Populate subject locality info from configuration or request

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2280 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
index 2873418..1bdc85c 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
@@ -40,6 +40,7 @@ import org.opensaml.saml1.core.Response;
 import org.opensaml.saml1.core.Statement;
 import org.opensaml.saml1.core.StatusCode;
 import org.opensaml.saml1.core.Subject;
+import org.opensaml.saml1.core.SubjectLocality;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.Endpoint;
 import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -65,6 +66,9 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
     /** Builder of AuthenticationStatement objects. */
     private SAMLObjectBuilder<AuthenticationStatement> authnStatementBuilder;
 
+    /** Builder of SubjectLocality objects. */
+    private SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;
+
     /** URL of the authentication manager servlet. */
     private String authenticationManagerPath;
 
@@ -85,6 +89,9 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
 
         authnStatementBuilder = (SAMLObjectBuilder<AuthenticationStatement>) getBuilderFactory().getBuilder(
                 AuthenticationStatement.DEFAULT_ELEMENT_NAME);
+
+        subjectLocalityBuilder = (SAMLObjectBuilder<SubjectLocality>) getBuilderFactory().getBuilder(
+                SubjectLocality.DEFAULT_ELEMENT_NAME);
     }
 
     /**
@@ -284,9 +291,9 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
         requestContext.setRelyingPartyId(relyingPartyId);
 
         populateRelyingPartyData(requestContext);
-        
+
         populateAssertingPartyData(requestContext);
-        
+
         return requestContext;
     }
 
@@ -306,8 +313,8 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
                     ShibbolethConstants.SAML11P_NS);
 
             if (relyingPartyRole == null) {
-                relyingPartyRole = requestContext.getRelyingPartyMetadata()
-                        .getSPSSODescriptor(ShibbolethConstants.SAML10P_NS);
+                relyingPartyRole = requestContext.getRelyingPartyMetadata().getSPSSODescriptor(
+                        ShibbolethConstants.SAML10P_NS);
                 if (relyingPartyRole == null) {
                     throw new MetadataProviderException("Unable to locate SPSSO role descriptor for entity "
                             + requestContext.getRelyingPartyId());
@@ -377,8 +384,7 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
         statement.setAuthenticationInstant(loginContext.getAuthenticationInstant());
         statement.setAuthenticationMethod(loginContext.getAuthenticationMethod());
 
-        // TODO
-        statement.setSubjectLocality(null);
+        statement.setSubjectLocality(buildSubjectLocality(requestContext));
 
         Subject statementSubject = buildSubject(requestContext, "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");
         statement.setSubject(statementSubject);
@@ -387,6 +393,34 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
     }
 
     /**
+     * Constructs the subject locality for the authentication statement.
+     * 
+     * @param requestContext curent request context
+     * 
+     * @return subject locality for the authentication statement
+     */
+    protected SubjectLocality buildSubjectLocality(ShibbolethSSORequestContext requestContext) {
+        SubjectLocality subjectLocality = subjectLocalityBuilder.buildObject();
+
+        ShibbolethSSOConfiguration profileConfig = requestContext.getProfileConfiguration();
+        HttpServletRequest httpRequest = (HttpServletRequest) requestContext.getProfileRequest().getRawRequest();
+
+        if (profileConfig.getLocalityAddress() != null) {
+            subjectLocality.setIPAddress(profileConfig.getLocalityAddress());
+        } else {
+            subjectLocality.setIPAddress(httpRequest.getLocalAddr());
+        }
+
+        if (profileConfig.getLocalityDNSName() != null) {
+            subjectLocality.setDNSAddress(profileConfig.getLocalityDNSName());
+        } else {
+            subjectLocality.setDNSAddress(httpRequest.getLocalName());
+        }
+
+        return subjectLocality;
+    }
+
+    /**
      * Encodes the request's SAML response and writes it to the servlet response.
      * 
      * @param requestContext current request context

