Lots of code cleanup
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 25 Feb 2008 07:36:19 +0000 (07:36 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 25 Feb 2008 07:36:19 +0000 (07:36 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2638 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ArtifactResolution.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/ArtifactResolution.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/LogoutRequest.java [deleted file]
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
tools/aacli.bat

index 4c75e1d..c795d80 100644 (file)
@@ -25,7 +25,9 @@ import org.opensaml.common.IdentifierGenerator;
 import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
 import org.opensaml.common.binding.encoding.SAMLMessageEncoder;
 import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.ws.security.SecurityPolicyResolver;
 import org.opensaml.ws.transport.InTransport;
@@ -38,6 +40,7 @@ import edu.internet2.middleware.shibboleth.common.log.AuditLogEntry;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
 import edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler;
 import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
+import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
 import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartySecurityPolicyResolver;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.AbstractSAMLProfileConfiguration;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel;
@@ -182,6 +185,17 @@ public abstract class AbstractSAMLProfileHandler extends
     }
 
     /**
+     * Gets the user's session based on their principal name.
+     * 
+     * @param principalName user's principal name
+     * 
+     * @return the user's session
+     */
+    protected Session getUserSession(String principalName) {
+        return getSessionManager().getSession(principalName);
+    }
+
+    /**
      * Gets an ID generator which may be used for SAML assertions, requests, etc.
      * 
      * @param generator an ID generator which may be used for SAML assertions, requests, etc
@@ -227,6 +241,170 @@ public abstract class AbstractSAMLProfileHandler extends
     }
 
     /**
+     * Populates the request context with information.
+     * 
+     * This method requires the the following request context properties to be populated: inbound message transport,
+     * peer entity ID, metadata provider
+     * 
+     * This methods populates the following request context properties: user's session, user's principal name, service
+     * authentication method, peer entity metadata, relying party configuration, local entity ID, outbound message
+     * issuer, local entity metadata
+     * 
+     * @param requestContext current request context
+     * @throws ProfileException thrown if there is a problem looking up the relying party's metadata
+     */
+    protected void populateRequestContext(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
+        populateRelyingPartyInformation(requestContext);
+        populateAssertingPartyInformation(requestContext);
+        populateProfileInformation(requestContext);
+        populateSAMLMessageInformation(requestContext);
+        populateUserInformation(requestContext);
+    }
+
+    /**
+     * Populates the request context with information about the relying party.
+     * 
+     * This method requires the the following request context properties to be populated: peer entity ID
+     * 
+     * This methods populates the following request context properties: peer entity metadata, relying party
+     * configuration
+     * 
+     * @param requestContext current request context
+     * @throws ProfileException thrown if there is a problem looking up the relying party's metadata
+     */
+    protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        MetadataProvider metadataProvider = requestContext.getMetadataProvider();
+        String relyingPartyId = requestContext.getPeerEntityId();
+
+        EntityDescriptor relyingPartyMetadata;
+        try {
+            relyingPartyMetadata = metadataProvider.getEntityDescriptor(relyingPartyId);
+        } catch (MetadataProviderException e) {
+            log.error("Error looking up metadata for relying party " + relyingPartyId, e);
+            throw new ProfileException("Error looking up metadata for relying party " + relyingPartyId);
+        }
+        
+        RelyingPartyConfiguration rpConfig = null;
+        if (relyingPartyMetadata != null) {
+            requestContext.setPeerEntityMetadata(relyingPartyMetadata);
+            rpConfig = getRelyingPartyConfiguration(relyingPartyId);
+        } else {
+            log.warn("No metadata for relying party {}, treating party as anonymous", relyingPartyId);
+            rpConfig = getRelyingPartyConfigurationManager().getAnonymousRelyingConfiguration();
+        }
+
+        if (rpConfig == null) {
+            log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
+            throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
+                    + relyingPartyId);
+        }
+        requestContext.setRelyingPartyConfiguration(rpConfig);
+    }
+
+    /**
+     * Populates the request context with information about the asserting party. Unless overridden,
+     * {@link #populateRequestContext(BaseSAMLProfileRequestContext)} has already invoked
+     * {@link #populateRelyingPartyInformation(BaseSAMLProfileRequestContext)} has already been invoked and the
+     * properties it provides are available in the request context.
+     * 
+     * This method requires the the following request context properties to be populated: metadata provider, relying
+     * party configuration
+     * 
+     * This methods populates the following request context properties: local entity ID, outbound message issuer, local
+     * entity metadata
+     * 
+     * @param requestContext current request context
+     * @throws ProfileException thrown if there is a problem looking up the asserting party's metadata
+     */
+    protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
+        requestContext.setLocalEntityId(assertingPartyId);
+        requestContext.setOutboundMessageIssuer(assertingPartyId);
+
+        try {
+            EntityDescriptor localEntityDescriptor = requestContext.getMetadataProvider().getEntityDescriptor(
+                    assertingPartyId);
+            if (localEntityDescriptor != null) {
+                requestContext.setLocalEntityMetadata(localEntityDescriptor);
+            }
+        } catch (MetadataProviderException e) {
+            log.error("Error looking up metadata for asserting party " + assertingPartyId, e);
+            throw new ProfileException("Error looking up metadata for asserting party " + assertingPartyId);
+        }
+    }
+
+    /**
+     * Populates the request context with the information about the profile. Unless overridden,
+     * {@link #populateRequestContext(BaseSAMLProfileRequestContext)} has already invoked
+     * {@link #populateRelyingPartyInformation(BaseSAMLProfileRequestContext)},and
+     * {@link #populateAssertingPartyInformation(BaseSAMLProfileRequestContext)} have already been invoked and the
+     * properties they provide are available in the request context.
+     * 
+     * This method requires the the following request context properties to be populated: relying party configuration
+     * 
+     * This methods populates the following request context properties: communication profile ID, profile configuration,
+     * outbound message artifact type, peer entity endpoint
+     * 
+     * @param requestContext current request context
+     * 
+     * @throws ProfileException thrown if there is a problem populating the profile information
+     */
+    protected void populateProfileInformation(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
+        requestContext.setCommunicationProfileId(getProfileId());
+        AbstractSAMLProfileConfiguration profileConfig = (AbstractSAMLProfileConfiguration) requestContext
+                .getRelyingPartyConfiguration().getProfileConfiguration(getProfileId());
+        requestContext.setProfileConfiguration(profileConfig);
+        requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
+        requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
+    }
+
+    /**
+     * Populates the request context with information from the inbound SAML message. Unless overridden,
+     * {@link #populateRequestContext(BaseSAMLProfileRequestContext)} has already invoked
+     * {@link #populateRelyingPartyInformation(BaseSAMLProfileRequestContext)},
+     * {@link #populateAssertingPartyInformation(BaseSAMLProfileRequestContext)}, and
+     * {@link #populateProfileInformation(BaseSAMLProfileRequestContext)} have already been invoked and the properties
+     * they provide are available in the request context.
+     * 
+     * @param requestContext current request context
+     * 
+     * @throws ProfileException thrown if there is a problem populating the request context with information
+     */
+    protected abstract void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException;
+
+    /**
+     * Populates the request context with the information about the user if they have an existing session. Unless
+     * overridden, {@link #populateRequestContext(BaseSAMLProfileRequestContext)} has already invoked
+     * {@link #populateRelyingPartyInformation(BaseSAMLProfileRequestContext)},
+     * {@link #populateAssertingPartyInformation(BaseSAMLProfileRequestContext)},
+     * {@link #populateProfileInformation(BaseSAMLProfileRequestContext)}, and
+     * {@link #populateSAMLMessageInformation(BaseSAMLProfileRequestContext)} have already been invoked and the
+     * properties they provide are available in the request context.
+     * 
+     * This method should populate: user's session, user's principal name, and service authentication method
+     * 
+     * @param requestContext current request context
+     * 
+     * @throws ProfileException thrown if there is a problem populating the user's information
+     */
+    protected abstract void populateUserInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException;
+
+    /**
+     * Selects the appropriate endpoint for the relying party and stores it in the request context.
+     * 
+     * @param requestContext current request context
+     * 
+     * @return Endpoint selected from the information provided in the request context
+     * 
+     * @throws ProfileException thrown if there is a problem selecting a response endpoint
+     */
+    protected abstract Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext) throws ProfileException;
+
+    /**
      * Encodes the request's SAML response and writes it to the servlet response.
      * 
      * @param requestContext current request context
index 125e523..70c9cc8 100644 (file)
@@ -73,9 +73,11 @@ import edu.internet2.middleware.shibboleth.common.attribute.encoding.AttributeEn
 import edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML1NameIdentifierEncoder;
 import edu.internet2.middleware.shibboleth.common.attribute.provider.SAML1AttributeAuthority;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
+import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml1.AbstractSAML1ProfileConfiguration;
 import edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler;
+import edu.internet2.middleware.shibboleth.idp.session.Session;
 
