Shibboleth Discovery Service 1.1.0 Reference Package edu.internet2.middleware.shibboleth.common

From ca19e1aeccc299295d581aab6e9f409f85c248c2 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 29 Jun 2010 23:47:21 +0200 Subject: import 1.1. --- .../shibboleth/common/package-frame.html | 2 +- .../shibboleth/common/package-summary.html | 2 +- .../shibboleth/wayf/DiscoveryServiceHandler.html | 1909 ++++++++++---------- .../middleware/shibboleth/wayf/IdPSiteSet.html | 6 +- .../middleware/shibboleth/wayf/WayfService.html | 557 +++--- .../middleware/shibboleth/wayf/package-frame.html | 11 +- .../shibboleth/wayf/package-summary.html | 17 +- .../shibboleth/wayf/plugins/package-frame.html | 2 +- .../shibboleth/wayf/plugins/package-summary.html | 2 +- .../wayf/plugins/provider/BindingFilter.html | 284 ++- .../wayf/plugins/provider/ListFilter.html | 301 ++- .../wayf/plugins/provider/package-frame.html | 2 +- .../wayf/plugins/provider/package-summary.html | 2 +- 13 files changed, 1531 insertions(+), 1566 deletions(-) (limited to 'doc/src-xref/edu/internet2') diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/common/package-frame.html b/doc/src-xref/edu/internet2/middleware/shibboleth/common/package-frame.html index 49ad758..6a60a72 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/common/package-frame.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/common/package-frame.html @@ -3,7 +3,7 @@ - Shibboleth Discovery Service 1.1.0 Reference Package edu.internet2.middleware.shibboleth.common + Shibboleth Discovery Service 1.1.1 Reference Package edu.internet2.middleware.shibboleth.common diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/common/package-summary.html b/doc/src-xref/edu/internet2/middleware/shibboleth/common/package-summary.html index 95e0aa0..75321a1 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/common/package-summary.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/common/package-summary.html @@ -3,7 +3,7 @@ - Shibboleth Discovery Service 1.1.0 Reference Package edu.internet2.middleware.shibboleth.common + Shibboleth Discovery Service 1.1.1 Reference Package edu.internet2.middleware.shibboleth.common diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/DiscoveryServiceHandler.html b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/DiscoveryServiceHandler.html index 9f4e4ed..a9e9e2f 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/DiscoveryServiceHandler.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/DiscoveryServiceHandler.html @@ -52,964 +52,965 @@ 42 import org.opensaml.saml2.metadata.EntityDescriptor; 43 import org.opensaml.saml2.metadata.RoleDescriptor; 44 import org.opensaml.saml2.metadata.SPSSODescriptor; -45 import org.opensaml.xml.XMLObject; -46 import org.slf4j.Logger; -47 import org.slf4j.LoggerFactory; -48 import org.w3c.dom.Element; -49 import org.w3c.dom.NodeList; -50 -51 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException; -52 import edu.internet2.middleware.shibboleth.wayf.plugins.Plugin; -53 import edu.internet2.middleware.shibboleth.wayf.plugins.PluginContext; -54 import edu.internet2.middleware.shibboleth.wayf.plugins.PluginMetadataParameter; -55 import edu.internet2.middleware.shibboleth.wayf.plugins.WayfRequestHandled; -56 -57 /** -58 * Specific handler for each version of the Discovery Service. -59 */ -60 public class DiscoveryServiceHandler { -61 -62 /* -63 * Protcol parameters - Old. -64 */ -65 /** -66 * Shire is the SP Assertion Consumer endpoint. -67 */ -68 private static final String SHIRE_PARAM_NAME = "shire"; -69 /** -70 * TargetName is where we are trying to get to. -71 */ -72 private static final String TARGET_PARAM_NAME = "target"; -73 /** -74 * time is to do with replay attack. -75 */ -76 private static final String TIME_PARAM_NAME = "time"; -77 /** -78 * This is the ID (in the metadata) of the SP. -79 */ -80 private static final String PROVIDERID_PARAM_NAME = "providerId"; -81 -82 /* -83 * Protocol parameters - New -84 */ -85 /** -86 * The SP id. -87 */ -88 private static final String ENTITYID_PARAM_NAME = "entityID"; -89 /** -90 * Where to send the request back to. -91 */ -92 private static final String RETURN_PARAM_NAME = "return"; -93 /** -94 * "return" is an invalid attribute, so we use returnX. -95 */ -96 private static final String RETURN_ATTRIBUTE_NAME = "returnX"; -97 /** -98 * Alternatively the index of where to send the address back to. -99 */ -100 private static final String RETURN_INDEX_NAME = "returnIndex"; -101 -102 /** -103 * What value to put the ID of the selected metadata into. -104 */ -105 private static final String RETURNID_PARAM_NAME = "returnIDParam"; -106 -107 /** -108 * What returnIDParam defaults to. -109 */ -110 private static final String RETURNID_DEFAULT_VALUE = "entityID"; -111 /** -112 * Whether we are allowed to interact. -113 */ -114 private static final String ISPASSIVE_PARAM_NAME = "isPassive"; -115 -116 /** -117 * Whether we understand this or not. -118 */ -119 private static final String POLICY_PARAM_NAME = "policy"; -120 -121 /** -122 * The only policy we know about. -123 */ -124 private static final String KNOWN_POLICY_NAME -125 = "urn:oasis:names:tc:SAML:profiles:SSO:idp-discoveryprotocol:single"; -126 -127 /** -128 * Mandatory Serialization constant. -129 */ -130 private static final Logger LOG = LoggerFactory.getLogger(DiscoveryServiceHandler.class.getName()); -131 -132 /** -133 * The location defines the last part of the URL which distinguished this handler. -134 */ -135 private final String location; -136 -137 /** -138 * If isDefault is true then if there is a mismatch then this handler is used. -139 */ -140 private final boolean isDefault; -141 -142 /** -143 * Config handles detailed behavior. -144 */ -145 private final HandlerConfig config; -146 -147 /** -148 * The list of all the metadata providers that this discovery handler believes in. -149 */ -150 private final List <IdPSiteSet> siteSets; -151 -152 /** -153 * The list of all the plugins that this hanlder has had configured. -154 */ -155 private final List <Plugin> plugins; -156 -157 /** -158 * Constructor to create and configure the handler. -159 * @param config - DOM Element with configuration information. -160 * @param federations - Supplies all known providers which will be included if so configured. -161 * @param plugins - Supplies all known plugins which will be included if configured in. -162 * @param defaultConfig - The default configurations. -163 * @throws ShibbolethConfigurationException - if we find something odd in the config file. -164 */ -165 protected DiscoveryServiceHandler(Element config, -166 Hashtable <String, IdPSiteSet> federations, -167 Hashtable <String, Plugin> plugins, -168 HandlerConfig defaultConfig) throws ShibbolethConfigurationException -169 { -170 siteSets = new ArrayList <IdPSiteSet>(federations.size()); -171 this.plugins = new ArrayList <Plugin>(plugins.size()); -172 -173 // -174 // Collect the Configuration from the XML -175 // -176 -177 this.config = new HandlerConfig(config, defaultConfig); -178 -179 location = config.getAttribute("location"); -180 -181 if (location == null || location.equals("")) { -182 -183 LOG.error("DiscoveryService must have a location specified"); -184 throw new ShibbolethConfigurationException("DiscoveryService must have a location specified"); -185 } -186 -187 // -188 // Is this the default WAYF? -189 // -190 -191 String attribute = config.getAttribute("default"); -192 if (attribute != null && !attribute.equals("")) { -193 isDefault = Boolean.valueOf(attribute).booleanValue(); -194 } else { -195 isDefault = true; -196 } -197 -198 // -199 // Which federations (sitesets) do we care about? -200 // -201 -202 NodeList list = config.getElementsByTagName("Federation"); -203 -204 for (int i = 0; i < list.getLength(); i++ ) { -205 -206 attribute = ((Element) list.item(i)).getAttribute("identifier"); -207 -208 IdPSiteSet siteset = federations.get(attribute); -209 -210 if (siteset == null) { -211 LOG.error("Handler " + location + ": could not find metadata for <Federation> with identifier " + attribute + "."); -212 throw new ShibbolethConfigurationException( -213 "Handler " + location + ": could not find metadata for <Federation> identifier " + attribute + "."); -214 } -215 -216 siteSets.add(siteset); -217 } -218 -219 if (siteSets.size() == 0) { -220 // -221 // No Federations explicitly named pick em all -222 // -223 siteSets.addAll(federations.values()); -224 } -225 -226 // -227 // Now, which plugins? -228 // -229 -230 list = config.getElementsByTagName("PluginInstance"); -231 -232 for (int i = 0; i < list.getLength(); i++ ) { -233 -234 attribute = ((Element) list.item(i)).getAttribute("identifier"); -235 -236 Plugin plugin = plugins.get(attribute); -237 -238 if (plugin == null) { -239 LOG.error("Handler " + location + ": could not find plugin for identifier " + attribute); -240 throw new ShibbolethConfigurationException( -241 "Handler " + location + ": could not find plugin for identifier " + attribute); -242 } -243 -244 this.plugins.add(plugin); -245 } -246 -247 // -248 // So now tell every IdPSite about every plugin. -249 // -250 // Note that there is only one idpsite per metadatafile per WAYF and that the discovery -251 // services share them, so the data explosion is only number(IdpSites) * number(Plugins) not -252 // number(IdpSites) * number(Plugins) * number(DiscoverHandlers) -253 -254 for (IdPSiteSet site: siteSets) { -255 for (Plugin plugin: this.plugins) { -256 site.addPlugin(plugin); -257 } -258 } -259 } -260 +45 import org.opensaml.samlext.idpdisco.DiscoveryResponse; +46 import org.opensaml.xml.XMLObject; +47 import org.slf4j.Logger; +48 import org.slf4j.LoggerFactory; +49 import org.w3c.dom.Element; +50 import org.w3c.dom.NodeList; +51 +52 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException; +53 import edu.internet2.middleware.shibboleth.wayf.plugins.Plugin; +54 import edu.internet2.middleware.shibboleth.wayf.plugins.PluginContext; +55 import edu.internet2.middleware.shibboleth.wayf.plugins.PluginMetadataParameter; +56 import edu.internet2.middleware.shibboleth.wayf.plugins.WayfRequestHandled; +57 +58 /** +59 * Specific handler for each version of the Discovery Service. +60 */ +61 public class DiscoveryServiceHandler { +62 +63 /* +64 * Protcol parameters - Old. +65 */ +66 /** +67 * Shire is the SP Assertion Consumer endpoint. +68 */ +69 private static final String SHIRE_PARAM_NAME = "shire"; +70 /** +71 * TargetName is where we are trying to get to. +72 */ +73 private static final String TARGET_PARAM_NAME = "target"; +74 /** +75 * time is to do with replay attack. +76 */ +77 private static final String TIME_PARAM_NAME = "time"; +78 /** +79 * This is the ID (in the metadata) of the SP. +80 */ +81 private static final String PROVIDERID_PARAM_NAME = "providerId"; +82 +83 /* +84 * Protocol parameters - New +85 */ +86 /** +87 * The SP id. +88 */ +89 private static final String ENTITYID_PARAM_NAME = "entityID"; +90 /** +91 * Where to send the request back to. +92 */ +93 private static final String RETURN_PARAM_NAME = "return"; +94 /** +95 * "return" is an invalid attribute, so we use returnX. +96 */ +97 private static final String RETURN_ATTRIBUTE_NAME = "returnX"; +98 /** +99 * Alternatively the index of where to send the address back to. +100 */ +101 private static final String RETURN_INDEX_NAME = "returnIndex"; +102 +103 /** +104 * What value to put the ID of the selected metadata into. +105 */ +106 private static final String RETURNID_PARAM_NAME = "returnIDParam"; +107 +108 /** +109 * What returnIDParam defaults to. +110 */ +111 private static final String RETURNID_DEFAULT_VALUE = "entityID"; +112 /** +113 * Whether we are allowed to interact. +114 */ +115 private static final String ISPASSIVE_PARAM_NAME = "isPassive"; +116 +117 /** +118 * Whether we understand this or not. +119 */ +120 private static final String POLICY_PARAM_NAME = "policy"; +121 +122 /** +123 * The only policy we know about. +124 */ +125 private static final String KNOWN_POLICY_NAME +126 = "urn:oasis:names:tc:SAML:profiles:SSO:idp-discoveryprotocol:single"; +127 +128 /** +129 * Mandatory Serialization constant. +130 */ +131 private static final Logger LOG = LoggerFactory.getLogger(DiscoveryServiceHandler.class.getName()); +132 +133 /** +134 * The location defines the last part of the URL which distinguished this handler. +135 */ +136 private final String location; +137 +138 /** +139 * If isDefault is true then if there is a mismatch then this handler is used. +140 */ +141 private final boolean isDefault; +142 +143 /** +144 * Config handles detailed behavior. +145 */ +146 private final HandlerConfig config; +147 +148 /** +149 * The list of all the metadata providers that this discovery handler believes in. +150 */ +151 private final List <IdPSiteSet> siteSets; +152 +153 /** +154 * The list of all the plugins that this hanlder has had configured. +155 */ +156 private final List <Plugin> plugins; +157 +158 /** +159 * Constructor to create and configure the handler. +160 * @param config - DOM Element with configuration information. +161 * @param federations - Supplies all known providers which will be included if so configured. +162 * @param plugins - Supplies all known plugins which will be included if configured in. +163 * @param defaultConfig - The default configurations. +164 * @throws ShibbolethConfigurationException - if we find something odd in the config file. +165 */ +166 protected DiscoveryServiceHandler(Element config, +167 Hashtable <String, IdPSiteSet> federations, +168 Hashtable <String, Plugin> plugins, +169 HandlerConfig defaultConfig) throws ShibbolethConfigurationException +170 { +171 siteSets = new ArrayList <IdPSiteSet>(federations.size()); +172 this.plugins = new ArrayList <Plugin>(plugins.size()); +173 +174 // +175 // Collect the Configuration from the XML +176 // +177 +178 this.config = new HandlerConfig(config, defaultConfig); +179 +180 location = config.getAttribute("location"); +181 +182 if (location == null || location.equals("")) { +183 +184 LOG.error("DiscoveryService must have a location specified"); +185 throw new ShibbolethConfigurationException("DiscoveryService must have a location specified"); +186 } +187 +188 // +189 // Is this the default WAYF? +190 // +191 +192 String attribute = config.getAttribute("default"); +193 if (attribute != null && !attribute.equals("")) { +194 isDefault = Boolean.valueOf(attribute).booleanValue(); +195 } else { +196 isDefault = false; +197 } +198 +199 // +200 // Which federations (sitesets) do we care about? +201 // +202 +203 NodeList list = config.getElementsByTagName("Federation"); +204 +205 for (int i = 0; i < list.getLength(); i++ ) { +206 +207 attribute = ((Element) list.item(i)).getAttribute("identifier"); +208 +209 IdPSiteSet siteset = federations.get(attribute); +210 +211 if (siteset == null) { +212 LOG.error("Handler " + location + ": could not find metadata for <Federation> with identifier " + attribute + "."); +213 throw new ShibbolethConfigurationException( +214 "Handler " + location + ": could not find metadata for <Federation> identifier " + attribute + "."); +215 } +216 +217 siteSets.add(siteset); +218 } +219 +220 if (siteSets.size() == 0) { +221 // +222 // No Federations explicitly named pick em all +223 // +224 siteSets.addAll(federations.values()); +225 } +226 +227 // +228 // Now, which plugins? +229 // +230 +231 list = config.getElementsByTagName("PluginInstance"); +232 +233 for (int i = 0; i < list.getLength(); i++ ) { +234 +235 attribute = ((Element) list.item(i)).getAttribute("identifier"); +236 +237 Plugin plugin = plugins.get(attribute); +238 +239 if (plugin == null) { +240 LOG.error("Handler " + location + ": could not find plugin for identifier " + attribute); +241 throw new ShibbolethConfigurationException( +242 "Handler " + location + ": could not find plugin for identifier " + attribute); +243 } +244 +245 this.plugins.add(plugin); +246 } +247 +248 // +249 // So now tell every IdPSite about every plugin. +250 // +251 // Note that there is only one idpsite per metadatafile per WAYF and that the discovery +252 // services share them, so the data explosion is only number(IdpSites) * number(Plugins) not +253 // number(IdpSites) * number(Plugins) * number(DiscoverHandlers) +254 +255 for (IdPSiteSet site: siteSets) { +256 for (Plugin plugin: this.plugins) { +257 site.addPlugin(plugin); +258 } +259 } +260 } 261 -262 // -263 // Standard Beany Methods -264 // -265 /** -266 * The 'Name' of the service. the path used to identify the ServiceHandler. -267 * @return the path used to identify the ServiceHandler. -268 */ -269 -270 protected String getLocation() { -271 return location; -272 } -273 -274 /** -275 * Whether this is the default service. -276 * @return is it? -277 */ -278 protected boolean isDefault() { -279 return isDefault; -280 } -281 -282 // -283 // Now the bits that deal with the user request -284 // -285 -286 public void doGet(HttpServletRequest req, HttpServletResponse res) { -287 -288 String policy = req.getParameter(POLICY_PARAM_NAME); -289 -290 if (null != policy && !KNOWN_POLICY_NAME.equals(policy)) { -291 // -292 // unknown policy -293 // -294 LOG.error("Unknown policy " + policy); -295 handleError(req, res, "Unknown policy " + policy); -296 return; -297 } -298 -299 // -300 // Decide how to route the request based on query string -301 // -302 String requestType = req.getParameter("action"); -303 -304 if (requestType == null || requestType.equals("")) { -305 requestType = "lookup"; -306 } -307 -308 try { -309 -310 if (requestType.equals("search")) { -311 -312 String parameter = req.getParameter("string"); -313 if (parameter != null && parameter.equals("")) { -314 parameter = null; -315 } -316 handleLookup(req, res, parameter); -317 -318 } else if (requestType.equals("selection")) { -319 -320 handleSelection(req, res); -321 } else { -322 handleLookup(req, res, null); -323 } -324 } catch (WayfException we) { -325 LOG.error("Error processing DS request:", we); -326 handleError(req, res, we.getLocalizedMessage()); -327 } catch (WayfRequestHandled we) { -328 // -329 // Yuck - a sucess path involving an exception -330 // -331 } -332 -333 } -334 -335 /** -336 * When the WAYF user has selected something we look it up, tell the plugins and then dispatch to the Idp. -337 * -338 * @param req - standard J2EE stuff -339 * @param res - standard J2EE stuff -340 * @throws WayfRequestHandled - if one of the plugins has done the dispatch -341 * @throws WayfException - if we had an errors -342 */ -343 private void handleSelection(HttpServletRequest req, -344 HttpServletResponse res) throws WayfRequestHandled, WayfException -345 { -346 -347 String idpName = req.getParameter("origin"); -348 LOG.debug("Processing handle selection: " + idpName); -349 -350 String sPName = getSPId(req); -351 -352 if (idpName == null || idpName.equals("")) { -353 handleLookup(req, res, null); -354 return; -355 } -356 -357 if (getValue(req, SHIRE_PARAM_NAME) == null) { -358 // -359 // 2.0 protocol -360 // -361 setupReturnAddress(sPName, req); -362 } -363 // -364 // Notify plugins -365 // -366 IdPSite site = null; -367 -368 for (Plugin plugin:plugins) { -369 for (IdPSiteSet idPSiteSet: siteSets) { -370 PluginMetadataParameter param = idPSiteSet.paramFor(plugin); -371 plugin.selected(req, res, param, idpName); -372 if (site == null && idPSiteSet.containsIdP(idpName)) { -373 site = idPSiteSet.getSite(idpName); -374 } -375 } -376 } -377 -378 if (site == null) { -379 handleLookup(req, res, null); -380 } else { -381 forwardRequest(req, res, site); -382 } -383 } -384 +262 +263 // +264 // Standard Beany Methods +265 // +266 /** +267 * The 'Name' of the service. the path used to identify the ServiceHandler. +268 * @return the path used to identify the ServiceHandler. +269 */ +270 +271 protected String getLocation() { +272 return location; +273 } +274 +275 /** +276 * Whether this is the default service. +277 * @return is it? +278 */ +279 protected boolean isDefault() { +280 return isDefault; +281 } +282 +283 // +284 // Now the bits that deal with the user request +285 // +286 +287 public void doGet(HttpServletRequest req, HttpServletResponse res) { +288 +289 String policy = req.getParameter(POLICY_PARAM_NAME); +290 +291 if (null != policy && !KNOWN_POLICY_NAME.equals(policy)) { +292 // +293 // unknown policy +294 // +295 LOG.error("Unknown policy " + policy); +296 handleError(req, res, "Unknown policy " + policy); +297 return; +298 } +299 +300 // +301 // Decide how to route the request based on query string +302 // +303 String requestType = req.getParameter("action"); +304 +305 if (requestType == null || requestType.equals("")) { +306 requestType = "lookup"; +307 } +308 +309 try { +310 +311 if (requestType.equals("search")) { +312 +313 String parameter = req.getParameter("string"); +314 if (parameter != null && parameter.equals("")) { +315 parameter = null; +316 } +317 handleLookup(req, res, parameter); +318 +319 } else if (requestType.equals("selection")) { +320 +321 handleSelection(req, res); +322 } else { +323 handleLookup(req, res, null); +324 } +325 } catch (WayfException we) { +326 LOG.error("Error processing DS request:", we); +327 handleError(req, res, we.getLocalizedMessage()); +328 } catch (WayfRequestHandled we) { +329 // +330 // Yuck - a sucess path involving an exception +331 // +332 } +333 +334 } +335 +336 /** +337 * When the WAYF user has selected something we look it up, tell the plugins and then dispatch to the Idp. +338 * +339 * @param req - standard J2EE stuff +340 * @param res - standard J2EE stuff +341 * @throws WayfRequestHandled - if one of the plugins has done the dispatch +342 * @throws WayfException - if we had an errors +343 */ +344 private void handleSelection(HttpServletRequest req, +345 HttpServletResponse res) throws WayfRequestHandled, WayfException +346 { +347 +348 String idpName = req.getParameter("origin"); +349 LOG.debug("Processing handle selection: " + idpName); +350 +351 String sPName = getSPId(req); +352 +353 if (idpName == null || idpName.equals("")) { +354 handleLookup(req, res, null); +355 return; +356 } +357 +358 if (getValue(req, SHIRE_PARAM_NAME) == null) { +359 // +360 // 2.0 protocol +361 // +362 setupReturnAddress(sPName, req); +363 } +364 // +365 // Notify plugins +366 // +367 IdPSite site = null; +368 +369 for (Plugin plugin:plugins) { +370 for (IdPSiteSet idPSiteSet: siteSets) { +371 PluginMetadataParameter param = idPSiteSet.paramFor(plugin); +372 plugin.selected(req, res, param, idpName); +373 if (site == null && idPSiteSet.containsIdP(idpName)) { +374 site = idPSiteSet.getSite(idpName); +375 } +376 } +377 } +378 +379 if (site == null) { +380 handleLookup(req, res, null); +381 } else { +382 forwardRequest(req, res, site); +383 } +384 } 385 -386 /** -387 * This sets up the parameter RETURN_ATTRIBUTE_NAME with the return address -388 * harvested from the reqest. -389 * <ul><le>If a "return" parameter is present we check in the metadata for spoofing -390 * and then set up from there </le> -391 * <le>If "returnID" is specified we get this from the metadata</le> -392 * <le>If nothing is provided we get the default from the metadata (if provided)</le> -393 * <le>Otherwise we whine</le> -394 * </ul> -395 * @param spName - the name of the Service provider. -396 * @param req - The request. -397 * @throws WayfException - if we spot spoofing or there is no defaumlt -398 */ -399 private void setupReturnAddress(String spName, HttpServletRequest req) throws WayfException{ -400 -401 DiscoveryResponseImpl[] discoveryServices; -402 Set<XMLObject> objects = new HashSet<XMLObject>(); -403 String defaultName = null; -404 -405 for (IdPSiteSet metadataProvider:siteSets) { -406 -407 // -408 // Only do work if the SP makes sense -409 // -410 -411 if (metadataProvider.containsSP(spName)) { -412 -413 // -414 // The name makes sense so let's get the entity and from that -415 // all of its roles -416 // -417 -418 EntityDescriptor entity = metadataProvider.getEntity(spName); -419 List<RoleDescriptor> roles = entity.getRoleDescriptors(); -420 -421 for (RoleDescriptor role:roles) { -422 -423 // -424 // Check every role -425 // -426 -427 if (role instanceof SPSSODescriptor) { -428 -429 // -430 // And grab hold of all the extensions for SPSSO descriptors -431 // -432 -433 Extensions exts = role.getExtensions(); -434 if (exts != null) { -435 objects.addAll(exts.getOrderedChildren()); -436 } -437 } -438 } -439 } -440 } -441 -442 // -443 // Now, let's strip out everything which isn't a DiscoveryService -444 // -445 -446 discoveryServices = new DiscoveryResponseImpl[objects.size()]; -447 int dsCount = 0; -448 -449 for (XMLObject obj:objects) { -450 if (obj instanceof DiscoveryResponseImpl) { -451 DiscoveryResponseImpl ds = (DiscoveryResponseImpl) obj; -452 discoveryServices[dsCount++] = ds; -453 if (ds.isDefault() || null == defaultName) { -454 defaultName = ds.getLocation(); -455 } -456 } -457 } -458 -459 // -460 // Now process the return parameters. The name is either a parameter -461 // called RETURN_PARAM_NAME or an attributes called RETURN_ATTRIBUTE_NAME -462 // -463 String returnName = req.getParameter(RETURN_PARAM_NAME); -464 -465 if (returnName == null || returnName.length() == 0) { -466 returnName = getValue(req, RETURN_ATTRIBUTE_NAME); -467 } -468 -469 // -470 // Return index is only ever a parameter -471 // -472 -473 String returnIndex = req.getParameter(RETURN_INDEX_NAME); -474 -475 if (returnName != null && returnName.length() != 0) { -476 // -477 // Given something so we have to police it. -478 // -479 String nameNoParam = returnName; -480 URL providedReturnURL; -481 int index = nameNoParam.indexOf('?'); -482 boolean found = false; -483 -484 if (index >= 0) { -485 nameNoParam = nameNoParam.substring(0,index); -486 } -487 -488 try { -489 providedReturnURL = new URL(nameNoParam); -490 } catch (MalformedURLException e) { -491 throw new WayfException("Couldn't parse provided return name " + nameNoParam, e); -492 } -493 +386 +387 /** +388 * This sets up the parameter RETURN_ATTRIBUTE_NAME with the return address +389 * harvested from the reqest. +390 * <ul><le>If a "return" parameter is present we check in the metadata for spoofing +391 * and then set up from there </le> +392 * <le>If "returnID" is specified we get this from the metadata</le> +393 * <le>If nothing is provided we get the default from the metadata (if provided)</le> +394 * <le>Otherwise we whine</le> +395 * </ul> +396 * @param spName - the name of the Service provider. +397 * @param req - The request. +398 * @throws WayfException - if we spot spoofing or there is no defaumlt +399 */ +400 private void setupReturnAddress(String spName, HttpServletRequest req) throws WayfException{ +401 +402 DiscoveryResponse[] discoveryServices; +403 Set<XMLObject> objects = new HashSet<XMLObject>(); +404 String defaultName = null; +405 +406 for (IdPSiteSet metadataProvider:siteSets) { +407 +408 // +409 // Only do work if the SP makes sense +410 // +411 +412 if (metadataProvider.containsSP(spName)) { +413 +414 // +415 // The name makes sense so let's get the entity and from that +416 // all of its roles +417 // +418 +419 EntityDescriptor entity = metadataProvider.getEntity(spName); +420 List<RoleDescriptor> roles = entity.getRoleDescriptors(); +421 +422 for (RoleDescriptor role:roles) { +423 +424 // +425 // Check every role +426 // +427 +428 if (role instanceof SPSSODescriptor) { +429 +430 // +431 // And grab hold of all the extensions for SPSSO descriptors +432 // +433 +434 Extensions exts = role.getExtensions(); +435 if (exts != null) { +436 objects.addAll(exts.getOrderedChildren()); +437 } +438 } +439 } +440 } +441 } +442 +443 // +444 // Now, let's strip out everything which isn't a DiscoveryService +445 // +446 +447 discoveryServices = new DiscoveryResponse[objects.size()]; +448 int dsCount = 0; +449 +450 for (XMLObject obj:objects) { +451 if (obj instanceof DiscoveryResponse) { +452 DiscoveryResponse ds = (DiscoveryResponse) obj; +453 discoveryServices[dsCount++] = ds; +454 if (ds.isDefault() || null == defaultName) { +455 defaultName = ds.getLocation(); +456 } +457 } +458 } +459 +460 // +461 // Now process the return parameters. The name is either a parameter +462 // called RETURN_PARAM_NAME or an attributes called RETURN_ATTRIBUTE_NAME +463 // +464 String returnName = req.getParameter(RETURN_PARAM_NAME); +465 +466 if (returnName == null || returnName.length() == 0) { +467 returnName = getValue(req, RETURN_ATTRIBUTE_NAME); +468 } +469 +470 // +471 // Return index is only ever a parameter +472 // +473 +474 String returnIndex = req.getParameter(RETURN_INDEX_NAME); +475 +476 if (returnName != null && returnName.length() != 0) { +477 // +478 // Given something so we have to police it. +479 // +480 String nameNoParam = returnName; +481 URL providedReturnURL; +482 int index = nameNoParam.indexOf('?'); +483 boolean found = false; +484 +485 if (index >= 0) { +486 nameNoParam = nameNoParam.substring(0,index); +487 } +488 +489 try { +490 providedReturnURL = new URL(nameNoParam); +491 } catch (MalformedURLException e) { +492 throw new WayfException("Couldn't parse provided return name " + nameNoParam, e); +493 } 494 -495 for (DiscoveryResponseImpl disc: discoveryServices) { -496 if (equalsURL(disc, providedReturnURL)) { -497 found = true; -498 break; -499 } -500 } -501 if (!found) { -502 throw new WayfException("Couldn't find endpoint " + nameNoParam + " in metadata"); -503 } -504 } else if (returnIndex != null && returnIndex.length() != 0) { -505 -506 int index; -507 try { -508 index = Integer.parseInt(returnIndex); -509 } catch (NumberFormatException e) { -510 throw new WayfException("Couldn't convert " + returnIndex + " into an index"); -511 } -512 // -513 // So look throught to find the endpoint with the correct index -514 // -515 -516 boolean found = false; -517 -518 for (DiscoveryResponseImpl disc: discoveryServices) { -519 if (index == disc.getIndex()) { -520 found = true; -521 returnName = disc.getLocation(); -522 break; -523 } -524 } -525 if (!found) { -526 throw new WayfException("Couldn't not find endpoint " + returnIndex + "in metadata"); -527 } -528 } else { -529 // -530 // No name, not index, so we want the default -531 // -532 returnName = defaultName; -533 } -534 // -535 // So by now returnName has the correct value, either harvested from or -536 // policed against the metadata -537 // -538 req.setAttribute(RETURN_ATTRIBUTE_NAME, returnName); -539 } -540 -541 /** -542 * Helper function to see whather the provided endpoint in the metadata matches the -543 * provided return URL in the request. -544 * -545 * @param discovery -546 * @param providedName -547 * @return -548 */ -549 private static boolean equalsURL(DiscoveryResponseImpl discovery, URL providedName) { -550 -551 // -552 // Nothing provided - no match -553 // -554 if (null == discovery) { -555 return false; -556 } -557 -558 URL discoveryName; -559 try { -560 discoveryName = new URL(discovery.getLocation()); -561 } catch (MalformedURLException e) { -562 // -563 // Something bad happened. Log it (it is only of interest to the sysadmin, not to the user) -564 // -565 LOG.warn("Found invalid discovery end point : " + discovery.getLocation(), e); -566 return false; -567 } -568 -569 return providedName.equals(discoveryName); -570 -571 } -572 -573 /** -574 * Displays a Discovery Service selection page, having first consulted the plugins as needed. -575 * @param req Describes the request -576 * @param res Describes the response -577 * @param searchName What are we looking for? -578 * -579 * @throws WayfRequestHandled if a plugin has dealt with the request -580 * @throws WayfException in case of an error. -581 */ -582 private void handleLookup(HttpServletRequest req, -583 HttpServletResponse res, -584 String searchName) throws WayfException, WayfRequestHandled { -585 -586 String shire = getValue(req, SHIRE_PARAM_NAME); -587 String providerId = getSPId(req); -588 boolean twoZeroProtocol = (shire == null); -589 boolean isPassive = (twoZeroProtocol && -590 "true".equalsIgnoreCase(getValue(req, ISPASSIVE_PARAM_NAME))); -591 -592 Collection <IdPSiteSetEntry> siteLists = null; -593 Collection<IdPSite> searchResults = null; -594 -595 if (config.getProvideListOfLists()) { -596 siteLists = new ArrayList <IdPSiteSetEntry>(siteSets.size()); -597 } -598 -599 Collection <IdPSite> sites = null; -600 Comparator<IdPSite> comparator = new IdPSite.Compare(req); -601 -602 if (config.getProvideList()) { -603 sites = new TreeSet<IdPSite>(comparator); -604 } -605 -606 if (searchName != null && !searchName.equals("")) { -607 searchResults = new TreeSet<IdPSite>(comparator); -608 } -609 -610 LOG.debug("Processing Idp Lookup for : " + providerId); -611 -612 // -613 // Iterate over all the sitesets and if they know about the SP pass them to the plugins -614 // and then add them too the list -615 // -616 -617 PluginContext[] ctx = new PluginContext[plugins.size()]; -618 List<IdPSite> hintList = new ArrayList<IdPSite>(); -619 -620 if (twoZeroProtocol) { -621 setupReturnAddress(providerId, req); -622 } -623 // -624 // By having siteLists and sites as parameters we only iterate over -625 // the metadata arrays once. -626 // -627 try { -628 for (IdPSiteSet metadataProvider:siteSets) { -629 -630 // -631 // Only do work if the SP makes sense -632 // -633 -634 if (metadataProvider.containsSP(providerId) || !config.getLookupSp()) { -635 -636 Collection <IdPSite> search = null; -637 -638 if (searchResults != null) { -639 search = new TreeSet<IdPSite>(comparator); -640 } -641 -642 Map <String, IdPSite> theseSites = metadataProvider.getIdPSites(searchName, config, search); -643 -644 // -645 // Consult the plugins -646 // -647 for (int i = 0; i < plugins.size(); i++) { -648 -649 Plugin plugin = plugins.get(i); -650 -651 if (searchResults == null) { -652 // -653 // This was a search -654 // -655 ctx[i] = plugin.lookup(req, -656 res, -657 metadataProvider.paramFor(plugin), -658 theseSites, -659 ctx[i], -660 hintList); -661 } else { -662 ctx[i] = plugin.search(req, -663 res, -664 metadataProvider.paramFor(plugin), -665 searchName, -666 theseSites, -667 ctx[i], -668 searchResults, -669 hintList); -670 } -671 } -672 -673 if (null == theseSites || theseSites.isEmpty()) { -674 continue; -675 } -676 -677 // -678 -679 // Accumulate any per-metadata provider information -680 // -681 -682 Collection<IdPSite> values = new TreeSet<IdPSite>(comparator); -683 if (null != theseSites) { -684 values.addAll(theseSites.values()); -685 } -686 -687 if (siteLists != null) { -688 siteLists.add(new IdPSiteSetEntry(metadataProvider,values)); -689 } -690 -691 if (sites != null) { -692 sites.addAll(values); -693 } -694 -695 if (searchResults != null) { -696 searchResults.addAll(search); -697 } -698 } -699 } -700 -701 if (isPassive) { -702 // -703 // No GUI intervention. -704 // -705 if (0 != hintList.size()) { -706 // -707 // We found a candidate, hand it back -708 // -709 forwardRequest(req, res, hintList.get(0)); -710 } else { -711 forwardRequest(req, res, null); -712 } -713 return; -714 } -715 -716 // -717 // Now set up all the funky stuff that the JSP needs. Firstly the protocol -718 // specific parameters which will come back to us -719 // -720 -721 if (twoZeroProtocol) { -722 // -723 // The return address was set up in setupReturnAddress -724 // -725 String returnString = (String) req.getAttribute(RETURN_ATTRIBUTE_NAME); -726 if (null == returnString || 0 == returnString.length()) { -727 throw new WayfException("Parameter " + RETURN_PARAM_NAME + " not supplied"); -728 } -729 -730 String returnId = getValue(req, RETURNID_PARAM_NAME); -731 if (null == returnId || 0 == returnId.length()) { -732 returnId = RETURNID_DEFAULT_VALUE; -733 } -734 // -735 // Return *means* something so we cannot use it as an attribute -736 // -737 req.setAttribute(RETURN_ATTRIBUTE_NAME, returnString); -738 req.setAttribute(RETURNID_PARAM_NAME, returnId); -739 req.setAttribute(ENTITYID_PARAM_NAME, providerId); -740 -741 } else { -742 String target = getValue(req, TARGET_PARAM_NAME); -743 if (null == target || 0 == target.length()) { -744 throw new WayfException("Could not extract target from provided parameters"); -745 } -746 req.setAttribute(SHIRE_PARAM_NAME, shire); -747 req.setAttribute(TARGET_PARAM_NAME, target); -748 req.setAttribute(PROVIDERID_PARAM_NAME, providerId); -749 // -750 // Time is in unix format -751 // -752 req.setAttribute("time", new Long(new Date().getTime() / 1000).toString()); -753 -754 } -755 -756 // -757 // Setup the stuff that the GUI wants. -758 // -759 -760 setDisplayLanguage(sites, req); -761 req.setAttribute("sites", sites); -762 if (null != siteLists) { -763 for (IdPSiteSetEntry siteSetEntry:siteLists) { -764 setDisplayLanguage(siteSetEntry.getSites(), req); -765 } -766 } -767 -768 req.setAttribute("siteLists", siteLists); -769 req.setAttribute("requestURL", req.getRequestURI().toString()); -770 -771 if (searchResults != null) { -772 if (searchResults.size() != 0) { -773 setDisplayLanguage(searchResults, req); -774 req.setAttribute("searchresults", searchResults); -775 } else { -776 req.setAttribute("searchResultsEmpty", "true"); -777 } -778 } -779 -780 if (hintList.size() > 0) { -781 setDisplayLanguage(hintList, req); -782 req.setAttribute("cookieList", hintList); -783 } -784 -785 LOG.debug("Displaying WAYF selection page."); -786 RequestDispatcher rd = req.getRequestDispatcher(config.getJspFile()); -787 -788 // -789 // And off to the jsp -790 // -791 rd.forward(req, res); -792 } catch (IOException ioe) { -793 LOG.error("Problem displaying WAYF UI.\n" + ioe.getMessage()); -794 throw new WayfException("Problem displaying WAYF UI", ioe); -795 } catch (ServletException se) { -796 LOG.error("Problem displaying WAYF UI.\n" + se.getMessage()); -797 throw new WayfException("Problem displaying WAYF UI", se); -798 } -799 } -800 -801 /** -802 * Prior to display we set the display language from the -803 * browser. There is probably a proper way to do this using -804 * jsp, but I want to keep the API between JSP and java the same 1.3->2.0 -805 * @param sites - the sites we need to impact -806 * @param req - from whiuch we get the locale -807 */ -808 private void setDisplayLanguage(Collection<IdPSite> sites, HttpServletRequest req) { -809 -810 if (null == sites) { -811 return; -812 } -813 Locale locale = req.getLocale(); -814 if (null == locale) { -815 Locale.getDefault(); -816 } -817 String lang = locale.getLanguage(); -818 -819 for (IdPSite site : sites) { -820 site.setDisplayLanguage(lang); -821 } -822 } -823 +495 +496 for (DiscoveryResponse disc: discoveryServices) { +497 if (equalsURL(disc, providedReturnURL)) { +498 found = true; +499 break; +500 } +501 } +502 if (!found) { +503 throw new WayfException("Couldn't find endpoint " + nameNoParam + " in metadata"); +504 } +505 } else if (returnIndex != null && returnIndex.length() != 0) { +506 +507 int index; +508 try { +509 index = Integer.parseInt(returnIndex); +510 } catch (NumberFormatException e) { +511 throw new WayfException("Couldn't convert " + returnIndex + " into an index"); +512 } +513 // +514 // So look throught to find the endpoint with the correct index +515 // +516 +517 boolean found = false; +518 +519 for (DiscoveryResponse disc: discoveryServices) { +520 if (index == disc.getIndex()) { +521 found = true; +522 returnName = disc.getLocation(); +523 break; +524 } +525 } +526 if (!found) { +527 throw new WayfException("Couldn't not find endpoint " + returnIndex + "in metadata"); +528 } +529 } else { +530 // +531 // No name, not index, so we want the default +532 // +533 returnName = defaultName; +534 } +535 // +536 // So by now returnName has the correct value, either harvested from or +537 // policed against the metadata +538 // +539 req.setAttribute(RETURN_ATTRIBUTE_NAME, returnName); +540 } +541 +542 /** +543 * Helper function to see whather the provided endpoint in the metadata matches the +544 * provided return URL in the request. +545 * +546 * @param discovery +547 * @param providedName +548 * @return +549 */ +550 private static boolean equalsURL(DiscoveryResponse discovery, URL providedName) { +551 +552 // +553 // Nothing provided - no match +554 // +555 if (null == discovery) { +556 return false; +557 } +558 +559 URL discoveryName; +560 try { +561 discoveryName = new URL(discovery.getLocation()); +562 } catch (MalformedURLException e) { +563 // +564 // Something bad happened. Log it (it is only of interest to the sysadmin, not to the user) +565 // +566 LOG.warn("Found invalid discovery end point : " + discovery.getLocation(), e); +567 return false; +568 } +569 +570 return providedName.equals(discoveryName); +571 +572 } +573 +574 /** +575 * Displays a Discovery Service selection page, having first consulted the plugins as needed. +576 * @param req Describes the request +577 * @param res Describes the response +578 * @param searchName What are we looking for? +579 * +580 * @throws WayfRequestHandled if a plugin has dealt with the request +581 * @throws WayfException in case of an error. +582 */ +583 private void handleLookup(HttpServletRequest req, +584 HttpServletResponse res, +585 String searchName) throws WayfException, WayfRequestHandled { +586 +587 String shire = getValue(req, SHIRE_PARAM_NAME); +588 String providerId = getSPId(req); +589 boolean twoZeroProtocol = (shire == null); +590 boolean isPassive = (twoZeroProtocol && +591 "true".equalsIgnoreCase(getValue(req, ISPASSIVE_PARAM_NAME))); +592 +593 Collection <IdPSiteSetEntry> siteLists = null; +594 Collection<IdPSite> searchResults = null; +595 +596 if (config.getProvideListOfLists()) { +597 siteLists = new ArrayList <IdPSiteSetEntry>(siteSets.size()); +598 } +599 +600 Collection <IdPSite> sites = null; +601 Comparator<IdPSite> comparator = new IdPSite.Compare(req); +602 +603 if (config.getProvideList()) { +604 sites = new TreeSet<IdPSite>(comparator); +605 } +606 +607 if (searchName != null && !searchName.equals("")) { +608 searchResults = new TreeSet<IdPSite>(comparator); +609 } +610 +611 LOG.debug("Processing Idp Lookup for : " + providerId); +612 +613 // +614 // Iterate over all the sitesets and if they know about the SP pass them to the plugins +615 // and then add them too the list +616 // +617 +618 PluginContext[] ctx = new PluginContext[plugins.size()]; +619 List<IdPSite> hintList = new ArrayList<IdPSite>(); +620 +621 if (twoZeroProtocol) { +622 setupReturnAddress(providerId, req); +623 } +624 // +625 // By having siteLists and sites as parameters we only iterate over +626 // the metadata arrays once. +627 // +628 try { +629 for (IdPSiteSet metadataProvider:siteSets) { +630 +631 // +632 // Only do work if the SP makes sense +633 // +634 +635 if (metadataProvider.containsSP(providerId) || !config.getLookupSp()) { +636 +637 Collection <IdPSite> search = null; +638 +639 if (searchResults != null) { +640 search = new TreeSet<IdPSite>(comparator); +641 } +642 +643 Map <String, IdPSite> theseSites = metadataProvider.getIdPSites(searchName, config, search); +644 +645 // +646 // Consult the plugins +647 // +648 for (int i = 0; i < plugins.size(); i++) { +649 +650 Plugin plugin = plugins.get(i); +651 +652 if (searchResults == null) { +653 // +654 // This was a search +655 // +656 ctx[i] = plugin.lookup(req, +657 res, +658 metadataProvider.paramFor(plugin), +659 theseSites, +660 ctx[i], +661 hintList); +662 } else { +663 ctx[i] = plugin.search(req, +664 res, +665 metadataProvider.paramFor(plugin), +666 searchName, +667 theseSites, +668 ctx[i], +669 searchResults, +670 hintList); +671 } +672 } +673 +674 if (null == theseSites || theseSites.isEmpty()) { +675 continue; +676 } +677 +678 // +679 +680 // Accumulate any per-metadata provider information +681 // +682 +683 Collection<IdPSite> values = new TreeSet<IdPSite>(comparator); +684 if (null != theseSites) { +685 values.addAll(theseSites.values()); +686 } +687 +688 if (siteLists != null) { +689 siteLists.add(new IdPSiteSetEntry(metadataProvider,values)); +690 } +691 +692 if (sites != null) { +693 sites.addAll(values); +694 } +695 +696 if (searchResults != null) { +697 searchResults.addAll(search); +698 } +699 } +700 } +701 +702 if (isPassive) { +703 // +704 // No GUI intervention. +705 // +706 if (0 != hintList.size()) { +707 // +708 // We found a candidate, hand it back +709 // +710 forwardRequest(req, res, hintList.get(0)); +711 } else { +712 forwardRequest(req, res, null); +713 } +714 return; +715 } +716 +717 // +718 // Now set up all the funky stuff that the JSP needs. Firstly the protocol +719 // specific parameters which will come back to us +720 // +721 +722 if (twoZeroProtocol) { +723 // +724 // The return address was set up in setupReturnAddress +725 // +726 String returnString = (String) req.getAttribute(RETURN_ATTRIBUTE_NAME); +727 if (null == returnString || 0 == returnString.length()) { +728 throw new WayfException("Parameter " + RETURN_PARAM_NAME + " not supplied"); +729 } +730 +731 String returnId = getValue(req, RETURNID_PARAM_NAME); +732 if (null == returnId || 0 == returnId.length()) { +733 returnId = RETURNID_DEFAULT_VALUE; +734 } +735 // +736 // Return *means* something so we cannot use it as an attribute +737 // +738 req.setAttribute(RETURN_ATTRIBUTE_NAME, returnString); +739 req.setAttribute(RETURNID_PARAM_NAME, returnId); +740 req.setAttribute(ENTITYID_PARAM_NAME, providerId); +741 +742 } else { +743 String target = getValue(req, TARGET_PARAM_NAME); +744 if (null == target || 0 == target.length()) { +745 throw new WayfException("Could not extract target from provided parameters"); +746 } +747 req.setAttribute(SHIRE_PARAM_NAME, shire); +748 req.setAttribute(TARGET_PARAM_NAME, target); +749 req.setAttribute(PROVIDERID_PARAM_NAME, providerId); +750 // +751 // Time is in unix format +752 // +753 req.setAttribute("time", new Long(new Date().getTime() / 1000).toString()); +754 +755 } +756 +757 // +758 // Setup the stuff that the GUI wants. +759 // +760 +761 setDisplayLanguage(sites, req); +762 req.setAttribute("sites", sites); +763 if (null != siteLists) { +764 for (IdPSiteSetEntry siteSetEntry:siteLists) { +765 setDisplayLanguage(siteSetEntry.getSites(), req); +766 } +767 } +768 +769 req.setAttribute("siteLists", siteLists); +770 req.setAttribute("requestURL", req.getRequestURI().toString()); +771 +772 if (searchResults != null) { +773 if (searchResults.size() != 0) { +774 setDisplayLanguage(searchResults, req); +775 req.setAttribute("searchresults", searchResults); +776 } else { +777 req.setAttribute("searchResultsEmpty", "true"); +778 } +779 } +780 +781 if (hintList.size() > 0) { +782 setDisplayLanguage(hintList, req); +783 req.setAttribute("cookieList", hintList); +784 } +785 +786 LOG.debug("Displaying WAYF selection page."); +787 RequestDispatcher rd = req.getRequestDispatcher(config.getJspFile()); +788 +789 // +790 // And off to the jsp +791 // +792 rd.forward(req, res); +793 } catch (IOException ioe) { +794 LOG.error("Problem displaying WAYF UI.\n" + ioe.getMessage()); +795 throw new WayfException("Problem displaying WAYF UI", ioe); +796 } catch (ServletException se) { +797 LOG.error("Problem displaying WAYF UI.\n" + se.getMessage()); +798 throw new WayfException("Problem displaying WAYF UI", se); +799 } +800 } +801 +802 /** +803 * Prior to display we set the display language from the +804 * browser. There is probably a proper way to do this using +805 * jsp, but I want to keep the API between JSP and java the same 1.3->2.0 +806 * @param sites - the sites we need to impact +807 * @param req - from whiuch we get the locale +808 */ +809 private void setDisplayLanguage(Collection<IdPSite> sites, HttpServletRequest req) { +810 +811 if (null == sites) { +812 return; +813 } +814 Locale locale = req.getLocale(); +815 if (null == locale) { +816 Locale.getDefault(); +817 } +818 String lang = locale.getLanguage(); +819 +820 for (IdPSite site : sites) { +821 site.setDisplayLanguage(lang); +822 } +823 } 824 -825 /** -826 * Uses an HTTP Status 307 redirect to forward the user to the IdP or the SP. -827 * -828 * @param req request under consideration -829 * @param res response under construction -830 * @param site The Idp -831 * @throws WayfException if bad things happen. -832 */ -833 public static void forwardRequest(HttpServletRequest req, HttpServletResponse res, IdPSite site) -834 throws WayfException { -835 -836 String shire = getValue(req, SHIRE_PARAM_NAME); -837 String providerId = getSPId(req); -838 boolean twoZeroProtocol = (shire == null); -839 -840 if (!twoZeroProtocol) { -841 String handleService = site.getAddressForWAYF(); -842 if (handleService != null ) { -843 -844 String target = getValue(req, TARGET_PARAM_NAME); -845 if (null == target || 0 == target.length()) { -846 throw new WayfException("Could not extract target from provided parameters"); -847 } -848 -849 LOG.info("Redirecting