Add support for an explicit set of outgoing bindings
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sun, 8 Jul 2007 14:28:12 +0000 (14:28 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sun, 8 Jul 2007 14:28:12 +0000 (14:28 +0000)
Some code organizing

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2296 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

14 files changed:
resources/classpath/schema/shibboleth-2.0-idp-profile-handler.xsd
src/edu/internet2/middleware/shibboleth/idp/config/profile/ProfileHandlerNamespaceHandler.java
src/edu/internet2/middleware/shibboleth/idp/config/profile/authn/AbstractAuthenticationHandlerBeanDefinitionParser.java [moved from src/edu/internet2/middleware/shibboleth/idp/config/profile/AbstractAuthenticationHandlerBeanDefinitionParser.java with 94% similarity]
src/edu/internet2/middleware/shibboleth/idp/config/profile/authn/AbstractAuthenticationHandlerFactoryBean.java [moved from src/edu/internet2/middleware/shibboleth/idp/config/profile/AbstractAuthenticationHandlerFactoryBean.java with 97% similarity]
src/edu/internet2/middleware/shibboleth/idp/config/profile/authn/RemoteUserAuthenticationHandlerBeanDefinitionParser.java [moved from src/edu/internet2/middleware/shibboleth/idp/config/profile/RemoteUserAuthenticationHandlerBeanDefinitionParser.java with 90% similarity]
src/edu/internet2/middleware/shibboleth/idp/config/profile/authn/RemoteUserAuthenticationHandlerFactoryBean.java [moved from src/edu/internet2/middleware/shibboleth/idp/config/profile/RemoteUserAuthenticationHandlerFactoryBean.java with 96% similarity]
src/edu/internet2/middleware/shibboleth/idp/config/profile/saml1/AbstractSAML1ProfileHandlerBeanDefinitionParser.java [moved from src/edu/internet2/middleware/shibboleth/idp/config/profile/AbstractSAML1ProfileHandlerBeanDefinitionParser.java with 85% similarity]
src/edu/internet2/middleware/shibboleth/idp/config/profile/saml1/SAML1AttributeQueryProfileHandlerBeanDefinitionParser.java [moved from src/edu/internet2/middleware/shibboleth/idp/config/profile/SAML1AttributeQueryProfileHandlerBeanDefinitionParser.java with 86% similarity]
src/edu/internet2/middleware/shibboleth/idp/config/profile/saml1/ShibbolethSSOProfileHandlerBeanDefinitionParser.java [moved from src/edu/internet2/middleware/shibboleth/idp/config/profile/ShibbolethSSOProfileHandlerBeanDefinitionParser.java with 82% similarity]
src/edu/internet2/middleware/shibboleth/idp/config/profile/saml2/AbstractSAML2ProfileHandlerBeanDefinitionParser.java [moved from src/edu/internet2/middleware/shibboleth/idp/config/profile/AbstractSAML2ProfileHandlerBeanDefinitionParser.java with 85% similarity]
src/edu/internet2/middleware/shibboleth/idp/config/profile/saml2/SAML2AttributeQueryProfileHandlerBeanDefinitionParser.java [moved from src/edu/internet2/middleware/shibboleth/idp/config/profile/SAML2AttributeQueryProfileHandlerBeanDefinitionParser.java with 91% similarity]
src/edu/internet2/middleware/shibboleth/idp/config/profile/saml2/SAML2SSOProfileHandlerBeanDefinitionParser.java [moved from src/edu/internet2/middleware/shibboleth/idp/config/profile/SAML2SSOProfileHandlerBeanDefinitionParser.java with 84% similarity]
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java