 /** Common implementation details for profile handlers. */
 public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHandler {
@@ -149,6 +151,47 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
         signatureBuilder = (XMLObjectBuilder<Signature>) getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME);
     }
 
+    /** {@inheritDoc} */
+    protected void populateRequestContext(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
+        BaseSAML1ProfileRequestContext saml1Request = (BaseSAML1ProfileRequestContext) requestContext;
+        try {
+            super.populateRequestContext(requestContext);
+        } catch (ProfileException e) {
+            if (saml1Request.getFailureStatus() == null) {
+                saml1Request.setFailureStatus(buildStatus(StatusCode.REQUESTER, null, e.getMessage()));
+            }
+            throw e;
+        }
+    }
+
+    /**
+     * Populates the request context with the information about the user.
+     * 
+     * This method requires the the following request context properties to be populated: inbound message transport,
+     * relying party ID
+     * 
+     * This methods populates the following request context properties: user's session, user's principal name, and
+     * service authentication method
+     * 
+     * @param requestContext current request context
+     */
+    protected void populateUserInformation(BaseSAMLProfileRequestContext requestContext) {
+        Session userSession = getUserSession(requestContext.getInboundMessageTransport());
+        if (userSession == null) {
+            NameIdentifier subject = (NameIdentifier) requestContext.getSubjectNameIdentifier();
+            if (subject != null && subject.getNameIdentifier() != null) {
+                userSession = getUserSession(subject.getNameIdentifier());
+            }
+        }
+
+        if (userSession != null) {
+            requestContext.setUserSession(userSession);
+            requestContext.setPrincipalName(userSession.getPrincipalName());
+            requestContext.setPrincipalAuthenticationMethod(userSession.getServicesInformation().get(
+                    requestContext.getPeerEntityId()).getAuthenticationMethod().getAuthenticationMethod());
+        }
+    }
+
     /**
      * Checks that the SAML major version for a request is 1.
      * 
index c29c555..b2d7ebb 100644 (file)
@@ -41,7 +41,6 @@ import org.opensaml.saml2.metadata.Endpoint;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
@@ -50,7 +49,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
-import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
+import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml1.ArtifactResolutionConfiguration;
 
 /**
@@ -87,7 +86,7 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
 
     /** {@inheritDoc} */
     public String getProfileId() {
-        return "urn:mace:shibboleth:2.0:idp:profiles:saml1:request:artifact";
+        return ArtifactResolutionConfiguration.PROFILE_ID;
     }
 
     /** {@inheritDoc} */
@@ -139,15 +138,14 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
             throws ProfileException {
         log.debug("Decoding message with decoder binding {}", getInboundBinding());
 
