Merge branch 'master' into frontchannel-slo v2.3.4-slo10
authorTamas Frank <sitya@niif.hu>
Thu, 27 Oct 2011 18:10:12 +0000 (20:10 +0200)
committerTamas Frank <sitya@niif.hu>
Thu, 27 Oct 2011 18:10:12 +0000 (20:10 +0200)
Conflicts:
pom.xml

33 files changed:
.checkstyle
.classpath
.project
.settings/org.eclipse.jdt.core.prefs [deleted file]
.settings/org.eclipse.jdt.ui.prefs [deleted file]
checkstyle.xml [deleted file]
doc/RELEASE-NOTES.txt
pom.xml
src/installer/resources/build.xml
src/installer/resources/conf-tmpl/attribute-filter.xml
src/installer/resources/conf-tmpl/attribute-resolver.xml
src/installer/resources/conf-tmpl/handler.xml
src/installer/resources/conf-tmpl/internal.xml
src/installer/resources/conf-tmpl/relying-party.xml
src/installer/resources/conf-tmpl/service.xml
src/installer/resources/metadata-tmpl/idp-metadata.xml
src/main/assembly/bin.xml
src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
src/main/java/edu/internet2/middleware/shibboleth/idp/authn/LoginHandler.java
src/main/java/edu/internet2/middleware/shibboleth/idp/authn/Saml2LoginContext.java
src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/AbstractLoginHandler.java
src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/IPAddressLoginHandler.java
src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/RemoteUserAuthServlet.java
src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/UsernamePasswordLoginServlet.java
src/main/java/edu/internet2/middleware/shibboleth/idp/config/profile/authn/ExternalAuthnSystemLoginHandlerBeanDefinitionParser.java
src/main/java/edu/internet2/middleware/shibboleth/idp/config/profile/authn/ExternalAuthnSystemLoginHandlerFactoryBean.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServiceDescriptionTag.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServiceInformationURLTag.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServiceLogoTag.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServicePrivacyURLTag.java
src/main/java/edu/internet2/middleware/shibboleth/idp/ui/ServiceTagSupport.java
src/main/resources/schema/shibboleth-2.0-idp-profile-handler.xsd
src/main/webapp/login.jsp

