More work on profile handlers, still have some more refactoring to do
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sun, 13 May 2007 00:12:52 +0000 (00:12 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sun, 13 May 2007 00:12:52 +0000 (00:12 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2191 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ArtifactQuery.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSO.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractAttributeQuery.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/ArtifactResolution.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AuthenticationRequestBrowserPost.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/HTTPSOAPAttributeQuery.java

index e993cbb..81832a2 100644 (file)
 package edu.internet2.middleware.shibboleth.idp.profile;
 
 import javax.servlet.ServletRequest;
 package edu.internet2.middleware.shibboleth.idp.profile;
 
 import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 
 
+import org.apache.log4j.Logger;
 import org.opensaml.common.IdentifierGenerator;
 import org.opensaml.common.IdentifierGenerator;
-import org.opensaml.common.binding.MessageDecoder;
-import org.opensaml.common.binding.MessageEncoder;
+import org.opensaml.common.binding.decoding.MessageDecoderFactory;
+import org.opensaml.common.binding.encoding.MessageEncoderFactory;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 
+import edu.internet2.middleware.shibboleth.common.log.AuditLogEntry;
 import edu.internet2.middleware.shibboleth.common.profile.AbstractProfileHandler;
 import edu.internet2.middleware.shibboleth.common.profile.AbstractProfileHandler;
-import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
-import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager;
 import edu.internet2.middleware.shibboleth.idp.session.Session;
 
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager;
 import edu.internet2.middleware.shibboleth.idp.session.Session;
 
@@ -38,9 +38,18 @@ import edu.internet2.middleware.shibboleth.idp.session.Session;
 public abstract class AbstractSAMLProfileHandler extends
         AbstractProfileHandler<SAMLMDRelyingPartyConfigurationManager, Session> {
 
 public abstract class AbstractSAMLProfileHandler extends
         AbstractProfileHandler<SAMLMDRelyingPartyConfigurationManager, Session> {
 
+    /** SAML message audit log. */
+    private final Logger auditLog = Logger.getLogger(AuditLogEntry.AUDIT_LOGGER_NAME);
+
     /** Generator of IDs which may be used for SAML assertions, requests, etc. */
     private IdentifierGenerator idGenerator;
 
     /** Generator of IDs which may be used for SAML assertions, requests, etc. */
     private IdentifierGenerator idGenerator;
 
+    /** Factory of message decoders. */
+    private MessageDecoderFactory decoderFactory;
+
+    /** Factory of message encoders. */
+    private MessageEncoderFactory encoderFactory;
+
     /** Constructor. */
     protected AbstractSAMLProfileHandler() {
         super();
     /** Constructor. */
     protected AbstractSAMLProfileHandler() {
         super();
@@ -57,63 +66,63 @@ public abstract class AbstractSAMLProfileHandler extends
     }
 
     /**
     }
 
     /**
-     * A convenience method for retrieving the SAML metadata provider from the relying party manager.
+     * Gets the factory used to build new message decoders.
      * 
      * 
-     * @return the metadata provider or null
+     * @return factory used to build new message decoders
      */
      */
-    public MetadataProvider getMetadataProvider() {
-        SAMLMDRelyingPartyConfigurationManager rpcManager = getRelyingPartyConfigurationManager();
-        if (rpcManager != null) {
-            return rpcManager.getMetadataProvider();
-        }
-
-        return null;
+    public MessageDecoderFactory getMessageDecoderFactory() {
+        return decoderFactory;
     }
     }
-    
+
     /**
     /**
-     * Populates the given message decoder with the profile handler's metadata provider.
+     * Sets the factory used to build new message decoders.
      * 
      * 
-     * {@inheritDoc}
+     * @param factory factory used to build new message decoders
      */
      */
-    @SuppressWarnings("unchecked")
-    protected void populateMessageDecoder(MessageDecoder<ServletRequest> decoder){
-        super.populateMessageDecoder(decoder);
-        decoder.setMetadataProvider(getMetadataProvider());
+    public void setMessageDecoderFactory(MessageDecoderFactory factory) {
+        decoderFactory = factory;
     }
     }
-    
+
     /**
     /**
-     * Populates the given message encoder with the profile handler's metadata provider.
+     * Gets the factory used to build message encoders.
      * 
      * 
-     * {@inheritDoc}
+     * @return factory used to build message encoders
      */
      */
-    protected void populateMessageEncoder(MessageEncoder<ServletResponse> encoder) {
-        super.populateMessageEncoder(encoder);
-        encoder.setMetadataProvider(getMetadataProvider());
+    public MessageEncoderFactory getMessageEncoderFactory() {
+        return encoderFactory;
     }
 
