Fix up static SAML metadata provider and add it to the default config - SIDP-223
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 28 Aug 2008 09:31:38 +0000 (09:31 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 28 Aug 2008 09:31:38 +0000 (09:31 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2753 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/installer/resources/conf-tmpl/handler.xml
src/main/java/edu/internet2/middleware/shibboleth/idp/config/profile/ProfileHandlerNamespaceHandler.java
src/main/java/edu/internet2/middleware/shibboleth/idp/config/profile/SAMLMetadataHandlerBeanDefinitionParser.java
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/SAMLMetadataProfileHandler.java
src/main/resources/schema/shibboleth-2.0-idp-profile-handler.xsd

index 4dd3586..a6a8c72 100644 (file)
     <ProfileHandler xsi:type="Status">
         <RequestPath>/Status</RequestPath>
     </ProfileHandler>
+    
+    <ProfileHandler xsi:type="SAMLMetadata" metadataFile="$IDP_HOME$/metadata/idp-metadata.xml">
+        <RequestPath>/Metadata/SAML</RequestPath>
+    </ProfileHandler>    
 
     <ProfileHandler xsi:type="ShibbolethSSO"
                     inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
index 8e6565e..c93e5d6 100644 (file)
@@ -56,6 +56,9 @@ public class ProfileHandlerNamespaceHandler extends BaseSpringNamespaceHandler {
 
         registerBeanDefinitionParser(new QName(NAMESPACE, VelocityErrorHandlerBeanDefinitionParser.ELEMENT_NAME),
                 new VelocityErrorHandlerBeanDefinitionParser());
+        
+        registerBeanDefinitionParser(SAMLMetadataHandlerBeanDefinitionParser.SCHEMA_TYPE,
+                new SAMLMetadataHandlerBeanDefinitionParser());
 
         registerBeanDefinitionParser(ShibbolethSSOProfileHandlerBeanDefinitionParser.SCHEMA_TYPE,
                 new ShibbolethSSOProfileHandlerBeanDefinitionParser());
@@ -83,7 +86,7 @@ public class ProfileHandlerNamespaceHandler extends BaseSpringNamespaceHandler {
 
         registerBeanDefinitionParser(UsernamePasswordLoginHandlerBeanDefinitionParser.SCHEMA_TYPE,
                 new UsernamePasswordLoginHandlerBeanDefinitionParser());
-        
+
         registerBeanDefinitionParser(IPAddressLoginHandlerBeanDefinitionParser.SCHEMA_TYPE,
                 new IPAddressLoginHandlerBeanDefinitionParser());
     }
index 96850bd..e8dc91d 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
+ * Copyright 2007 University Corporation for Advanced Internet Development, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,9 +24,7 @@ import org.w3c.dom.Element;
 import edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser;
 import edu.internet2.middleware.shibboleth.idp.profile.SAMLMetadataProfileHandler;
 
-/**
- * Spring bean definition parser for {@link SAMLMetadataProfileHandler}s.
- */
+/** Spring bean definition parser for {@link SAMLMetadataProfileHandler}s. */
 public class SAMLMetadataHandlerBeanDefinitionParser extends AbstractRequestURIMappedProfileHandlerBeanDefinitionParser {
 
     /** Schema type. */
@@ -39,7 +37,10 @@ public class SAMLMetadataHandlerBeanDefinitionParser extends AbstractRequestURIM
 
     /** {@inheritDoc} */
     protected void doParse(Element config, BeanDefinitionBuilder builder) {
-        builder.addConstructorArg(config.getAttributeNS(null, "metadataFile"));
+        super.doParse(config, builder);
+
+        builder.addConstructorArgValue(config.getAttributeNS(null, "metadataFile"));
+        builder.addConstructorArgReference(config.getAttributeNS(null, "parserPoolRef"));
     }
 
     /** {@inheritDoc} */
index ba12bea..b6001bb 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
+ * Copyright 2007 University Corporation for Advanced Internet Development, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
 
 package edu.internet2.middleware.shibboleth.idp.profile;
 