index 82f24a5..06ae3bc 100644 (file)
@@ -1,13 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<fileset-config file-format-version="1.2.0" simple-config="true" sync-formatter="false">
-  <local-check-config name="Shibboleth" location="checkstyle.xml" type="project" description="Coding standards for Shibboleth">
-    <additional-data name="protect-config-file" value="true"/>
+<fileset-config file-format-version="1.2.0" simple-config="false" sync-formatter="false">
+
+   <local-check-config name="Shibboleth Checkstyle" type="remote" description="" 
+                       location="https://svn.shibboleth.net/java-parent-project/tags/2/resources/checkstyle/checkstyle.xml" >
+    <additional-data name="cache-file" value="true"/>
+    <additional-data name="cache-props-file-location" value="null_1312636288299_cache.properties"/>
+    <additional-data name="cache-file-location" value="null_1312636288299_cache.xml"/>
   </local-check-config>
-  <fileset name="all" enabled="true" check-config-name="Shibboleth" local="true">
-    <file-match-pattern match-pattern="." include-pattern="true"/>
+  <fileset name="main source" enabled="true" check-config-name="Shibboleth Checkstyle" local="true">
+    <file-match-pattern match-pattern="src/main/java/.*\.java$" include-pattern="true"/>
   </fileset>
-  <filter name="FileTypesFilter" enabled="true">
-    <filter-data value="java"/>
-  </filter>
+  
 </fileset-config>
index 1797868..72cc122 100644 (file)
@@ -1,8 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <classpath>
-    <classpathentry including="**/*.java" kind="src" path="src/main/java"/>
-    <classpathentry including="**/*.java" kind="src" output="target/test-classes" path="src/test/java"/>
-    <classpathentry kind="con" path="org.eclipse.iam.jdt.core.mavenClasspathContainer"/>
-    <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+
+    <classpathentry kind="src" output="target/classes" path="src/main/java"/>
+    <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
+    
+    <classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
+    <classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
+    
+    <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
+    <classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER"/>
+    
     <classpathentry kind="output" path="target/classes"/>
+    
 </classpath>
index db94ec1..4fafc55 100644 (file)
--- a/.project
+++ b/.project
                        </arguments>
                </buildCommand>
                <buildCommand>
-                       <name>org.eclipse.iam.jdt.core.mavenIncrementalBuilder</name>
+                       <name>net.sf.eclipsecs.core.CheckstyleBuilder</name>
                        <arguments>
                        </arguments>
                </buildCommand>
                <buildCommand>
-                       <name>net.sf.eclipsecs.core.CheckstyleBuilder</name>
+                       <name>org.eclipse.m2e.core.maven2Builder</name>
                        <arguments>
                        </arguments>
                </buildCommand>
        </buildSpec>
        <natures>
-               <nature>org.eclipse.iam.jdt.core.mavenNature</nature>
+               <nature>org.eclipse.m2e.core.maven2Nature</nature>
                <nature>org.eclipse.jdt.core.javanature</nature>
                <nature>net.sf.eclipsecs.core.CheckstyleNature</nature>
        </natures>
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
deleted file mode 100644 (file)
index c31a836..0000000
+++ /dev/null
@@ -1,346 +0,0 @@
-#Thu Jun 02 08:27:32 EDT 2011
-eclipse.preferences.version=1
-org.eclipse.jdt.core.builder.cleanOutputFolder=ignore
-org.eclipse.jdt.core.codeComplete.argumentPrefixes=
-org.eclipse.jdt.core.codeComplete.argumentSuffixes=
-org.eclipse.jdt.core.codeComplete.fieldPrefixes=
-org.eclipse.jdt.core.codeComplete.fieldSuffixes=
-org.eclipse.jdt.core.codeComplete.localPrefixes=
-org.eclipse.jdt.core.codeComplete.localSuffixes=
-org.eclipse.jdt.core.codeComplete.staticFieldPrefixes=
-org.eclipse.jdt.core.codeComplete.staticFieldSuffixes=
-org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
-org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
-org.eclipse.jdt.core.compiler.compliance=1.5
-org.eclipse.jdt.core.compiler.debug.lineNumber=generate
-org.eclipse.jdt.core.compiler.debug.localVariable=generate
-org.eclipse.jdt.core.compiler.debug.sourceFile=generate
-org.eclipse.jdt.core.compiler.problem.annotationSuperInterface=warning
-org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
-org.eclipse.jdt.core.compiler.problem.autoboxing=ignore
-org.eclipse.jdt.core.compiler.problem.deprecation=warning
-org.eclipse.jdt.core.compiler.problem.deprecationInDeprecatedCode=disabled
-org.eclipse.jdt.core.compiler.problem.deprecationWhenOverridingDeprecatedMethod=disabled
-org.eclipse.jdt.core.compiler.problem.discouragedReference=warning
-org.eclipse.jdt.core.compiler.problem.emptyStatement=ignore
-org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
-org.eclipse.jdt.core.compiler.problem.fallthroughCase=ignore
-org.eclipse.jdt.core.compiler.problem.fatalOptionalError=enabled
-org.eclipse.jdt.core.compiler.problem.fieldHiding=ignore
-org.eclipse.jdt.core.compiler.problem.finalParameterBound=warning
-org.eclipse.jdt.core.compiler.problem.finallyBlockNotCompletingNormally=warning
-org.eclipse.jdt.core.compiler.problem.forbiddenReference=error
-org.eclipse.jdt.core.compiler.problem.hiddenCatchBlock=warning
-org.eclipse.jdt.core.compiler.problem.incompatibleNonInheritedInterfaceMethod=warning
-org.eclipse.jdt.core.compiler.problem.incompleteEnumSwitch=ignore
-org.eclipse.jdt.core.compiler.problem.indirectStaticAccess=ignore
-org.eclipse.jdt.core.compiler.problem.localVariableHiding=ignore
-org.eclipse.jdt.core.compiler.problem.methodWithConstructorName=warning
-org.eclipse.jdt.core.compiler.problem.missingDeprecatedAnnotation=ignore
-org.eclipse.jdt.core.compiler.problem.missingOverrideAnnotation=ignore
-org.eclipse.jdt.core.compiler.problem.missingSerialVersion=warning
-org.eclipse.jdt.core.compiler.problem.noEffectAssignment=warning
-org.eclipse.jdt.core.compiler.problem.noImplicitStringConversion=warning
-org.eclipse.jdt.core.compiler.problem.nonExternalizedStringLiteral=ignore
-org.eclipse.jdt.core.compiler.problem.nullReference=ignore
-org.eclipse.jdt.core.compiler.problem.overridingPackageDefaultMethod=warning
-org.eclipse.jdt.core.compiler.problem.parameterAssignment=ignore
-org.eclipse.jdt.core.compiler.problem.possibleAccidentalBooleanAssignment=ignore
-org.eclipse.jdt.core.compiler.problem.potentialNullReference=ignore
-org.eclipse.jdt.core.compiler.problem.rawTypeReference=ignore
-org.eclipse.jdt.core.compiler.problem.redundantNullCheck=ignore
-org.eclipse.jdt.core.compiler.problem.specialParameterHidingField=disabled
-org.eclipse.jdt.core.compiler.problem.staticAccessReceiver=warning
-org.eclipse.jdt.core.compiler.problem.suppressWarnings=enabled
-org.eclipse.jdt.core.compiler.problem.syntheticAccessEmulation=ignore
-org.eclipse.jdt.core.compiler.problem.typeParameterHiding=warning
-org.eclipse.jdt.core.compiler.problem.uncheckedTypeOperation=ignore
-org.eclipse.jdt.core.compiler.problem.undocumentedEmptyBlock=ignore
-org.eclipse.jdt.core.compiler.problem.unhandledWarningToken=warning
-org.eclipse.jdt.core.compiler.problem.unnecessaryElse=ignore
-org.eclipse.jdt.core.compiler.problem.unnecessaryTypeCheck=ignore
-org.eclipse.jdt.core.compiler.problem.unqualifiedFieldAccess=ignore
-org.eclipse.jdt.core.compiler.problem.unusedDeclaredThrownException=ignore
-org.eclipse.jdt.core.compiler.problem.unusedDeclaredThrownExceptionWhenOverriding=disabled
-org.eclipse.jdt.core.compiler.problem.unusedImport=warning
-org.eclipse.jdt.core.compiler.problem.unusedLabel=warning
-org.eclipse.jdt.core.compiler.problem.unusedLocal=warning
-org.eclipse.jdt.core.compiler.problem.unusedParameter=ignore
-org.eclipse.jdt.core.compiler.problem.unusedParameterIncludeDocCommentReference=enabled
-org.eclipse.jdt.core.compiler.problem.unusedParameterWhenImplementingAbstract=disabled
-org.eclipse.jdt.core.compiler.problem.unusedParameterWhenOverridingConcrete=disabled
-org.eclipse.jdt.core.compiler.problem.unusedPrivateMember=warning
-org.eclipse.jdt.core.compiler.problem.varargsArgumentNeedCast=warning
-org.eclipse.jdt.core.compiler.source=1.5
-org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_annotation=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16
-org.eclipse.jdt.core.formatter.alignment_for_assignment=16
-org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
-org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
-org.eclipse.jdt.core.formatter.alignment_for_conditional_expression=16
-org.eclipse.jdt.core.formatter.alignment_for_enum_constants=16
-org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16
-org.eclipse.jdt.core.formatter.alignment_for_method_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
-org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_selector_in_method_invocation=16
-org.eclipse.jdt.core.formatter.alignment_for_superclass_in_type_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_enum_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_type_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_constructor_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_method_declaration=16
-org.eclipse.jdt.core.formatter.blank_lines_after_imports=1
-org.eclipse.jdt.core.formatter.blank_lines_after_package=1
-org.eclipse.jdt.core.formatter.blank_lines_before_field=1
-org.eclipse.jdt.core.formatter.blank_lines_before_first_class_body_declaration=0
-org.eclipse.jdt.core.formatter.blank_lines_before_imports=1
-org.eclipse.jdt.core.formatter.blank_lines_before_member_type=1
-org.eclipse.jdt.core.formatter.blank_lines_before_method=1
-org.eclipse.jdt.core.formatter.blank_lines_before_new_chunk=1
-org.eclipse.jdt.core.formatter.blank_lines_before_package=1
-org.eclipse.jdt.core.formatter.blank_lines_between_import_groups=1
-org.eclipse.jdt.core.formatter.blank_lines_between_type_declarations=1
-org.eclipse.jdt.core.formatter.brace_position_for_annotation_type_declaration=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_anonymous_type_declaration=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_array_initializer=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_block=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_block_in_case=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_constructor_declaration=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_enum_constant=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_enum_declaration=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_method_declaration=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_switch=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_type_declaration=end_of_line
-org.eclipse.jdt.core.formatter.comment.clear_blank_lines=false
-org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_block_comment=false
-org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_javadoc_comment=false
-org.eclipse.jdt.core.formatter.comment.format_block_comments=true
-org.eclipse.jdt.core.formatter.comment.format_comments=true
-org.eclipse.jdt.core.formatter.comment.format_header=false
-org.eclipse.jdt.core.formatter.comment.format_html=true
-org.eclipse.jdt.core.formatter.comment.format_javadoc_comments=true
-org.eclipse.jdt.core.formatter.comment.format_line_comments=true
-org.eclipse.jdt.core.formatter.comment.format_source_code=true
-org.eclipse.jdt.core.formatter.comment.indent_parameter_description=true
-org.eclipse.jdt.core.formatter.comment.indent_root_tags=true
-org.eclipse.jdt.core.formatter.comment.insert_new_line_before_root_tags=insert
-org.eclipse.jdt.core.formatter.comment.insert_new_line_for_parameter=do not insert
-org.eclipse.jdt.core.formatter.comment.line_length=120
-org.eclipse.jdt.core.formatter.comment.new_lines_at_block_boundaries=true
-org.eclipse.jdt.core.formatter.comment.new_lines_at_javadoc_boundaries=true
-org.eclipse.jdt.core.formatter.compact_else_if=true
-org.eclipse.jdt.core.formatter.continuation_indentation=2
-org.eclipse.jdt.core.formatter.continuation_indentation_for_array_initializer=2
-org.eclipse.jdt.core.formatter.disabling_tag=@formatter\:off
-org.eclipse.jdt.core.formatter.enabling_tag=@formatter\:on
-org.eclipse.jdt.core.formatter.format_guardian_clause_on_one_line=false
-org.eclipse.jdt.core.formatter.format_line_comment_starting_on_first_column=true
-org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_annotation_declaration_header=true
-org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_constant_header=true
-org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_declaration_header=true
-org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_type_header=true
-org.eclipse.jdt.core.formatter.indent_breaks_compare_to_cases=true
-org.eclipse.jdt.core.formatter.indent_empty_lines=false
-org.eclipse.jdt.core.formatter.indent_statements_compare_to_block=true
-org.eclipse.jdt.core.formatter.indent_statements_compare_to_body=true
-org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_cases=true
-org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=true
-org.eclipse.jdt.core.formatter.indentation.size=4
-org.eclipse.jdt.core.formatter.insert_new_line_after_annotation=insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_local_variable=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_member=insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_parameter=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_label=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_opening_brace_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_at_end_of_file_if_missing=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_before_catch_in_try_statement=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_before_closing_brace_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_before_else_in_if_statement=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_before_finally_in_try_statement=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_before_while_in_do_statement=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_annotation_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_anonymous_type_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_block=insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_constant=insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_declaration=insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_method_body=insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_type_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_after_and_in_type_parameter=insert
-org.eclipse.jdt.core.formatter.insert_space_after_assignment_operator=insert
-org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation_type_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_binary_operator=insert
-org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_arguments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_parameters=insert
-org.eclipse.jdt.core.formatter.insert_space_after_closing_brace_in_block=insert
-org.eclipse.jdt.core.formatter.insert_space_after_closing_paren_in_cast=insert
-org.eclipse.jdt.core.formatter.insert_space_after_colon_in_assert=insert
-org.eclipse.jdt.core.formatter.insert_space_after_colon_in_case=insert
-org.eclipse.jdt.core.formatter.insert_space_after_colon_in_conditional=insert
-org.eclipse.jdt.core.formatter.insert_space_after_colon_in_for=insert
-org.eclipse.jdt.core.formatter.insert_space_after_colon_in_labeled_statement=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_allocation_expression=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_annotation=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_array_initializer=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_parameters=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_throws=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_constant_arguments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_declarations=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_explicitconstructorcall_arguments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_increments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_inits=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_parameters=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_throws=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_invocation_arguments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_field_declarations=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_local_declarations=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_parameterized_type_reference=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_superinterfaces=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_arguments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_parameters=insert
-org.eclipse.jdt.core.formatter.insert_space_after_ellipsis=insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_parameterized_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_brace_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_allocation_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_annotation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_cast=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_catch=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_constructor_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_enum_constant=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_for=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_if=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_invocation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_parenthesized_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_switch=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_synchronized=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_while=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_postfix_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_prefix_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_question_in_conditional=insert
-org.eclipse.jdt.core.formatter.insert_space_after_question_in_wildcard=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_semicolon_in_for=insert
-org.eclipse.jdt.core.formatter.insert_space_after_unary_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_and_in_type_parameter=insert
-org.eclipse.jdt.core.formatter.insert_space_before_assignment_operator=insert
-org.eclipse.jdt.core.formatter.insert_space_before_at_in_annotation_type_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_binary_operator=insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_parameterized_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_brace_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_allocation_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_annotation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_cast=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_catch=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_constructor_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_enum_constant=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_for=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_if=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_invocation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_parenthesized_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_switch=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_synchronized=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_while=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_assert=insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_case=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_conditional=insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_default=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_for=insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_labeled_statement=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_allocation_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_annotation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_throws=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_constant_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_declarations=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_explicitconstructorcall_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_increments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_inits=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_throws=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_invocation_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_field_declarations=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_local_declarations=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_parameterized_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_superinterfaces=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_ellipsis=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_parameterized_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_annotation_type_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_anonymous_type_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_array_initializer=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_block=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_constructor_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_constant=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_method_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_switch=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_type_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_allocation_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation_type_member_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_catch=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_constructor_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_enum_constant=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_for=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_if=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_invocation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_parenthesized_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_switch=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_synchronized=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_while=insert
-org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_return=insert
-org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_throw=insert
-org.eclipse.jdt.core.formatter.insert_space_before_postfix_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_prefix_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_question_in_conditional=insert
-org.eclipse.jdt.core.formatter.insert_space_before_question_in_wildcard=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_semicolon=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_semicolon_in_for=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_unary_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_brackets_in_array_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_braces_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_brackets_in_array_allocation_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_annotation_type_member_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_constructor_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_enum_constant=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_invocation=do not insert
-org.eclipse.jdt.core.formatter.join_lines_in_comments=true
-org.eclipse.jdt.core.formatter.join_wrapped_lines=true
-org.eclipse.jdt.core.formatter.keep_else_statement_on_same_line=false
-org.eclipse.jdt.core.formatter.keep_empty_array_initializer_on_one_line=false
-org.eclipse.jdt.core.formatter.keep_imple_if_on_one_line=false
-org.eclipse.jdt.core.formatter.keep_then_statement_on_same_line=false
-org.eclipse.jdt.core.formatter.lineSplit=120
-org.eclipse.jdt.core.formatter.never_indent_block_comments_on_first_column=false
-org.eclipse.jdt.core.formatter.never_indent_line_comments_on_first_column=false
-org.eclipse.jdt.core.formatter.number_of_blank_lines_at_beginning_of_method_body=0
-org.eclipse.jdt.core.formatter.number_of_empty_lines_to_preserve=1
-org.eclipse.jdt.core.formatter.put_empty_statement_on_new_line=false
-org.eclipse.jdt.core.formatter.tabulation.char=space
-org.eclipse.jdt.core.formatter.tabulation.size=4
-org.eclipse.jdt.core.formatter.use_on_off_tags=false
-org.eclipse.jdt.core.formatter.use_tabs_only_for_leading_indentations=false
-org.eclipse.jdt.core.formatter.wrap_before_binary_operator=true
-org.eclipse.jdt.core.formatter.wrap_outer_expressions_when_nested=true
diff --git a/.settings/org.eclipse.jdt.ui.prefs b/.settings/org.eclipse.jdt.ui.prefs
deleted file mode 100644 (file)
index b751f95..0000000
+++ /dev/null
@@ -1,64 +0,0 @@
-#Fri Jun 17 16:40:32 EDT 2011
-cleanup.add_default_serial_version_id=false
-cleanup.add_generated_serial_version_id=true
-cleanup.add_missing_annotations=true
-cleanup.add_missing_deprecated_annotations=true
-cleanup.add_missing_methods=false
-cleanup.add_missing_nls_tags=false
-cleanup.add_missing_override_annotations=false
-cleanup.add_missing_override_annotations_interface_methods=true
-cleanup.add_serial_version_id=true
-cleanup.always_use_blocks=true
-cleanup.always_use_parentheses_in_expressions=false
-cleanup.always_use_this_for_non_static_field_access=false
-cleanup.always_use_this_for_non_static_method_access=false
-cleanup.convert_to_enhanced_for_loop=false
-cleanup.correct_indentation=true
-cleanup.format_source_code=true
-cleanup.format_source_code_changes_only=false
-cleanup.make_local_variable_final=true
-cleanup.make_parameters_final=true
-cleanup.make_private_fields_final=true
-cleanup.make_type_abstract_if_missing_method=false
-cleanup.make_variable_declarations_final=true
-cleanup.never_use_blocks=false
-cleanup.never_use_parentheses_in_expressions=true
-cleanup.organize_imports=true
-cleanup.qualify_static_field_accesses_with_declaring_class=false
-cleanup.qualify_static_member_accesses_through_instances_with_declaring_class=true
-cleanup.qualify_static_member_accesses_through_subtypes_with_declaring_class=true
-cleanup.qualify_static_member_accesses_with_declaring_class=true
-cleanup.qualify_static_method_accesses_with_declaring_class=false
-cleanup.remove_private_constructors=true
-cleanup.remove_trailing_whitespaces=true
-cleanup.remove_trailing_whitespaces_all=true
-cleanup.remove_trailing_whitespaces_ignore_empty=false
-cleanup.remove_unnecessary_casts=true
-cleanup.remove_unnecessary_nls_tags=true
-cleanup.remove_unused_imports=true
-cleanup.remove_unused_local_variables=false
-cleanup.remove_unused_private_fields=true
-cleanup.remove_unused_private_members=false
-cleanup.remove_unused_private_methods=true
-cleanup.remove_unused_private_types=true
-cleanup.sort_members=false
-cleanup.sort_members_all=false
-cleanup.use_blocks=true
-cleanup.use_blocks_only_for_return_and_throw=false
-cleanup.use_parentheses_in_expressions=true
-cleanup.use_this_for_non_static_field_access=false
-cleanup.use_this_for_non_static_field_access_only_if_necessary=true
-cleanup.use_this_for_non_static_method_access=false
-cleanup.use_this_for_non_static_method_access_only_if_necessary=true
-cleanup_profile=_Shibboleth
-cleanup_settings_version=2
-eclipse.preferences.version=1
-formatter_profile=_Shibboleth
-formatter_settings_version=11
-internal.default.compliance=default
-org.eclipse.jdt.ui.exception.name=e
-org.eclipse.jdt.ui.gettersetter.use.is=true
-org.eclipse.jdt.ui.javadoc=true
-org.eclipse.jdt.ui.keywordthis=false
-org.eclipse.jdt.ui.overrideannotation=false
-org.eclipse.jdt.ui.text.custom_code_templates=<?xml version\="1.0" encoding\="UTF-8" standalone\="no"?><templates><template autoinsert\="true" context\="gettercomment_context" deleted\="false" description\="Comment for getter method" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.gettercomment" name\="gettercomment">/**\n * @return Returns the ${bare_field_name}.\n */</template><template autoinsert\="true" context\="settercomment_context" deleted\="false" description\="Comment for setter method" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.settercomment" name\="settercomment">/**\n * @param ${param} The ${bare_field_name} to set.\n */</template><template autoinsert\="false" context\="constructorcomment_context" deleted\="false" description\="Comment for created constructors" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.constructorcomment" name\="constructorcomment">/**\n * Constructor.\n *\n * ${tags}\n */</template><template autoinsert\="false" context\="filecomment_context" deleted\="false" description\="Comment for created Java files" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.filecomment" name\="filecomment">/*\n * Licensed to the University Corporation for Advanced Internet Development, \n * Inc. (UCAID) under one or more contributor license agreements.  See the \n * NOTICE file distributed with this work for additional information regarding\n * copyright ownership. The UCAID licenses this file to You under the Apache \n * License, Version 2.0 (the "License"); you may not use this file except in \n * compliance with the License.  You may obtain a copy of the License at\n *\n *    http\://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an "AS IS" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */</template><template autoinsert\="false" context\="typecomment_context" deleted\="false" description\="Comment for created types" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.typecomment" name\="typecomment">/**\n *\n * ${tags}\n */</template><template autoinsert\="true" context\="fieldcomment_context" deleted\="false" description\="Comment for fields" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.fieldcomment" name\="fieldcomment">/**\n * \n */</template><template autoinsert\="true" context\="methodcomment_context" deleted\="false" description\="Comment for non-overriding methods" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.methodcomment" name\="methodcomment">/**\n * ${tags}\n */</template><template autoinsert\="false" context\="overridecomment_context" deleted\="false" description\="Comment for overriding methods" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.overridecomment" name\="overridecomment">/** {@inheritDoc} */</template><template autoinsert\="true" context\="delegatecomment_context" deleted\="false" description\="Comment for delegate methods" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.delegatecomment" name\="delegatecomment">/**\n * ${tags}\n * ${see_to_target}\n */</template><template autoinsert\="false" context\="newtype_context" deleted\="false" description\="Newly created files" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.newtype" name\="newtype">${filecomment}\n\n${package_declaration}\n\n${typecomment}\n${type_declaration}</template><template autoinsert\="true" context\="classbody_context" deleted\="false" description\="Code in new class type bodies" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.classbody" name\="classbody">\n</template><template autoinsert\="true" context\="interfacebody_context" deleted\="false" description\="Code in new interface type bodies" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.interfacebody" name\="interfacebody">\n</template><template autoinsert\="true" context\="enumbody_context" deleted\="false" description\="Code in new enum type bodies" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.enumbody" name\="enumbody">\n</template><template autoinsert\="true" context\="annotationbody_context" deleted\="false" description\="Code in new annotation type bodies" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.annotationbody" name\="annotationbody">\n</template><template autoinsert\="true" context\="catchblock_context" deleted\="false" description\="Code in new catch blocks" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.catchblock" name\="catchblock">// ${todo} Auto-generated catch block\n${exception_var}.printStackTrace();</template><template autoinsert\="true" context\="methodbody_context" deleted\="false" description\="Code in created method stubs" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.methodbody" name\="methodbody">// ${todo} Auto-generated method stub\n${body_statement}</template><template autoinsert\="true" context\="constructorbody_context" deleted\="false" description\="Code in created constructor stubs" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.constructorbody" name\="constructorbody">${body_statement}\n// ${todo} Auto-generated constructor stub</template><template autoinsert\="true" context\="getterbody_context" deleted\="false" description\="Code in created getters" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.getterbody" name\="getterbody">return ${field};</template><template autoinsert\="true" context\="setterbody_context" deleted\="false" description\="Code in created setters" enabled\="true" id\="org.eclipse.jdt.ui.text.codetemplates.setterbody" name\="setterbody">${field} \= ${param};</template></templates>
diff --git a/checkstyle.xml b/checkstyle.xml
deleted file mode 100644 (file)
index 570bac0..0000000
+++ /dev/null
@@ -1,110 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE module PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.3//EN" "http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
-
-<!--
-    This configuration file was written by the eclipse-cs plugin configuration editor
--->
-<!--
-    Checkstyle-Configuration: Shibboleth Checkstyle
-    Description: none
--->
-<module name="Checker">
-  <property name="severity" value="warning"/>
-  <module name="TreeWalker">
-    <property name="tabWidth" value="4"/>
-    <module name="JavadocMethod">
-      <property name="allowThrowsTagsForSubclasses" value="true"/>
-    </module>
-    <module name="JavadocType"/>
-    <module name="JavadocVariable"/>
-    <module name="JavadocStyle">
-      <property name="checkEmptyJavadoc" value="true"/>
-    </module>
-    <module name="ConstantName"/>
-    <module name="LocalFinalVariableName"/>
-    <module name="LocalVariableName"/>
-    <module name="MemberName"/>
-    <module name="MethodName"/>
-    <module name="PackageName"/>
-    <module name="ParameterName"/>
-    <module name="StaticVariableName"/>
-    <module name="TypeName"/>
-    <module name="AvoidStarImport"/>
-    <module name="IllegalImport"/>
-    <module name="RedundantImport"/>
-    <module name="UnusedImports"/>
-    <module name="LineLength">
-      <property name="max" value="120"/>
-    </module>
-    <module name="MethodLength">
-      <property name="max" value="50"/>
-    </module>
-    <module name="ParameterNumber">
-      <property name="max" value="5"/>
-    </module>
-    <module name="EmptyForIteratorPad"/>
-    <module name="MethodParamPad"/>
-    <module name="ModifierOrder"/>
-    <module name="AvoidNestedBlocks"/>
-    <module name="EmptyBlock"/>
-    <module name="LeftCurly"/>
-    <module name="NeedBraces"/>
-    <module name="RightCurly"/>
-    <module name="AvoidInlineConditionals"/>
-    <module name="DoubleCheckedLocking"/>
-    <module name="EmptyStatement"/>
-    <module name="EqualsHashCode"/>
-    <module name="HiddenField"/>
-    <module name="IllegalInstantiation"/>
-    <module name="InnerAssignment"/>
-    <module name="MissingSwitchDefault"/>
-    <module name="RedundantThrows"/>
-    <module name="SimplifyBooleanExpression"/>
-    <module name="SimplifyBooleanReturn"/>
-    <module name="FinalClass"/>
-    <module name="HideUtilityClassConstructor"/>
-    <module name="InterfaceIsType"/>
-    <module name="VisibilityModifier"/>
-    <module name="ArrayTypeStyle"/>
-    <module name="UpperEll"/>
-    <module name="AbstractClassName">
-      <property name="format" value="^Abstract.*$|^Base.*$"/>
-    </module>
-    <module name="AnonInnerLength"/>
-    <module name="EmptyForInitializerPad"/>
-    <module name="CovariantEquals"/>
-    <module name="DefaultComesLast"/>
-    <module name="DeclarationOrder"/>
-    <module name="ExplicitInitialization"/>
-    <module name="FallThrough"/>
-    <module name="IllegalCatch"/>
-    <module name="IllegalThrows"/>
-    <module name="JUnitTestCase"/>
-    <module name="MultipleVariableDeclarations"/>
-    <module name="PackageDeclaration"/>
-    <module name="ParameterAssignment"/>
-    <module name="ReturnCount">
-      <property name="max" value="4"/>
-    </module>
-    <module name="StringLiteralEquality"/>
-    <module name="SuperFinalize"/>
-    <module name="ArrayTrailingComma"/>
-    <module name="UnnecessaryParentheses"/>
-    <module name="MutableException"/>
-    <module name="ThrowsCount">
-      <property name="max" value="3"/>
-    </module>
-    <module name="CyclomaticComplexity"/>
-    <module name="TrailingComment"/>
-    <module name="EqualsAvoidNull"/>
-    <module name="ModifiedControlVariable"/>
-  </module>
-  <module name="FileTabCharacter"/>
-  <module name="FileLength">
-    <property name="max" value="1000"/>
-  </module>
-  <module name="Header">
-    <property name="header" value="/*\n * Licensed to the University Corporation for Advanced Internet Development, \n * Inc. (UCAID) under one or more contributor license agreements.  See the \n * NOTICE file distributed with this work for additional information regarding\n * copyright ownership. The UCAID licenses this file to You under the Apache \n * License, Version 2.0 (the &quot;License&quot;); you may not use this file except in \n * compliance with the License.  You may obtain a copy of the License at\n *\n *    http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an &quot;AS IS&quot; BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */"/>
-  </module>
-  <module name="JavadocPackage"/>
-</module>
index 95f4635..2118467 100644 (file)
@@ -1,3 +1,18 @@
+Changes in Release 2.3.4
+=============================================
+[SIDP-508] - NullPointerException in AuthenticationEngine
+[SIDP-510] - Error with stack trace when passive cannot be honored
+[SIDP-511] - ExternalAuthnSystemLoginHandler does not support forceAuthn/isPassive
+[SIDP-512] - idpui taglib should iterate over all browser aproved languages
+[SIDP-513] - idpui taglib could look for more languages matches
+[SIDP-514] - Alt text for IdP Logos is not esapiEncoder.encodeForHTMLAttribute
+[SIDP-516] - Example login.jsp / Usage of label tag
+[SIDP-519] - Switching between multiple login handlers cause first context to be sticky in Shib-Authentication-Method
+[SIDP-520] - Ipad/iOS devices will auto capitalize text entered into the IdP login screen, which can cause errors. Adding an HTML element will prevent that
+[SIDP-521] - Allow specificying file location of renewed key and certificate
+[SIDP-522] - supplied examples shouldn't promote federation URIs as relying parties
+[SIDP-523] - Add access to inbound AuthnRequest
+
 Changes in Release 2.3.3
 =============================================
 [SIDP-504] - Alt text generate for logo has mismatched quoting
diff --git a/pom.xml b/pom.xml
index 47ec17c..77a3cac 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -1,11 +1,18 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-         
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
     <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>net.shibboleth</groupId>
+        <artifactId>parent</artifactId>
+        <version>2</version>
+    </parent>
+
     <groupId>edu.internet2.middleware</groupId>
     <artifactId>shibboleth-identityprovider</artifactId>
-    <version>2.3.3-slo10</version>
+    <version>2.3.4-slo10</version>
 