     /**
     }
 
     /**
-     * Gets the message decoder to use in this query.
+     * Sets the factory used to build message encoders.
      * 
      * 
-     * @param request attribute request
-     * 
-     * @return message decoder to use in this query
-     * 
-     * @throws ProfileException thrown if a message decoder can not be created for the given request
+     * @param factory factory used to build message encoders
      */
      */
-    protected abstract MessageDecoder<ServletRequest> getMessageDecoder(ProfileRequest<ServletRequest> request)
-            throws ProfileException;
+    public void setMessageEncoderFactory(MessageEncoderFactory factory) {
+        encoderFactory = factory;
+    }
 
     /**
 
     /**
-     * Gets the message encoder to use in this query.
-     * 
-     * @param response attribute query response
+     * A convenience method for retrieving the SAML metadata provider from the relying party manager.
      * 
      * 
-     * @return message encoder to use in this query
+     * @return the metadata provider or null
+     */
+    public MetadataProvider getMetadataProvider() {
+        SAMLMDRelyingPartyConfigurationManager rpcManager = getRelyingPartyConfigurationManager();
+        if (rpcManager != null) {
+            return rpcManager.getMetadataProvider();
+        }
+
+        return null;
+    }
+
+    /**
+     * Gets the audit log for this handler.
      * 
      * 
-     * @throws ProfileException thrown if a message encoder can not be created for the given request
+     * @return audit log for this handler
      */
      */
-    protected abstract MessageEncoder<ServletResponse> getMessageEncoder(ProfileResponse<ServletResponse> response)
-            throws ProfileException;
+    protected Logger getAduitLog() {
+        return auditLog;
+    }
 
     /**
      * Gets the user's session ID from the current request.
 
     /**
      * Gets the user's session ID from the current request.
@@ -122,5 +131,12 @@ public abstract class AbstractSAMLProfileHandler extends
      * 
      * @return user's session ID
      */
      * 
      * @return user's session ID
      */
-    protected abstract String getUserSessionId(ProfileRequest<ServletRequest> request);
+    protected String getUserSessionId(ProfileRequest<ServletRequest> request) {
+        HttpServletRequest rawRequest = (HttpServletRequest) request.getRawRequest();
+        if (rawRequest != null) {
+            return (String) rawRequest.getSession().getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
+        }
+
+        return null;
+    }
 }
\ No newline at end of file
 }
\ No newline at end of file
index ef2e3cf..320e418 100644 (file)
 package edu.internet2.middleware.shibboleth.idp.profile.saml1;
 
 import javax.servlet.ServletException;
 package edu.internet2.middleware.shibboleth.idp.profile.saml1;
 
 import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
 
 
+import org.opensaml.common.binding.decoding.MessageDecoder;
+import org.opensaml.common.binding.encoding.MessageEncoder;
+
+import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
 
@@ -26,8 +32,27 @@ import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
 public class ArtifactQuery extends AbstractSAML1ProfileHandler {
 
     /** {@inheritDoc} */
 public class ArtifactQuery extends AbstractSAML1ProfileHandler {
 
