute " + attribute.getId() + " suppoting NameID format "
-                                        + nameIdEncoder.getNameFormat() + " to create the NameID for principal "
-                                        + requestContext.getPrincipalName());
-                            }
+                            log.debug("Using attribute {} suppoting NameID format {} to create the NameID for principal.{}",
+                                            attribute.getId(), nameIdEncoder.getNameFormat());
                             return nameIdEncoder.encode(attribute);
                         }
                     }
index 69dba05..8c593ba 100644 (file)
@@ -16,7 +16,6 @@
 
 package edu.internet2.middleware.shibboleth.idp.profile.saml2;
 
-import org.apache.log4j.Logger;
 import org.joda.time.DateTime;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.SAMLObjectBuilder;
@@ -34,7 +33,6 @@ import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -42,6 +40,8 @@ import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.security.SecurityPolicyException;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
@@ -53,14 +53,14 @@ import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.Ar
 public class ArtifactResolution extends AbstractSAML2ProfileHandler {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(ArtifactResolution.class);
+    private final Logger log = LoggerFactory.getLogger(ArtifactResolution.class);
 
     /** Map artifacts to SAML messages. */
     private SAMLArtifactMap artifactMap;
 
     /** Artifact response object builder. */
     private SAMLObjectBuilder<ArtifactResponse> responseBuilder;
-
+    
     /** Builder of assertion consumer service endpoints. */
     private SAMLObjectBuilder<AssertionConsumerService> acsEndpointBuilder;
 
@@ -71,9 +71,9 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
      */
     public ArtifactResolution(SAMLArtifactMap map) {
         super();
-
+        
         artifactMap = map;
-
+        
         responseBuilder = (SAMLObjectBuilder<ArtifactResponse>) getBuilderFactory().getBuilder(
                 ArtifactResponse.DEFAULT_ELEMENT_NAME);
         acsEndpointBuilder = (SAMLObjectBuilder<AssertionConsumerService>) getBuilderFactory().getBuilder(
@@ -154,19 +154,18 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
      */
     protected ArtifactResolutionRequestContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
             throws ProfileException {
-        if (log.isDebugEnabled()) {
-            log.debug("Decoding incomming request");
-        }
+        log.debug("Decoding incomming request");
 
         MetadataProvider metadataProvider = getMetadataProvider();
 
         ArtifactResolutionRequestContext requestContext = new ArtifactResolutionRequestContext();
         requestContext.setMetadataProvider(metadataProvider);
-
+        
         requestContext.setInboundMessageTransport(inTransport);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 
+        
         requestContext.setOutboundMessageTransport(outTransport);
         requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
@@ -174,9 +173,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
             SAMLMessageDecoder decoder = getMessageDecoders().get(getInboundBinding());
             requestContext.setMessageDecoder(decoder);
             decoder.decode(requestContext);
-            if (log.isDebugEnabled()) {
-                log.debug("Decoded request");
-            }
+            log.debug("Decoded request");
             return requestContext;
         } catch (MessageDecodingException e) {
             log.error("Error decoding artifact resolve message", e);
@@ -191,7 +188,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
             // Set as much information as can be retrieved from the decoded message
             try {
                 requestContext.setArtifact(requestContext.getInboundSAMLMessage().getArtifact().getArtifact());
-
+                
                 String relyingPartyId = requestContext.getInboundMessageIssuer();
                 RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
                 requestContext.setRelyingPartyConfiguration(rpConfig);
@@ -199,19 +196,14 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
 
                 String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
                 requestContext.setLocalEntityId(assertingPartyId);
-                EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
-                if (assertingPartyMetadata == null) {
-                    throw new MetadataProviderException("Unable to locate metadata for asserting party "
-                            + assertingPartyId);
-                }
-                requestContext.setLocalEntityMetadata(assertingPartyMetadata);
+                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
                 requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
+                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
                         .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
 
                 ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
                         .getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
-                if (profileConfig != null) {
+                if(profileConfig != null){
                     requestContext.setProfileConfiguration(profileConfig);
                     if (profileConfig.getSigningCredential() != null) {
                         requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
@@ -221,7 +213,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
                 }
 
             } catch (MetadataProviderException e) {
-                log.error(e.getMessage());
+                log.error("Unable to locate metadata for asserting or relying party");
                 requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
                         "Error locating party metadata"));
                 throw new ProfileException("Error locating party metadata");
@@ -252,7 +244,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
             endpointSelector.getSupportedIssuerBindings().addAll(getSupportedOutboundBindings());
             endpoint = endpointSelector.selectEndpoint();
         }
-
+        
         return endpoint;
     }
 
index 00a87e6..8a0c71c 100644 (file)
@@ -18,7 +18,6 @@ package edu.internet2.middleware.shibboleth.idp.profile.saml2;
 
 import java.util.ArrayList;
 
-import org.apache.log4j.Logger;
 import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.binding.BasicEndpointSelector;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
@@ -30,7 +29,6 @@ import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -38,6 +36,8 @@ import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.security.SecurityPolicyException;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
@@ -47,8 +47,8 @@ import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.At
 public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
 
