import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
-import org.opensaml.NoSuchProviderException;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLBinding;
-import org.opensaml.SAMLBindingFactory;
import org.opensaml.SAMLException;
import org.opensaml.SAMLRequest;
import org.opensaml.SAMLResponse;
/**
* @author Walter Hoehn
*/
-public class SAMLv1_1ArtifactQueryHandler extends BaseServiceHandler implements IdPProtocolHandler {
+public class SAMLv1_1ArtifactQueryHandler extends SAMLv1_Base_QueryHandler implements IdPProtocolHandler {
private static Logger log = Logger.getLogger(SAMLv1_1ArtifactQueryHandler.class.getName());
private SAMLBinding binding;
public SAMLv1_1ArtifactQueryHandler(Element config) throws ShibbolethConfigurationException {
super(config);
-
- try {
- binding = SAMLBindingFactory.getInstance(SAMLBinding.SOAP);
- } catch (NoSuchProviderException e) {
- log.error("Unable to initialize SAML SOAP binding:" + e);
- throw new ShibbolethConfigurationException("Couldn't initialize " + getHandlerName() + " handler.");
- }
}
/*
log.info("Received a request to dereference assertion artifacts.");
- // Parse SOAP request and marshall SAML request object
- SAMLRequest samlRequest = null;
- try {
- samlRequest = binding.receive(request, 1);
- } catch (SAMLException e) {
- log.error("Unable to parse request: " + e);
- throw new RequestHandlingException("Invalid request data.");
- }
+ SAMLRequest samlRequest = parseSAMLRequest(request);
- // If we have DEBUG logging turned on, dump out the request to the log
- // This takes some processing, so only do it if we need to
- if (log.isDebugEnabled()) {
- log
- .debug("Dumping generated SAML Request:" + System.getProperty("line.separator")
- + samlRequest.toString());
- }
try {
// Pull credential from request
binding.respond(response, samlResponse, null);
} catch (SAMLException e) {
-
- log.error("Error while processing request: " + e);
- try {
- SAMLResponse samlResponse = new SAMLResponse((samlRequest != null) ? samlRequest.getId() : null, null,
- null, e);
- if (log.isDebugEnabled()) {
- log.debug("Dumping generated SAML Error Response:" + System.getProperty("line.separator")
- + samlResponse.toString());
- }
- binding.respond(response, samlResponse, null);
- log.debug("Returning SAML Error Response.");
- } catch (SAMLException se) {
- try {
- binding.respond(response, null, e);
- } catch (SAMLException e1) {
- log.error("Caught exception while responding to requester: " + e.getMessage());
- throw new RequestHandlingException(e1.getMessage());
- }
- }
+ respondWithError(response, samlRequest, e);
}
}
package edu.internet2.middleware.shibboleth.idp.provider;
-import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.Principal;
import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
import edu.internet2.middleware.shibboleth.idp.IdPProtocolHandler;
import edu.internet2.middleware.shibboleth.idp.IdPProtocolSupport;
+import edu.internet2.middleware.shibboleth.idp.RequestHandlingException;
/**
* @author Walter Hoehn
*/
-public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements IdPProtocolHandler {
+public class SAMLv1_AttributeQueryHandler extends SAMLv1_Base_QueryHandler implements IdPProtocolHandler {
- private static Logger log = Logger.getLogger(SAMLv1_AttributeQueryHandler.class.getName());
+ static Logger log = Logger.getLogger(SAMLv1_AttributeQueryHandler.class.getName());
/**
* Required DOM-based constructor.