     /** {@inheritDoc} */
-    public boolean processRequest(ProfileRequest request, ProfileResponse response) throws ServletException {
+    protected MessageDecoder<ServletRequest> getMessageDecoder(ProfileRequest<ServletRequest> request) throws ProfileException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    protected MessageEncoder<ServletResponse> getMessageEncoder(ProfileResponse<ServletResponse> response) throws ProfileException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    protected String getUserSessionId(ProfileRequest<ServletRequest> request) {
         // TODO Auto-generated method stub
         // TODO Auto-generated method stub
-        return false;
+        return null;
     }
     }
+
+    /** {@inheritDoc} */
+    public void processRequest(ProfileRequest<ServletRequest> request, ProfileResponse<ServletResponse> response) throws ProfileException {
+        // TODO Auto-generated method stub
+        
+    }
+
 }
\ No newline at end of file
 }
\ No newline at end of file
index 374245a..157eadc 100644 (file)
@@ -44,9 +44,9 @@ import org.bouncycastle.util.encoders.Hex;
 import org.joda.time.DateTime;
 import org.opensaml.Configuration;
 import org.opensaml.common.SAMLVersion;
 import org.joda.time.DateTime;
 import org.opensaml.Configuration;
 import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.binding.SAMLArtifact;
-import org.opensaml.common.binding.SAMLArtifactFactory;
-import org.opensaml.common.binding.ArtifactMap;
+import org.opensaml.common.binding.artifact.SAMLArtifactMap;
+import org.opensaml.common.binding.artifact.SAMLArtifact;
+import org.opensaml.common.binding.artifact.SAMLArtifactFactory;
 import org.opensaml.saml1.core.Assertion;
 import org.opensaml.saml1.core.AttributeStatement;
 import org.opensaml.saml1.core.Audience;
 import org.opensaml.saml1.core.Assertion;
 import org.opensaml.saml1.core.AttributeStatement;
 import org.opensaml.saml1.core.Audience;
@@ -107,7 +107,7 @@ public class ShibbolethSSO extends AbstractSAML1ProfileHandler {
     /**
      * Backing store for artifacts. This must be shared between ShibbolethSSO and AttributeQuery.
      */
     /**
      * Backing store for artifacts. This must be shared between ShibbolethSSO and AttributeQuery.
      */
-    protected ArtifactMap artifactMap;
+    protected SAMLArtifactMap artifactMap;
 
     /** The path to the IdP's AuthenticationManager servlet */
     protected String authnMgrURL;
 
     /** The path to the IdP's AuthenticationManager servlet */
     protected String authnMgrURL;
@@ -269,7 +269,7 @@ public class ShibbolethSSO extends AbstractSAML1ProfileHandler {
      * 
      * @param artifactMap the Artifact mapping backing store.
      */
      * 
      * @param artifactMap the Artifact mapping backing store.
      */
-    public void setArtifactMap(ArtifactMap artifactMap) {
+    public void setArtifactMap(SAMLArtifactMap artifactMap) {
         this.artifactMap = artifactMap;
     }
 
         this.artifactMap = artifactMap;
     }
 
@@ -278,7 +278,7 @@ public class ShibbolethSSO extends AbstractSAML1ProfileHandler {
      * 
      * @return An ArtifactMap instance.
      */
      * 
      * @return An ArtifactMap instance.
      */
-    public ArtifactMap getArtifactMap() {
+    public SAMLArtifactMap getArtifactMap() {
         return artifactMap;
     }
 
         return artifactMap;
     }
 
index 78c4c3e..4c45a33 100644 (file)
@@ -22,8 +22,9 @@ import javax.servlet.ServletResponse;
 import org.apache.log4j.Logger;
 import org.joda.time.DateTime;
 import org.opensaml.common.binding.BindingException;
 import org.apache.log4j.Logger;
 import org.joda.time.DateTime;
 import org.opensaml.common.binding.BindingException;
-import org.opensaml.common.binding.MessageDecoder;
-import org.opensaml.common.binding.MessageEncoder;
+import org.opensaml.common.binding.decoding.MessageDecoder;
+import org.opensaml.common.binding.encoding.MessageEncoder;
+import org.opensaml.log.Level;
 import org.opensaml.saml2.core.Assertion;
 import org.opensaml.saml2.core.AttributeQuery;
 import org.opensaml.saml2.core.AttributeStatement;
 import org.opensaml.saml2.core.Assertion;
 import org.opensaml.saml2.core.AttributeQuery;
 import org.opensaml.saml2.core.AttributeStatement;
@@ -33,6 +34,7 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException;
 import edu.internet2.middleware.shibboleth.common.attribute.SAML2AttributeAuthority;
 import edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethAttributeRequestContext;
 import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestException;
 import edu.internet2.middleware.shibboleth.common.attribute.SAML2AttributeAuthority;
 import edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethAttributeRequestContext;
+import edu.internet2.middleware.shibboleth.common.log.AuditLogEntry;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
@@ -49,93 +51,128 @@ public abstract class AbstractAttributeQuery extends AbstractSAML2ProfileHandler
     /** Class logger. */
     private static Logger log = Logger.getLogger(AbstractAttributeQuery.class);
 