     <!-- We bundle as a jar here, the installer creates the WAR -->
     <packaging>jar</packaging>
@@ -17,9 +24,7 @@
     </description>
 
     <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <xerces.groupId>org.apache.xerces</xerces.groupId>
-        <xerces.version>2.10.0</xerces.version>
+        <svn.relative.location>java-shib-idp2</svn.relative.location>
     </properties>
 
     <repositories>
         <dependency>
             <groupId>edu.internet2.middleware</groupId>
             <artifactId>shibboleth-common</artifactId>
-            <version>1.3.3-slo2</version>
+            <version>1.3.4-slo2</version>
         </dependency>
 
         <!-- Provided dependencies -->
-        <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
-            <version>2.4</version>
-        </dependency>
-        <dependency>
-            <groupId>javax.servlet.jsp</groupId>
-            <artifactId>jsp-api</artifactId>
-            <version>2.0</version>
-        </dependency>
 
         <!-- Runtime dependencies -->
         <dependency>
-            <groupId>${xerces.groupId}</groupId>
-            <artifactId>xml-apis</artifactId>
-            <version>${xerces.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>${xerces.groupId}</groupId>
-            <artifactId>xercesImpl</artifactId>
-            <version>${xerces.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>xml-resolver</groupId>
-            <artifactId>xml-resolver</artifactId>
-            <version>1.2</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>xalan</groupId>
-            <artifactId>xalan</artifactId>
-            <version>2.7.1</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.ant</groupId>
-            <artifactId>ant-nodeps</artifactId>
-            <version>1.7.1</version>
-            <scope>runtime</scope>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15</artifactId>
+            <version>1.45</version>
         </dependency>
         <dependency>
             <groupId>ant-contrib</groupId>
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>xmlunit</groupId>
-            <artifactId>xmlunit</artifactId>
-            <version>1.0</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-test</artifactId>
             <version>2.5.6.SEC02</version>
                 </exclusion>
             </exclusions>
         </dependency>
-    </dependencies>
 
+        <!-- Managed Dependencies -->
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet.jsp</groupId>
+            <artifactId>jsp-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>${xerces.groupId}</groupId>
+            <artifactId>xml-apis</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>${xerces.groupId}</groupId>
+            <artifactId>xercesImpl</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>${xerces.groupId}</groupId>
+            <artifactId>serializer</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>xml-resolver</groupId>
+            <artifactId>xml-resolver</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>${xalan.groupId}</groupId>
+            <artifactId>xalan</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>xmlunit</groupId>
+            <artifactId>xmlunit</artifactId>
+        </dependency>
+    </dependencies>
     <distributionManagement>
         <repository>
             <id>release</id>
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <version>2.3.2</version>
-                <configuration>
-                    <source>1.5</source>
-                    <target>1.5</target>
-                    <debug>true</debug>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-assembly-plugin</artifactId>
-                <version>2.2.1</version>
-                <configuration>
-                    <descriptors>
-                        <descriptor>src/main/assembly/bin.xml</descriptor>
-                    </descriptors>
-                    <tarLongFileMode>gnu</tarLongFileMode>
-                </configuration>
-                <executions>
-                    <execution>
-                        <id>make-assembly</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>attached</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
-                <version>2.8</version>
-                <configuration>
-                    <argLine>-Xmx256m</argLine>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
                 <version>2.3.1</version>
                 <configuration>
                     </archive>
                 </configuration>
             </plugin>
-            <plugin>
-                <artifactId>maven-source-plugin</artifactId>
-                <version>2.1.2</version>
-                <executions>
-                    <execution>
-                        <id>attach-sources</id>
-                        <goals>
-                            <goal>jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.7</version>
-                <executions>
-                    <execution>
-                        <id>attach-javadocs</id>
-                        <goals>
-                            <goal>jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-                <configuration>
-                    <quiet>true</quiet>
-                </configuration>
-            </plugin>
         </plugins>
     </build>
 
-    <reporting>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.8</version>
-                <configuration>
-                    <links>
-                        <link>http://java.sun.com/j2se/1.5.0/docs/api/</link>
-                        <link>http://joda-time.sourceforge.net/apidocs/</link>
-                        <link>http://static.springsource.org/spring/docs/2.0.x/api/</link>
-                    </links>
-                    <quiet>true</quiet>
-                    <author>false</author>
-                    <version>true</version>
-                    <doctitle>${project.name} ${project.version} Java API.</doctitle>
-                    <windowtitle>${project.name} ${project.version} Java API.</windowtitle>
-                    <overview>src/main/java/overview.html</overview>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jxr-plugin</artifactId>
-                <version>2.2</version>
-                <configuration>
-                    <outputDirectory>${project.reporting.outputDirectory}/xref</outputDirectory>
-                    <doctitle>${project.name} ${project.version} Code Cross-Reference</doctitle>
-                    <windowtitle>${project.name} ${project.version} Java API.</windowtitle>
-                    <javadocDir>${project.reporting.outputDirectory}/apidocs</javadocDir>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>2.8.1</version>
-                <configuration>
-                    <outputDirectory>${project.reporting.outputDirectory}/unitTest</outputDirectory>
-                    <xrefLocation>${project.reporting.outputDirectory}/xref</xrefLocation>
-                </configuration>
-            </plugin>
-        </plugins>
-    </reporting>
-
     <profiles>
         <profile>
             <id>release</id>
                 <plugins>
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>2.8</version>
-                        <executions>
-                            <execution>
-                                <id>release-javadoc</id>
-                                <phase>package</phase>
-                                <goals>
-                                    <goal>javadoc</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-jxr-plugin</artifactId>
-                        <version>2.2</version>
-                        <executions>
-                            <execution>
-                                <id>release-jxr</id>
-                                <phase>package</phase>
-                                <goals>
-                                    <goal>jxr</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-surefire-report-plugin</artifactId>
-                        <version>2.9</version>
-                        <executions>
-                            <execution>
-                                <id>release-unitTest</id>
-                                <phase>package</phase>
-                                <goals>
-                                    <goal>report-only</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-assembly-plugin</artifactId>
                         <version>2.2.1</version>
-                        <executions>
-                            <execution>
-                                <id>make-assembly</id>
-                                <phase>package</phase>
-                                <goals>
-                                    <goal>attached</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-gpg-plugin</artifactId>
-                        <version>1.3</version>
-                        <executions>
-                            <execution>
-                                <id>sign-artifacts</id>
-                                <phase>verify</phase>
-                                <goals>
-                                    <goal>sign</goal>
-                                </goals>
-                            </execution>
-                        </executions>
+                        <configuration>
+                            <descriptors>
+                                <descriptor>src/main/assembly/bin.xml</descriptor>
+                            </descriptors>
+                        </configuration>
                     </plugin>
                 </plugins>
             </build>
index 5c27404..0ee4462 100755 (executable)
@@ -81,7 +81,9 @@
                        </else>
                </if>
                        
-                <selfSignedCert hostname="${idp.hostname}" privateKeyFile="${idp.home.path}/credentials/idp.key" certificateFile="${idp.home.path}/credentials/idp.crt" keystoreFile="${idp.home.path}/credentials/idp.jks" keystorePassword="${idp.keystore.pass}" uriSubjectAltNames="${idp.entity.id}" certificateLifetime="${idp.cert.lifetime}"/>
+                <selfSignedCert hostname="${idp.hostname}" uriSubjectAltNames="${idp.entity.id}" certificateLifetime="${idp.cert.lifetime}"
+                                   privateKeyFile="${idp.home.path}/credentials/idp.key" certificateFile="${idp.home.path}/credentials/idp.crt" 
+                                   keystoreFile="${idp.home.path}/credentials/idp.jks" keystorePassword="${idp.keystore.pass}" />
 
                 <copy todir="${idp.home.path}/bin" preservelastmodified="true" overwrite="true">
                     <fileset dir="${tools.dir}/bash"/>
     </target>
 
     <target name="renew-cert" description="Create a new certificate/key pair."> 
-        <input message="This will create a new set of credentials for your IdP, overwriting existing credentials.  Do you really wish to proceed?" addproperty="renew.cert.do" validargs="yes,no" defaultvalue="no"/> 
-        <if> <equals arg1="${renew.cert.do}" arg2="yes"/> 
+        <input message="This will create a new set of credentials for your IdP.  If you ran this command previously and still have '*.new' files, they will be overwritten.  Do you wish to proceed?" 
+                  addproperty="renew.cert.do" validargs="yes,no" defaultvalue="no"/> 
+        <if> 
+               <equals arg1="${renew.cert.do}" arg2="yes"/> 
             <then> 
-
+               
                 <input message="Where is the Shibboleth Identity Provider installed?" addproperty="idp.home.input" defaultvalue="${idp.home}"/>
                 <var name="idp.home" value="${idp.home.input}"/>
               