     /** Class logger. */
-    private static Logger log = Logger.getLogger(AttributeQueryProfileHandler.class);
-
+    private static Logger log = LoggerFactory.getLogger(AttributeQueryProfileHandler.class);
+    
     /** Builder of assertion consumer service endpoints. */
     private SAMLObjectBuilder<AssertionConsumerService> acsEndpointBuilder;
 
@@ -79,7 +79,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
                         "SAML 2 Attribute Query profile is not configured for relying party "
                                 + requestContext.getInboundMessageIssuer()));
                 throw new ProfileException("SAML 2 Attribute Query profile is not configured for relying party "
-                        + requestContext.getInboundMessageIssuer());
+                                + requestContext.getInboundMessageIssuer());
             }
 
             checkSamlVersion(requestContext);
@@ -119,19 +119,18 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
      */
     protected AttributeQueryContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
             throws ProfileException {
-        if (log.isDebugEnabled()) {
-            log.debug("Decoding incomming request");
-        }
+        log.debug("Decoding incomming request");
 
         MetadataProvider metadataProvider = getMetadataProvider();
 
         AttributeQueryContext requestContext = new AttributeQueryContext();
         requestContext.setMetadataProvider(metadataProvider);
-
+        
         requestContext.setInboundMessageTransport(inTransport);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 
+        
         requestContext.setOutboundMessageTransport(outTransport);
         requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
@@ -139,9 +138,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
             SAMLMessageDecoder decoder = getMessageDecoders().get(getInboundBinding());
             requestContext.setMessageDecoder(decoder);
             decoder.decode(requestContext);
-            if (log.isDebugEnabled()) {
-                log.debug("Decoded request");
-            }
+            log.debug("Decoded request");
             return requestContext;
         } catch (MessageDecodingException e) {
             log.error("Error decoding attribute query message", e);
@@ -156,11 +153,8 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
             // Set as much information as can be retrieved from the decoded message
             try {
                 AttributeQuery query = requestContext.getInboundSAMLMessage();
-                if (query == null) {
-                    throw new ProfileException("No inbound SAML message found.");
-                }
                 requestContext.setSubjectNameIdentifier(query.getSubject().getNameID());
-
+                
                 String relyingPartyId = requestContext.getInboundMessageIssuer();
                 RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
                 requestContext.setRelyingPartyConfiguration(rpConfig);
@@ -168,19 +162,14 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
 
                 String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
                 requestContext.setLocalEntityId(assertingPartyId);
-                EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
-                if (assertingPartyMetadata == null) {
-                    throw new MetadataProviderException("Unable to locate metadata for asserting party "
-                            + assertingPartyId);
-                }
-                requestContext.setLocalEntityMetadata(assertingPartyMetadata);
+                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
                 requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
+                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
                         .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
 
                 AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
                         .getProfileConfiguration(AttributeQueryConfiguration.PROFILE_ID);
-                if (profileConfig != null) {
+                if(profileConfig != null){
                     requestContext.setProfileConfiguration(profileConfig);
                     requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
                     if (profileConfig.getSigningCredential() != null) {
@@ -190,14 +179,14 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
                     }
                 }
             } catch (MetadataProviderException e) {
-                log.error(e.getMessage());
+                log.error("Unable to locate metadata for asserting or relying party");
                 requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
                         "Error locating party metadata"));
                 throw new ProfileException("Error locating party metadata");
             }
         }
     }
-
+    
     /**
      * Selects the appropriate endpoint for the relying party and stores it in the request context.
      * 
index 7d41736..95a5bd1 100644 (file)
@@ -24,7 +24,6 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
-import org.apache.log4j.Logger;
 import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
 import org.opensaml.common.xml.SAMLConstants;
@@ -54,6 +53,8 @@ import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
 import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
 import org.opensaml.xml.io.MarshallingException;
 import org.opensaml.xml.io.UnmarshallingException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.relyingparty.ProfileConfiguration;
@@ -67,7 +68,7 @@ import edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext;
 public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(SSOProfileHandler.class);
+    private final Logger log = LoggerFactory.getLogger(SSOProfileHandler.class);
 
     /** Builder of AuthnStatement objects. */
     private SAMLObjectBuilder<AuthnStatement> authnStatementBuilder;
@@ -143,7 +144,6 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
     protected void performAuthentication(HTTPInTransport inTransport, HTTPOutTransport outTransport)
             throws ProfileException {
         HttpServletRequest servletRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
-        HttpSession httpSession = servletRequest.getSession();
 
         try {
             SSORequestContext requestContext = decodeRequest(inTransport, outTransport);
@@ -152,8 +152,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
             RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
             ProfileConfiguration ssoConfig = rpConfig.getProfileConfiguration(SSOConfiguration.PROFILE_ID);
             if (ssoConfig == null) {
-                log.error("SAML 2 SSO profile is not configured for relying party "
-                        + requestContext.getInboundMessageIssuer());
+                log.error("SAML 2 SSO profile is not configured for relying party " + requestContext.getInboundMessageIssuer());
                 throw new ProfileException("SAML 2 SSO profile is not configured for relying party "
                         + requestContext.getInboundMessageIssuer());
             }
@@ -167,19 +166,17 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
                 loginContext.getRequestedAuthenticationMethods().add(rpConfig.getDefaultAuthenticationMethod());
             }
 