     /** Class logger. */
     private static Logger log = Logger.getLogger(AbstractAttributeQuery.class);
 
+    /** {@inheritDoc} */
+    public String getProfileId() {
+        return "urn:oasis:names:tc:SAML:2.0:profiles:query";
+    }
+
+    /** {@inheritDoc} */
+    public void processRequest(ProfileRequest<ServletRequest> request, ProfileResponse<ServletResponse> response)
+            throws ProfileException {
+
+        AttributeQueryRequestContext requestContext = new AttributeQueryRequestContext(request, response);
+
+        getMessageDecoder(requestContext);
+        
+        decodeRequest(requestContext);
+
+        buildResponse(requestContext);
+
+        getMessageEncoder(requestContext);
+
+        try {
+            requestContext.getMessageEncoder().encode();
+            writeAuditLogEntry(requestContext);
+        } catch (BindingException e) {
+            log.error("Unable to encode response the relying party: " + requestContext.getRelyingPartyId(), e);
+            throw new ProfileException("Unable to encode response the relying party: "
+                    + requestContext.getRelyingPartyId(), e);
+        }
+    }
+
     /**
     /**
-     * Gets the {@link AttributeQueryConfiguration} for the service provider identified by the given ID.
+     * Gets a populated message decoder.
      * 
      * 
-     * @param spId entity ID of the service provider
+     * @param requestContext current request context
      * 
      * 
-     * @return configuration for the given service provider or null
+     * @throws ProfileException thrown if there is no message decoder that may be used to decoder the incoming request
      */
      */
-    protected AttributeQueryConfiguration getAttributeQueryConfiguration(String spId) {
-        return (AttributeQueryConfiguration) getProfileConfiguration(spId, AttributeQueryConfiguration.PROFILE_ID);
-    }
+    protected abstract void getMessageDecoder(AttributeQueryRequestContext requestContext) throws ProfileException;
 
     /**
 
     /**
-     * Gets the attribute authority for the service provider identified by the given ID.
+     * Gets a populated message encoder.
      * 
      * 
-     * @param spId entity ID of the service provider
+     * @param requestContext current request context
      * 
      * 
-     * @return attribute authority for the service provider or null
+     * @throws ProfileException thrown if there is no message encoder that may be used to encoder the outgoing response
      */
      */
-    protected SAML2AttributeAuthority getAttributeAuthority(String spId) {
-        AttributeQueryConfiguration config = getAttributeQueryConfiguration(spId);
-        if (config != null) {
-            return config.getAttributeAuthority();
-        }
-
-        return null;
-    }
+    protected abstract void getMessageEncoder(AttributeQueryRequestContext requestContext) throws ProfileException;
 
 
-    /** {@inheritDoc} */
-    public void processRequest(ProfileRequest<ServletRequest> request, ProfileResponse<ServletResponse> response)
+    /**
+     * Decodes the message in the request and adds it to the request context.
+     * 
+     * @param requestContext request context contianing the request to decode
+     * 
+     * @throws ProfileException throw if there is a problem decoding the request
+     */
+    protected void decodeRequest(AttributeQueryRequestContext requestContext)
             throws ProfileException {
             throws ProfileException {
-        MessageDecoder<ServletRequest> decoder = getMessageDecoder(request);
-        populateMessageDecoder(decoder);
-        decoder.setRequest(request.getRawRequest());
 
 
-        // get message from the decoder
-        AttributeQuery attributeQuery = null;
         try {
         try {
-            decoder.decode();
+            requestContext.getMessageDecoder().decode();
             if (log.isDebugEnabled()) {
                 log.debug("decoded http servlet request");
             }
             if (log.isDebugEnabled()) {
                 log.debug("decoded http servlet request");
             }
-            attributeQuery = (AttributeQuery) decoder.getSAMLMessage();
+            requestContext.setAttributeQuery((AttributeQuery) requestContext.getMessageDecoder().getSAMLMessage());
         } catch (BindingException e) {
             log.error("Error decoding attribute query message", e);
             throw new ProfileException("Error decoding attribute query message");
         }
         } catch (BindingException e) {
             log.error("Error decoding attribute query message", e);
             throw new ProfileException("Error decoding attribute query message");
         }
+    }
 