* javax.servlet.http.HttpServletResponse, org.opensaml.SAMLRequest,
* edu.internet2.middleware.shibboleth.idp.ProtocolSupport)
*/
- public SAMLResponse processRequest(HttpServletRequest request, HttpServletResponse response,
- SAMLRequest samlRequest, IdPProtocolSupport support) throws SAMLException, IOException, ServletException {
+ public void processRequest(HttpServletRequest request, HttpServletResponse response, IdPProtocolSupport support)
+ throws RequestHandlingException, ServletException {
+
+ SAMLRequest samlRequest = parseSAMLRequest(request);
if (samlRequest == null || samlRequest.getQuery() == null
|| !(samlRequest.getQuery() instanceof SAMLAttributeQuery)) {
log.error("Protocol Handler can only respond to SAML Attribute Queries.");
- throw new SAMLException("General error processing request.");
+ respondWithError(response, samlRequest, new SAMLException("General error processing request."));
+ return;
}
RelyingParty relyingParty = null;
}
if (effectiveName == null) {
- log
- .info("Remote provider not yet identified, attempting to derive requesting provider from credentials.");
+ log.info("Remote provider not yet identified, attempting to "
+ + "derive requesting provider from credentials.");
// Try the additional candidates.
String[] candidateNames = getCredentialNames(credentials[0]);
}
}
} catch (InvalidProviderCredentialException ipc) {
- throw new SAMLException(SAMLException.REQUESTER, "Invalid credentials for request.");
+ respondWithError(response, samlRequest, new SAMLException(SAMLException.REQUESTER,
+ "Invalid credentials for request."));
+ return;
}
}
log.info("Request contains SAML Subject Confirmation method: (" + method + ").");
hasConfirmationMethod = true;
}
- if (hasConfirmationMethod) { throw new SAMLException(SAMLException.REQUESTER,
- "This SAML authority cannot honor requests containing the supplied SAML Subject Confirmation Method(s)."); }
+ if (hasConfirmationMethod) {
+ respondWithError(
+ response,
+ samlRequest,
+ new SAMLException(SAMLException.REQUESTER,
+ "This SAML authority cannot honor requests containing the supplied SAML Subject Confirmation Method(s)."));
+ return;
+ }
- // Map Subject to local principal
- Principal principal = null;
try {
+ // Map Subject to local principal
+ Principal principal = null;
+
SAMLNameIdentifier nameId = attributeQuery.getSubject().getNameIdentifier();
log.debug("Name Identifier format: (" + nameId.getFormat() + ").");
NameIdentifierMapping mapping = null;
+ principal.getName() + ").");
}
- return samlResponse;
+ binding.respond(response, samlResponse, null);
} catch (SAMLException e) {
if (relyingParty.passThruErrors()) {
- throw new SAMLException("General error processing request.", e);
+ respondWithError(response, samlRequest, new SAMLException("General error processing request.", e));
} else {
- throw new SAMLException("General error processing request.");
+ respondWithError(response, samlRequest, new SAMLException("General error processing request."));
}
} catch (MetadataProviderException e) {
log.error("Encountered an error while looking up metadata: " + e);
if (relyingParty.passThruErrors()) {
- throw new SAMLException("General error processing request.", e);
+ respondWithError(response, samlRequest, new SAMLException("General error processing request.", e));
} else {
- throw new SAMLException("General error processing request.");
+ respondWithError(response, samlRequest, new SAMLException("General error processing request."));
}
} catch (InvalidNameIdentifierException e) {
log.error("Could not associate the request's subject with a principal: " + e);
if (relyingParty.passThruErrors()) {
- throw new SAMLException(Arrays.asList(e.getSAMLErrorCodes()), "The supplied Subject was unrecognized.",
- e);
+ respondWithError(response, samlRequest, new SAMLException(Arrays.asList(e.getSAMLErrorCodes()),
+ "The supplied Subject was unrecognized.", e));
} else {
- throw new SAMLException(Arrays.asList(e.getSAMLErrorCodes()), "The supplied Subject was unrecognized.");
+ respondWithError(response, samlRequest, new SAMLException(Arrays.asList(e.getSAMLErrorCodes()),
+ "The supplied Subject was unrecognized."));
}
} catch (NameIdentifierMappingException e) {