-        MetadataProvider metadataProvider = getMetadataProvider();
-
         ArtifactResolutionRequestContext requestContext = new ArtifactResolutionRequestContext();
+
+        MetadataProvider metadataProvider = getMetadataProvider();
         requestContext.setMetadataProvider(metadataProvider);
-        requestContext.setSecurityPolicyResolver(getSecurityPolicyResolver());
 
-        requestContext.setCommunicationProfileId(ArtifactResolutionConfiguration.PROFILE_ID);
         requestContext.setInboundMessageTransport(inTransport);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML11P_NS);
+        requestContext.setSecurityPolicyResolver(getSecurityPolicyResolver());
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 
         requestContext.setOutboundMessageTransport(outTransport);
@@ -170,40 +168,41 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
             throw new ProfileException("Message did not meet security requirements", e);
         } finally {
             // Set as much information as can be retrieved from the decoded message
-            String relyingPartyId = requestContext.getInboundMessageIssuer();
-            RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-            if (rpConfig == null) {
-                log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
-                throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
-                        + relyingPartyId);
-            }
-            requestContext.setRelyingPartyConfiguration(rpConfig);
-
-            ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
-                    .getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
-            requestContext.setProfileConfiguration(profileConfig);
-            requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
-
-            String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
-            requestContext.setLocalEntityId(assertingPartyId);
-            requestContext.setOutboundMessageIssuer(assertingPartyId);
-            try {
-                EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
-                if (localEntityDescriptor != null) {
-                    requestContext.setLocalEntityMetadata(localEntityDescriptor);
-                    requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                    requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
-                            .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
-                }
-            } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting party");
-                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
-                        "Error locating asserting party metadata"));
-                throw new ProfileException("Error locating asserting party metadata");
-            }
+            populateRequestContext(requestContext);
+            populateProfileInformation(requestContext);
         }
     }
 
+    /** {@inheritDoc} */
+    protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateRelyingPartyInformation(requestContext);
+
+        EntityDescriptor relyingPartyMetadata = requestContext.getPeerEntityMetadata();
+        if (relyingPartyMetadata != null) {
+            requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML11P_NS));
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateAssertingPartyInformation(requestContext);
+
+        EntityDescriptor localEntityDescriptor = requestContext.getLocalEntityMetadata();
+        if (localEntityDescriptor != null) {
+            requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                    .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
+        // nothing to do here
+    }
+
     /**
      * Selects the appropriate endpoint for the relying party and stores it in the request context.
      * 
@@ -211,7 +210,7 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
      * 
      * @return Endpoint selected from the information provided in the request context
      */
-    protected Endpoint selectEndpoint(ArtifactResolutionRequestContext requestContext) {
+    protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext) {
         Endpoint endpoint;
 
         if (getInboundBinding().equals(SAMLConstants.SAML1_SOAP11_BINDING_URI)) {
index e87deb3..177de75 100644 (file)
@@ -35,7 +35,6 @@ import org.opensaml.saml2.metadata.Endpoint;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
@@ -44,7 +43,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
-import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
+import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml1.AttributeQueryConfiguration;
 import edu.internet2.middleware.shibboleth.idp.session.AuthenticationMethodInformation;
 import edu.internet2.middleware.shibboleth.idp.session.Session;
@@ -70,7 +69,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
 
     /** {@inheritDoc} */
     public String getProfileId() {
-        return "urn:mace:shibboleth:2.0:idp:profiles:saml1:query:attribute";
+        return AttributeQueryConfiguration.PROFILE_ID;
     }
 
     /** {@inheritDoc} */
@@ -88,15 +87,16 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
                 samlResponse = buildErrorResponse(requestContext);
             } else {
                 resolvePrincipal(requestContext);
-                
+
                 Session idpSession = getSessionManager().getSession(requestContext.getPrincipalName());
-                if(idpSession != null){
-                    AuthenticationMethodInformation authnInfo = idpSession.getAuthenticationMethods().get(requestContext.getInboundMessageIssuer());
-                    if(authnInfo != null){
+                if (idpSession != null) {
+                    AuthenticationMethodInformation authnInfo = idpSession.getAuthenticationMethods().get(
+                            requestContext.getInboundMessageIssuer());
+                    if (authnInfo != null) {
                         requestContext.setPrincipalAuthenticationMethod(authnInfo.getAuthenticationMethod());
                     }
                 }
-                
+
                 resolveAttributes(requestContext);
                 requestContext.setReleasedAttributes(requestContext.getAttributes().keySet());
 
@@ -134,15 +134,14 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
             throws ProfileException {
         log.debug("Decoding message with decoder binding {}", getInboundBinding());
 
-        MetadataProvider metadataProvider = getMetadataProvider();
-
         AttributeQueryContext requestContext = new AttributeQueryContext();
+
+        MetadataProvider metadataProvider = getMetadataProvider();
         requestContext.setMetadataProvider(metadataProvider);
-        requestContext.setSecurityPolicyResolver(getSecurityPolicyResolver());
 
-        requestContext.setCommunicationProfileId(AttributeQueryConfiguration.PROFILE_ID);
         requestContext.setInboundMessageTransport(inTransport);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML11P_NS);
+        requestContext.setSecurityPolicyResolver(getSecurityPolicyResolver());
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 
         requestContext.setOutboundMessageTransport(outTransport);
@@ -177,57 +176,65 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
             throw new ProfileException("Message did not meet security policy requirements", e);
         } finally {
             // Set as much information as can be retrieved from the decoded message
-            Request request = requestContext.getInboundSAMLMessage();
-            if (request == null) {
-                log.error("Decoder did not contain an attribute query, an error occured decoding the message");
-                throw new ProfileException("Unable to decode message.");
-            }
-            AttributeQuery query = request.getAttributeQuery();
-            if (query != null) {
-                Subject subject = query.getSubject();
-                if(subject == null){
-                    log.error("Attribute query did not contain a proper subject");
-                    requestContext.setFailureStatus(buildStatus(StatusCode.REQUESTER, null,
-                            "Attribute query did not contain a proper subject"));
-                    throw new ProfileException("Attribute query did not contain a proper subject");
-                }
-                requestContext.setSubjectNameIdentifier(subject.getNameIdentifier());
-            }
+            populateRequestContext(requestContext);
+            populateSAMLMessageInformation(requestContext);
+            populateProfileInformation(requestContext);
+        }
+    }
 