 
-        String spEntityId = attributeQuery.getIssuer().getValue();
-        String userSessionId = getUserSessionId(request);
-        Session userSession = getSessionManager().getSession(userSessionId);
-        RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(spEntityId);
-        AttributeQueryConfiguration profileConfig = getAttributeQueryConfiguration(spEntityId);
+    /**
+     * Builds a response to the attribute query within the request context.
+     * 
+     * @param requestContext current request context
+     * 
+     * @throws ProfileException thrown if there is a problem creating the SAML response
+     */
+    protected void buildResponse(AttributeQueryRequestContext requestContext) throws ProfileException {
         DateTime issueInstant = new DateTime();
 
         DateTime issueInstant = new DateTime();
 
-        ShibbolethAttributeRequestContext attributeRequestContext = buildAttributeRequestContext(spEntityId,
-                userSession, request);
+        // create the attribute statement
+        AttributeStatement attributeStatement = buildAttributeStatement(requestContext);
 
 
-        // resolve attributes with the attribute authority
-        AttributeStatement attributeStatement = null;
-        try {
-            SAML2AttributeAuthority attributeAuthority = profileConfig.getAttributeAuthority();
-            attributeStatement = attributeAuthority.performAttributeQuery(attributeRequestContext);
-        } catch (AttributeRequestException e) {
-            log.error("Error resolving attributes", e);
-            throw new ProfileException("Error resolving attributes", e);
-        }
+        // create the assertion and add the attribute statement
+        Assertion assertion = buildAssertion(issueInstant, requestContext.getRelyingPartyConfiguration(),
+                requestContext.getProfileConfiguration());
+        assertion.getAttributeStatements().add(attributeStatement);
 
 
-        // construct attribute response
+        // create the SAML response and add the assertion
         Response samlResponse = getResponseBuilder().buildObject();
         Response samlResponse = getResponseBuilder().buildObject();
-        populateStatusResponse(samlResponse, issueInstant, attributeQuery, rpConfig);
-
-        Assertion assertion = buildAssertion(issueInstant, rpConfig, profileConfig);
-        assertion.getAttributeStatements().add(attributeStatement);
+        populateStatusResponse(samlResponse, issueInstant, requestContext.getAttributeQuery(), requestContext
+                .getRelyingPartyConfiguration());
+        // TODO handle subject
         samlResponse.getAssertions().add(assertion);
 
         samlResponse.getAssertions().add(assertion);
 
-        signAssertion(assertion, rpConfig, profileConfig);
-        signResponse(samlResponse, rpConfig, profileConfig);
+        // sign the assertion if it should be signed
+        signAssertion(assertion, requestContext.getRelyingPartyConfiguration(), requestContext
+                .getProfileConfiguration());
+
+        requestContext.setAttributeQueryResponse(samlResponse);
+    }
 
 
-        MessageEncoder<ServletResponse> messageEncoder = getMessageEncoder(response);
-        populateMessageEncoder(messageEncoder);
-        messageEncoder.setRelyingParty(spEntityId);
-        messageEncoder.setSAMLMessage(samlResponse);
+    /**
+     * Executes a query for attributes and builds a SAML attribute statement from the results.
+     * 
+     * @param requestContext current request context
+     * 
+     * @return attribute statement resulting from the query
+     * 
+     * @throws ProfileException thrown if there is a problem making the query
+     */
+    protected AttributeStatement buildAttributeStatement(AttributeQueryRequestContext requestContext)
+            throws ProfileException {
+        ShibbolethAttributeRequestContext attributeRequestContext = buildAttributeRequestContext(requestContext
+                .getRelyingPartyId(), requestContext.getUserSession(), requestContext.getProfileRequest());
 
         try {
 
         try {
-            messageEncoder.encode();
-        } catch (BindingException e) {
-            // TODO
+            SAML2AttributeAuthority attributeAuthority = requestContext.getProfileConfiguration()
+                    .getAttributeAuthority();
+            return attributeAuthority.performAttributeQuery(attributeRequestContext);
+        } catch (AttributeRequestException e) {
+            log.error("Error resolving attributes", e);
+            throw new ProfileException("Error resolving attributes", e);
         }
     }
 