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
index f224fce..f676d5b 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
@@ -33,6 +33,7 @@ import org.opensaml.common.binding.decoding.MessageDecoder;
 import org.opensaml.common.binding.encoding.MessageEncoder;
 import org.opensaml.common.binding.security.SAMLSecurityPolicy;
 import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.SubjectLocality;
 import org.opensaml.saml2.binding.AuthnResponseEndpointSelector;
 import org.opensaml.saml2.core.AuthnContext;
 import org.opensaml.saml2.core.AuthnContextClassRef;
@@ -78,6 +79,9 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
     /** Builder of AuthnContextDeclRef objects. */
     private SAMLObjectBuilder<AuthnContextDeclRef> authnContextDeclRefBuilder;
 
+    /** Builder of SubjectLocality objects. */
+    private SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;
+
     /** URL of the authentication manager servlet. */
     private String authenticationManagerPath;
 
@@ -109,6 +113,8 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
                 AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
         authnContextDeclRefBuilder = (SAMLObjectBuilder<AuthnContextDeclRef>) getBuilderFactory().getBuilder(
                 AuthnContextDeclRef.DEFAULT_ELEMENT_NAME);
+        subjectLocalityBuilder = (SAMLObjectBuilder<SubjectLocality>) getBuilderFactory().getBuilder(
+                SubjectLocality.DEFAULT_ELEMENT_NAME);
     }
 
     /**
@@ -185,7 +191,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
 
             String relyingParty = securityPolicy.getIssuer();
             RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingParty);
-            if(rpConfig == null){
+            if (rpConfig == null) {
                 log.error("No relying party configuration for " + relyingParty);
                 throw new ProfileException("No relying party configuration for " + relyingParty);
             }
@@ -381,8 +387,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
                     loginContext.getAuthenticationDuration()));
         }
 
-        // TODO
-        statement.setSubjectLocality(null);
+        statement.setSubjectLocality(buildSubjectLocality(requestContext));
 
         return statement;
     }
@@ -428,6 +433,34 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
     }
 
     /**
+     * Constructs the subject locality for the authentication statement.
+     * 
+     * @param requestContext curent request context
+     * 
+     * @return subject locality for the authentication statement
+     */
+    protected SubjectLocality buildSubjectLocality(SSORequestContext requestContext) {
+        SubjectLocality subjectLocality = subjectLocalityBuilder.buildObject();
+
+        SSOConfiguration profileConfig = requestContext.getProfileConfiguration();
+        HttpServletRequest httpRequest = (HttpServletRequest) requestContext.getProfileRequest().getRawRequest();
+
+        if (profileConfig.getLocalityAddress() != null) {
+            subjectLocality.setAddress(profileConfig.getLocalityAddress());
+        } else {
+            subjectLocality.setAddress(httpRequest.getLocalAddr());
+        }
+
+        if (profileConfig.getLocalityDNSName() != null) {
+            subjectLocality.setDNSName(profileConfig.getLocalityDNSName());
+        } else {
+            subjectLocality.setDNSName(httpRequest.getLocalName());
+        }
+
+        return subjectLocality;
+    }
+
+    /**
      * Encodes the request's SAML response and writes it to the servlet response.
      * 
      * @param requestContext current request context
@@ -461,7 +494,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
         encoder.setRelyingParty(requestContext.getRelyingPartyMetadata());
         encoder.setRelyingPartyEndpoint(relyingPartyEndpoint);
         encoder.setRelyingPartyRole(requestContext.getRelyingPartyRoleMetadata());
-        ProfileResponse<ServletResponse> profileResponse = requestContext.getProfileResponse(); 
+        ProfileResponse<ServletResponse> profileResponse = requestContext.getProfileResponse();
         encoder.setResponse(profileResponse.getRawResponse());
         encoder.setSamlMessage(requestContext.getSamlResponse());
         requestContext.setMessageEncoder(encoder);