projects / java-idp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0666cdc)
Fail attribute query request if specific attributes are requested - SIDP-344
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 1 Oct 2009 10:32:52 +0000 (10:32 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 1 Oct 2009 10:32:52 +0000 (10:32 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2895 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java patch | blob | history

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
index 30e6b8f..bb825da 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
@@ -90,6 +90,17 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
             } else {
                 checkSamlVersion(requestContext);
 
+                // TODO add proper requested attribute filtering support
+                AttributeQuery query = requestContext.getInboundSAMLMessage();
+                if (query.getAttributes() != null && !query.getAttributes().isEmpty()) {
+                    log.warn("Specific attributes requested in query '{}'. This functionality is not yet supported",
+                            requestContext.getInboundMessageIssuer());
+                    requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI,
+                            StatusCode.REQUEST_UNSUPPORTED_URI,
+                            "Request of specific attributes during an attribute query is not supported"));
+                    throw new ProfileException();
+                }
+
                 // Resolve attribute query name id to principal name and place in context
                 resolvePrincipal(requestContext);
 
@@ -140,8 +151,8 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
     protected void decodeRequest(AttributeQueryContext requestContext, HTTPInTransport inTransport,
             HTTPOutTransport outTransport) throws ProfileException {
         if (log.isDebugEnabled()) {
-            log.debug("Decoding message with decoder binding '{}'",
-                    getInboundMessageDecoder(requestContext).getBindingURI());
+            log.debug("Decoding message with decoder binding '{}'", getInboundMessageDecoder(requestContext)
+                    .getBindingURI());
         }
 
         requestContext.setCommunicationProfileId(getProfileId());
Shibboleth 2 Java IdP