         }
     }
 
@@ -167,4 +204,204 @@ public abstract class AbstractAttributeQuery extends AbstractSAML2ProfileHandler
             throw new ProfileException("Error retrieving metadata", e);
         }
     }
             throw new ProfileException("Error retrieving metadata", e);
         }
     }
+
+    /**
+     * Writes an aduit log entry indicating the successful response to the attribute request.
+     * 
+     * @param requestContext current request context
+     */
+    protected void writeAuditLogEntry(AttributeQueryRequestContext requestContext) {
+        AuditLogEntry auditLogEntry = new AuditLogEntry();
+        auditLogEntry.setMessageProfile(getProfileId());
+        auditLogEntry.setPrincipalAuthenticationMethod(requestContext.getUserSession().getServiceInformation(
+                requestContext.getRelyingPartyId()).getAuthenticationMethod().getAuthenticationMethod());
+        auditLogEntry.setPrincipalId(requestContext.getUserSession().getPrincipalID());
+        auditLogEntry.setProviderId(requestContext.getRelyingPartyConfiguration().getProviderId());
+        auditLogEntry.setRelyingPartyId(requestContext.getRelyingPartyId());
+        auditLogEntry.setRequestBinding(requestContext.getMessageDecoder().getBindingURI());
+        auditLogEntry.setRequestId(requestContext.getAttributeQuery().getID());
+        auditLogEntry.setResponseBinding(requestContext.getMessageEncoder().getBindingURI());
+        auditLogEntry.setResponseId(requestContext.getAttributeQueryResponse().getID());
+        getAduitLog().log(Level.CRITICAL, auditLogEntry);
+    }
+
+    /** Basic data structure used to accumulate information as a request is being processed. */
+    protected class AttributeQueryRequestContext {
+
+        /** Current user's session. */
+        private Session userSession;
+
+        /** Current profile request. */
+        private ProfileRequest<ServletRequest> profileRequest;
+
+        /** Decoder used to decode the incoming request. */
+        private MessageDecoder<ServletRequest> messageDecoder;
+
+        /** Current profile response. */
+        private ProfileResponse<ServletResponse> profileResponse;
+
+        /** Encoder used to encode the outgoing response. */
+        private MessageEncoder<ServletResponse> messageEncoder;
+
+        /** Attribute query made by the relying party. */
+        private AttributeQuery attributeQuery;
+
+        /** Attribute query response to the relying party. */
+        private Response attributeQueryResponse;
+
+        /** ID of the relying party. */
+        private String relyingPartyId;
+
+        /** Relying party configuration information. */
+        private RelyingPartyConfiguration relyingPartyConfiguration;
+
+        /** Attribute query profile configuration for the relying party. */
+        private AttributeQueryConfiguration profileConfiguration;
+
+        /**
+         * Constructor.
+         * 
+         * @param request current profile request
+         * @param response current profile response
+         */
+        public AttributeQueryRequestContext(ProfileRequest<ServletRequest> request,
+                ProfileResponse<ServletResponse> response) {
+            userSession = getSessionManager().getSession(getUserSessionId(request));
+            profileRequest = request;
+            profileResponse = response;
+
+        }
+
+        /**
+         * Gets the attribute query from the relying party.
+         * 
+         * @return attribute query from the relying party
+         */
+        public AttributeQuery getAttributeQuery() {
+            return attributeQuery;
+        }
+
+        /**
+         * Sets the attribute query from the relying party. This also populates the relying party ID, configuration, and
+         * profile configuration using information from the query.
+         * 
+         * @param query attribute query from the relying party
+         */
+        public void setAttributeQuery(AttributeQuery query) {
+            attributeQuery = query;
+            relyingPartyId = attributeQuery.getIssuer().getValue();
+            relyingPartyConfiguration = getRelyingPartyConfigurationManager().getRelyingPartyConfiguration(
+                    relyingPartyId);
+            profileConfiguration = (AttributeQueryConfiguration) relyingPartyConfiguration
+                    .getProfileConfiguration(AttributeQueryConfiguration.PROFILE_ID);
+        }
+
+        /**
+         * Gets the attribute query response.
+         * 
+         * @return attribute query response
+         */
+        public Response getAttributeQueryResponse() {
+            return attributeQueryResponse;
+        }
+
+        /**
+         * Sets the attribute query response.
+         * 
+         * @param response attribute query response
+         */
+        public void setAttributeQueryResponse(Response response) {
+            attributeQueryResponse = response;
+        }
+
+        /**
+         * Gets the decoder used to decode the request.
+         * 
+         * @return decoder used to decode the request
+         */
+        public MessageDecoder<ServletRequest> getMessageDecoder() {
+            return messageDecoder;
+        }
+
+        /**
+         * Sets the decoder used to decode the request.
+         * 
+         * @param decoder decoder used to decode the request
+         */
+        public void setMessageDecoder(MessageDecoder<ServletRequest> decoder) {
+            messageDecoder = decoder;
+        }
+
+        /**
+         * Gets the encoder used to encoder the response.
+         * 
+         * @return encoder used to encoder the response
+         */
+        public MessageEncoder<ServletResponse> getMessageEncoder() {
+            return messageEncoder;
+        }
+
+        /**
+         * Sets the encoder used to encoder the response.
+         * 
+         * @param encoder encoder used to encoder the response
+         */
+        public void setMessageEncoder(MessageEncoder<ServletResponse> encoder) {
+            messageEncoder = encoder;
+        }
+
+        /**
+         * Gets the attribute profile configuration for the relying party.
+         * 
+         * @return attribute profile configuration for the relying party
+         */
+        public AttributeQueryConfiguration getProfileConfiguration() {
+            return profileConfiguration;
+        }
+
+        /**
+         * Gets the current profile request.
+         * 
+         * @return current profile request
+         */
+        public ProfileRequest<ServletRequest> getProfileRequest() {
+            return profileRequest;
+        }
+
+        /**
+         * Gets the current profile response.
+         * 
+         * @return current profile response
+         */
+        public ProfileResponse<ServletResponse> getProfileResponse() {
+            return profileResponse;
+        }
+
+        /**
+         * Gets the configuration information specific to the relying party that made the attribute query.
+         * 
+         * @return configuration information specific to the relying party that made the attribute query
+         */
+        public RelyingPartyConfiguration getRelyingPartyConfiguration() {
+            return relyingPartyConfiguration;
+        }
+
+        /**
+         * Gets the ID of the relying party.
+         * 
+         * @return ID of the relying party
+         */
+        public String getRelyingPartyId() {
+            return relyingPartyId;
+        }
+
+        /**
+         * Gets the current user's session.
+         * 
+         * @return current user's session
+         */
+        public Session getUserSession() {
+            return userSession;
+        }
+    }
 }
\ No newline at end of file
 }
\ No newline at end of file
index cb96804..bef39fa 100644 (file)
 