                 <var name="idp.hostname" value="${idp.hostname.input}"/> 
                 <var name="idp.entity.id" value="https://${idp.hostname}/idp/shibboleth"/> 
 
-                <echo message="Backing up old credentials"/> 
-                <buildnumber file="${resources.dir}/credentials.buildno"/>
-                <copy todir="${idp.home.path}/credentials" overwrite="true">
-                    <fileset dir="${idp.home.path}/credentials" excludes="*bak*,buildno"/>
-                    <globmapper from="idp.*" to="idp.*.bak.${build.number}"/>
-                </copy>
-
                 <input message="A keystore is about to be generated for you. Please enter a password that will be used to protect it." addproperty="idp.keystore.pass"/> 
 
                 <if>
                     </else>
                 </if>
         
-                <echo message="Generating signing and encryption key, certificate, and keystore. "/> 
-                <selfSignedCert hostname="${idp.hostname}" privateKeyFile="${idp.home.path}/credentials/idp.key" certificateFile="${idp.home.path}/credentials/idp.crt" keystoreFile="${idp.home.path}/credentials/idp.jks" keystorePassword="${idp.keystore.pass}" uriSubjectAltNames="${idp.entity.id}" certificateLifetime="${idp.cert.lifetime}"/> 
+                <echo message="Generating new signing and encryption key, certificate, and keystore. "/> 
+                <selfSignedCert hostname="${idp.hostname}" certificateLifetime="${idp.cert.lifetime}" uriSubjectAltNames="${idp.entity.id}"
+                                   privateKeyFile="${idp.home.path}/credentials/idp.key.new" certificateFile="${idp.home.path}/credentials/idp.crt.new"  
+                                   keystoreFile="${idp.home.path}/credentials/idp.jks.new"  keystorePassword="${idp.keystore.pass}" /> 
             </then>
-        </if> 
-    </target> 
-</project>
+        </if>
+    </target>
+</project>
\ No newline at end of file
index 15bb1fb..136eaac 100644 (file)
@@ -6,7 +6,12 @@
     Deployers should refer to the Shibboleth 2 documentation for a complete list of components 
     and their options.
 -->
-<afp:AttributeFilterPolicyGroup xmlns:afp="urn:mace:shibboleth:2.0:afp" xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="ShibbolethFilterPolicy" xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd                                                 urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd                                                 urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd">
+<afp:AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
+                                xmlns:afp="urn:mace:shibboleth:2.0:afp" xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" 
+                                xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+                                xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
+                                                    urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd
+                                                    urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd">
 
     <!--  Release the transient ID to anyone -->
     <afp:AttributeFilterPolicy id="releaseTransientIdToAnyone">
 
     <!-- 
         Release eduPersonEntitlement and the permissible values of eduPersonAffiliation
-        to any SP that is a member of InCommon, UK federation, or SWITCHaai
+        to three specific SPs
     -->
     <!--
     <afp:AttributeFilterPolicy>
         <afp:PolicyRequirementRule xsi:type="basic:OR">
-            <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:incommon" />
-            <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://ukfederation.org.uk" />
-            <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:switch.ch:SWITCHaai" />
+            <basic:Rule xsi:type="basic:AttributeRequesterString" value="urn:example.org:sp:Portal" />
+            <basic:Rule xsi:type="basic:AttributeRequesterString" value="urn:example.org:sp:SIS" />
+            <basic:Rule xsi:type="basic:AttributeRequesterString" value="urn:example.org:sp:LMS" />
         </afp:PolicyRequirementRule>
 
         <afp:AttributeRule attributeID="eduPersonAffiliation">
index 1820f00..4898b40 100644 (file)
@@ -8,7 +8,16 @@
     Deployers should refer to the Shibboleth 2 documentation for a complete list of components 
     and their options.
 -->
-<resolver:AttributeResolver xmlns:resolver="urn:mace:shibboleth:2.0:resolver" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc" xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc" xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security" xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd                                        urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd                                        urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd                                        urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd                                        urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd                                        urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd">
+<resolver:AttributeResolver xmlns:resolver="urn:mace:shibboleth:2.0:resolver" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+                            xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc" xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" 
+                            xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc" xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" 
+                            xmlns:sec="urn:mace:shibboleth:2.0:security" 
+                            xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
+                                               urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd
+                                               urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
+                                               urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd
+                                               urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd
+                                               urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd">
 
     <!-- ========================================== -->
     <!--      Attribute Definitions                 -->
index e1ec582..1cb0751 100644 (file)
@@ -1,5 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
+
+<ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+                        xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
 
     <!-- Error Handler -->
     <ph:ErrorHandler xsi:type="ph:JSPErrorHandler" jspPagePath="/error.jsp"/>
         <ph:RequestPath>/Metadata/SAML</ph:RequestPath>
     </ph:ProfileHandler>    
 
-    <ph:ProfileHandler xsi:type="ph:ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post                                                  urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
+    <ph:ProfileHandler xsi:type="ph:ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" 
+                       outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post
+                                                   urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
         <ph:RequestPath>/Shibboleth/SSO</ph:RequestPath>
     </ph:ProfileHandler>
     
-    <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
+    <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+                       outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
         <ph:RequestPath>/SAML1/SOAP/AttributeQuery</ph:RequestPath>
     </ph:ProfileHandler>
     
-    <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
+    <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" 
+                       outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
         <ph:RequestPath>/SAML1/SOAP/ArtifactResolution</ph:RequestPath>
     </ph:ProfileHandler>
     
-    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+                       outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                   urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+                                                   urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <ph:RequestPath>/SAML2/POST/SSO</ph:RequestPath>
     </ph:ProfileHandler>
 
-    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" 
+                       outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                   urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+                                                   urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <ph:RequestPath>/SAML2/POST-SimpleSign/SSO</ph:RequestPath>
     </ph:ProfileHandler>
 
-    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+                       outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                   urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+                                                   urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
     </ph:ProfileHandler>
 
         <ph:RequestPath>/SAML2/SOAP/SLO</ph:RequestPath>
     </ph:ProfileHandler>
     
-    <ph:ProfileHandler xsi:type="ph:SAML2SSO"
-                    inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
-                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
-
-    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" 
+                       outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                   urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+                                                   urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath>
     </ph:ProfileHandler>
 
-    <ph:ProfileHandler xsi:type="ph:SAML2ECP" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+    <ph:ProfileHandler xsi:type="ph:SAML2ECP" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
+                       outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
         <ph:RequestPath>/SAML2/SOAP/ECP</ph:RequestPath>
     </ph:ProfileHandler>
 
-    <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+    <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
+                       outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
         <ph:RequestPath>/SAML2/SOAP/AttributeQuery</ph:RequestPath>
     </ph:ProfileHandler>
     
-    <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+    <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
+                       outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
         <ph:RequestPath>/SAML2/SOAP/ArtifactResolution</ph:RequestPath>
     </ph:ProfileHandler>
     
     <!-- Login Handlers -->
-    <ph:LoginHandler xsi:type="ph:RemoteUser">
+    <!-- <ph:LoginHandler xsi:type="ph:RemoteUser">
         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
-    </ph:LoginHandler>
+    </ph:LoginHandler>-->
     
     <!-- Login handler that delegates the act of authentication to an external system. -->
     <!-- This login handler and the RemoteUser login handler will be merged in the next major release. -->
     </ph:LoginHandler>
     -->
     
-    <!--  Username/password login handler -->
-    <!-- 
+    <!--  Username/password login handler -->   
     <ph:LoginHandler xsi:type="ph:UsernamePassword" 
                   jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
     </ph:LoginHandler>
-    -->
+    
     
     <!-- 
         Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
index 9b17e1f..4115a7f 100644 (file)
@@ -1,5 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd                          http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xmlns:util="http://www.springframework.org/schema/util" 
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
 
     <bean id="shibboleth.CacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
 
index cff85af..2af01e6 100644 (file)
@@ -6,7 +6,17 @@
     particular relying party should be signed.  It also includes metadata provider and credential definitions used 
     when answering requests to a relying party.
 -->
-<rp:RelyingPartyGroup xmlns:rp="urn:mace:shibboleth:2.0:relying-party" xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml" xmlns:metadata="urn:mace:shibboleth:2.0:metadata" xmlns:resource="urn:mace:shibboleth:2.0:resource" xmlns:security="urn:mace:shibboleth:2.0:security" xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml" xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd                                        urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd                                        urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd                                        urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd                                        urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd                                        urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd                                        urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
+<rp:RelyingPartyGroup xmlns:rp="urn:mace:shibboleth:2.0:relying-party" xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml" 
+                      xmlns:metadata="urn:mace:shibboleth:2.0:metadata" xmlns:resource="urn:mace:shibboleth:2.0:resource" 
+                      xmlns:security="urn:mace:shibboleth:2.0:security" xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml" 
+                      xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+                      xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
+                                          urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
+                                          urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd
+                                          urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd 
+                                          urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd
+                                          urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd
+                                          urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
                                        
     <!-- ========================================== -->
     <!--      Relying Party Configurations          -->
             We list them here so that people are aware of them (since they seem reluctant to 
             read the documentation).
         -->
-        <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="false" assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"/>
+        <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="false" 
+                                 assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"/>
                               
-        <rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"/>
+        <rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" assertionLifetime="PT5M" 
+                                 signResponses="conditional" signAssertions="never"/>
         
-        <rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" signResponses="conditional" signAssertions="never"/>
+        <rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" signResponses="conditional" 
+                                 signAssertions="never"/>
         
-        <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" includeAttributeStatement="true" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
+        <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" includeAttributeStatement="true" 
+                                 assertionLifetime="PT5M" assertionProxyCount="0" 
+                                 signResponses="never" signAssertions="always" 
+                                 encryptAssertions="conditional" encryptNameIds="never"/>
 
-        <rp:ProfileConfiguration xsi:type="saml:SAML2ECPProfile" includeAttributeStatement="true" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
+        <rp:ProfileConfiguration xsi:type="saml:SAML2ECPProfile" includeAttributeStatement="true" 
+                                 assertionLifetime="PT5M" assertionProxyCount="0" 
+                                 signResponses="never" signAssertions="always" 
+                                 encryptAssertions="conditional" encryptNameIds="never"/>
 
-        <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" assertionLifetime="PT5M" assertionProxyCount="0" signResponses="conditional" signAssertions="never" encryptAssertions="conditional" encryptNameIds="never"/>
+        <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" 
+                                 assertionLifetime="PT5M" assertionProxyCount="0" 
+                                 signResponses="conditional" signAssertions="never" 
+                                 encryptAssertions="conditional" encryptNameIds="never"/>
         
         <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
                               signResponses="never"
                               signResponses="always"
                               signAssertions="never"
                               encryptAssertions="never"
-                              encryptNameIds="conditional" />
-        <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" signResponses="never" signAssertions="always" encryptAssertions="conditional" encryptNameIds="never"/>
+                              encryptNameIds="never"
+                             frontChannelResponseTimeout="20000"
+                              backChannelConnectionPoolTimeout="2000"
+                              backChannelConnectionTimeout="2000"
+                              backChannelResponseTimeout="5000"  />
         
     </rp:DefaultRelyingParty>
         
index ed1b64c..c04bc59 100644 (file)
@@ -1,5 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<srv:Services xmlns:srv="urn:mace:shibboleth:2.0:services" xmlns:attribute-afp="urn:mace:shibboleth:2.0:afp" xmlns:attribute-authority="urn:mace:shibboleth:2.0:attribute:authority" xmlns:attribute-resolver="urn:mace:shibboleth:2.0:resolver" xmlns:profile="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party" xmlns:resource="urn:mace:shibboleth:2.0:resource" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:services classpath:/schema/shibboleth-2.0-services.xsd                               urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd                               urn:mace:shibboleth:2.0:attribute:authority classpath:/schema/shibboleth-2.0-attribute-authority.xsd                               urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd                               urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd                               urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd                               urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd">
+<srv:Services xmlns:srv="urn:mace:shibboleth:2.0:services" xmlns:attribute-afp="urn:mace:shibboleth:2.0:afp" 
+              xmlns:attribute-authority="urn:mace:shibboleth:2.0:attribute:authority" xmlns:attribute-resolver="urn:mace:shibboleth:2.0:resolver" 
+              xmlns:profile="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party" 
+              xmlns:resource="urn:mace:shibboleth:2.0:resource" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+              xsi:schemaLocation="urn:mace:shibboleth:2.0:services classpath:/schema/shibboleth-2.0-services.xsd
+                                  urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
+                                  urn:mace:shibboleth:2.0:attribute:authority classpath:/schema/shibboleth-2.0-attribute-authority.xsd
+                                  urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
+                                  urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd
+                                  urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
+                                  urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd">
 
     <srv:Service id="shibboleth.AttributeResolver" xsi:type="attribute-resolver:ShibbolethAttributeResolver">
         <srv:ConfigurationResource file="$IDP_HOME$/conf/attribute-resolver.xml" xsi:type="resource:FilesystemResource"/>
         <srv:ConfigurationResource file="$IDP_HOME$/conf/attribute-filter.xml" xsi:type="resource:FilesystemResource"/>
     </srv:Service>
     
-    <srv:Service id="shibboleth.SAML1AttributeAuthority" xsi:type="attribute-authority:SAML1AttributeAuthority" depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine" resolver="shibboleth.AttributeResolver" filter="shibboleth.AttributeFilterEngine"/>
+    <srv:Service id="shibboleth.SAML1AttributeAuthority" xsi:type="attribute-authority:SAML1AttributeAuthority" 
+                 depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine" 
+                 resolver="shibboleth.AttributeResolver" filter="shibboleth.AttributeFilterEngine"/>
              
-    <srv:Service id="shibboleth.SAML2AttributeAuthority" xsi:type="attribute-authority:SAML2AttributeAuthority" depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine" resolver="shibboleth.AttributeResolver" filter="shibboleth.AttributeFilterEngine"/>
+    <srv:Service id="shibboleth.SAML2AttributeAuthority" xsi:type="attribute-authority:SAML2AttributeAuthority" 
+                 depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine" 
+                 resolver="shibboleth.AttributeResolver" filter="shibboleth.AttributeFilterEngine"/>
 