-            String relyingPartyId = requestContext.getInboundMessageIssuer();
-            RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-            if (rpConfig == null) {
-                log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
-                throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
-                        + relyingPartyId);
-            }
-            requestContext.setRelyingPartyConfiguration(rpConfig);
+    /** {@inheritDoc} */
+    protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateRelyingPartyInformation(requestContext);
 
-            AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
-                    .getProfileConfiguration(AttributeQueryConfiguration.PROFILE_ID);
-            if (profileConfig != null) {
-                requestContext.setProfileConfiguration(profileConfig);
-                requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
-            }
-            requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
-
-            String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
-            requestContext.setLocalEntityId(assertingPartyId);
-            requestContext.setOutboundMessageIssuer(assertingPartyId);
-            try {
-                EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
-                if (localEntityDescriptor != null) {
-                    requestContext.setLocalEntityMetadata(localEntityDescriptor);
-                    requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                    requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
-                            .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
-                }
-            } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting party");
-                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
-                        "Error locating asserting party metadata"));
-                throw new ProfileException("Error locating asserting party metadata");
+        EntityDescriptor relyingPartyMetadata = requestContext.getPeerEntityMetadata();
+        if (relyingPartyMetadata != null) {
+            requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML11P_NS));
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateAssertingPartyInformation(requestContext);
+
+        EntityDescriptor localEntityDescriptor = requestContext.getLocalEntityMetadata();
+        if (localEntityDescriptor != null) {
+            requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                    .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
+        }
+    }
+
+    /**
+     * Populates the request context with information from the inbound SAML message.
+     * 
+     * This method requires the the following request context properties to be populated: inbound saml message
+     * 
+     * This methods populates the following request context properties: subject name identifier
+     * 
+     * @param requestContext current request context
+     * 
+     * @throws ProfileException thrown if the inbound SAML message or subject identifier is null
+     */
+    protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
+        Request request = (Request) requestContext.getInboundSAMLMessage();
+        if (request == null) {
+            log.error("Decoder did not contain an attribute query, an error occured decoding the message");
+            throw new ProfileException("Unable to decode message.");
+        }
+
+        AttributeQuery query = request.getAttributeQuery();
+        if (query != null) {
+            Subject subject = query.getSubject();
+            if (subject == null) {
+                log.error("Attribute query did not contain a proper subject");
+                ((AttributeQueryContext) requestContext).setFailureStatus(buildStatus(StatusCode.REQUESTER, null,
+                        "Attribute query did not contain a proper subject"));
+                throw new ProfileException("Attribute query did not contain a proper subject");
             }
+            requestContext.setSubjectNameIdentifier(subject.getNameIdentifier());
         }
     }
 
@@ -238,7 +245,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
      * 
      * @return Endpoint selected from the information provided in the request context
      */
-    protected Endpoint selectEndpoint(AttributeQueryContext requestContext) {
+    protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext) {
         Endpoint endpoint;
 
         if (getInboundBinding().equals(SAMLConstants.SAML1_SOAP11_BINDING_URI)) {
index 90262c7..a9c2e07 100644 (file)
@@ -40,8 +40,6 @@ import org.opensaml.saml2.metadata.Endpoint;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.IDPSSODescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
@@ -54,6 +52,7 @@ import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.ShibbolethConstants;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
+import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
 import edu.internet2.middleware.shibboleth.common.relyingparty.ProfileConfiguration;
 import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml1.ShibbolethSSOConfiguration;
@@ -99,7 +98,7 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
 
     /** {@inheritDoc} */
     public String getProfileId() {
-        return "urn:mace:shibboleth:2.0:idp:profiles:shibboleth:request:sso";
+        return ShibbolethSSOConfiguration.PROFILE_ID;
     }
 
     /** {@inheritDoc} */
@@ -282,9 +281,6 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
         requestContext.setMessageDecoder(getMessageDecoders().get(getInboundBinding()));
 
         requestContext.setLoginContext(loginContext);
-        requestContext.setPrincipalName(loginContext.getPrincipalName());
-        requestContext.setPrincipalAuthenticationMethod(loginContext.getAuthenticationMethod());
-        requestContext.setUserSession(getUserSession(in));
         requestContext.setRelayState(loginContext.getSpTarget());
 
         requestContext.setInboundMessageTransport(in);
@@ -293,60 +289,45 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
         requestContext.setOutboundMessageTransport(out);
         requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
-        MetadataProvider metadataProvider = getMetadataProvider();
-        requestContext.setMetadataProvider(metadataProvider);
+        requestContext.setMetadataProvider(getMetadataProvider());
 
         String relyingPartyId = loginContext.getRelyingPartyId();
         requestContext.setInboundMessageIssuer(relyingPartyId);
 
-        try {
-            EntityDescriptor relyingPartyMetadata = metadataProvider.getEntityDescriptor(relyingPartyId);
-            if (relyingPartyMetadata != null) {
-                requestContext.setPeerEntityMetadata(relyingPartyMetadata);
-                requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata
-                        .getSPSSODescriptor(SAMLConstants.SAML11P_NS));
-            }
-        } catch (MetadataProviderException e) {
-            log.error("Unable to locate metadata for relying party");
-            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
-                    "Error locating relying party metadata"));
-            throw new ProfileException("Error locating relying party metadata");
-        }
+        populateRequestContext(requestContext);
+
+        return requestContext;
+    }
+
+    /** {@inheritDoc} */
+    protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateRelyingPartyInformation(requestContext);
 