index f70cf2e..8a91927 100644 (file)
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
+                <xsd:attribute name="outboundBindingEnumeration" default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            An ordered list of outbound bindings supported by this profile handler.  The order
+                            provided establishs the precedence given the bindings such that, from the left to right, 
+                            the first binding also supported by the relying party will be used.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                    <xsd:simpleType>
+                        <xsd:list itemType="xsd:anyURI"/>
+                    </xsd:simpleType>
+                </xsd:attribute>
             </xsd:extension>
         </xsd:complexContent>
     </xsd:complexType>
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
+                <xsd:attribute name="outboundBindingEnumeration" default="urn:oasis:names:tc:SAML:1.0:profiles:browser-post">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            An ordered list of outbound bindings supported by this profile handler.  The order
+                            provided establishs the precedence given the bindings such that, from the left to right, 
+                            the first binding also supported by the relying party will be used.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                    <xsd:simpleType>
+                        <xsd:list itemType="xsd:anyURI"/>
+                    </xsd:simpleType>
+                </xsd:attribute>
             </xsd:extension>
         </xsd:complexContent>
     </xsd:complexType>
index 09366dd..5037c63 100644 (file)
@@ -21,6 +21,11 @@ import javax.xml.namespace.QName;
 import edu.internet2.middleware.shibboleth.common.config.BaseSpringNamespaceHandler;
 import edu.internet2.middleware.shibboleth.common.config.profile.JSPErrorHandlerBeanDefinitionParser;
 import edu.internet2.middleware.shibboleth.common.config.profile.VelocityErrorHandlerBeanDefinitionParser;
+import edu.internet2.middleware.shibboleth.idp.config.profile.authn.RemoteUserAuthenticationHandlerBeanDefinitionParser;
+import edu.internet2.middleware.shibboleth.idp.config.profile.saml1.SAML1AttributeQueryProfileHandlerBeanDefinitionParser;
+import edu.internet2.middleware.shibboleth.idp.config.profile.saml1.ShibbolethSSOProfileHandlerBeanDefinitionParser;
+import edu.internet2.middleware.shibboleth.idp.config.profile.saml2.SAML2AttributeQueryProfileHandlerBeanDefinitionParser;
+import edu.internet2.middleware.shibboleth.idp.config.profile.saml2.SAML2SSOProfileHandlerBeanDefinitionParser;
 
 /**
  * Spring namespace handler for profile handler configurations.
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -26,6 +26,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
 import org.w3c.dom.Element;
 
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
+
 /**
  * Base class for authentication handler definition parsers.
  */
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
 
 import javax.xml.namespace.QName;
 
@@ -22,6 +22,8 @@ import org.opensaml.xml.util.DatatypeHelper;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
+
 /**
  * Spring bean definition parser for remote user authentication handlers.
  */
  * limitations under the License.
  */
 
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml1;
 
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
+import edu.internet2.middleware.shibboleth.idp.config.profile.AbstractSAMLProfileHandlerBeanDefinitionParser;
+
 /**
  * Base class for SAML 1 profile handler configuration parsers.
  */
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml1;
 
 import javax.xml.namespace.QName;
 
@@ -22,6 +22,8 @@ import org.opensaml.xml.util.DatatypeHelper;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
+import edu.internet2.middleware.shibboleth.idp.config.profile.saml2.AbstractSAML2ProfileHandlerBeanDefinitionParser;
 import edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler;
 
 /**
  * limitations under the License.
  */
 
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml1;
 
 import javax.xml.namespace.QName;
 
 import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.util.XMLHelper;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
 import edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler;
 
 /**
  * Spring bean configuration parser for {@link ShibbolethSSOProfileHandler}s.
  */
 public class ShibbolethSSOProfileHandlerBeanDefinitionParser extends AbstractSAML1ProfileHandlerBeanDefinitionParser {
-    
+
     /** Schema type. */
     public static final QName SCHEMA_TYPE = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "ShibbolethSSO");
 
@@ -43,6 +45,9 @@ public class ShibbolethSSOProfileHandlerBeanDefinitionParser extends AbstractSAM
 
         builder.addConstructorArg(DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null,
                 "authenticationManagerPath")));
+
+        builder.addConstructorArg(XMLHelper.getAttributeValueAsList(config.getAttributeNodeNS(null,
+                "outboundBindingEnumeration")));
     }
 
 }
\ No newline at end of file
  * limitations under the License.
  */
 
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml2;
 
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
+import edu.internet2.middleware.shibboleth.idp.config.profile.AbstractSAMLProfileHandlerBeanDefinitionParser;
+
 /**
  * Base class for SAML 2 profile handler configuration parsers.
  */
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml2;
 
 import javax.xml.namespace.QName;
 
@@ -22,6 +22,7 @@ import org.opensaml.xml.util.DatatypeHelper;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
 import edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler;
 
 /**
  * limitations under the License.
  */
 
-package edu.internet2.middleware.shibboleth.idp.config.profile;
+package edu.internet2.middleware.shibboleth.idp.config.profile.saml2;
 
 import javax.xml.namespace.QName;
 
 import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.util.XMLHelper;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
+import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
 import edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler;
 
 /**
@@ -44,6 +46,9 @@ public class SAML2SSOProfileHandlerBeanDefinitionParser extends AbstractSAML2Pro
         builder.addConstructorArg(DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null,
                 "authenticationManagerPath")));
 
+        builder.addConstructorArg(XMLHelper.getAttributeValueAsList(config.getAttributeNodeNS(null,
+                "outboundBindingEnumeration")));
+
         builder.addConstructorArg(DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null, "decodingBinding")));
 
         builder.addPropertyReference("securityPolicyFactory", DatatypeHelper.safeTrimOrNullString(config
index c64d053..4f67174 100644 (file)
@@ -20,6 +20,7 @@ import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.util.ArrayList;
+import java.util.List;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
@@ -71,21 +72,29 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
 