log.error("Encountered an error while mapping the name identifier from the request: " + e);
if (relyingParty.passThruErrors()) {
- throw new SAMLException("General error processing request.", e);
+ respondWithError(response, samlRequest, new SAMLException("General error processing request.", e));
} else {
- throw new SAMLException("General error processing request.");
+ respondWithError(response, samlRequest, new SAMLException("General error processing request."));
}
} catch (AAException e) {
log.error("Encountered an error while resolving resolving attributes: " + e);
if (relyingParty.passThruErrors()) {
- throw new SAMLException("General error processing request.", e);
+ respondWithError(response, samlRequest, new SAMLException("General error processing request.", e));
} else {
- throw new SAMLException("General error processing request.");
+ respondWithError(response, samlRequest, new SAMLException("General error processing request."));
}
} catch (CloneNotSupportedException e) {
log.error("Encountered an error while cloning request subject for use in response: " + e);
if (relyingParty.passThruErrors()) {
- throw new SAMLException("General error processing request.", e);
+ respondWithError(response, samlRequest, new SAMLException("General error processing request.", e));
} else {
- throw new SAMLException("General error processing request.");
+ respondWithError(response, samlRequest, new SAMLException("General error processing request."));
}
}
}
--- /dev/null
+
+package edu.internet2.middleware.shibboleth.idp.provider;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+import org.opensaml.NoSuchProviderException;
+import org.opensaml.SAMLBinding;
+import org.opensaml.SAMLBindingFactory;
+import org.opensaml.SAMLException;
+import org.opensaml.SAMLRequest;
+import org.opensaml.SAMLResponse;
+import org.w3c.dom.Element;
+
+import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
+import edu.internet2.middleware.shibboleth.idp.RequestHandlingException;
+
+public abstract class SAMLv1_Base_QueryHandler extends BaseServiceHandler {
+
+ private static Logger log = Logger.getLogger(SAMLv1_Base_QueryHandler.class.getName());
+ protected SAMLBinding binding;
+
+ protected SAMLv1_Base_QueryHandler(Element config) throws ShibbolethConfigurationException {
+
+ super(config);
+
+ try {
+ binding = SAMLBindingFactory.getInstance(SAMLBinding.SOAP);
+ } catch (NoSuchProviderException e) {
+ log.error("Unable to initialize SAML SOAP binding:" + e);
+ throw new ShibbolethConfigurationException("Couldn't initialize " + getHandlerName() + " handler.");
+ }
+ }
+
+ protected SAMLRequest parseSAMLRequest(HttpServletRequest request) throws RequestHandlingException {
+
+ // Parse SOAP request and marshall SAML request object
+ SAMLRequest samlRequest = null;
+ try {
+ samlRequest = binding.receive(request, 1);
+ } catch (SAMLException e) {
+ log.error("Unable to parse request: " + e);
+ throw new RequestHandlingException("Invalid request data.");
+ }
+
+ // If we have DEBUG logging turned on, dump out the request to the log
+ // This takes some processing, so only do it if we need to
+ if (log.isDebugEnabled()) {
+ log
+ .debug("Dumping generated SAML Request:" + System.getProperty("line.separator")
+ + samlRequest.toString());
+ }
+ return samlRequest;
+ }
+
+ protected void respondWithError(HttpServletResponse response, SAMLRequest samlRequest, SAMLException e)
+ throws RequestHandlingException {
+
+ log.error("Error while processing request: " + e);
+ try {
+ SAMLResponse samlResponse = new SAMLResponse((samlRequest != null) ? samlRequest.getId() : null, null,
+ null, e);
+ if (log.isDebugEnabled()) {
+ log.debug("Dumping generated SAML Error Response:" + System.getProperty("line.separator")
+ + samlResponse.toString());
+ }
+ binding.respond(response, samlResponse, null);
+ log.debug("Returning SAML Error Response.");
+ } catch (SAMLException se) {
+ try {
+ binding.respond(response, null, e);
+ } catch (SAMLException e1) {
+ log.error("Caught exception while responding to requester: " + e.getMessage());
+ throw new RequestHandlingException(e1.getMessage());
+ }
+ }
+ }
+
+}
\ No newline at end of file