-    <srv:Service id="shibboleth.RelyingPartyConfigurationManager" xsi:type="relyingParty:SAMLMDRelyingPartyConfigurationManager" depends-on="shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority">
+    <srv:Service id="shibboleth.RelyingPartyConfigurationManager" xsi:type="relyingParty:SAMLMDRelyingPartyConfigurationManager" 
+                 depends-on="shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority">
         <srv:ConfigurationResource file="$IDP_HOME$/conf/relying-party.xml" xsi:type="resource:FilesystemResource"/>
     </srv:Service>
 
@@ -25,5 +40,9 @@
         A special service that exports all services upon which it depends into the ServletContext as an attribute 
         with the same name as the service's ID.
     -->
-    <srv:Service id="shibboleth.ServiceServletContextAttributeExporter" depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine                          shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority                           shibboleth.RelyingPartyConfigurationManager shibboleth.HandlerManager                          shibboleth.StorageService" xsi:type="srv:ServletContextAttributeExporter"/>
-</srv:Services>
+    <srv:Service id="shibboleth.ServiceServletContextAttributeExporter" xsi:type="srv:ServletContextAttributeExporter"
+                 depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine 
+                             shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority
+                             shibboleth.RelyingPartyConfigurationManager shibboleth.HandlerManager 
+                             shibboleth.StorageService" />
+</srv:Services>
\ No newline at end of file
index b288bec..9760aa4 100644 (file)
@@ -71,8 +71,4 @@ $IDP_CERTIFICATE$
         
     </AttributeAuthorityDescriptor>
     
-<<<<<<< HEAD
 </EntityDescriptor>    
-=======
-</EntityDescriptor>
->>>>>>> master
index 20a8c01..5a1b5b0 100644 (file)
@@ -1,23 +1,22 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Binary distribution, along with dependency jar files -->
-<assembly>
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
+    
     <id>bin</id>
     <formats>
         <format>tar.gz</format>
         <format>zip</format>
     </formats>
-    
+
     <dependencySets>
         <dependencySet>
             <outputDirectory>/lib</outputDirectory>
+            <directoryMode>774</directoryMode>
+            <fileMode>444</fileMode>
+            <scope>compile</scope>
             <excludes>
-                <exclude>org.apache.xerces:*</exclude>
-                <exclude>xalan:*</exclude>
-                <exclude>xml-resolver:*</exclude>
-                <exclude>xml-apis:</exclude>
-                <exclude>org.apache.ant:*</exclude>
-                <exclude>ant-contrib:*</exclude>
-                <exclude>edu.internet2.middleware:ant-extensions:*</exclude>
+                <exclude>javax.servlet:*</exclude>
+                <exclude>javax.servlet.jsp:*</exclude>
             </excludes>
             <includes>
                 <include>*:jar:*</include>
@@ -25,6 +24,9 @@
         </dependencySet>
         <dependencySet>
             <outputDirectory>src/installer/lib</outputDirectory>
+            <directoryMode>774</directoryMode>
+            <fileMode>444</fileMode>
+            <scope>runtime</scope>
             <includes>
                 <include>org.apache.ant:*</include>
                 <include>ant-contrib:*</include>
@@ -34,6 +36,9 @@
         </dependencySet>
         <dependencySet>
             <outputDirectory>/endorsed</outputDirectory>
+            <directoryMode>774</directoryMode>
+            <fileMode>444</fileMode>
+            <scope>runtime</scope>
             <includes>
                 <include>org.apache.xerces:*</include>
                 <include>xalan:*</include>
             </includes>
         </dependencySet>
     </dependencySets>
-    
-    <fileSets>    
+
+    <fileSets>
         <!-- Copy up our installer srcipts into the root of the package -->
         <fileSet>
             <directory>src/installer/bash</directory>
-            <outputDirectory/>
+            <outputDirectory />
             <includes>
                 <include>*.sh</include>
             </includes>
         </fileSet>
         <fileSet>
             <directory>src/installer/bat</directory>
-            <outputDirectory/>
+            <outputDirectory />
             <includes>
                 <include>*.bat</include>
             </includes>
         </fileSet>
-        
+
         <!-- Keep our various resource files in the package -->
         <fileSet>
             <directory>src/installer/resources</directory>
@@ -74,7 +79,7 @@
             <directory>src/tools</directory>
             <outputDirectory>src/tools</outputDirectory>
         </fileSet>
-        
+
         <!-- Documentation -->
         <fileSet>
             <includes>
             <outputDirectory>/doc/src-xref</outputDirectory>
         </fileSet>
     </fileSets>
-    
+
 </assembly>
index 50801c8..4112224 100644 (file)
@@ -163,6 +163,13 @@ public class AuthenticationEngine extends HttpServlet {
         if (loginContext == null) {
             LOG.warn("No login context available, unable to return to profile handler");
             forwardRequest("/error.jsp", httpRequest, httpResponse);
+            return;
+        }
+        
+        if (loginContext.getProfileHandlerURL() == null) {
+            LOG.warn("Login context did not contain a profile handler path, unable to return to profile handler");
+            forwardRequest("/error.jsp", httpRequest, httpResponse);
+            return;
         }
 
         String profileUrl = HttpServletHelper.getContextRelativeUrl(httpRequest, loginContext.getProfileHandlerURL())
@@ -531,6 +538,9 @@ public class AuthenticationEngine extends HttpServlet {
 
             // Check to make sure the login handler did the right thing
             validateSuccessfulAuthentication(loginContext, httpRequest, actualAuthnMethod);
+            if(loginContext.getAuthenticationFailure() != null){
+                returnToProfileHandler(httpRequest, httpResponse);
+            }
 
             // Check for an overridden authn instant.
             DateTime actualAuthnInstant = (DateTime) httpRequest.getAttribute(LoginHandler.AUTHENTICATION_INSTANT_KEY);
@@ -584,15 +594,21 @@ public class AuthenticationEngine extends HttpServlet {
         String errorMessage = DatatypeHelper.safeTrimOrNullString((String) httpRequest
                 .getAttribute(LoginHandler.AUTHENTICATION_ERROR_KEY));
         if (errorMessage != null) {
-            LOG.error("Error returned from login handler for authentication method {}:\n{}",
+            LOG.debug("Error returned from login handler for authentication method {}:\n{}",
                     loginContext.getAttemptedAuthnMethod(), errorMessage);
-            throw new AuthenticationException(errorMessage);
+            loginContext.setAuthenticationFailure(new AuthenticationException(errorMessage));
+            loginContext.setPrincipalAuthenticated(false);
+            return;
         }
 
         AuthenticationException authnException = (AuthenticationException) httpRequest
                 .getAttribute(LoginHandler.AUTHENTICATION_EXCEPTION_KEY);
         if (authnException != null) {
-            throw authnException;
+            LOG.debug("Exception returned from login handler for authentication method {}:\n{}",
+                    loginContext.getAttemptedAuthnMethod(), authnException);
+            loginContext.setAuthenticationFailure(authnException);
+            loginContext.setPrincipalAuthenticated(false);
+            return;
         }
 
         Subject subject = (Subject) httpRequest.getAttribute(LoginHandler.SUBJECT_KEY);
index cfe7884..ab82545 100644 (file)
@@ -47,11 +47,16 @@ import javax.servlet.http.HttpServletResponse;
  * {@link javax.security.auth.Subject} within the {@link edu.internet2.middleware.shibboleth.idp.session.Session}.</li>
  * </ul>
  * 
- * The handler <strong>MAY</strong> also:
+ * The handler <strong>SHOULD</strong> also:
  * <ul>
  * <li>Bind a URI string, representing the authentication method actually used, to a request attribute identified by
- * {@link #AUTHENTICATION_METHOD_KEY}. This may be used if a handler is capable of performing multiple types of
- * authentication.</li>
+ * {@link #AUTHENTICATION_METHOD_KEY}. Failure to do so may lead to a situation where one authentication method is 
+ * started but a user switches to a weaker one in mid-process.  Without the login handler explicitly setting the 
+ * method, the first method that is started is what will be reported to the relying party.</li>
+ * </ul>
+ * 
+ * The handler <strong>MAY</strong> also:
+ * <ul>
  * <li>Bind an error message, if an error occurred during authentication to the request attribute identified by
  * {@link LoginHandler#AUTHENTICATION_ERROR_KEY}.</li>
  * <li>Bind a {@link AuthenticationException}, if an exception occurred during authentication to the request attribute
index 5a7f72e..58d1349 100644 (file)
@@ -18,6 +18,7 @@
 package edu.internet2.middleware.shibboleth.idp.authn;
 
 import java.io.Serializable;
+import java.io.StringReader;
 import java.io.StringWriter;
 import java.util.List;
 
@@ -30,12 +31,16 @@ import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.saml2.core.RequestedAuthnContext;
 import org.opensaml.xml.io.Marshaller;
 import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.io.Unmarshaller;
 import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.parse.ParserPool;
+import org.opensaml.xml.parse.XMLParserException;
 import org.opensaml.xml.util.DatatypeHelper;
 import org.opensaml.xml.util.LazyList;
 import org.opensaml.xml.util.XMLHelper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 /**
@@ -51,10 +56,13 @@ public class Saml2LoginContext extends LoginContext implements Serializable {
     /** Relay state from authentication request. */
     private String relayState;
 
+    /** The authentication request. */
+    private transient AuthnRequest authnRequest;
+
     /** Serialized authentication request. */
     private String serialAuthnRequest;
-    
-    /** Unsolicited SSO indicator.  */
+
+    /** Unsolicited SSO indicator. */
     private boolean unsolicited;
 
     /**
@@ -68,36 +76,61 @@ public class Saml2LoginContext extends LoginContext implements Serializable {
      */
     public Saml2LoginContext(String relyingParty, String state, AuthnRequest request) throws MarshallingException {
         super();
-        
+
         if (relyingParty == null || request == null) {
             throw new IllegalArgumentException("SAML 2 authentication request and relying party ID may not be null");
         }
+        
         setRelyingParty(relyingParty);
         relayState = state;
+        authnRequest = request;
         serialAuthnRequest = serializeRequest(request);
-        
+
         setForceAuthRequired(request.isForceAuthn());
         setPassiveAuthRequired(request.isPassive());
         getRequestedAuthenticationMethods().addAll(extractRequestedAuthenticationMethods(request));
     }
 
     /**
+     * Gets the authentication request object.
+     * 
+     * @return the authentication request object
+     * 
+     * @throws UnmarshallingException thrown if there is a problem unmarshalling the serialized form of the request
+     */
+    public synchronized AuthnRequest getAuthenticiationRequestXmlObject() throws UnmarshallingException {
+        if (authnRequest == null) {
+            try {
+                ParserPool parser = Configuration.getParserPool();
+                Document requestDoc = parser.parse(new StringReader(serialAuthnRequest));
+                Unmarshaller requestUnmarshaller =
+                        Configuration.getUnmarshallerFactory().getUnmarshaller(AuthnRequest.TYPE_NAME);
+                authnRequest = (AuthnRequest) requestUnmarshaller.unmarshall(requestDoc.getDocumentElement());
+            } catch (XMLParserException e) {
+                throw new UnmarshallingException("Unable to unmarshall serialized authentication request", e);
+            }
+        }
+
+        return authnRequest;
+    }
+
+    /**
      * Gets the serialized authentication request that started the login process.
      * 
      * @return authentication request that started the login process
      * 
      * @throws UnmarshallingException thrown if the serialized form on the authentication request can be unmarshalled
      */
-    public synchronized String getAuthenticationRequest() throws UnmarshallingException {
+    public String getAuthenticationRequest() throws UnmarshallingException {
         return serialAuthnRequest;
     }
-    
+
     /**
      * Gets the relay state from the originating authentication request.
      * 
      * @return relay state from the originating authentication request
      */
-    public synchronized String getRelayState(){
+    public synchronized String getRelayState() {
         return relayState;
     }
 
@@ -113,12 +146,12 @@ public class Saml2LoginContext extends LoginContext implements Serializable {
     /**
      * Sets the unsolicited SSO indicator.
      * 
-     * @param unsolicited unsolicited SSO indicator to set
+     * @param isUnsolicited unsolicited SSO indicator to set
      */
-    public void setUnsolicited(boolean unsolicited) {
-        this.unsolicited = unsolicited;
-    }        
-    
+    public void setUnsolicited(boolean isUnsolicited) {
+        unsolicited = isUnsolicited;
+    }
+
     /**
      * Serializes an authentication request into a string.
      * 
@@ -136,7 +169,6 @@ public class Saml2LoginContext extends LoginContext implements Serializable {
         return writer.toString();
     }
 
-    
     /**
      * Extracts the authentication methods requested within the request.
      * 
@@ -144,7 +176,7 @@ public class Saml2LoginContext extends LoginContext implements Serializable {
      * 
      * @return requested authentication methods, or an empty list if no preference
      */
-    protected List<String> extractRequestedAuthenticationMethods(AuthnRequest request){
+    protected List<String> extractRequestedAuthenticationMethods(AuthnRequest request) {
         LazyList<String> requestedMethods = new LazyList<String>();
 
         RequestedAuthnContext authnContext = request.getRequestedAuthnContext();
@@ -174,13 +206,13 @@ public class Saml2LoginContext extends LoginContext implements Serializable {
         List<AuthnContextDeclRef> authnDeclRefs = authnContext.getAuthnContextDeclRefs();
         if (authnDeclRefs != null) {
             for (AuthnContextDeclRef declRef : authnDeclRefs) {
-                if (declRef != null&& !DatatypeHelper.isEmpty(declRef.getAuthnContextDeclRef())) {
+                if (declRef != null && !DatatypeHelper.isEmpty(declRef.getAuthnContextDeclRef())) {
                     requestedMethods.add(declRef.getAuthnContextDeclRef());
                 }
             }
         }
-        
-        if(requestedMethods.contains(AuthnContext.UNSPECIFIED_AUTHN_CTX)){
+
+        if (requestedMethods.contains(AuthnContext.UNSPECIFIED_AUTHN_CTX)) {
             requestedMethods.clear();
         }
 
index cb03cac..29f37cf 100644 (file)
@@ -23,9 +23,7 @@ import org.opensaml.xml.util.LazyList;
 
 import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
 
-/**
- * Base class for authentication handlers.
- */
+/** Base class for authentication handlers. */
 public abstract class AbstractLoginHandler implements LoginHandler {
     