     /** URL of the authentication manager servlet. */
     private String authenticationManagerPath;
+    
+    /** URI of SAML 1 bindings supported for outgoing message encoding. */
+    private ArrayList<String> supportedOutgoingBindings;
 
     /**
      * Constructor.
      * 
      * @param authnManagerPath path to the authentication manager servlet
+     * @param outgoingBindings URIs of SAML 1 bindings supported for outgoing message encoding
      * 
      * @throws IllegalArgumentException thrown if either the authentication manager path or encoding binding URI are
      *             null or empty
      */
-    public ShibbolethSSOProfileHandler(String authnManagerPath) {
+    public ShibbolethSSOProfileHandler(String authnManagerPath, List<String> outgoingBindings) {
         if (DatatypeHelper.isEmpty(authnManagerPath)) {
             throw new IllegalArgumentException("Authentication manager path may not be null");
         }
-
         authenticationManagerPath = authnManagerPath;
+        
+        if(outgoingBindings == null || outgoingBindings.isEmpty()){
+            throw new IllegalArgumentException("List of supported outgoing bindings may not be empty");
+        }
+        supportedOutgoingBindings = new ArrayList<String>(outgoingBindings);
 
         authnStatementBuilder = (SAMLObjectBuilder<AuthenticationStatement>) getBuilderFactory().getBuilder(
                 AuthenticationStatement.DEFAULT_ELEMENT_NAME);
@@ -420,7 +429,7 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
         endpointSelector.setRelyingParty(requestContext.getRelyingPartyMetadata());
         endpointSelector.setRelyingPartyRole(requestContext.getRelyingPartyRoleMetadata());
         endpointSelector.setSamlRequest(requestContext.getSamlRequest());
-        endpointSelector.getSupportedIssuerBindings().addAll(getMessageEncoderFactory().getEncoderBuilders().keySet());
+        endpointSelector.getSupportedIssuerBindings().addAll(supportedOutgoingBindings);
         relyingPartyEndpoint = endpointSelector.selectEndpoint();
 
         if (relyingPartyEndpoint == null) {
index dfbfb5d..554221f 100644 (file)
@@ -18,6 +18,7 @@ package edu.internet2.middleware.shibboleth.idp.profile.saml2;
 
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.List;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
@@ -84,6 +85,9 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
 
     /** URL of the authentication manager servlet. */
     private String authenticationManagerPath;
+    
+    /** URI of SAML 2 bindings supported for outgoing messaged encoding. */
+    private ArrayList<String> supportedOutgoingBindings;
 
     /** URI of request decoder. */
     private String decodingBinding;
@@ -92,17 +96,23 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
      * Constructor.
      * 
      * @param authnManagerPath path to the authentication manager servlet
+     * @param outgoingBindings URIs of SAML 2 bindings supported for outgoing message encoding
      * @param decoder URI of the request decoder to use
      */
     @SuppressWarnings("unchecked")
-    public SSOProfileHandler(String authnManagerPath, String decoder) {
+    public SSOProfileHandler(String authnManagerPath, List<String> outgoingBindings, String decoder) {
         super();
 
         if (authnManagerPath == null || decoder == null) {
             throw new IllegalArgumentException("AuthN manager path or decoding bindings URI may not be null");
         }
-
         authenticationManagerPath = authnManagerPath;
+        
+        if(outgoingBindings == null || outgoingBindings.isEmpty()){
+            throw new IllegalArgumentException("List of supported outgoing bindings may not be empty");
+        }
+        supportedOutgoingBindings = new ArrayList<String>(outgoingBindings);
+        
         decodingBinding = decoder;
 
         authnStatementBuilder = (SAMLObjectBuilder<AuthnStatement>) getBuilderFactory().getBuilder(
@@ -431,7 +441,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
         endpointSelector.setRelyingParty(requestContext.getRelyingPartyMetadata());
         endpointSelector.setRelyingPartyRole(requestContext.getRelyingPartyRoleMetadata());
         endpointSelector.setSamlRequest(requestContext.getSamlRequest());
-        endpointSelector.getSupportedIssuerBindings().addAll(getMessageEncoderFactory().getEncoderBuilders().keySet());
+        endpointSelector.getSupportedIssuerBindings().addAll(supportedOutgoingBindings);
         Endpoint relyingPartyEndpoint = endpointSelector.selectEndpoint();
 
         MessageEncoder<ServletResponse> encoder = getMessageEncoderFactory().getMessageEncoder(