to selected Handle Service: " + handleService); -850 try { -851 StringBuffer buffer = new StringBuffer(handleService + -852 "?" + TARGET_PARAM_NAME + "="); -853 buffer.append(URLEncoder.encode(target, "UTF-8")); -854 buffer.append("&" + SHIRE_PARAM_NAME + "="); -855 buffer.append(URLEncoder.encode(shire, "UTF-8")); -856 buffer.append("&" + PROVIDERID_PARAM_NAME + "="); -857 buffer.append(URLEncoder.encode(providerId, "UTF-8")); -858 -859 // -860 // Time is as per U**X -861 // -862 buffer.append("&" + TIME_PARAM_NAME + "="); -863 buffer.append(new Long(new Date().getTime() / 1000).toString()); -864 res.sendRedirect(buffer.toString()); -865 } catch (IOException ioe) { -866 // -867 // That failed. -868 // -869 throw new WayfException("Error forwarding to IdP: \n" + ioe.getMessage()); -870 } -871 } else { -872 String s = "Error finding to IdP: " + site.getDisplayName(req); -873 LOG.error(s); -874 throw new WayfException(s); -875 } -876 } else { -877 String returnUrl = (String) req.getAttribute(RETURN_ATTRIBUTE_NAME); -878 -879 if (null == returnUrl || 0 == returnUrl.length()) { -880 throw new WayfException("Could not find return parameter"); -881 } -882 try { -883 returnUrl = URLDecoder.decode(returnUrl, "UTF-8"); -884 } catch (UnsupportedEncodingException e) { -885 throw new WayfException("Did not understand parameter ", e); -886 } -887 String redirect; -888 if (site != null) { -889 StringBuffer buffer = new StringBuffer(returnUrl); -890 // -891 // If we were given anybody to lookup, construct the URL -892 // -893 String returnParam = getValue(req, RETURNID_PARAM_NAME); -894 if (null == returnParam || 0 == returnParam.length()) { -895 returnParam = RETURNID_DEFAULT_VALUE; -896 } -897 // -898 // Do we add a '?' or a '&' for the parameters -899 // -900 -901 if (returnUrl.indexOf('?') >= 0) { -902 // -903 // there is a parameter already. Add a '&' -904 // -905 buffer.append("&" + returnParam + "="); -906 } else { -907 // -908 // No parameter. Use ? -909 // -910 buffer.append("?" + returnParam + "="); -911 } -912 buffer.append(site.getName()); -913 redirect = buffer.toString(); -914 } else { -915 // -916 // Just send it back -917 // -918 redirect = returnUrl; -919 } -920 -921 LOG.debug("Dispatching to " + redirect); -922 -923 try { -924 res.sendRedirect(redirect); -925 } catch (IOException ioe) { -926 // -927 // That failed. -928 // -929 throw new WayfException("Error forwarding back to Sp: \n" + ioe.getMessage()); -930 } -931 } -932 } -933 -934 /** -935 * Handles all "recoverable" errors in WAYF processing by logging the error and forwarding the user to an -936 * appropriate error page. -937 * -938 * @param req request under consideration -939 * @param res response under construction -940 * @param message - what so say -941 */ -942 private void handleError(HttpServletRequest req, HttpServletResponse res, String message) { -943 -944 LOG.debug("Displaying WAYF error page."); -945 req.setAttribute("errorText", message); -946 req.setAttribute("requestURL", req.getRequestURI().toString()); -947 RequestDispatcher rd = req.getRequestDispatcher(config.getErrorJspFile()); -948 -949 try { -950 rd.forward(req, res); -951 } catch (IOException ioe) { -952 LOG.error("Problem trying to display WAYF error page: " + ioe.toString()); -953 } catch (ServletException se) { -954 LOG.error("Problem trying to display WAYF error page: " + se.toString()); -955 } -956 } -957 -958 /** -959 * Gets the value for the parameter either from the parameter or from jsp. -960 * @param req - the request. -961 * @param name - the name of the parameter. -962 * @return - result -963 */ -964 private static String getValue(HttpServletRequest req, String name) { -965 -966 -967 String value = req.getParameter(name); -968 if (value != null) { -969 return value; -970 } -971 return (String) req.getAttribute(name); -972 } -973 -974 private static String getSPId(HttpServletRequest req) throws WayfException { -975 -976 // -977 // Try first with 2.0 version -978 // -979 String param = req.getParameter(ENTITYID_PARAM_NAME); -980 if (param != null && !(param.length() == 0)) { -981 return param; -982 } -983 -984 param = (String) req.getAttribute(ENTITYID_PARAM_NAME); -985 if (param != null && !(param.length() == 0)) { -986 return param; -987 } -988 // -989 // So Try with 1.3 version -990 // -991 param = req.getParameter(PROVIDERID_PARAM_NAME); -992 if (param != null && !(param.length() == 0)) { -993 return param; -994 } -995 -996 param = (String) req.getAttribute(PROVIDERID_PARAM_NAME); -997 if (param != null && !(param.length() == 0)) { -998 return param; -999 } -1000 throw new WayfException("Could not locate SP identifier in parameters"); -1001 } -1002 } +825 +826 /** +827 * Uses an HTTP Status 307 redirect to forward the user to the IdP or the SP. +828 * +829 * @param req request under consideration +830 * @param res response under construction +831 * @param site The Idp +832 * @throws WayfException if bad things happen. +833 */ +834 public static void forwardRequest(HttpServletRequest req, HttpServletResponse res, IdPSite site) +835 throws WayfException { +836 +837 String shire = getValue(req, SHIRE_PARAM_NAME); +838 String providerId = getSPId(req); +839 boolean twoZeroProtocol = (shire == null); +840 +841 if (!twoZeroProtocol) { +842 String handleService = site.getAddressForWAYF(); +843 if (handleService != null ) { +844 +845 String target = getValue(req, TARGET_PARAM_NAME); +846 if (null == target || 0 == target.length()) { +847 throw new WayfException("Could not extract target from provided parameters"); +848 } +849 +850 LOG.info("Redirecting to selected Handle Service: " + handleService); +851 try { +852 StringBuffer buffer = new StringBuffer(handleService + +853 "?" + TARGET_PARAM_NAME + "="); +854 buffer.append(URLEncoder.encode(target, "UTF-8")); +855 buffer.append("&" + SHIRE_PARAM_NAME + "="); +856 buffer.append(URLEncoder.encode(shire, "UTF-8")); +857 buffer.append("&" + PROVIDERID_PARAM_NAME + "="); +858 buffer.append(URLEncoder.encode(providerId, "UTF-8")); +859 +860 // +861 // Time is as per U**X +862 // +863 buffer.append("&" + TIME_PARAM_NAME + "="); +864 buffer.append(new Long(new Date().getTime() / 1000).toString()); +865 res.sendRedirect(buffer.toString()); +866 } catch (IOException ioe) { +867 // +868 // That failed. +869 // +870 throw new WayfException("Error forwarding to IdP: \n" + ioe.getMessage()); +871 } +872 } else { +873 String s = "Error finding to IdP: " + site.getDisplayName(req); +874 LOG.error(s); +875 throw new WayfException(s); +876 } +877 } else { +878 String returnUrl = (String) req.getAttribute(RETURN_ATTRIBUTE_NAME); +879 +880 if (null == returnUrl || 0 == returnUrl.length()) { +881 throw new WayfException("Could not find return parameter"); +882 } +883 try { +884 returnUrl = URLDecoder.decode(returnUrl, "UTF-8"); +885 } catch (UnsupportedEncodingException e) { +886 throw new WayfException("Did not understand parameter ", e); +887 } +888 String redirect; +889 if (site != null) { +890 StringBuffer buffer = new StringBuffer(returnUrl); +891 // +892 // If we were given anybody to lookup, construct the URL +893 // +894 String returnParam = getValue(req, RETURNID_PARAM_NAME); +895 if (null == returnParam || 0 == returnParam.length()) { +896 returnParam = RETURNID_DEFAULT_VALUE; +897 } +898 // +899 // Do we add a '?' or a '&' for the parameters +900 // +901 +902 if (returnUrl.indexOf('?') >= 0) { +903 // +904 // there is a parameter already. Add a '&' +905 // +906 buffer.append("&" + returnParam + "="); +907 } else { +908 // +909 // No parameter. Use ? +910 // +911 buffer.append("?" + returnParam + "="); +912 } +913 buffer.append(site.getName()); +914 redirect = buffer.toString(); +915 } else { +916 // +917 // Just send it back +918 // +919 redirect = returnUrl; +920 } +921 +922 LOG.debug("Dispatching to " + redirect); +923 +924 try { +925 res.sendRedirect(redirect); +926 } catch (IOException ioe) { +927 // +928 // That failed. +929 // +930 throw new WayfException("Error forwarding back to Sp: \n" + ioe.getMessage()); +931 } +932 } +933 } +934 +935 /** +936 * Handles all "recoverable" errors in WAYF processing by