-import java.io.File;
 import java.io.OutputStreamWriter;
 
-import javax.servlet.http.HttpServletRequestWrapper;
-
 import org.opensaml.Configuration;
-import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider;
+import org.opensaml.util.resource.FilesystemResource;
 import org.opensaml.ws.transport.InTransport;
 import org.opensaml.ws.transport.OutTransport;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.parse.ParserPool;
+import org.opensaml.xml.util.DatatypeHelper;
 import org.opensaml.xml.util.XMLHelper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -45,17 +45,21 @@ public class SAMLMetadataProfileHandler extends AbstractRequestURIMappedProfileH
     private final Logger log = LoggerFactory.getLogger(SAMLMetadataProfileHandler.class);
 
     /** Metadata provider. */
-    private FilesystemMetadataProvider metadataProvider;
+    private ResourceBackedMetadataProvider metadataProvider;
 
     /**
      * Constructor.
      * 
      * @param metadataFile the IdPs metadata file
+     * @param pool pool of XML parsers used to parse the metadata
      */
-    public SAMLMetadataProfileHandler(String metadataFile) {
+    public SAMLMetadataProfileHandler(String metadataFile, ParserPool pool) {
         try {
-            metadataProvider = new FilesystemMetadataProvider(new File(metadataFile));
-        } catch (MetadataProviderException e) {
+            metadataProvider = new ResourceBackedMetadataProvider(new FilesystemResource(metadataFile));
+            metadataProvider.setParserPool(pool);
+            metadataProvider.setMaintainExpiredMetadata(true);
+            metadataProvider.initialize();
+        } catch (Exception e) {
             log.error("Unable to read metadata file " + metadataFile, e);
         }
     }
@@ -65,15 +69,18 @@ public class SAMLMetadataProfileHandler extends AbstractRequestURIMappedProfileH
         XMLObject metadata;
 
         try {
-            String requestedEntity = ((HttpServletRequestWrapper) in).getParameter("entity");
-            if (requestedEntity == null) {
+            String requestedEntity = DatatypeHelper.safeTrimOrNullString(((HttpServletRequestAdapter) in)
+                    .getParameterValue("entity"));
+            if (requestedEntity != null) {
                 metadata = metadataProvider.getEntityDescriptor(requestedEntity);
             } else {
                 metadata = metadataProvider.getMetadata();
             }
 
-            Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(metadata);
-            XMLHelper.writeNode(marshaller.marshall(metadata), new OutputStreamWriter(out.getOutgoingStream()));
+            if (metadata != null) {
+                Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(metadata);
+                XMLHelper.writeNode(marshaller.marshall(metadata), new OutputStreamWriter(out.getOutgoingStream()));
+            }
         } catch (Exception e) {
             log.error("Unable to retrieve and return metadata", e);
             throw new ProfileException(e);
index 314acce..efec988 100644 (file)
                         <xsd:documentation>Location of the static IdP metadata file.</xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
+                <xsd:attribute name="parserPoolRef" type="xsd:string" default="shibboleth.ParserPool">
+                    <xsd:annotation>
+                        <xsd:documentation>Reference to the parser pool used to parse the metadata.</xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
             </xsd:extension>
         </xsd:complexContent>
     </xsd:complexType>
                 <xsd:attribute name="servletPath" type="xsd:string">
                     <xsd:annotation>
                         <xsd:documentation>
-                            Optional servlet path to which the browser may be redirected.
+                            DEPRECATED. Optional servlet path to which the browser may be redirected.
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
                 <xsd:attribute name="supportsPassiveAuthentication" type="xsd:boolean">
                     <xsd:annotation>
                         <xsd:documentation>
-                            Whether this login handler, when redirecting to a servlet, support passives authentication.
+                            DEPRECATED. Whether this login handler, when redirecting to a servlet, support passives authentication.
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>