     /** Authentication methods this handler supports. */
@@ -34,7 +32,7 @@ public abstract class AbstractLoginHandler implements LoginHandler {
     /** Length of time, in milliseconds, after which a user should be re-authenticated. */
     private long authenticationDuration;
 
-    /** Whether this handler supports foreced re-authentication. */
+    /** Whether this handler supports forced re-authentication. */
     private boolean supportsForceAuthentication;
 
     /** Whether this handler supports passive authentication. */
index 6901cf8..25132b1 100644 (file)
@@ -25,6 +25,7 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.opensaml.saml2.core.AuthnContext;
 import org.opensaml.xml.util.DatatypeHelper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -53,7 +54,15 @@ public class IPAddressLoginHandler extends AbstractLoginHandler {
     /** Whether a user is "authenticated" if their IP address is within a configured IP range. */
     private boolean ipInRangeIsAuthenticated;
 
-    public IPAddressLoginHandler(String user, List<IPRange> ranges, boolean ipInRangeIsAuthenticated) {
+    /**
+     * Constructor.
+     * 
+     * @param user username to return upon successful "authentication"
+     * @param ranges range of IP addresses specified
+     * @param isIpInRangeAuthenticated whether the specified IP address range represent those that are authenticated or
+     *            those that are not
+     */
+    public IPAddressLoginHandler(String user, List<IPRange> ranges, boolean isIpInRangeAuthenticated) {
         authenticatedUser = DatatypeHelper.safeTrimOrNullString(user);
         if (authenticatedUser == null) {
             throw new IllegalArgumentException("The authenticated user ID may not be null or empty");
@@ -64,7 +73,7 @@ public class IPAddressLoginHandler extends AbstractLoginHandler {
         }
         ipRanges = new ArrayList<IPRange>(ranges);
 
-        this.ipInRangeIsAuthenticated = ipInRangeIsAuthenticated;
+        this.ipInRangeIsAuthenticated = isIpInRangeAuthenticated;
     }
 
     /** {@inheritDoc} */
@@ -85,6 +94,7 @@ public class IPAddressLoginHandler extends AbstractLoginHandler {
             if (authenticate(clientAddress)) {
                 log.debug("Authenticated user by IP address");
                 httpRequest.setAttribute(LoginHandler.PRINCIPAL_NAME_KEY, authenticatedUser);
+                httpRequest.setAttribute(LoginHandler.AUTHENTICATION_METHOD_KEY, AuthnContext.IP_AUTHN_CTX);
             } else {
                 log.debug("Client IP address {} failed authentication.", httpRequest.getRemoteAddr());
                 httpRequest.setAttribute(LoginHandler.AUTHENTICATION_ERROR_KEY,
index 26a5ff8..11231d7 100644 (file)
@@ -19,11 +19,13 @@ package edu.internet2.middleware.shibboleth.idp.authn.provider;
 
 import java.io.IOException;
 
+import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.opensaml.saml2.core.AuthnContext;
 import org.opensaml.xml.util.DatatypeHelper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -32,23 +34,46 @@ import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
 import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
 import edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal;
 
-/** Extracts the REMOTE_USER and places it in a request attribute to be used by the authentication engine. */
+/**
+ * Extracts the REMOTE_USER and places it in a request attribute to be used by the authentication engine.
+ * 
+ * By default, this Servlet assumes that the authentication method {@value AuthnContext#PPT_AUTHN_CTX} to be returned to
+ * the authentication engine. This can be override by setting the servlet configuration parameter
+ * {@value LoginHandler#AUTHENTICATION_METHOD_KEY}.
+ */
 public class RemoteUserAuthServlet extends HttpServlet {
 
     /** Serial version UID. */
-    private static final long serialVersionUID = -6153665874235557534L;    
+    private static final long serialVersionUID = -6153665874235557534L;
 
     /** Class logger. */
     private final Logger log = LoggerFactory.getLogger(RemoteUserAuthServlet.class);
 
+    /** The authentication method returned to the authentication engine. */
+    private String authenticationMethod;
+
+    /** {@inheritDoc} */
+    public void init(ServletConfig config) throws ServletException {
+        super.init(config);
+
+        String method =
+                DatatypeHelper.safeTrimOrNullString(config.getInitParameter(LoginHandler.AUTHENTICATION_METHOD_KEY));
+        if (method != null) {
+            authenticationMethod = method;
+        } else {
+            authenticationMethod = AuthnContext.PPT_AUTHN_CTX;
+        }
+    }
+
     /** {@inheritDoc} */
     protected void service(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws ServletException,
             IOException {
         String principalName = DatatypeHelper.safeTrimOrNullString(httpRequest.getRemoteUser());
-        if(principalName != null){
+        if (principalName != null) {
             log.debug("Remote user identified as {} returning control back to authentication engine", principalName);
             httpRequest.setAttribute(LoginHandler.PRINCIPAL_KEY, new UsernamePrincipal(principalName));
-        }else{
+            httpRequest.setAttribute(LoginHandler.AUTHENTICATION_METHOD_KEY, authenticationMethod);
+        } else {
             log.debug("No remote user information was present in the request");
         }
 
index de668f6..21de052 100644 (file)
@@ -34,6 +34,7 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.opensaml.saml2.core.AuthnContext;
 import org.opensaml.xml.util.DatatypeHelper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -46,6 +47,10 @@ import edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal;
 /**
  * This Servlet authenticates a user via JAAS. The user's credential is always added to the returned {@link Subject} as
  * a {@link UsernamePasswordCredential} within the subject's private credentials.
+ * 
+ * By default, this Servlet assumes that the authentication method {@value AuthnContext#PPT_AUTHN_CTX} to be returned to
+ * the authentication engine. This can be override by setting the servlet configuration parameter
+ * {@value LoginHandler#AUTHENTICATION_METHOD_KEY}.
  */
 public class UsernamePasswordLoginServlet extends HttpServlet {
 
@@ -54,6 +59,9 @@ public class UsernamePasswordLoginServlet extends HttpServlet {
 
     /** Class logger. */
     private final Logger log = LoggerFactory.getLogger(UsernamePasswordLoginServlet.class);
+    
+    /** The authentication method returned to the authentication engine. */
+    private String authenticationMethod;
 
     /** Name of JAAS configuration used to authenticate users. */
     private String jaasConfigName = "ShibUserPassAuth";
@@ -90,6 +98,14 @@ public class UsernamePasswordLoginServlet extends HttpServlet {
         if (!loginPage.startsWith("/")) {
             loginPage = "/" + loginPage;
         }
+        
+        String method =
+                DatatypeHelper.safeTrimOrNullString(config.getInitParameter(LoginHandler.AUTHENTICATION_METHOD_KEY));
+        if (method != null) {
+            authenticationMethod = method;
+        } else {
+            authenticationMethod = AuthnContext.PPT_AUTHN_CTX;
+        }
     }
 
     /** {@inheritDoc} */
@@ -173,6 +189,7 @@ public class UsernamePasswordLoginServlet extends HttpServlet {
 
             Subject userSubject = new Subject(false, principals, publicCredentials, privateCredentials);
             request.setAttribute(LoginHandler.SUBJECT_KEY, userSubject);
+            request.setAttribute(LoginHandler.AUTHENTICATION_METHOD_KEY, authenticationMethod);
         } catch (LoginException e) {
             log.debug("User authentication for " + username + " failed", e);
             throw e;
index c1f479b..0a53036 100644 (file)
@@ -20,6 +20,7 @@ package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
 import javax.xml.namespace.QName;
 
 import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.util.XMLHelper;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
@@ -41,8 +42,22 @@ public class ExternalAuthnSystemLoginHandlerBeanDefinitionParser extends Abstrac
     /** {@inheritDoc} */
     protected void doParse(Element config, BeanDefinitionBuilder builder) {
         super.doParse(config, builder);
-
+        
         builder.addPropertyValue("externalAuthnPath",
                 DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null, "externalAuthnPath")));
+        
+        if (config.hasAttributeNS(null, "supportsForcedAuthentication")) {
+            builder.addPropertyValue("supportsForcedAuthentication", XMLHelper.getAttributeValueAsBoolean(config
+                    .getAttributeNodeNS(null, "supportsForcedAuthentication")));
+        } else {
+            builder.addPropertyValue("supportsForcedAuthentication", false);
+        }
+        
+        if (config.hasAttributeNS(null, "supportsPassiveAuthentication")) {
+            builder.addPropertyValue("supportsPassiveAuthentication", XMLHelper.getAttributeValueAsBoolean(config
+                    .getAttributeNodeNS(null, "supportsPassiveAuthentication")));
+        } else {
+            builder.addPropertyValue("supportsPassiveAuthentication", false);
+        }
     }
 }
\ No newline at end of file
index cf2a6b6..e985a27 100644 (file)
@@ -26,6 +26,12 @@ public class ExternalAuthnSystemLoginHandlerFactoryBean extends AbstractLoginHan
 
     /** The context-relative path to the Filter, Servlet, or JSP that triggers the external authentication system. */
     private String externalAuthnPath;
+    
+    /** Whether this handler supports forced re-authentication. */
+    private boolean supportsForcedAuthentication;
+
+    /** Whether this handler supports passive authentication. */
+    private boolean supportsPassive;
 
     /** {@inheritDoc} */
     public Class getObjectType() {
@@ -50,11 +56,49 @@ public class ExternalAuthnSystemLoginHandlerFactoryBean extends AbstractLoginHan
     public void setExternalAuthnPath(String path) {
         externalAuthnPath = path;
     }
+    
+    /**
+     * Gets whether this handler supposed forced re-authentication.
+     * 
+     * @return whether this handler supposed forced re-authentication
+     */
+    public boolean supportsForcedAuthentication() {
+        return supportsForcedAuthentication;
+    }
+
+    /**
+     * Sets whether this handler supports forced re-authentication.
+     * 
+     * @param supported whether this handler supports forced re-authentication
+     */
+    public void setSupportsForcedAuthentication(boolean supported) {
+        supportsForcedAuthentication = supported;
+    }
+
+    /**
+     * Gets whether this handler supports passive authentication.
+     * 
+     * @return whether this handler supports passive authentication
+     */
+    public boolean supportsPassiveAuthentication() {
+        return supportsPassive;
+    }
+
+    /**
+     * Sets whether this handler supports passive authentication.
+     * 
+     * @param supported whether this handler supports passive authentication.
+     */
+    public void setSupportsPassiveAuthentication(boolean supported) {
+        supportsPassive = supported;
+    }
 
     /** {@inheritDoc} */
     protected Object createInstance() throws Exception {
         ExternalAuthnSystemLoginHandler handler = new ExternalAuthnSystemLoginHandler();
         handler.setExternalAuthnPath(getExternalAuthnPath());
+        handler.setSupportsForceAuthentication(supportsForcedAuthentication);
+        handler.setSupportsPassive(supportsPassive);
         populateHandler(handler);
         return handler;
     }
index 90c7aed..d202b3b 100644 (file)
@@ -41,51 +41,54 @@ import org.slf4j.LoggerFactory;
  * 
  */
 public class ServiceDescriptionTag extends ServiceTagSupport {
-    
+
     /** required by checkstyle. */
     private static final long serialVersionUID = -2000941439055969537L;
+
     /** Class logger. */
     private static Logger log = LoggerFactory.getLogger(ServiceDescriptionTag.class);
 
-    /** 
+    /**
      * look at &lt;Uiinfo&gt; if there and if so look for appropriate description.
+     * 
+     * @param lang - which language to look up
      * @return null or an appropriate description
      */
-    private String getDescriptionFromUIInfo() {
-        String lang = getBrowserLanguage();
-
+    private String getDescriptionFromUIInfo(String lang) {
         if (getSPUIInfo() != null && getSPUIInfo().getDescriptions() != null) {
-            for (Description desc:getSPUIInfo().getDescriptions()) {
-                if (log.isDebugEnabled()){
+
+            for (Description desc : getSPUIInfo().getDescriptions()) {
+                if (log.isDebugEnabled()) {
                     log.debug("Found description in UIInfo, language=" + desc.getXMLLang());
                 }
                 if (desc.getXMLLang().equals(lang)) {
                     //
                     // Found it
                     //
-                    if (log.isDebugEnabled()){
+                    if (log.isDebugEnabled()) {
                         log.debug("returning description from UIInfo " + desc.getName().getLocalString());
                     }
                     return desc.getName().getLocalString();
                 }
             }
-            if (log.isDebugEnabled()){
+            if (log.isDebugEnabled()) {
                 log.debug("No valid description in UIInfo");
-            }            
+            }
         }
         return null;
     }
-    
+
     /**
      * look for an &ltAttributeConsumeService&gt and if its there look for an appropriate description.
+     * 
+     * @param lang - which language to look up
      * @return null or an appropriate description
      */
-    private String getDescriptionFromAttributeConsumingService() {
-        String lang = getBrowserLanguage();
+    private String getDescriptionFromAttributeConsumingService(String lang) {
         List<RoleDescriptor> roles;
         AttributeConsumingService acs = null;
         EntityDescriptor sp = getSPEntityDescriptor();
-        
+
         if (null == sp) {
             log.debug("No relying party, nothing to display");
             return null;
@@ -97,48 +100,59 @@ public class ServiceDescriptionTag extends ServiceTagSupport {
             acs = spssod.getDefaultAttributeConsumingService();
         }
         if (acs != null) {
-            for (ServiceDescription desc:acs.getDescriptions()) {
+            for (ServiceDescription desc : acs.getDescriptions()) {
                 LocalizedString localDescription = desc.getDescription();
-                if (log.isDebugEnabled()){
+                if (log.isDebugEnabled()) {
                     log.debug("Found name in AttributeConsumingService, language=" + localDescription.getLanguage());
                 }
                 if (localDescription.getLanguage().equals(lang)) {
-                    if (log.isDebugEnabled()){
-                        log.debug("returning name from AttributeConsumingService " + 
-                                desc.getDescription().getLocalString());
+                    if (log.isDebugEnabled()) {
+                        log.debug("returning name from AttributeConsumingService "
+                                + desc.getDescription().getLocalString());
                     }
                     return localDescription.getLocalString();
                 }
             }
-            if (log.isDebugEnabled()){
+            if (log.isDebugEnabled()) {
                 log.debug("No description in AttributeConsumingService");
-            }            
-        }        
+            }
+        }
         return null;
     }
 