 package edu.internet2.middleware.shibboleth.idp.profile.saml2;
 
 
 package edu.internet2.middleware.shibboleth.idp.profile.saml2;
 
-import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
 
 
+import org.opensaml.common.binding.decoding.MessageDecoder;
+import org.opensaml.common.binding.encoding.MessageEncoder;
+
+import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
 
@@ -27,8 +32,26 @@ import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
 public class ArtifactResolution extends AbstractSAML2ProfileHandler {
 
     /** {@inheritDoc} */
 public class ArtifactResolution extends AbstractSAML2ProfileHandler {
 
     /** {@inheritDoc} */
-    public boolean processRequest(ProfileRequest request, ProfileResponse response) throws ServletException {
+    protected MessageDecoder<ServletRequest> getMessageDecoder(ProfileRequest<ServletRequest> request) throws ProfileException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    protected MessageEncoder<ServletResponse> getMessageEncoder(ProfileResponse<ServletResponse> response) throws ProfileException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    protected String getUserSessionId(ProfileRequest<ServletRequest> request) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    public void processRequest(ProfileRequest<ServletRequest> request, ProfileResponse<ServletResponse> response) throws ProfileException {
         // TODO Auto-generated method stub
         // TODO Auto-generated method stub
-        return false;
+        
     }
 }
\ No newline at end of file
     }
 }
\ No newline at end of file
index ebe2d94..c26bdc7 100644 (file)
@@ -32,11 +32,11 @@ import edu.internet2.middleware.shibboleth.common.relyingparty.saml2.SSOConfigur
 import org.apache.log4j.Logger;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BindingException;
 import org.apache.log4j.Logger;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BindingException;
-import org.opensaml.common.binding.MessageDecoder;
+import org.opensaml.common.binding.decoding.MessageDecoder;
 import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.saml2.core.Issuer;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.saml2.core.Issuer;
 import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.binding.HTTPPostDecoder;
+import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 
 /**
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 
 /**
index 2d53b2c..4cc457f 100644 (file)
@@ -18,23 +18,20 @@ package edu.internet2.middleware.shibboleth.idp.profile.saml2;
 