-        RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-        if (rpConfig == null) {
-            log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
-            throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
-                    + relyingPartyId);
+        EntityDescriptor relyingPartyMetadata = requestContext.getPeerEntityMetadata();
+        if (relyingPartyMetadata != null) {
+            requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML11P_NS));
         }
-        requestContext.setRelyingPartyConfiguration(rpConfig);
+    }
 
-        ShibbolethSSOConfiguration profileConfig = (ShibbolethSSOConfiguration) rpConfig
-                .getProfileConfiguration(ShibbolethSSOConfiguration.PROFILE_ID);
-        requestContext.setProfileConfiguration(profileConfig);
-        requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
-        requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
+    /** {@inheritDoc} */
+    protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateAssertingPartyInformation(requestContext);
 
-        String assertingPartyId = rpConfig.getProviderId();
-        requestContext.setLocalEntityId(assertingPartyId);
-        requestContext.setOutboundMessageIssuer(assertingPartyId);
-        try {
-            EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
-            if (localEntityDescriptor != null) {
-                requestContext.setLocalEntityMetadata(localEntityDescriptor);
-                requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
-                        .getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
-            }
-        } catch (MetadataProviderException e) {
-            log.error("Unable to locate metadata for asserting party");
-            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
-                    "Error locating asserting party metadata"));
-            throw new ProfileException("Error locating asserting party metadata");
+        EntityDescriptor localEntityDescriptor = requestContext.getLocalEntityMetadata();
+        if (localEntityDescriptor != null) {
+            requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                    .getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
         }
+    }
 
-        return requestContext;
+    /** {@inheritDoc} */
+    protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) 
+        throws ProfileException {
+        // nothing to do here
     }
 
     /**
@@ -356,8 +337,8 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
      * 
      * @return Endpoint selected from the information provided in the request context
      */
-    protected Endpoint selectEndpoint(ShibbolethSSORequestContext requestContext) {
-        ShibbolethSSOLoginContext loginContext = requestContext.getLoginContext();
+    protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext) {
+        ShibbolethSSOLoginContext loginContext = ((ShibbolethSSORequestContext) requestContext).getLoginContext();
 
         ShibbolethSSOEndpointSelector endpointSelector = new ShibbolethSSOEndpointSelector();
         endpointSelector.setSpAssertionConsumerService(loginContext.getSpAssertionConsumerService());
index f58c1aa..4dff4ff 100644 (file)
@@ -88,9 +88,11 @@ import edu.internet2.middleware.shibboleth.common.attribute.encoding.AttributeEn
 import edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder;
 import edu.internet2.middleware.shibboleth.common.attribute.provider.SAML2AttributeAuthority;
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
+import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.AbstractSAML2ProfileConfiguration;
 import edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler;
+import edu.internet2.middleware.shibboleth.idp.session.Session;
 
 /** Common implementation details for profile handlers. */
 public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHandler {
@@ -172,6 +174,47 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
         signatureBuilder = (XMLObjectBuilder<Signature>) getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME);
     }
 
+    /** {@inheritDoc} */
+    protected void populateRequestContext(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
+        BaseSAML2ProfileRequestContext saml2Request = (BaseSAML2ProfileRequestContext) requestContext;
+        try {
+            super.populateRequestContext(requestContext);
+        } catch (ProfileException e) {
+            if (saml2Request.getFailureStatus() == null) {
+                saml2Request.setFailureStatus(buildStatus(StatusCode.REQUESTER_URI, null, e.getMessage()));
+            }
+            throw e;
+        }
+    }
+
+    /**
+     * Populates the request context with the information about the user.
+     * 
+     * This method requires the the following request context properties to be populated: inbound message transport,
+     * relying party ID
+     * 
+     * This methods populates the following request context properties: user's session, user's principal name, and
+     * service authentication method
+     * 
+     * @param requestContext current request context
+     */
+    protected void populateUserInformation(BaseSAMLProfileRequestContext requestContext) {
+        Session userSession = getUserSession(requestContext.getInboundMessageTransport());
+        if (userSession == null) {
+            NameID subject = (NameID) requestContext.getSubjectNameIdentifier();
+            if (subject != null && subject.getValue() != null) {
+                userSession = getUserSession(subject.getValue());
+            }
+        }
+
+        if (userSession != null) {
+            requestContext.setUserSession(userSession);
+            requestContext.setPrincipalName(userSession.getPrincipalName());
+            requestContext.setPrincipalAuthenticationMethod(userSession.getServicesInformation().get(
+                    requestContext.getPeerEntityId()).getAuthenticationMethod().getAuthenticationMethod());
+        }
+    }
+
     /**
      * Checks that the SAML major version for a request is 2.
      * 
@@ -412,8 +455,7 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
                 return attributeAuthority.buildAttributeStatement((AttributeQuery) requestContext
                         .getInboundSAMLMessage(), requestContext.getAttributes().values());
             } else {
-                return attributeAuthority.buildAttributeStatement(null, requestContext.getAttributes()
-                        .values());
+                return attributeAuthority.buildAttributeStatement(null, requestContext.getAttributes().values());
             }
         } catch (AttributeRequestException e) {
             log.error("Error encoding attributes for principal " + requestContext.getPrincipalName(), e);
index 9945fd2..359fee3 100644 (file)
@@ -36,7 +36,6 @@ import org.opensaml.saml2.metadata.Endpoint;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
@@ -45,7 +44,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
-import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
+import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.ArtifactResolutionConfiguration;
 