     @Override
     public int doEndTag() throws JspException {
-       
+
         Encoder esapiEncoder = ESAPI.encoder();
-        String result;
+        String result = null;
+
         //
-        // UIInfoirst
+        // For all languages
         //
-        result = getDescriptionFromUIInfo();
-        
-        if (result == null) {
+        for (String lang : getBrowserLanguages()) {
+
+            //
+            // UIInfoirst
+            //
+            result = getDescriptionFromUIInfo(lang);
+            if (null != result) {
+                break;
+            }
+
             //
             // Then AttributeCOnsumingService
             //
-            result = getDescriptionFromAttributeConsumingService();
+            result = getDescriptionFromAttributeConsumingService(lang);
+            if (null != result) {
+                break;
+            }
         }
 
         try {
             if (null == result) {
                 BodyContent bc = getBodyContent();
                 if (null != bc) {
-                    JspWriter ew= bc.getEnclosingWriter();
+                    JspWriter ew = bc.getEnclosingWriter();
                     if (ew != null) {
                         bc.writeOut(ew);
                     }
index e4367a8..49aea88 100644 (file)
@@ -27,63 +27,68 @@ import org.opensaml.samlext.saml2mdui.InformationURL;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-/**Service InformationURL - directly from the metadata if present.*/
+/** Service InformationURL - directly from the metadata if present. */
 public class ServiceInformationURLTag extends ServiceTagSupport {
-    
-    /** check style requires the serialVersionUID.*/
+
+    /** check style requires the serialVersionUID. */
     private static final long serialVersionUID = 5601822745575892676L;
+
     /** Class logger. */
     private static Logger log = LoggerFactory.getLogger(ServiceInformationURLTag.class);
 
     /** Bean storage for the link text attribute. */
     private static String linkText;
 
-    /** Bean setter  for the link text attribute.
+    /**
+     * Bean setter for the link text attribute.
+     * 
      * @param text the link text to put in
      */
     public void setLinkText(String text) {
         linkText = text;
     }
-    
+
     /**
      * look for the &lt;InformationURL&gt; in the &lt;UIInfo&gt;.
+     * 
      * @return null or an appropriate string.
      */
     private String getInformationURLFromUIIinfo() {
-        String lang = getBrowserLanguage();
-
         if (getSPUIInfo() != null && getSPUIInfo().getInformationURLs() != null) {
-            for (InformationURL infoURL:getSPUIInfo().getInformationURLs()) {
-                if (log.isDebugEnabled()){
-                    log.debug("Found InformationURL in UIInfo, language=" + infoURL.getXMLLang());
-                }
-                if (infoURL.getXMLLang().equals(lang)) {
-                    //
-                    // Found it
-                    //
-                    if (log.isDebugEnabled()){
-                        log.debug("returning URL from UIInfo " + infoURL.getURI().getLocalString());
+            for (String lang : getBrowserLanguages()) {
+
+                for (InformationURL infoURL : getSPUIInfo().getInformationURLs()) {
+                    if (log.isDebugEnabled()) {
+                        log.debug("Found InformationURL in UIInfo, language=" + infoURL.getXMLLang());
+                    }
+                    if (infoURL.getXMLLang().equals(lang)) {
+                        //
+                        // Found it
+                        //
+                        if (log.isDebugEnabled()) {
+                            log.debug("returning URL from UIInfo " + infoURL.getURI().getLocalString());
+                        }
+                        return infoURL.getURI().getLocalString();
                     }
-                    return infoURL.getURI().getLocalString();
                 }
             }
-            if (log.isDebugEnabled()){
+            if (log.isDebugEnabled()) {
                 log.debug("No relevant InformationURL in UIInfo");
-            }                       
+            }
         }
         return null;
     }
-    @Override
 
+    @Override
     public int doEndTag() throws JspException {
-       
+
         String infoURL = getInformationURLFromUIIinfo();
-        
+
         try {
             if (null == infoURL) {
                 BodyContent bc = getBodyContent();
                 if (null != bc) {
-                    JspWriter ew= bc.getEnclosingWriter();
+                    JspWriter ew = bc.getEnclosingWriter();
                     if (ew != null) {
                         bc.writeOut(ew);
                     }
@@ -98,5 +103,4 @@ public class ServiceInformationURLTag extends ServiceTagSupport {
         return super.doEndTag();
     }
 
-
 }
index cb59261..47dccc3 100644 (file)
@@ -20,6 +20,7 @@ package edu.internet2.middleware.shibboleth.idp.ui;
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.util.List;
 
 import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.JspWriter;
@@ -31,57 +32,77 @@ import org.owasp.esapi.Encoder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-/**Logo for the SP.*/
+/** Logo for the SP. */
 public class ServiceLogoTag extends ServiceTagSupport {
 
     /**
      * checkstyle control.
      */
     private static final long serialVersionUID = 6451849117572923712L;
+
     /** Class logger. */
     private static Logger log = LoggerFactory.getLogger(ServiceLogoTag.class);
+
     /** what to emit if the jsp has nothing. */
     private static final String DEFAULT_VALUE = "";
+
     /** what to emit as alt txt if all else fails. */
     private static final String DEFAULT_ALT_TXT = "SP Logo";
 
     /** Bean storage. Size constraint X */
     private int minWidth;
+
     /** Bean storage. Size constraint X */
     private int maxWidth = Integer.MAX_VALUE;
+
     /** Bean storage. Size constraint Y */
     private int minHeight;
-    /** Bean storage.  Size constraint Y */
+
+    /** Bean storage. Size constraint Y */
     private int maxHeight = Integer.MAX_VALUE;
-    /** Bean storage.  alt text */
+
+    /** Bean storage. alt text */
     private String altTxt;
 
-    /** Bean setter.
+    /**
+     * Bean setter.
+     * 
      * @param value what to set
      */
     public void setMaxWidth(Integer value) {
         maxWidth = value.intValue();
     }
-    /** Bean setter.
+
+    /**
+     * Bean setter.
+     * 
      * @param value what to set
      */
     public void setMinWidth(Integer value) {
         minWidth = value.intValue();
     }
-    /** Bean setter.
+
+    /**
+     * Bean setter.
+     * 
      * @param value what to set
      */
     public void setMinHeight(Integer value) {
         minHeight = value.intValue();
     }
-    /** Bean setter.
+
+    /**
+     * Bean setter.
+     * 
      * @param value what to set
      */
     public void setMaxHeight(Integer value) {
         maxHeight = value.intValue();
     }
 
-    /** Bean setter.
+    /**
+     * Bean setter.
+     * 
      * @param value what to set
      */
     public void setAlt(String value) {
@@ -90,58 +111,75 @@ public class ServiceLogoTag extends ServiceTagSupport {
 
     /**
      * Whether the provided logo fits inside the constraints.
+     * 
      * @param logo the logo
      * @return whether it fits the provided max and mins
      */
     private boolean logoFits(Logo logo) {
-        return logo.getHeight() <= maxHeight && logo.getHeight() >= minHeight &&
-               logo.getWidth() <= maxWidth && logo.getWidth() >= minWidth;
+        return logo.getHeight() <= maxHeight && logo.getHeight() >= minHeight && logo.getWidth() <= maxWidth
+                && logo.getWidth() >= minWidth;
     }
     
     /**
-     * get an appropriate Logo from UIInfo.
-     * @return the URL for a logo
+     * get an appropriate logo by lanaguage from the UIInfo.
+     * @param logos what to look through
+     * @return an appropriate logo.
      */
-    private String getLogoFromUIInfo() {
-        String lang = getBrowserLanguage();
-
-        if (getSPUIInfo() != null && getSPUIInfo().getDescriptions() != null) {
-            for (Logo logo:getSPUIInfo().getLogos()) {
-                if (log.isDebugEnabled()){
-                    log.debug("Found logo in UIInfo, language=" + logo.getXMLLang() + 
-                            " width=" + logo.getWidth() + " height=" +logo.getHeight());
-                }
-                if (null != logo.getXMLLang() && !logo.getXMLLang().equals(lang)) {
-                    //
-                    // there is a language and its now what we want
+    private String getLogoFromUIInfo(List<Logo> logos) {
+        for (String lang : getBrowserLanguages()) {
+            // By language first
+            for (Logo logo : logos) {
+                log.debug("Found logo in UIInfo, language=" + logo.getXMLLang() + " width=" + logo.getWidth()
+                        + " height=" + logo.getHeight());
+                if (null == logo.getXMLLang() || !logo.getXMLLang().equals(lang) || !logoFits(logo)) {
+                    // No language, language mismatch or not fitting
                     continue;
                 }
-                if (!logoFits(logo)) {
-                    //
-                    // size out of range
-                    //
-                    continue;
-                }
-                //
                 // Found it
-                //
-                if (log.isDebugEnabled()) {
-                    log.debug("returning logo from UIInfo " + logo.getURL());
-                }
+                log.debug("returning logo from UIInfo " + logo.getURL());
+                return logo.getURL();
+            }
+        }
+        // Then by no language
+        for (Logo logo : getSPUIInfo().getLogos()) {
+            log.debug("Found logo in UIInfo, language=" + logo.getXMLLang() + " width=" + logo.getWidth()
+                    + " height=" + logo.getHeight());
+            if (null == logo.getXMLLang() && logoFits(logo)) {
+                // null language and it fits
+                log.debug("returning logo from UIInfo " + logo.getURL());
                 return logo.getURL();
             }
-            if (log.isDebugEnabled()){
-                log.debug("No appropriate logo in UIInfo");
-            }            
         }
         return null;
     }
-    
-    /** Find what the user specified for alt txt.
+
+    /**
+     * get an appropriate Logo from UIInfo.
+     * 
+     * @return the URL for a logo
+     * 
+     */
+    private String getLogoFromUIInfo() {
+
+        if (getSPUIInfo() != null && getSPUIInfo().getLogos() != null) {
+            
+            String result = getLogoFromUIInfo(getSPUIInfo().getLogos());
+            
+            if (null != result) {
+                return result;
+            }
+            log.debug("No appropriate logo in UIInfo");
+        }
+        return null;
+    }
+
+    /**
+     * Find what the user specified for alt txt.
+     * 
      * @return the text required
      */
     private String getAltText() {
-        
+
         //
         // First see what the user tried
         //
@@ -149,7 +187,7 @@ public class ServiceLogoTag extends ServiceTagSupport {
         if (null != value && 0 != value.length()) {
             return value;
         }
-        
+
         //
         // Try the request
         //
@@ -157,28 +195,28 @@ public class ServiceLogoTag extends ServiceTagSupport {
         if (null != value && 0 != value.length()) {
             return value;
         }
-        
+
         return DEFAULT_ALT_TXT;
     }
 
     /**
      * Given the url build an appropriate &lta href=...
+     * 
      * @return the contrcuted hyperlink or null
      */
     private String getHyperlink() {
         String url = getLogoFromUIInfo();
-        String encodedURL;
         StringBuilder sb;
         Encoder esapiEncoder = ESAPI.encoder();
-        
+
         if (null == url) {
             return null;
         }
-        
+
         try {
             URI theUrl = new URI(url);
             String scheme = theUrl.getScheme();
-    
+
             if (!"http".equals(scheme) && !"https".equals(scheme) && !"mailto".equals(scheme)) {
                 log.warn("The logo URL " + url + " contained an invalid scheme");
                 return null;
@@ -190,29 +228,29 @@ public class ServiceLogoTag extends ServiceTagSupport {
             log.warn("The logo URL " + url + " was not a URL " + e.toString());
             return null;
         }
-        
-        
-        encodedURL = esapiEncoder.encodeForHTMLAttribute(url);
+
+        String encodedURL = esapiEncoder.encodeForHTMLAttribute(url);
+        String encodedAltTxt = esapiEncoder.encodeForHTMLAttribute(getAltText());
 
         sb = new StringBuilder("<img src=\"");
         sb.append(encodedURL).append('"');
-        sb.append(" alt=\"").append(getAltText()).append('"');
+        sb.append(" alt=\"").append(encodedAltTxt).append('"');
         addClassAndId(sb);
         sb.append("/>");
         return sb.toString();
     }
-    
+
     @Override
     public int doEndTag() throws JspException {
-       
+
         String result = getHyperlink();
-        
+
         try {
             if (null == result) {
                 BodyContent bc = getBodyContent();
                 boolean written = false;
                 if (null != bc) {
-                    JspWriter ew= bc.getEnclosingWriter();
+                    JspWriter ew = bc.getEnclosingWriter();
                     if (ew != null) {
                         bc.writeOut(ew);
                         written = true;
index 0efe0bf..bdf00b8 100644 (file)
@@ -18,6 +18,7 @@
 package edu.internet2.middleware.shibboleth.idp.ui;
 
 import java.io.IOException;
+import java.util.List;
 
 import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.JspWriter;
@@ -27,65 +28,70 @@ import org.opensaml.samlext.saml2mdui.PrivacyStatementURL;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-/** Service PrivacyURL - directly from the metadata if present.*/
+/** Service PrivacyURL - directly from the metadata if present. */
 public class ServicePrivacyURLTag extends ServiceTagSupport {
 
     /** checkstyle needs serial version UID. */
     private static final long serialVersionUID = 1706444251504545781L;
-    
+
     /** Class logger. */
     private static Logger log = LoggerFactory.getLogger(ServicePrivacyURLTag.class);
 
