/*
* The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
- * All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
- * following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
- * disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided with the distribution, if any, must include the
- * following acknowledgment: "This product includes software developed by the University Corporation for Advanced
- * Internet Development <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement may appear in the
- * software itself, if and wherever such third-party acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor the University Corporation for
- * Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote products derived from this software
- * without specific prior written permission. For written permission, please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the University Corporation
- * for Advanced Internet Development, nor may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE,
- * ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package edu.internet2.middleware.shibboleth.common;
*/
public interface NameIdentifierMapping {
- public static final String mappingNamespace = "urn:mace:shibboleth:namemapper:1.0";
+ public static final String mappingNamespace = "urn:mace:shibboleth:namemapper:1.0";
/**
* Returns the Name Identifier format for this mapping.
public URI getNameIdentifierFormat();
/**
- * Maps a SAML Name Identifier to a local principal using the appropriate registered mapping.
+ * Maps a SAML Name Identifier to a local principal using the appropriate registered mapping. Must ensure that the
+ * SAML NameIdentifer is properly qualified.
*
* @param nameId
* the SAML Name Identifier that should be converted
* If the {@link SAMLNameIdentifier}contains invalid data
*/
public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
- throws NameIdentifierMappingException, InvalidNameIdentifierException;
+ throws NameIdentifierMappingException, InvalidNameIdentifierException;
/**
* Cleanup resources that won't be released when this object is garbage-collected
*/
public void destroy();
-}
+}
\ No newline at end of file
*/
public void addNameMapping(Element e) throws NameIdentifierMappingException {
- if (!e.getLocalName().equals("NameMapping")) {
- throw new IllegalArgumentException();
- }
+ if (!e.getLocalName().equals("NameMapping")) { throw new IllegalArgumentException(); }
log.info("Found Name Mapping. Loading...");
* @return the mapping or <code>null</code> if no mapping is registered for the given format
*/
public NameIdentifierMapping getNameIdentifierMapping(URI format) {
-
- if (format.toString().equals("urn:mace:shibboleth:test:nameIdentifier")) {
- return new TestNameIdentifierMapping();
- }
-
- if (!initialized) {
- return defaultMapping;
- }
-
+
+ if (format.toString().equals("urn:mace:shibboleth:test:nameIdentifier")) { return new TestNameIdentifierMapping(); }
+
+ if (!initialized) { return defaultMapping; }
+
return (NameIdentifierMapping) byFormat.get(format);
}
throws NameIdentifierMappingException, InvalidNameIdentifierException {
NameIdentifierMapping mapping = null;
+ log.debug("Name Identifier format: (" + nameId.getFormat() + ").");
try {
mapping = getNameIdentifierMapping(new URI(nameId.getFormat()));
} catch (URISyntaxException e) {
log.error("Invalid Name Identifier format.");
}
- if (mapping == null) {
- throw new NameIdentifierMappingException("Name Identifier format not registered.");
- }
+ if (mapping == null) { throw new NameIdentifierMappingException("Name Identifier format not registered."); }
return mapping.getPrincipal(nameId, sProv, idProv);
}
}
/**
- * <code>NameIdentifierMapping</code> implement that always maps to the same principal name. Used for testing.
+ * <code>NameIdentifierMapping</code> implement that always maps to the same principal name. Used for testing.
*/
public class TestNameIdentifierMapping implements NameIdentifierMapping {
private TestNameIdentifierMapping() {
- //Constructor to prevent others from creating this class
+ //Constructor to prevent others from creating this class
}
-
- /* (non-Javadoc)
+
+ /*
+ * (non-Javadoc)
*
* @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#getNameIdentifierFormat()
*/
* edu.internet2.middleware.shibboleth.common.ServiceProvider,
* edu.internet2.middleware.shibboleth.common.IdentityProvider)
*/
- public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv) throws NameIdentifierMappingException, InvalidNameIdentifierException {
+ public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
+ throws NameIdentifierMappingException, InvalidNameIdentifierException {
+
log.info("Request references built-in test principal.");
+
+ if (idProv.getProviderId() == null || !idProv.getProviderId().equals(nameId.getNameQualifier())) {
+ log.error("The name qualifier (" + nameId.getNameQualifier()
+ + ") for the referenced subject is not valid for this identity provider.");
+ throw new NameIdentifierMappingException("The name qualifier (" + nameId.getNameQualifier()
+ + ") for the referenced subject is not valid for this identity provider.");
+ }
+
return new AuthNPrincipal("test-handle");
}
* @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#destroy()
*/
public void destroy() {
- //Nothing to do
- }
+ //Nothing to do
}
-}
+ }
+}
\ No newline at end of file