Improve error handling, account for a missing attribute query in request, apply desig...
authorcantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sat, 25 Jan 2003 20:33:30 +0000 (20:33 +0000)
committercantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sat, 25 Jan 2003 20:33:30 +0000 (20:33 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@420 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/aa/AASaml.java
src/edu/internet2/middleware/shibboleth/aa/AAServlet.java

index 62da960..c69cf0d 100755 (executable)
@@ -75,41 +75,31 @@ public class AASaml {
     String[] policies = { Constants.POLICY_CLUBSHIB };
     String myName;
     StringBuffer sharName;
-    String resource;
-    String reqID;
-    SAMLSubject sub;
+    SAMLRequest sreq;
+    SAMLAttributeQuery aquery;
     SAMLBinding binding;
     private static Logger log = Logger.getLogger(AASaml.class.getName());        
 
     public AASaml(String myName) throws SAMLException {
-       
-       Init.init();
-
-       binding = SAMLBindingFactory.getInstance(SAMLBinding.SAML_SOAP_HTTPS);
-       this.myName = myName;
+        binding = SAMLBindingFactory.getInstance(SAMLBinding.SAML_SOAP_HTTPS);
+        this.myName = myName;
     }
 
-    public void receive(HttpServletRequest req)
-       throws SAMLException{
-
-       sharName=new StringBuffer();
-       SAMLRequest sReq = binding.receive(req, sharName);
-       SAMLAttributeQuery q = (SAMLAttributeQuery)sReq.getQuery();
-       resource = q.getResource();
-       reqID = sReq.getRequestId();
-       sub = q.getSubject();
+    public void receive(HttpServletRequest req) throws SAMLException {
+        sharName=new StringBuffer();
+        sreq = binding.receive(req, sharName);
+        SAMLQuery q = sreq.getQuery();
+        if (q == null || !(q instanceof SAMLAttributeQuery))
+            throw new SAMLException(SAMLException.REQUESTER,"AASaml.receive() can only respond to a SAML Attribute Query");
+        SAMLAttributeQuery aquery = (SAMLAttributeQuery)q;
     }
 
     public String getHandle(){
-       return sub.getName();
+       return aquery.getSubject().getName();
     }
 
     public String getResource(){
-       return resource;
-    }
-
-    public String getIssuer(){
-       return sub.getConfirmationData();
+       return aquery.getResource();
     }
 
     public String getShar(){
@@ -117,62 +107,75 @@ public class AASaml {
     }
 
  
-    public void respond(HttpServletResponse resp, SAMLAttribute[] attrs, SAMLException exception)
-       throws IOException{
-    
-       SAMLException ourSE = null;
-       SAMLResponse sResp = null;
-       
-       try{
-
-           if(attrs == null || attrs.length == 0){
-               sResp = new SAMLResponse(reqID,
-                                        /* recipient URL*/ null,
-                                        /* no attrs -> no assersion*/ null,
-                                        exception);
-           }else{
-               Date now = new Date();
-               Date  then = null;
-
-               SAMLSubject rSubject = (SAMLSubject)sub.clone();
-               SAMLCondition condition = new SAMLAudienceRestrictionCondition(Arrays.asList(policies));
-               SAMLStatement statement = new SAMLAttributeStatement(rSubject, Arrays.asList(attrs));
-           
-               long min = attrs[0].getLifetime();
-               for(int i = 1; i < attrs.length; i++){
-                   long t = attrs[i].getLifetime();
-                   if(t > 0 && t < min)
-                       min = t;
-               }
-               if(min > 0)
-                   then = new Date(now.getTime() + min);
-
-               SAMLAssertion sAssertion = new SAMLAssertion(
-                        myName,
-                                            now,
-                                            then,
-                                            Collections.singleton(condition),
-                                            Collections.singleton(statement)
-                         );
-
-               sResp = new SAMLResponse(reqID,
-                                        /* recipient URL*/ null,
-                                        Collections.singleton(sAssertion),
-                                        exception);
-           }
-       }catch (SAMLException se) {
-           ourSE = se;
-    }catch (CloneNotSupportedException ex) {
-        ourSE = new SAMLException(SAMLException.RESPONDER,ex);
-       }finally{
-           binding.respond(resp,sResp,ourSE);      
-       }
+    public void respond(HttpServletResponse resp, Collection attrs, SAMLException exception)
+       throws IOException {        
+        SAMLException ourSE = null;
+        SAMLResponse sResp = null;
+        
+        try {
+            if(attrs == null || attrs.size() == 0) {
+                       sResp = new SAMLResponse(sreq.getRequestId(),
+                                                /* recipient URL*/ null,
+                                                /* no attrs -> no assersion*/ null,
+                                                exception);
+            } else {
+                
+                // Determine max lifetime, and filter via query if necessary.
+                       Date now = new Date();
+                       Date then = null;
+                long min = 0;
+                Iterator i = attrs.iterator();
+                outer_loop:
+                while (i.hasNext())
+                {
+                    SAMLAttribute attr = (SAMLAttribute)i.next();
+                    if (min == 0 || (attr.getLifetime() > 0 && attr.getLifetime() < min))
+                        min = attr.getLifetime();
+                    Iterator filter = aquery.getDesignators();
+                    if (!filter.hasNext())
+                        continue;
+                    while (filter.hasNext())
+                    {
+                        SAMLAttribute desig = (SAMLAttribute)filter.next();
+                        if (attr.getNamespace().equals(desig.getNamespace()) && attr.getName().equals(desig.getName()))
+                            continue outer_loop;
+                    }
+                    i.remove();
+                }
+        
+                       SAMLSubject rSubject = (SAMLSubject)aquery.getSubject().clone();
+                       SAMLCondition condition = new SAMLAudienceRestrictionCondition(Arrays.asList(policies));
+                       SAMLStatement statement = new SAMLAttributeStatement(rSubject, attrs);
+                   
+                       if(min > 0)
+                           then = new Date(now.getTime() + min);
+        
+                       SAMLAssertion sAssertion = new SAMLAssertion(
+                                myName,
+                                                    now,
+                                                    then,
+                                                    Collections.singleton(condition),
+                                                    Collections.singleton(statement)
+                                 );
+        
+                       sResp = new SAMLResponse(sreq.getRequestId(),
+                                                /* recipient URL*/ null,
+                                                Collections.singleton(sAssertion),
+                                                exception);
+            }
+        } catch (SAMLException se) {
+            ourSE = se;
+        } catch (CloneNotSupportedException ex) {
+            ourSE = new SAMLException(SAMLException.RESPONDER, ex);
+        } finally{
+            binding.respond(resp,sResp,ourSE);     
+        }
     }
 