     /** Bean storage for the link text attribute. */
     private static String linkText;
-    
-    /** Bean setter  for the link text attribute.
+
+    /**
+     * Bean setter for the link text attribute.
+     * 
      * @param text the link text to put in
      */
     public void setLinkText(String text) {
         linkText = text;
     }
-    
+
     /**
      * look for the &lt;PrivacyURL&gt; in the &lt;UIInfo&gt;.
+     * 
      * @return null or an appropriate string.
      */
     private String getPrivacyURLFromUIIinfo() {
-        String lang = getBrowserLanguage();
-
         if (getSPUIInfo() != null && getSPUIInfo().getPrivacyStatementURLs() != null) {
-            for (PrivacyStatementURL privacyURL:getSPUIInfo().getPrivacyStatementURLs()) {
-                if (log.isDebugEnabled()){
-                    log.debug("Found PrivacyStatementURL in UIInfo, language=" + privacyURL.getXMLLang());
-                }
-                if (privacyURL.getXMLLang().equals(lang)) {
-                    //
-                    // Found it
-                    //
-                    if (log.isDebugEnabled()){
-                        log.debug("returning URL from UIInfo " + privacyURL.getURI().getLocalString());
+            
+            List<String> languages = getBrowserLanguages();
+            for (String lang : languages) {
+
+                for (PrivacyStatementURL privacyURL : getSPUIInfo().getPrivacyStatementURLs()) {
+                    if (log.isDebugEnabled()) {
+                        log.debug("Found PrivacyStatementURL in UIInfo, language=" + privacyURL.getXMLLang());
+                    }
+                    if (privacyURL.getXMLLang().equals(lang)) {
+                        //
+                        // Found it
+                        //
+                        if (log.isDebugEnabled()) {
+                            log.debug("returning URL from UIInfo " + privacyURL.getURI().getLocalString());
+                        }
+                        return privacyURL.getURI().getLocalString();
                     }
-                    return privacyURL.getURI().getLocalString();
                 }
             }
-            if (log.isDebugEnabled()){
+            if (log.isDebugEnabled()) {
                 log.debug("No relevant PrivacyStatementURL in UIInfo");
-            }                       
+            }
         }
         return null;
     }
-    
-    @Override
 
+    @Override
     public int doEndTag() throws JspException {
-       
+
         String privacyURL = getPrivacyURLFromUIIinfo();
-        
+
         try {
             if (null == privacyURL) {
                 BodyContent bc = getBodyContent();
                 if (null != bc) {
-                    JspWriter ew= bc.getEnclosingWriter();
+                    JspWriter ew = bc.getEnclosingWriter();
                     if (ew != null) {
                         bc.writeOut(ew);
                     }
index ddac31f..e763ebb 100644 (file)
@@ -19,7 +19,10 @@ package edu.internet2.middleware.shibboleth.idp.ui;
 
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Enumeration;
 import java.util.List;
+import java.util.Locale;
 
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
@@ -44,47 +47,51 @@ import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfi
 import edu.internet2.middleware.shibboleth.idp.authn.LoginContext;
 import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper;
 
-
 /**
  * Display the serviceName.
  * 
- * This is taken in order
- *  1) From the mdui
- *  2) AttributeConsumeService
- *  3) HostName from the EntityId
- *  4) EntityId.
+ * This is taken in order 1) From the mdui 2) AttributeConsumeService 3) HostName from the EntityId 4) EntityId.
  */
-public class ServiceTagSupport extends BodyTagSupport{
+public class ServiceTagSupport extends BodyTagSupport {
 
     /**
      * checkstyle requires this serialization info.
      */
     private static final long serialVersionUID = 7988646597267865255L;
-    
+
     /** Class logger. */
     private static Logger log = LoggerFactory.getLogger(ServiceTagSupport.class);
 
-    /** Bean storage. class reference*/
+    /** Bean storage. class reference */
     private String cssClass;
-    /** Bean storage. id reference*/
+
+    /** Bean storage. id reference */
     private String cssId;
-    /** Bean storage. style reference*/
+
+    /** Bean storage. style reference */
     private String cssStyle;
 
-    /** Bean setter.
+    /**
+     * Bean setter.
+     * 
      * @param value what to set
      */
     public void setCssClass(String value) {
         cssClass = value;
     }
-    /** Bean setter.
+
+    /**
+     * Bean setter.
+     * 
      * @param value what to set
      */
     public void setCssId(String value) {
         cssId = value;
     }
 
-    /** Bean setter.
+    /**
+     * Bean setter.
+     * 
      * @param value what to set
      */
     public void setCssStyle(String value) {
@@ -93,6 +100,7 @@ public class ServiceTagSupport extends BodyTagSupport{
 
     /**
      * Add the class and Id if present.
+     * 
      * @param sb the stringbuilder to asdd to.
      */
     protected void addClassAndId(StringBuilder sb) {
@@ -106,9 +114,10 @@ public class ServiceTagSupport extends BodyTagSupport{
             sb.append(" style=\"").append(cssStyle).append('"');
         }
     }
-    
+
     /**
      * build a hyperlink from the parameters.
+     * 
      * @param url the URL
      * @param text what to embed
      * @return the hyperlink.
@@ -116,7 +125,7 @@ public class ServiceTagSupport extends BodyTagSupport{
     protected String buildHyperLink(String url, String text) {
         String encodedUrl;
         Encoder esapiEncoder = ESAPI.encoder();
-       
+
         try {
             URI theUrl = new URI(url);
             String scheme = theUrl.getScheme();
@@ -127,22 +136,23 @@ public class ServiceTagSupport extends BodyTagSupport{
             }
             encodedUrl = esapiEncoder.encodeForHTMLAttribute(url);
         } catch (URISyntaxException e) {
-            // 
+            //
             // It wasn't an URI.
             //
             log.warn("The URL " + url + " was invalid: " + e.toString());
             return "";
         }
-        
+
         StringBuilder sb = new StringBuilder("<a href=\"");
         sb.append(encodedUrl).append('"');
         addClassAndId(sb);
-        sb.append(">").append(text).append("</a>");
+        sb.append(">").append(esapiEncoder.encodeForHTML(text)).append("</a>");
         return sb.toString();
     }
-    
+
     /**
      * Get the EntityDescriptor for the relying party.
+     * 
      * @return the SPs EntityDescriptor
      */
     protected EntityDescriptor getSPEntityDescriptor() {
@@ -151,21 +161,22 @@ public class ServiceTagSupport extends BodyTagSupport{
         ServletContext application;
         RelyingPartyConfigurationManager rpConfigMngr;
         EntityDescriptor spEntity;
-        
+
         //
         // Populate up those things that jsp gives us.
         //
         request = (HttpServletRequest) pageContext.getRequest();
         application = pageContext.getServletContext();
-        
+
         if (request == null || application == null) {
-           return null;
+            return null;
         }
         //
         // grab the login context and the RP config mgr.
         //
-        loginContext = HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
-                application, request);
+        loginContext =
+                HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application), application,
+                        request);
         rpConfigMngr = HttpServletHelper.getRelyingPartyConfigurationManager(application);
         if (loginContext == null || rpConfigMngr == null) {
             return null;
@@ -174,14 +185,16 @@ public class ServiceTagSupport extends BodyTagSupport{
 
         return spEntity;
     }
+
     /**
      * Traverse the SP's EntityDescriptor and pick out the UIInfo.
+     * 
      * @return the first UIInfo for the SP.
      */
     protected UIInfo getSPUIInfo() {
         EntityDescriptor spEntity = getSPEntityDescriptor();
         Extensions exts;
-        
+
         if (null == spEntity) {
             //
             // all done
@@ -189,10 +202,10 @@ public class ServiceTagSupport extends BodyTagSupport{
             return null;
         }
 
-        for (RoleDescriptor role:spEntity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME)) {
+        for (RoleDescriptor role : spEntity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME)) {
             exts = role.getExtensions();
             if (exts != null) {
-                for (XMLObject object:exts.getOrderedChildren()) {
+                for (XMLObject object : exts.getOrderedChildren()) {
                     if (object instanceof UIInfo) {
                         return (UIInfo) object;
                     }
@@ -201,24 +214,35 @@ public class ServiceTagSupport extends BodyTagSupport{
         }
         return null;
     }
-            
+
     /**
      * Pluck the language from the browser.
+     * 
      * @return the two letter language
      */
-    protected String getBrowserLanguage() {
+    protected List<String> getBrowserLanguages() {
         HttpServletRequest request;
         request = (HttpServletRequest) pageContext.getRequest();
-        
-        return request.getLocale().getLanguage();
+
+        Enumeration<Locale> locales = request.getLocales();
+
+        List<String> languages = new ArrayList<String>();
+
+        while (locales.hasMoreElements()) {
+            Locale locale = locales.nextElement();
+            languages.add(locale.getLanguage());
+        }
+        return languages;
     }
+
     /**
      * If the entityId can look like a host return that otherwise the string.
+     * 
      * @return either the host or the entityId.
      */
     private String getNameFromEntityId() {
         EntityDescriptor sp = getSPEntityDescriptor();
-        
+
         if (null == sp) {
             log.debug("No relying party, nothing to display");
             return null;
@@ -229,11 +253,11 @@ public class ServiceTagSupport extends BodyTagSupport{
             String scheme = entityId.getScheme();
 
             if ("http".equals(scheme) || "https".equals(scheme)) {
-                return entityId.getHost(); 
+                return entityId.getHost();
             }
         } catch (URISyntaxException e) {
-            // 
-            // It wasn't an URI.  return full entityId.
+            //
+            // It wasn't an URI. return full entityId.
             //
             return sp.getEntityID();
         }
@@ -242,82 +266,81 @@ public class ServiceTagSupport extends BodyTagSupport{
         //
         return sp.getEntityID();
     }
-    
-    /** 
+
+    /**
      * look at &lt;Uiinfo&gt; if there and if so look for appropriate name.
+     * 
+     * @param lang - which language to look up
      * @return null or an appropriate name
      */
-    private String getNameFromUIInfo() {
-        String lang = getBrowserLanguage();
+    private String getNameFromUIInfo(String lang) {
 
         if (getSPUIInfo() != null) {
-            for (DisplayName name:getSPUIInfo().getDisplayNames()) {
-                if (log.isDebugEnabled()){
+            for (DisplayName name : getSPUIInfo().getDisplayNames()) {
+                if (log.isDebugEnabled()) {
                     log.debug("Found name in UIInfo, language=" + name.getXMLLang());
                 }
                 if (name.getXMLLang().equals(lang)) {
                     //
                     // Found it
                     //
-                    if (log.isDebugEnabled()){
+                    if (log.isDebugEnabled()) {
                         log.debug("returning name from UIInfo " + name.getName().getLocalString());
                     }
                     return name.getName().getLocalString();
                 }
             }
-            if (log.isDebugEnabled()){
-                log.debug("No name in UIInfo");
-            }            
+            if (log.isDebugEnabled()) {
+                log.debug("No name in MDUI for " + lang);
+            }
         }
         return null;
     }
 
     /**
      * look for an &ltAttributeConsumeService&gt and if its there look for an appropriate name.
+     * 
+     * @param lang - which language to look up
      * @return null or an appropriate name
      */
-    private String getNameFromAttributeConsumingService(){
-        String lang = getBrowserLanguage();
-        List<RoleDescriptor> roles;
-        AttributeConsumingService acs = null;
+    private String getNameFromAttributeConsumingService(String lang) {
         EntityDescriptor sp = getSPEntityDescriptor();
-        
         if (null == sp) {
             log.warn("No relying party, nothing to display");
             return null;
         }
 
-        roles = sp.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+        AttributeConsumingService acs = null;
+
+        List<RoleDescriptor> roles = sp.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
         if (!roles.isEmpty()) {
             SPSSODescriptor spssod = (SPSSODescriptor) roles.get(0);
             acs = spssod.getDefaultAttributeConsumingService();
         }
         if (acs != null) {
-            for (ServiceName name:acs.getNames()) {
+            for (ServiceName name : acs.getNames()) {
                 LocalizedString localName = name.getName();
-                if (log.isDebugEnabled()){
+                if (log.isDebugEnabled()) {
                     log.debug("Found name in AttributeConsumingService, language=" + localName.getLanguage());
                 }
                 if (localName.getLanguage().equals(lang)) {
-                    if (log.isDebugEnabled()){
+                    if (log.isDebugEnabled()) {
                         log.debug("returning name from AttributeConsumingService " + name.getName().getLocalString());
                     }
                     return localName.getLocalString();
                 }
             }
-            if (log.isDebugEnabled()){
-                log.debug("No name in AttributeConsumingService");
-            }            
-        }        
+        }
         return null;
     }
-    
+
     /**
      * Get the identifier for the service name as per the rules above.
+     * 
      * @return something sensible for display.
      */
     protected String getServiceName() {
-        String result;
+        String result = null;
         //
         // First look for MDUI
         //
@@ -325,27 +348,32 @@ public class ServiceTagSupport extends BodyTagSupport{
             log.debug("No relying party, nothing to display");
             return null;
         }
-        //
-        // Look at <UIInfo>
-        //
-        result = getNameFromUIInfo();
-        if (result != null) {
-            return result;
-        }
         
         //
-        // Otherwise <AttributeConsumingService>
+        // For each Language
         //
-        result = getNameFromAttributeConsumingService();
-        if (result != null) {
-            return result;
+        List<String> languages = getBrowserLanguages();
+        for (String lang : languages) {
+            //
+            // Look at <UIInfo>
+            //
+            result = getNameFromUIInfo(lang);
+            if (result != null) {
+                return result;
+            }
+
+            //
+            // Otherwise <AttributeConsumingService>
+            //
+            result = getNameFromAttributeConsumingService(lang);
+            if (result != null) {
+                return result;
+            }
         }
-        
         //
         // Or look at the entityName
         //
         return getNameFromEntityId();
     }
-    
 
 }
index 028f755..5fa2876 100644 (file)
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
+                <xsd:attribute name="supportsForcedAuthentication" type="xsd:boolean">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Indicates whether the external authentication supports force re-authentication.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+                <xsd:attribute name="supportsPassiveAuthentication" type="xsd:boolean">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Indicates whether the external authentication supports passive authentication.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
             </xsd:extension>
         </xsd:complexContent>
     </xsd:complexType>
index b1aaf4c..ca1ed88 100644 (file)
@@ -25,8 +25,8 @@
              <form action="j_security_check" method="post">
            <% } %>
            <table>
-             <tr><td width="40%"><label for="username">Username:</label></td><td><input name="j_username" type="text" /></td></tr>
-             <tr><td><label for="password">Password:</label></td><td><input name="j_password" type="password" /></td></tr>
+             <tr><td width="40%"><label for="username">Username:</label></td><td><input name="j_username" type="text" id="username" autocapitalize="off" /></td></tr>
+             <tr><td><label for="password">Password:</label></td><td><input name="j_password" type="password" id="password" /></td></tr>
              <tr><td></td><td><button type="submit" value="Login" >Continue</button></td></tr>
            </table></form>
          </div>