Configuration code for SAML 2 SSO profile handler
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 8 Jun 2007 00:14:47 +0000 (00:14 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 8 Jun 2007 00:14:47 +0000 (00:14 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2237 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/classpath/schema/shibboleth-2.0-idp-profile.xsd
src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationManager.java
src/edu/internet2/middleware/shibboleth/idp/config/profile/SAML2SSOProfileHandlerBeanDefinitionParser.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java [moved from src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AuthenticationRequestProfileHandler.java with 96% similarity]

index 0cff17d..432dfcb 100644 (file)
         </annotation>
         <complexContent>
             <extension base="idpph:SAML2ProfileHandler">
-                <attribute name="authenticationManagerId" type="string" default="shibboleth.AuthenticationManager">
+                <attribute name="authenticationManagerPath" type="string" default="/AuthnManager">
                     <annotation>
                         <documentation>
-                            The component ID of the authentication manager to use with the profile handler.
-
-                            This setting should not be changed from its default unless the deployer fully understands
-                            the inter-relationship between IdP components.
+                            The context relative path to the authentication manager used by this profile handler.  This should 
+                            match the URL pattern given in the web.xml
+                        </documentation>
+                    </annotation>
+                </attribute>
+                <attribute name="decodingBinding" type="anyURI" default=" urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
+                    <annotation>
+                        <documentation>
+                            The URI of the binding used when decoding requests from relying parties.
+                        </documentation>
+                    </annotation>
+                </attribute>
+                <attribute name="encodingBinding" type="anyURI" default=" urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
+                    <annotation>
+                        <documentation>
+                            The URI of the binding used when encoding responses to relying parties.
                         </documentation>
                     </annotation>
                 </attribute>
         </complexContent>
     </complexType>
 
+    <complexType name="SAML1AttributeQuery">
+        <annotation>
+            <documentation>Configuration type for SAML 1 Attribute Query profile handlers.</documentation>
+        </annotation>
+        <complexContent>
+            <extension base="idpph:SAML1ProfileHandler" />
+        </complexContent>
+    </complexType>
+
     <complexType name="SAML1ProfileHandler" abstract="true">
         <annotation>
             <documentation>Base type for SAML 1 profile handlers.</documentation>
index 05788e5..d0460e3 100644 (file)
@@ -24,24 +24,25 @@ import java.util.concurrent.ConcurrentHashMap;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
-import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import javolution.util.FastMap;
 
+import org.apache.log4j.Logger;
+
 import edu.internet2.middleware.shibboleth.common.session.SessionManager;
 import edu.internet2.middleware.shibboleth.idp.session.AuthenticationMethodInformation;
 import edu.internet2.middleware.shibboleth.idp.session.Session;
 import edu.internet2.middleware.shibboleth.idp.session.impl.AuthenticationMethodInformationImpl;
 
-import org.apache.log4j.Logger;
-import org.springframework.web.servlet.HttpServletBean;
-
 /**
  * Manager responsible for handling authentication requests.
  */
-public class AuthenticationManager extends HttpServletBean {
+//TODO map needed objects into servlet context information and fetch from there
+public class AuthenticationManager extends HttpServlet {
 
     /** log4j. */
     private final Logger log = Logger.getLogger(AuthenticationManager.class);
index e4ca635..9bc22df 100644 (file)
@@ -18,10 +18,11 @@ package edu.internet2.middleware.shibboleth.idp.config.profile;
 
 import javax.xml.namespace.QName;
 
+import org.opensaml.xml.util.DatatypeHelper;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.w3c.dom.Element;
 
-import edu.internet2.middleware.shibboleth.idp.profile.saml2.AuthenticationRequestBrowserPost;
+import edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler;
 
 /**
  * Spring bean definition parser for {@link AuthenticationRequestBrowserPost} profile handlers.
@@ -33,13 +34,18 @@ public class SAML2SSOProfileHandlerBeanDefinitionParser extends AbstractSAML2Pro
 
     /** {@inheritDoc} */
     protected Class getBeanClass(Element arg0) {
-        return AuthenticationRequestBrowserPost.class;
+        return SSOProfileHandler.class;
     }
 
     /** {@inheritDoc} */
     protected void doParse(Element config, BeanDefinitionBuilder builder) {
         super.doParse(config, builder);
 