 /**
@@ -83,7 +82,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
 
     /** {@inheritDoc} */
     public String getProfileId() {
-        return "urn:mace:shibboleth:2.0:idp:profiles:saml2:request:artifact";
+        return ArtifactResolutionConfiguration.PROFILE_ID;
     }
 
     /** {@inheritDoc} */
@@ -155,15 +154,14 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
             throws ProfileException {
         log.debug("Decoding message with decoder binding {}", getInboundBinding());
 
-        MetadataProvider metadataProvider = getMetadataProvider();
-
         ArtifactResolutionRequestContext requestContext = new ArtifactResolutionRequestContext();
+
+        MetadataProvider metadataProvider = getMetadataProvider();
         requestContext.setMetadataProvider(metadataProvider);
-        requestContext.setSecurityPolicyResolver(getSecurityPolicyResolver());
 
-        requestContext.setCommunicationProfileId(ArtifactResolutionConfiguration.PROFILE_ID);
         requestContext.setInboundMessageTransport(inTransport);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
+        requestContext.setSecurityPolicyResolver(getSecurityPolicyResolver());
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 
         requestContext.setOutboundMessageTransport(outTransport);
@@ -185,43 +183,53 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
                     "Message did not meet security requirements"));
             throw new ProfileException("Message did not meet security requirements", e);
         } finally {
-            // Set as much information as can be retrieved from the decoded message
-            requestContext.setArtifact(requestContext.getInboundSAMLMessage().getArtifact().getArtifact());
-
-            String relyingPartyId = requestContext.getInboundMessageIssuer();
-            RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-            if (rpConfig == null) {
-                log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
-                throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
-                        + relyingPartyId);
-            }
-            requestContext.setRelyingPartyConfiguration(rpConfig);
-
-            ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
-                    .getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
-            requestContext.setProfileConfiguration(profileConfig);
-            requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
-
-            String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
-            requestContext.setLocalEntityId(assertingPartyId);
-            requestContext.setOutboundMessageIssuer(assertingPartyId);
-            try {
-                EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
-                if (localEntityDescriptor != null) {
-                    requestContext.setLocalEntityMetadata(localEntityDescriptor);
-                    requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                    requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
-                            .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
-                }
-            } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting party");
-                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
-                        "Error locating asserting party metadata"));
-                throw new ProfileException("Error locating asserting party metadata");
-            }
+            populateRequestContext(requestContext);
+            populateSAMLMessageInformation(requestContext);
+            populateProfileInformation(requestContext);
         }
     }
 
+    /** {@inheritDoc} */
+    protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateRelyingPartyInformation(requestContext);
+
+        EntityDescriptor relyingPartyMetadata = requestContext.getPeerEntityMetadata();
+        if (relyingPartyMetadata != null) {
+            requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS));
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateAssertingPartyInformation(requestContext);
+
+        EntityDescriptor localEntityDescriptor = requestContext.getLocalEntityMetadata();
+        if (localEntityDescriptor != null) {
+            requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                    .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
+        }
+    }
+
+    /**
+     * Populates the request context with information from the inbound SAML message.
+     * 
+     * This method requires the the following request context properties to be populated: inbound saml message
+     * 
+     * This methods populates the following request context properties: subject name identifier
+     * 
+     * @param requestContext current request context
+     * 
+     * @throws ProfileException thrown if the inbound SAML message or subject identifier is null
+     */
+    protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
+        ArtifactResolve samlMessage = (ArtifactResolve) requestContext.getInboundSAMLMessage();
+        ((ArtifactResolutionRequestContext) requestContext).setArtifact(samlMessage.getArtifact().getArtifact());
+    }
+
     /**
      * Selects the appropriate endpoint for the relying party and stores it in the request context.
      * 
@@ -229,7 +237,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
      * 
      * @return Endpoint selected from the information provided in the request context
      */
-    protected Endpoint selectEndpoint(ArtifactResolutionRequestContext requestContext) {
+    protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext) {
         Endpoint endpoint;
 
         if (getInboundBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
index 0216db3..3a5a392 100644 (file)
@@ -34,7 +34,6 @@ import org.opensaml.saml2.metadata.Endpoint;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
@@ -43,7 +42,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
-import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
+import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.AttributeQueryConfiguration;
 import edu.internet2.middleware.shibboleth.idp.session.AuthenticationMethodInformation;
 import edu.internet2.middleware.shibboleth.idp.session.Session;
@@ -67,7 +66,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
 
     /** {@inheritDoc} */
     public String getProfileId() {
-        return "urn:mace:shibboleth:2.0:idp:profiles:saml2:query:attribute";
+        return AttributeQueryConfiguration.PROFILE_ID;
     }
 
     /** {@inheritDoc} */
@@ -139,15 +138,14 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
             throws ProfileException {
         log.debug("Decoding message with decoder binding {}", getInboundBinding());
 
-        MetadataProvider metadataProvider = getMetadataProvider();
-
         AttributeQueryContext requestContext = new AttributeQueryContext();
+
+        MetadataProvider metadataProvider = getMetadataProvider();
         requestContext.setMetadataProvider(metadataProvider);
-        requestContext.setSecurityPolicyResolver(getSecurityPolicyResolver());
 
-        requestContext.setCommunicationProfileId(AttributeQueryConfiguration.PROFILE_ID);
         requestContext.setInboundMessageTransport(inTransport);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
+        requestContext.setSecurityPolicyResolver(getSecurityPolicyResolver());
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 
         requestContext.setOutboundMessageTransport(outTransport);
@@ -179,53 +177,59 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
             throw new ProfileException("Message did not meet security requirements", e);
         } finally {
             // Set as much information as can be retrieved from the decoded message
-            AttributeQuery query = requestContext.getInboundSAMLMessage();
-            if (query != null) {
-                Subject subject = query.getSubject();
-                if (subject == null) {
-                    log.error("Attribute query did not contain a proper subject");
-                    requestContext.setFailureStatus(buildStatus(StatusCode.REQUESTER_URI, null,
-                            "Attribute query did not contain a proper subject"));
-                    throw new ProfileException("Attribute query did not contain a proper subject");
-                }
-                requestContext.setSubjectNameIdentifier(subject.getNameID());
-            }
+            populateRequestContext(requestContext);
+            populateSAMLMessageInformation(requestContext);
+            populateProfileInformation(requestContext);
+        }
+    }
 