+            HttpSession httpSession = servletRequest.getSession();
             httpSession.setAttribute(Saml2LoginContext.LOGIN_CONTEXT_KEY, loginContext);
             RequestDispatcher dispatcher = servletRequest.getRequestDispatcher(authenticationManagerPath);
             dispatcher.forward(servletRequest, ((HttpServletResponseAdapter) outTransport).getWrappedResponse());
         } catch (MarshallingException e) {
-            httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
             log.error("Unable to marshall authentication request context");
             throw new ProfileException("Unable to marshall authentication request context", e);
         } catch (IOException ex) {
-            httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
             log.error("Error forwarding SAML 2 AuthnRequest to AuthenticationManager", ex);
             throw new ProfileException("Error forwarding SAML 2 AuthnRequest to AuthenticationManager", ex);
         } catch (ServletException ex) {
-            httpSession.removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
             log.error("Error forwarding SAML 2 AuthnRequest to AuthenticationManager", ex);
             throw new ProfileException("Error forwarding SAML 2 AuthnRequest to AuthenticationManager", ex);
         }
@@ -210,13 +207,8 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
         try {
             if (loginContext.getPrincipalName() == null) {
                 log.error("User's login context did not contain a principal, user considered unauthenticiated.");
-                if (loginContext.getPassiveAuth()) {
-                    requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.NO_PASSIVE_URI,
-                            null));
-                } else {
-                    requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.AUTHN_FAILED_URI,
-                            null));
-                }
+                requestContext
+                        .setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.AUTHN_FAILED_URI, null));
                 throw new ProfileException("User failed authentication");
             }
 
@@ -253,17 +245,15 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
      */
     protected SSORequestContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
             throws ProfileException {
-        if (log.isDebugEnabled()) {
-            log.debug("Decoding message with decoder binding " + decodingBinding);
-        }
+        log.debug("Decoding message with decoder binding {}", decodingBinding);
 
         SSORequestContext requestContext = new SSORequestContext();
         requestContext.setMetadataProvider(getMetadataProvider());
-
+        
         requestContext.setInboundMessageTransport(inTransport);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
+        
         requestContext.setOutboundMessageTransport(outTransport);
         requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
@@ -298,14 +288,13 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
 
         try {
             requestContext.setMessageDecoder(getMessageDecoders().get(getInboundBinding()));
-
+            
             requestContext.setLoginContext(loginContext);
             requestContext.setPrincipalName(loginContext.getPrincipalName());
             requestContext.setPrincipalAuthenticationMethod(loginContext.getAuthenticationMethod());
             requestContext.setUserSession(getUserSession(in));
             requestContext.setRelayState(loginContext.getRelayState());
 
-            // inbound message
             requestContext.setInboundMessageTransport(in);
             requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
             requestContext.setInboundMessage(loginContext.getAuthenticationRequest());
@@ -315,13 +304,9 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
             MetadataProvider metadataProvider = getMetadataProvider();
             requestContext.setMetadataProvider(metadataProvider);
 
-            // relying party
             String relyingPartyId = loginContext.getRelyingPartyId();
             requestContext.setInboundMessageIssuer(relyingPartyId);
             EntityDescriptor relyingPartyMetadata = metadataProvider.getEntityDescriptor(relyingPartyId);
-            if (relyingPartyMetadata == null) {
-                throw new MetadataProviderException("Unable to locate metadata for relying party " + relyingPartyId);
-            }
             requestContext.setPeerEntityMetadata(relyingPartyMetadata);
             requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
             requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS));
@@ -329,19 +314,14 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
             requestContext.setRelyingPartyConfiguration(rpConfig);
             requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
 
-            // asserting party
             String assertingPartyId = rpConfig.getProviderId();
             requestContext.setLocalEntityId(assertingPartyId);
             EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
-            if (assertingPartyMetadata == null) {
-                throw new MetadataProviderException("Unable to locate metadata for asserting party " + assertingPartyId);
-            }
             requestContext.setLocalEntityMetadata(assertingPartyMetadata);
             requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
             requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
                     .getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
 
-            // outbound message
             requestContext.setOutboundMessageTransport(out);
             requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
             SSOConfiguration profileConfig = (SSOConfiguration) rpConfig
@@ -361,7 +341,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
                     "Error recovering request state"));
             throw new ProfileException("Error recovering request state", e);
         } catch (MetadataProviderException e) {
-            log.error(e.getMessage());
+            log.error("Unable to locate metadata for asserting or relying party");
             requestContext
                     .setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Error locating party metadata"));
             throw new ProfileException("Error locating party metadata");