-        builder.addPropertyReference("authenticationManager", config.getAttributeNS(null, "authenticationManagerId"));
+        builder.addConstructorArg(DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null,
+                "authenticationManagerPath")));
+
+        builder.addConstructorArg(DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null, "decodingBinding")));
+
+        builder.addConstructorArg(DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null, "encodingBinding")));
     }
 }
\ No newline at end of file
index 5134346..01d9ce1 100644 (file)
@@ -17,7 +17,6 @@
 package edu.internet2.middleware.shibboleth.idp.profile.saml2;
 
 import java.util.ArrayList;
-import java.util.Map;
 
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -29,8 +28,6 @@ import org.opensaml.common.binding.encoding.MessageEncoder;
 import org.opensaml.common.binding.security.SAMLSecurityPolicy;
 import org.opensaml.saml2.binding.decoding.HTTPSOAP11Decoder;
 import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.NameID;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.Statement;
 import org.opensaml.saml2.core.StatusCode;
@@ -39,17 +36,11 @@ import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.ws.security.SecurityPolicyException;
 
-import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException;
-import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
-import edu.internet2.middleware.shibboleth.common.attribute.provider.SAML2AttributeAuthority;
-import edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAMLAttributeRequestContext;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
 import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.AttributeQueryConfiguration;
-import edu.internet2.middleware.shibboleth.idp.session.ServiceInformation;
-import edu.internet2.middleware.shibboleth.idp.session.Session;
 
 /**
  * SAML 2.0 Attribute Query profile handler.
@@ -59,10 +59,10 @@ import edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext;
 /**
  * SAML 2.0 authentication request profile handler.
  */
-public class AuthenticationRequestProfileHandler extends AbstractSAML2ProfileHandler {
+public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
 
     /** Class logger. */
-    private final Logger log = Logger.getLogger(AuthenticationRequestProfileHandler.class);
+    private final Logger log = Logger.getLogger(SSOProfileHandler.class);
 
     /** Builder of AuthnStatement objects. */
     private SAMLObjectBuilder<AuthnStatement> authnStatementBuilder;
@@ -77,7 +77,7 @@ public class AuthenticationRequestProfileHandler extends AbstractSAML2ProfileHan
     private SAMLObjectBuilder<AuthnContextDeclRef> authnContextDeclRefBuilder;
 
     /** URL of the authentication manager servlet. */
-    private String authenticationManagerURL;
+    private String authenticationManagerPath;
 
     /** URI of request decoder. */
     private String decodingBinding;
@@ -88,16 +88,21 @@ public class AuthenticationRequestProfileHandler extends AbstractSAML2ProfileHan
     /**
      * Constructor.
      * 
+     * @param authnManagerPath path to the authentication manager servlet
      * @param decoder URI of the request decoder to use
      * @param encoder URI of the response encoder to use
      */
     @SuppressWarnings("unchecked")
-    public AuthenticationRequestProfileHandler(String decoder, String encoder) {
+    public SSOProfileHandler(String authnManagerPath, String decoder, String encoder) {
         super();
 
-        if (decoder == null || encoder == null) {
-            throw new IllegalArgumentException("Message decoding and encoding binding URI may not be null");
+        if (authnManagerPath == null || decoder == null || encoder == null) {
+            throw new IllegalArgumentException("AuthN manager path, decoding, encoding bindings URI may not be null");
         }
+        
+        authenticationManagerPath = authnManagerPath;
+        decodingBinding = decoder;
+        encodingBinding = encoder;
 
         authnStatementBuilder = (SAMLObjectBuilder<AuthnStatement>) getBuilderFactory().getBuilder(
                 AuthnStatement.DEFAULT_ELEMENT_NAME);
@@ -153,7 +158,7 @@ public class AuthenticationRequestProfileHandler extends AbstractSAML2ProfileHan
 
             HttpSession httpSession = httpRequest.getSession();
             httpSession.setAttribute(Saml2LoginContext.LOGIN_CONTEXT_KEY, loginContext);
-            RequestDispatcher dispatcher = httpRequest.getRequestDispatcher(authenticationManagerURL);
+            RequestDispatcher dispatcher = httpRequest.getRequestDispatcher(authenticationManagerPath);
             dispatcher.forward(httpRequest, response.getRawResponse());
         } catch (MarshallingException e) {
             log.error("Unable to marshall authentication request context");