Favor UsernamePrincipal when Session.getPrincipalName is called

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2918 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/RemoteUserAuthServlet.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/RemoteUserAuthServlet.java
index 70d1142..95cfc85 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/RemoteUserAuthServlet.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/RemoteUserAuthServlet.java
@@ -1,5 +1,5 @@
 /*
- * Copyright [2006] [University Corporation for Advanced Internet Development, Inc.]
+ * Copyright 2006 University Corporation for Advanced Internet Development, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,14 +28,13 @@ import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
 import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
+import edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal;
 
-/**
- * Extracts the REMOTE_USER and places it in a request attribute to be used by the authentication engine.
- */
+/** Extracts the REMOTE_USER and places it in a request attribute to be used by the authentication engine. */
 public class RemoteUserAuthServlet extends HttpServlet {
 
     /** Serial version UID. */
-    private static final long serialVersionUID = 1745454095756633626L;
+    private static final long serialVersionUID = -6153665874235557534L;    
 
     /** Class logger. */
     private final Logger log = LoggerFactory.getLogger(RemoteUserAuthServlet.class);
@@ -46,7 +45,7 @@ public class RemoteUserAuthServlet extends HttpServlet {
         String principalName = httpRequest.getRemoteUser();
 
         log.debug("Remote user identified as {} returning control back to authentication engine", principalName);
-        httpRequest.setAttribute(LoginHandler.PRINCIPAL_NAME_KEY, httpRequest.getRemoteUser());
+        httpRequest.setAttribute(LoginHandler.PRINCIPAL_KEY, new UsernamePrincipal(principalName));
         AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
     }
 }
\ No newline at end of file

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/UsernamePasswordLoginServlet.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/UsernamePasswordLoginServlet.java
index 85f9446..296e5d6 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/UsernamePasswordLoginServlet.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/provider/UsernamePasswordLoginServlet.java
@@ -160,9 +160,7 @@ public class UsernamePasswordLoginServlet extends HttpServlet {
             Subject loginSubject = jaasLoginCtx.getSubject();
 
             Set<Principal> principals = loginSubject.getPrincipals();
-            if (principals.isEmpty()) {
-                principals.add(new UsernamePrincipal(username));
-            }
+            principals.add(new UsernamePrincipal(username));
 
             Set<Object> publicCredentials = loginSubject.getPublicCredentials();
 

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/session/impl/SessionImpl.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/session/impl/SessionImpl.java
index 17f8cba..4c1ca49 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/session/impl/SessionImpl.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/session/impl/SessionImpl.java
@@ -16,10 +16,15 @@
 
 package edu.internet2.middleware.shibboleth.idp.session.impl;
 
+import java.security.Principal;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
+import javax.security.auth.Subject;
+
 import edu.internet2.middleware.shibboleth.common.session.impl.AbstractSession;
+import edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal;
 import edu.internet2.middleware.shibboleth.idp.session.AuthenticationMethodInformation;
 import edu.internet2.middleware.shibboleth.idp.session.ServiceInformation;
 import edu.internet2.middleware.shibboleth.idp.session.Session;
@@ -79,4 +84,26 @@ public class SessionImpl extends AbstractSession implements Session {
     public synchronized ServiceInformation getServiceInformation(String entityId) {
         return servicesInformation.get(entityId);
     }
+
+    /**
+     * This method will return the first, in an unordered list of principal names registered with the {@link Subject} of
+     * the session. If one or more {@link UsernamePrincipal} principals is registered with the subject the returned
+     * value will be the string form of one of those.
+     * 
+     * {@inheritDoc}
+     */
+    public synchronized String getPrincipalName() {
+        Subject subject = getSubject();
+
+        Set<? extends Principal> principals = subject.getPrincipals(UsernamePrincipal.class);
+        if (principals == null || principals.isEmpty()) {
+            principals = subject.getPrincipals();
+        }
+
+        if (principals == null || principals.isEmpty()) {
+            return null;
+        }
+
+        return principals.iterator().next().getName();
+    }
 }
\ No newline at end of file