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
 
 
-import org.opensaml.common.binding.MessageDecoder;
-import org.opensaml.common.binding.MessageEncoder;
-import org.opensaml.saml2.binding.HTTPSOAP11Decoder;
-import org.opensaml.saml2.binding.HTTPSOAP11Encoder;
+import org.opensaml.common.binding.decoding.MessageDecoder;
+import org.opensaml.common.binding.encoding.MessageEncoder;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
-import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
-import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
-import edu.internet2.middleware.shibboleth.idp.session.Session;
 
 /**
  * SAML 2.0 SOAP Attribute Query profile handler.
  */
 public class HTTPSOAPAttributeQuery extends AbstractAttributeQuery {
 
 
 /**
  * SAML 2.0 SOAP Attribute Query profile handler.
  */
 public class HTTPSOAPAttributeQuery extends AbstractAttributeQuery {
 
+    /** SAML binding URI. */
+    public static final String BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
+
     /** Constructor. */
     public HTTPSOAPAttributeQuery() {
         super();
     /** Constructor. */
     public HTTPSOAPAttributeQuery() {
         super();
@@ -42,29 +39,27 @@ public class HTTPSOAPAttributeQuery extends AbstractAttributeQuery {
 
     /** {@inheritDoc} */
     @SuppressWarnings("unchecked")
 
     /** {@inheritDoc} */
     @SuppressWarnings("unchecked")
-    protected MessageDecoder<ServletRequest> getMessageDecoder(ProfileRequest<ServletRequest> request)
-            throws ProfileException {
-        MessageDecoder decoder = new HTTPSOAP11Decoder();
-        decoder.setRequest(request.getRawRequest());
-        return decoder;
+    protected void getMessageDecoder(AttributeQueryRequestContext requestContext) throws ProfileException {
+        MessageDecoder<ServletRequest> decoder = getMessageDecoderFactory().getMessageDecoder(BINDING);
+        if (decoder == null) {
+            throw new ProfileException("No request decoder was registered for binding type: " + BINDING);
+        }
+
+        requestContext.setMessageDecoder(decoder);
+        decoder.setRequest(requestContext.getProfileRequest().getRawRequest());
     }
 
     /** {@inheritDoc} */
     @SuppressWarnings("unchecked")
     }
 
     /** {@inheritDoc} */
     @SuppressWarnings("unchecked")
-    protected MessageEncoder<ServletResponse> getMessageEncoder(ProfileResponse<ServletResponse> response)
-            throws ProfileException {
-        MessageEncoder encoder = new HTTPSOAP11Encoder();
-        encoder.setResponse(response.getRawResponse());
-        return encoder;
-    }
+    protected void getMessageEncoder(AttributeQueryRequestContext requestContext) throws ProfileException {
 
 
-    /** {@inheritDoc} */
-    protected String getUserSessionId(ProfileRequest<ServletRequest> request) {
-        HttpServletRequest rawRequest = (HttpServletRequest) request.getRawRequest();
-        if (rawRequest != null) {
-            return (String) rawRequest.getSession().getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
+        MessageEncoder<ServletResponse> encoder = getMessageEncoderFactory().getMessageEncoder(BINDING);
+        if (encoder == null) {
+            throw new ProfileException("No response encoder was registered for binding type: " + BINDING);
         }
 
         }
 
-        return null;
+        requestContext.setMessageEncoder(encoder);
+        encoder.setResponse(requestContext.getProfileResponse().getRawResponse());
+        encoder.setSamlMessage(requestContext.getAttributeQueryResponse());
     }
 }
\ No newline at end of file
     }
 }
\ No newline at end of file