From 16fd8175bb13ee06af713b96a7dd3f607de1c0ef Mon Sep 17 00:00:00 2001 From: putmanb Date: Mon, 6 Jul 2009 18:00:44 +0000 Subject: [PATCH] Refactor outbound message encoder selection into a distinct method to: 1) consolidate logic and avoid duplication of code 2) check and avoid NPE's if endpoint or binding is null due to misconfiguration 3) allow subclasses to override encoder selection mechanism (re: uPortal work) git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2865 ab3bd59b-922f-494d-bb5f-6f0a3c29deca --- .../idp/profile/AbstractSAMLProfileHandler.java | 59 ++++++++++++++------ .../profile/saml1/AbstractSAML1ProfileHandler.java | 2 +- .../profile/saml2/AbstractSAML2ProfileHandler.java | 6 +- 3 files changed, 46 insertions(+), 21 deletions(-) diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java index 76078d9..a7413f9 100644 --- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java +++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.java @@ -23,6 +23,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.opensaml.common.IdentifierGenerator; +import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.common.binding.decoding.SAMLMessageDecoder; import org.opensaml.common.binding.encoding.SAMLMessageEncoder; import org.opensaml.saml1.core.NameIdentifier; @@ -495,23 +496,7 @@ public abstract class AbstractSAMLProfileHandler extends */ protected void encodeResponse(BaseSAMLProfileRequestContext requestContext) throws ProfileException { try { - SAMLMessageEncoder encoder = null; - - Endpoint endpoint = requestContext.getPeerEntityEndpoint(); - if (endpoint == null) { - log.warn("No peer endpoint available for peer. Unable to send response."); - throw new ProfileException("No peer endpoint available for peer. Unable to send response."); - } - - if (endpoint != null) { - encoder = getMessageEncoders().get(endpoint.getBinding()); - if (encoder == null) { - log.error("No outbound message encoder configured for binding: {}", requestContext - .getPeerEntityEndpoint().getBinding()); - throw new ProfileException("No outbound message encoder configured for binding: " - + requestContext.getPeerEntityEndpoint().getBinding()); - } - } + SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext); AbstractSAMLProfileConfiguration profileConfig = (AbstractSAMLProfileConfiguration) requestContext .getProfileConfiguration(); @@ -550,6 +535,46 @@ public abstract class AbstractSAMLProfileHandler extends } /** + * Get the outbound message encoder to use. + * + *

The default implementation uses the binding URI from the + * {@link SAMLMessageContext#getPeerEntityEndpoint()} to lookup + * the encoder from the supported message encoders defined in {@link #getMessageEncoders()}. + *

+ * + *

+ * Subclasses may override to implement a different mechanism to determine the + * encoder to use, such as for example cases where an active intermediary actor + * sits between this provider and the peer entity endpoint (e.g. the SAML 2 ECP case). + *

+ * + * @param requestContext current request context + * @return the message encoder to use + * @throws ProfileException if the encoder to use can not be resolved based on the request context + */ + protected SAMLMessageEncoder getOutboundMessageEncoder(BaseSAMLProfileRequestContext requestContext) + throws ProfileException { + SAMLMessageEncoder encoder = null; + + Endpoint endpoint = requestContext.getPeerEntityEndpoint(); + if (endpoint == null) { + log.warn("No peer endpoint available for peer. Unable to send response."); + throw new ProfileException("No peer endpoint available for peer. Unable to send response."); + } + + if (endpoint != null) { + encoder = getMessageEncoders().get(endpoint.getBinding()); + if (encoder == null) { + log.error("No outbound message encoder configured for binding: {}", requestContext + .getPeerEntityEndpoint().getBinding()); + throw new ProfileException("No outbound message encoder configured for binding: " + + requestContext.getPeerEntityEndpoint().getBinding()); + } + } + return encoder; + } + + /** * Writes an audit log entry indicating the successful response to the attribute request. * * @param context current request context diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java index d3fed40..41758ad 100644 --- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java +++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java @@ -606,7 +606,7 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan boolean signAssertion = false; RoleDescriptor relyingPartyRole = requestContext.getPeerEntityRoleMetadata(); - SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding()); + SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext); AbstractSAML1ProfileConfiguration profileConfig = requestContext.getProfileConfiguration(); try { diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java index 22a4709..d987f0f 100644 --- a/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java +++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java @@ -266,7 +266,7 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan signAssertion(requestContext, assertion); - SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding()); + SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext); try { if (requestContext.getProfileConfiguration().getEncryptAssertion() == CryptoOperationRequirementLevel.always || (requestContext.getProfileConfiguration().getEncryptAssertion() == CryptoOperationRequirementLevel.conditional && !encoder @@ -543,7 +543,7 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan boolean signAssertion = false; - SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding()); + SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext); AbstractSAML2ProfileConfiguration profileConfig = requestContext.getProfileConfiguration(); try { if (profileConfig.getSignAssertions() == CryptoOperationRequirementLevel.always @@ -684,7 +684,7 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan } } - SAMLMessageEncoder encoder = getMessageEncoders().get(requestContext.getPeerEntityEndpoint().getBinding()); + SAMLMessageEncoder encoder = getOutboundMessageEncoder(requestContext); try { if (nameIdEncRequiredByAuthnRequest || requestContext.getProfileConfiguration().getEncryptNameID() == CryptoOperationRequirementLevel.always -- 1.7.10.4