Federation metadata is now used for Relying Party lookup when a specific entry does...
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 26 Mar 2004 08:08:32 +0000 (08:08 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 26 Mar 2004 08:08:32 +0000 (08:08 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@938 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/aa/AAServiceProviderMapper.java
src/edu/internet2/middleware/shibboleth/aa/AAServlet.java
src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java
src/edu/internet2/middleware/shibboleth/hs/HSServiceProviderMapper.java
src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java

index 921e90f..d58d74b 100644 (file)
@@ -36,6 +36,7 @@ import edu.internet2.middleware.shibboleth.common.RelyingParty;
 import edu.internet2.middleware.shibboleth.common.ServiceProviderMapper;
 import edu.internet2.middleware.shibboleth.common.ServiceProviderMapperException;
 import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
+import edu.internet2.middleware.shibboleth.metadata.Metadata;
 
 /**
  * Class for determining the effective relying party for the Shibboleth attribute authority from the unique id of the
@@ -59,9 +60,9 @@ public class AAServiceProviderMapper extends ServiceProviderMapper {
         * @throws ServiceProviderMapperException
         *             if the configuration is invalid
         */
-       public AAServiceProviderMapper(Element rawConfig, AAConfig configuration, Credentials credentials)
+       public AAServiceProviderMapper(Element rawConfig, AAConfig configuration, Credentials credentials, Metadata metaData)
                        throws ServiceProviderMapperException {
-
+               super(metaData);
                this.configuration = configuration;
                this.credentials = credentials;
 
index 99f4b6f..70bec06 100755 (executable)
@@ -81,12 +81,13 @@ import edu.internet2.middleware.shibboleth.common.SAMLBindingFactory;
 import edu.internet2.middleware.shibboleth.common.ServiceProviderMapperException;
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
+import edu.internet2.middleware.shibboleth.common.TargetFederationComponent;
 
 /**
  * @author Walter Hoehn
  */
 
-public class AAServlet extends HttpServlet {
+public class AAServlet extends TargetFederationComponent {
 
        private AAConfig                                configuration;
        protected AAResponder                   responder;
@@ -149,10 +150,21 @@ public class AAServlet extends HttpServlet {
                        log.error("Multiple Credentials specifications found, using first.");
                }
                Credentials credentials = new Credentials((Element) itemElements.item(0));
+               
+               //Load metadata
+               itemElements = originConfig.getDocumentElement().getElementsByTagNameNS(
+                               ShibbolethOriginConfig.originConfigNamespace, "FederationProvider");
+               for (int i = 0; i < itemElements.getLength(); i++) {
+                       addFederationProvider((Element) itemElements.item(i));
+               }
+               if (providerCount() < 1) {
+                       log.error("No Federation Provider metadata loaded.");
+                       throw new ShibbolethConfigurationException("Could not load federation metadata.");
+               }
 
                //Load relying party config
                try {
-                       targetMapper = new AAServiceProviderMapper(originConfig.getDocumentElement(), configuration, credentials);
+                       targetMapper = new AAServiceProviderMapper(originConfig.getDocumentElement(), configuration, credentials, this);
                } catch (ServiceProviderMapperException e) {
                        log.error("Could not load origin configuration: " + e);
                        throw new ShibbolethConfigurationException("Could not load origin configuration.");
index 328638d..ee62e02 100644 (file)
@@ -36,6 +36,8 @@ import org.w3c.dom.Element;
 
 import edu.internet2.middleware.shibboleth.aa.AARelyingParty;
 import edu.internet2.middleware.shibboleth.hs.HSRelyingParty;
+import edu.internet2.middleware.shibboleth.metadata.Metadata;
+import edu.internet2.middleware.shibboleth.metadata.Provider;
 
 /**
  * Base class for determining the effective relying party from the unique id of the service provider. Checks first for
@@ -48,6 +50,14 @@ public abstract class ServiceProviderMapper {
 
        private static Logger   log                             = Logger.getLogger(ServiceProviderMapper.class.getName());
        protected Map                   relyingParties  = new HashMap();
+       private Metadata                metaData;
+
+       /**
+        * @param metaData
+        */
+       public ServiceProviderMapper(Metadata metaData) {
+               this.metaData = metaData;
+       }
 
        protected abstract ShibbolethOriginConfig getOriginConfig();
 