-            String relyingPartyId = requestContext.getInboundMessageIssuer();
-            RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-            if (rpConfig == null) {
-                log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
-                throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
-                        + relyingPartyId);
-            }
-            requestContext.setRelyingPartyConfiguration(rpConfig);
+    /** {@inheritDoc} */
+    protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateRelyingPartyInformation(requestContext);
 
-            AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
-                    .getProfileConfiguration(AttributeQueryConfiguration.PROFILE_ID);
-            if (profileConfig != null) {
-                requestContext.setProfileConfiguration(profileConfig);
-                requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
-            }
+        EntityDescriptor relyingPartyMetadata = requestContext.getPeerEntityMetadata();
+        if (relyingPartyMetadata != null) {
+            requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS));
+        }
+    }
 
-            requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
-
-            String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
-            requestContext.setLocalEntityId(assertingPartyId);
-            requestContext.setOutboundMessageIssuer(assertingPartyId);
-            try {
-                EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
-                if (localEntityDescriptor != null) {
-                    requestContext.setLocalEntityMetadata(localEntityDescriptor);
-                    requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                    requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
-                            .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
-                }
-            } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting party");
-                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
-                        "Error locating asserting party metadata"));
-                throw new ProfileException("Error locating asserting party metadata");
+    /** {@inheritDoc} */
+    protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateAssertingPartyInformation(requestContext);
+
+        EntityDescriptor localEntityDescriptor = requestContext.getLocalEntityMetadata();
+        if (localEntityDescriptor != null) {
+            requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                    .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
+        }
+    }
+
+    /**
+     * Populates the request context with information from the inbound SAML message.
+     * 
+     * This method requires the the following request context properties to be populated: inbound saml message
+     * 
+     * This methods populates the following request context properties: subject name identifier
+     * 
+     * @param requestContext current request context
+     * 
+     * @throws ProfileException thrown if the inbound SAML message or subject identifier is null
+     */
+    protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
+        AttributeQuery query = (AttributeQuery) requestContext.getInboundSAMLMessage();
+        if (query != null) {
+            Subject subject = query.getSubject();
+            if (subject == null) {
+                log.error("Attribute query did not contain a proper subject");
+                ((AttributeQueryContext) requestContext).setFailureStatus(buildStatus(StatusCode.REQUESTER_URI, null,
+                        "Attribute query did not contain a proper subject"));
+                throw new ProfileException("Attribute query did not contain a proper subject");
             }
+            requestContext.setSubjectNameIdentifier(subject.getNameID());
         }
     }
 
@@ -236,7 +240,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
      * 
      * @return Endpoint selected from the information provided in the request context
      */
-    protected Endpoint selectEndpoint(AttributeQueryContext requestContext) {
+    protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext) {
         Endpoint endpoint;
 
         if (getInboundBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/LogoutRequest.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/LogoutRequest.java
deleted file mode 100644 (file)
index 2a3dc2a..0000000
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright [2006] [University Corporation for Advanced Internet Development, Inc.]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package edu.internet2.middleware.shibboleth.idp.profile.saml2;
-
-import org.opensaml.ws.transport.http.HTTPInTransport;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-
-import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
-
-/**
- * SAML 2.0 Logout Request profile handler.
- */
-public class LogoutRequest extends AbstractSAML2ProfileHandler {
-
-    /** {@inheritDoc} */
-    public void processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport) throws ProfileException {
-        // TODO Auto-generated method stub
-
-    }
-
-    /** {@inheritDoc} */
-    public String getProfileId() {
-        // TODO Auto-generated method stub
-        return null;
-    }
-}
\ No newline at end of file
index 517a76b..257a268 100644 (file)
@@ -44,8 +44,6 @@ import org.opensaml.saml2.metadata.Endpoint;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.IDPSSODescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
@@ -59,6 +57,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
+import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
 import edu.internet2.middleware.shibboleth.common.relyingparty.ProfileConfiguration;
 import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.SSOConfiguration;
@@ -92,9 +91,6 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
     /** URL of the authentication manager servlet. */
     private String authenticationManagerPath;
 
-    /** URI of request decoder. */
-    private String decodingBinding;
-
     /**
      * Constructor.
      * 
@@ -120,13 +116,13 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
 
     /** {@inheritDoc} */
     public String getProfileId() {
-        return "urn:mace:shibboleth:2.0:idp:profiles:saml2:request:sso";
+        return SSOConfiguration.PROFILE_ID;
     }
 
     /** {@inheritDoc} */
     public void processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport) throws ProfileException {
         HttpServletRequest servletRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
-        
+
         LoginContext loginContext = (LoginContext) servletRequest.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
         if (loginContext == null) {
             log.debug("Incoming request does not contain a login context, processing as first leg of request");
@@ -201,7 +197,8 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
             throws ProfileException {
         HttpServletRequest servletRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
 