     public void fail(HttpServletResponse resp, SAMLException exception)
        throws IOException{
        try{
-           SAMLResponse sResp = new SAMLResponse(reqID,
+           SAMLResponse sResp = new SAMLResponse((sreq!=null) ? sreq.getRequestId() : null,
                                                  /* recipient URL*/ null,
                                                  /* an assersion*/ null,
                                                  exception);   
index d120cb7..50e9453 100755 (executable)
@@ -63,7 +63,6 @@ import edu.internet2.middleware.shibboleth.hs.*;
 import edu.internet2.middleware.eduPerson.*;
 import org.apache.log4j.Logger;
 import org.apache.log4j.MDC;
-import org.doomdark.uuid.UUIDGenerator;
 
 /**
  *  Attribute Authority & Release Policy
@@ -153,11 +152,11 @@ public class AAServlet extends HttpServlet {
         throws ServletException, IOException {
                
        log.debug("Recieved a request.");
-       MDC.put("serviceId", UUIDGenerator.getInstance().generateRandomBasedUUID());
+       MDC.put("serviceId", new SAMLIdentifier().toString());
        MDC.put("remoteAddr", req.getRemoteAddr());
        log.info("Handling request.");
 
-       SAMLAttribute[] attrs = null;
+       ArrayList attrs = null;
        SAMLException ourSE = null;
        AASaml saml = null;
        String userName = null;
@@ -168,9 +167,7 @@ public class AAServlet extends HttpServlet {
            String resource = saml.getResource();
            String handle = saml.getHandle();
            String shar = saml.getShar();
-           String issuedBy = saml.getIssuer();
            log.info("AA: handle:"+handle);
-           log.info("AA: issuer:"+issuedBy);
            log.info("AA: shar:"+shar);
 
 
@@ -188,17 +185,17 @@ public class AAServlet extends HttpServlet {
                }
            }
 
-           attrs = responder.getReleaseAttributes(userName, uidSyntax, handle, shar, resource);
-           log.info("Got "+attrs.length+" attributes for "+userName);
+           attrs = (ArrayList)Arrays.asList(responder.getReleaseAttributes(userName, uidSyntax, handle, shar, resource));
+           log.info("Got " + attrs.size() + " attributes for " + userName);
            saml.respond(resp, attrs, null);
            log.info("Successfully responded about "+userName);
 
        }catch (org.opensaml.SAMLException se) {
            log.error("AA failed for "+userName+" because of: "+se);
            try{
-               saml.fail(resp, new SAMLException(SAMLException.RESPONDER, "AA got a SAML Exception: "+se));
+               saml.fail(resp, se);
            }catch(Exception ee){
-               throw new ServletException("AA failed to even make a SAML Failure message because "+ee+"  Origianl problem: "+se);
+            throw new ServletException("AA failed to even make a SAML Failure message because "+ee+"  Origianl problem: "+se);
            }
        }catch (HandleException he) {
            log.error("AA failed for "+userName+" because of: "+he);