@@ -93,11 +103,20 @@ public abstract class ServiceProviderMapper {
 
        private RelyingParty findRelyingPartyByGroup(String providerIdFromTarget) {
 
-               // TODO This is totally a stub and needs to be based on target metadata
-               // lookup
-               if (providerIdFromTarget.startsWith("urn:mace:inqueue:")) {
-                       if (relyingParties.containsKey("urn:mace:inqueue")) {
-                               return (RelyingParty) relyingParties.get("urn:mace:inqueue");
+               Provider provider = metaData.lookup(providerIdFromTarget);
+               if (provider != null) {
+                       String[] groups = provider.getGroups();
+                       for (int i = 0; groups.length > i; i++) {
+                               //We need to iterate backward because the groups go from least to most specific
+                               String group = groups[groups.length - 1 - i];
+                               if (relyingParties.containsKey(group)) {
+                                       log.info("Found matching Relying Party for group (" + group + ").");
+                                       return (RelyingParty) relyingParties.get(group);
+                               } else {
+                                       log
+                                                       .debug("Provider is a member of group (" + group
+                                                                       + "), but no matching Relying Party was found.");
+                               }
                        }
                }
                return null;
@@ -264,7 +283,7 @@ public abstract class ServiceProviderMapper {
        protected class UnknownProviderWrapper implements RelyingParty, HSRelyingParty, AARelyingParty {
 
                protected RelyingParty  wrapped;
-               protected String providerId;
+               protected String                providerId;
 
                protected UnknownProviderWrapper(RelyingParty wrapped, String providerId) {
                        this.wrapped = wrapped;
index 7c04595..4904232 100644 (file)
@@ -41,6 +41,7 @@ import edu.internet2.middleware.shibboleth.common.RelyingParty;
 import edu.internet2.middleware.shibboleth.common.ServiceProviderMapper;
 import edu.internet2.middleware.shibboleth.common.ServiceProviderMapperException;
 import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
+import edu.internet2.middleware.shibboleth.metadata.Metadata;
 
 /**
  * Class for determining the effective relying party for the Shibboleth handle service from the unique id of the
@@ -70,8 +71,8 @@ public class HSServiceProviderMapper extends ServiceProviderMapper {
         *             if the configuration is invalid
         */
        public HSServiceProviderMapper(Element rawConfig, HSConfig configuration, Credentials credentials,
-                       HSNameMapper nameMapper) throws ServiceProviderMapperException {
-
+                       HSNameMapper nameMapper, Metadata metaData) throws ServiceProviderMapperException {
+               super(metaData);
                this.configuration = configuration;
                this.credentials = credentials;
                this.nameMapper = nameMapper;
index 00f242f..56aaac8 100644 (file)
@@ -115,16 +115,7 @@ public class HandleServlet extends TargetFederationComponent {
                                log.error("Name Identifier mapping could not be loaded: " + e);
                        }
                }
-
-               //Load relying party config
-               try {
-                       targetMapper = new HSServiceProviderMapper(originConfig.getDocumentElement(), configuration, credentials,
-                                       nameMapper);
-               } catch (ServiceProviderMapperException e) {
-                       log.error("Could not load origin configuration: " + e);
-                       throw new ShibbolethConfigurationException("Could not load origin configuration.");
-               }
-
+               
                //Load metadata
                itemElements = originConfig.getDocumentElement().getElementsByTagNameNS(
                                ShibbolethOriginConfig.originConfigNamespace, "FederationProvider");
@@ -135,6 +126,17 @@ public class HandleServlet extends TargetFederationComponent {
                        log.error("No Federation Provider metadata loaded.");
                        throw new ShibbolethConfigurationException("Could not load federation metadata.");
                }
+
+               //Load relying party config
+               try {
+                       targetMapper = new HSServiceProviderMapper(originConfig.getDocumentElement(), configuration, credentials,
+                                       nameMapper, this);
+               } catch (ServiceProviderMapperException e) {
+                       log.error("Could not load origin configuration: " + e);
+                       throw new ShibbolethConfigurationException("Could not load origin configuration.");
+               }
+
+
        }
 
        public void init() throws ServletException {