-        Saml2LoginContext loginContext = (Saml2LoginContext) servletRequest.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
+        Saml2LoginContext loginContext = (Saml2LoginContext) servletRequest
+                .getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
         SSORequestContext requestContext = buildRequestContext(loginContext, inTransport, outTransport);
 
         checkSamlVersion(requestContext);
@@ -329,15 +326,68 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
         requestContext.setMessageDecoder(getMessageDecoders().get(getInboundBinding()));
 
         requestContext.setLoginContext(loginContext);
-        requestContext.setPrincipalName(loginContext.getPrincipalName());
-        requestContext.setPrincipalAuthenticationMethod(loginContext.getAuthenticationMethod());
-        requestContext.setUserSession(getUserSession(in));
-        requestContext.setRelayState(loginContext.getRelayState());
 
         requestContext.setInboundMessageTransport(in);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
+        requestContext.setOutboundMessageTransport(out);
+        requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
+
+        requestContext.setMetadataProvider(getMetadataProvider());
+
+        String relyingPartyId = loginContext.getRelyingPartyId();
+        requestContext.setInboundMessageIssuer(relyingPartyId);
+
+        populateSAMLMessageInformation(requestContext);
+        populateRequestContext(requestContext);
+        populateProfileInformation(requestContext);
+
+        return requestContext;
+    }
+
+    /** {@inheritDoc} */
+    protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateRelyingPartyInformation(requestContext);
+
+        EntityDescriptor relyingPartyMetadata = requestContext.getPeerEntityMetadata();
+        if (relyingPartyMetadata != null) {
+            requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS));
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
+            throws ProfileException {
+        super.populateAssertingPartyInformation(requestContext);
+
+        EntityDescriptor localEntityDescriptor = requestContext.getLocalEntityMetadata();
+        if (localEntityDescriptor != null) {
+            requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+            requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                    .getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
+        }
+    }
+
+    /**
+     * Populates the request context with information from the inbound SAML message.
+     * 
+     * This method requires the the following request context properties to be populated: login context
+     * 
+     * This methods populates the following request context properties: inbound saml message, relay state, inbound saml
+     * message ID, subject name identifier
+     * 
+     * @param requestContext current request context
+     * 
+     * @throws ProfileException thrown if the inbound SAML message or subject identifier is null
+     */
+    protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
+        SSORequestContext ssoRequestContext = (SSORequestContext) requestContext;
         try {
+            Saml2LoginContext loginContext = ssoRequestContext.getLoginContext();
+            requestContext.setRelayState(loginContext.getRelayState());
+
             AuthnRequest authnRequest = loginContext.getAuthenticationRequest();
             requestContext.setInboundMessage(authnRequest);
             requestContext.setInboundSAMLMessage(loginContext.getAuthenticationRequest());
@@ -349,72 +399,10 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
             }
         } catch (UnmarshallingException e) {
             log.error("Unable to unmarshall authentication request context");
-            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
+            ssoRequestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
                     "Error recovering request state"));
             throw new ProfileException("Error recovering request state", e);
         }
-
-        requestContext.setOutboundMessageTransport(out);
-        requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
-
-        MetadataProvider metadataProvider = getMetadataProvider();
-        requestContext.setMetadataProvider(metadataProvider);
-
-        String relyingPartyId = loginContext.getRelyingPartyId();
-        requestContext.setInboundMessageIssuer(relyingPartyId);
-        try {
-            EntityDescriptor relyingPartyMetadata = metadataProvider.getEntityDescriptor(relyingPartyId);
-            if (relyingPartyMetadata != null) {
-                requestContext.setPeerEntityMetadata(relyingPartyMetadata);
-                requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata
-                        .getSPSSODescriptor(SAMLConstants.SAML20P_NS));
-            } else {
-                log.error("Unable to locate metadata for relying party ({})", relyingPartyId);
-                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
-                        "Error locating relying party metadata"));
-                throw new ProfileException("Error locating relying party metadata");
-            }
-        } catch (MetadataProviderException e) {
-            log.error("Unable to locate metadata for relying party");
-            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
-                    "Error locating relying party metadata"));
-            throw new ProfileException("Error locating relying party metadata");
-        }
-
-        RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-        if (rpConfig == null) {
-            log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
-            throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
-                    + relyingPartyId);
-        }
-        requestContext.setRelyingPartyConfiguration(rpConfig);
-
-        SSOConfiguration profileConfig = (SSOConfiguration) rpConfig
-                .getProfileConfiguration(SSOConfiguration.PROFILE_ID);
-        requestContext.setProfileConfiguration(profileConfig);
-        requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
-        requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
-
-        String assertingPartyId = rpConfig.getProviderId();
-        requestContext.setLocalEntityId(assertingPartyId);
-        requestContext.setOutboundMessageIssuer(assertingPartyId);
-        try {
-            EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
-            if (localEntityDescriptor != null) {
-                requestContext.setLocalEntityMetadata(localEntityDescriptor);
-                requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
-                        .getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
-            }
-        } catch (MetadataProviderException e) {
-            log.error("Unable to locate metadata for asserting party");
-            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
-                    "Error locating asserting party metadata"));
-            throw new ProfileException("Error locating asserting party metadata");
-        }
-
-        return requestContext;
     }
 
     /**
@@ -510,7 +498,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
      * 
      * @return Endpoint selected from the information provided in the request context
      */
-    protected Endpoint selectEndpoint(SSORequestContext requestContext) {
+    protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext) {
         AuthnResponseEndpointSelector endpointSelector = new AuthnResponseEndpointSelector();
         endpointSelector.setEndpointType(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
         endpointSelector.setMetadataProvider(getMetadataProvider());
index e567d33..0cfc54c 100644 (file)
@@ -21,12 +21,12 @@ if defined CLASSPATH (
   set LOCALCLASSPATH=%CLASSPATH%
 )
 
-REM add in the dependency .jar files 
 if not exist %IDP_HOME% (
   echo Error: IDP_HOME is not defined correctly.
   exit /b
 )
 
+REM add in the dependency .jar files 
 for %%i in ("%IDP_HOME%\lib\*.jar") do (
        call "%IDP_HOME%\bin\cpappend.bat" %%i
 )