Check if relying party is configured for a particular request and error out if not
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 20 Jun 2007 12:58:29 +0000 (12:58 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 20 Jun 2007 12:58:29 +0000 (12:58 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2261 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java

index 71922f3..1a581ea 100644 (file)
@@ -65,6 +65,15 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
         try {
             decodeRequest(requestContext);
 
+            if (requestContext.getRelyingPartyConfiguration() == null) {
+                log.error("SAML 1 Attribute Query profile is not configured for relying party "
+                        + requestContext.getRelyingPartyId());
+                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, StatusCode.REQUEST_DENIED,
+                        "SAML 1 Attribute Query profile is not configured for relying party "
+                                + requestContext.getRelyingPartyId()));
+                samlResponse = buildErrorResponse(requestContext);
+            }
+
             resolvePrincipal(requestContext);
 
             ArrayList<Statement> statements = new ArrayList<Statement>();
@@ -74,6 +83,9 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
         } catch (ProfileException e) {
             samlResponse = buildErrorResponse(requestContext);
         }
+        
+        requestContext.setSamlResponse(samlResponse);
+        encodeResponse(requestContext);
     }
 
     /**
@@ -142,8 +154,8 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
                 requestContext.setSamlRequest((AttributeQuery) requestContext.getMessageDecoder().getSAMLMessage());
             } catch (MetadataProviderException e) {
                 log.error("Unable to locate metadata for asserting or relying party");
-                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
-                        "Error locating party metadata"));
+                requestContext
+                        .setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
                 throw new ProfileException("Error locating party metadata");
             }
         }
index f812b5d..3f31a28 100644 (file)
@@ -36,7 +36,6 @@ import org.opensaml.common.binding.BasicEndpointSelector;
 import org.opensaml.common.binding.BindingException;
 import org.opensaml.common.binding.encoding.MessageEncoder;
 import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.log.XMLObjectRenderer;
 import org.opensaml.saml1.core.AuthenticationStatement;
 import org.opensaml.saml1.core.Response;
 import org.opensaml.saml1.core.Statement;
@@ -104,8 +103,8 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
     /** {@inheritDoc} */
     public void processRequest(ProfileRequest<ServletRequest> request, ProfileResponse<ServletResponse> response)
             throws ProfileException {
-        
-        if(response.getRawResponse().isCommitted()){
+
+        if (response.getRawResponse().isCommitted()) {
             log.error("HTTP Response already committed");
         }
 
@@ -144,6 +143,13 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
         HttpSession httpSession = httpRequest.getSession(true);
 
         LoginContext loginContext = buildLoginContext(httpRequest);
+        if (getRelyingPartyConfiguration(loginContext.getRelyingPartyId()) == null) {
+            log.error("Shibboleth SSO profile is not configured for relying party "
+                    + loginContext.getRelyingPartyId());
+            throw new ProfileException("Shibboleth SSO profile is not configured for relying party "
+                    + loginContext.getRelyingPartyId());
+        }
+
         httpSession.setAttribute(LoginContext.LOGIN_CONTEXT_KEY, loginContext);
 
         try {
index 78188f6..c3a13ed 100644 (file)
@@ -65,6 +65,15 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
         Response samlResponse;
         try {
             decodeRequest(requestContext);
+            
+            if (requestContext.getRelyingPartyConfiguration() == null) {
+                log.error("SAML 2 Attribute Query profile is not configured for relying party "
+                        + requestContext.getRelyingPartyId());
+                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.REQUEST_DENIED_URI,
+                        "SAML 2 Attribute Query profile is not configured for relying party "
+                                + requestContext.getRelyingPartyId()));
+                samlResponse = buildErrorResponse(requestContext);
+            }
 
             checkSamlVersion(requestContext);