logging the error and forwarding the user to an +937 * appropriate error page. +938 * +939 * @param req request under consideration +940 * @param res response under construction +941 * @param message - what so say +942 */ +943 private void handleError(HttpServletRequest req, HttpServletResponse res, String message) { +944 +945 LOG.debug("Displaying WAYF error page."); +946 req.setAttribute("errorText", message); +947 req.setAttribute("requestURL", req.getRequestURI().toString()); +948 RequestDispatcher rd = req.getRequestDispatcher(config.getErrorJspFile()); +949 +950 try { +951 rd.forward(req, res); +952 } catch (IOException ioe) { +953 LOG.error("Problem trying to display WAYF error page: " + ioe.toString()); +954 } catch (ServletException se) { +955 LOG.error("Problem trying to display WAYF error page: " + se.toString()); +956 } +957 } +958 +959 /** +960 * Gets the value for the parameter either from the parameter or from jsp. +961 * @param req - the request. +962 * @param name - the name of the parameter. +963 * @return - result +964 */ +965 private static String getValue(HttpServletRequest req, String name) { +966 +967 +968 String value = req.getParameter(name); +969 if (value != null) { +970 return value; +971 } +972 return (String) req.getAttribute(name); +973 } +974 +975 private static String getSPId(HttpServletRequest req) throws WayfException { +976 +977 // +978 // Try first with 2.0 version +979 // +980 String param = req.getParameter(ENTITYID_PARAM_NAME); +981 if (param != null && !(param.length() == 0)) { +982 return param; +983 } +984 +985 param = (String) req.getAttribute(ENTITYID_PARAM_NAME); +986 if (param != null && !(param.length() == 0)) { +987 return param; +988 } +989 // +990 // So Try with 1.3 version +991 // +992 param = req.getParameter(PROVIDERID_PARAM_NAME); +993 if (param != null && !(param.length() == 0)) { +994 return param; +995 } +996 +997 param = (String) req.getAttribute(PROVIDERID_PARAM_NAME); +998 if (param != null && !(param.length() == 0)) { +999 return param; +1000 } +1001 throw new WayfException("Could not locate SP identifier in parameters"); +1002 } +1003 }

diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/IdPSiteSet.html b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/IdPSiteSet.html index af6f827..acb4888 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/IdPSiteSet.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/IdPSiteSet.html @@ -84,7 +84,7 @@ 74 /** Handle for error output. */ 75 private static final Logger LOG = LoggerFactory.getLogger(IdPSiteSet.class.getName()); 76 -77 /** The OpenSaml metadat6a source. */ +77 /** The OpenSaml metadata source. */ 78 private ObservableMetadataProvider metadata; 79 80 /** Is the named SP in the current metadata set? */ @@ -256,14 +256,14 @@ 246 247 List <OrganizationName> orgNames = org.getOrganizationNames(); 248 for (OrganizationName name : orgNames) { -249 if (name.getName().getLocalString().indexOf(currentToken) > -1) { +249 if (name.getName().getLocalString().toLowerCase().indexOf(currentToken) > -1) { 250 return true; 251 } 252 } 253 254 List <OrganizationDisplayName> orgDisplayNames = org.getDisplayNames(); 255 for (OrganizationDisplayName name : orgDisplayNames) { -256 if (name.getName().getLocalString().indexOf(currentToken) > -1) { +256 if (name.getName().getLocalString().toLowerCase().indexOf(currentToken) > -1) { 257 return true; 258 } 259 } diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/WayfService.html b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/WayfService.html index 488e3a0..b19792a 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/WayfService.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/WayfService.html @@ -39,293 +39,284 @@ 29 import javax.servlet.http.HttpServlet; 30 import javax.servlet.http.HttpServletRequest; 31 import javax.servlet.http.HttpServletResponse; -32 import javax.xml.namespace.QName; -33 -34 import org.opensaml.DefaultBootstrap; -35 import org.opensaml.xml.Configuration; -36 import org.opensaml.xml.parse.BasicParserPool; -37 import org.opensaml.xml.util.DatatypeHelper; -38 import org.slf4j.Logger; -39 import org.slf4j.LoggerFactory; -40 import org.w3c.dom.Document; -41 import org.w3c.dom.Element; -42 import org.w3c.dom.NodeList; -43 -44 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException; -45 import edu.internet2.middleware.shibboleth.wayf.plugins.Plugin; -46 -47 /** -48 * A servlet implementation of the Shibboleth WAYF service. Allows a browser -49 * user to select from among a group of origin sites. User selection is -50 * optionally cached and the user is forwarded to the HandleService appropriate -51 * to his selection. -52 */ -53 public class WayfService extends HttpServlet { -54 -55 /** Required constant for serializaton. */ -56 private static final long serialVersionUID = 5244503011625804940L; -57 -58 /** Handle for outputting error and other messages. */ -59 private static final Logger LOG = LoggerFactory.getLogger(WayfService.class.getName()); -60 -61 /** Where to get the configuration. */ -62 private String wayfConfigFileLocation; -63 -64 /** Logging service. */ -65 private LogbackLoggingService logService; -66 -67 /** All the different Discovery Services we deal with. */ -68 private List <DiscoveryServiceHandler> discoveryServices = new ArrayList <DiscoveryServiceHandler>(); -69 -70 /** -71 * Initialize the Discovery Service. -72 * -73 * @throws ServletException in the case of something bad happening -74 * -75 * @see GenericServlet#init() -76 */ -77 public void init() throws ServletException { -78 -79 super.init(); -80 -81 wayfConfigFileLocation = getServletContext().getInitParameter("WAYFConfigFileLocation"); -82 if (wayfConfigFileLocation == null) { -83 wayfConfigFileLocation = getServletConfig().getInitParameter("WAYFConfigFileLocation"); -84 } -85 if (wayfConfigFileLocation == null) { -86 wayfConfigFileLocation = "/wayfconfig.xml"; -87 } -88 -89 -90 try { +32 +33 import org.opensaml.DefaultBootstrap; +34 import org.opensaml.xml.parse.BasicParserPool; +35 import org.opensaml.xml.util.DatatypeHelper; +36 import org.slf4j.Logger; +37 import org.slf4j.LoggerFactory; +38 import org.w3c.dom.Document; +39 import org.w3c.dom.Element; +40 import org.w3c.dom.NodeList; +41 +42 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException; +43 import edu.internet2.middleware.shibboleth.wayf.plugins.Plugin; +44 +45 /** +46 * A servlet implementation of the Shibboleth WAYF service. Allows a browser +47 * user to select from among a group of origin sites. User selection is +48 * optionally cached and the user is forwarded to the HandleService appropriate +49 * to his selection. +50 */ +51 public class WayfService extends HttpServlet { +52 +53 /** Required constant for serializaton. */ +54 private static final long serialVersionUID = 5244503011625804940L; +55 +56 /** Handle for outputting error and other messages. */ +57 private static final Logger LOG = LoggerFactory.getLogger(WayfService.class.getName()); +58 +59 /** Where to get the configuration. */ +60 private String wayfConfigFileLocation; +61 +62 /** Logging service. */ +63 private LogbackLoggingService logService; +64 +65 /** All the different Discovery Services we deal with. */ +66 private List <DiscoveryServiceHandler> discoveryServices = new ArrayList <DiscoveryServiceHandler>(); +67 +68 /** +69 * Initialize the Discovery Service. +70 * +71 * @throws ServletException in the case of something bad happening +72 * +73 * @see GenericServlet#init() +74 */ +75 public void init() throws ServletException { +76 +77 super.init(); +78 +79 wayfConfigFileLocation = getServletContext().getInitParameter("WAYFConfigFileLocation"); +80 if (wayfConfigFileLocation == null) { +81 wayfConfigFileLocation = getServletConfig().getInitParameter("WAYFConfigFileLocation"); +82 } +83 if (wayfConfigFileLocation == null) { +84 wayfConfigFileLocation = "/wayfconfig.xml"; +85 } +86 +87 +88 try { +89 // +90 // Initialize logging 91 // -92 // Initialize logging -93 // -94 String wayfLogfile = getServletContext().getInitParameter("WAYFLogConfig"); -95 if (null == wayfLogfile) { -96 wayfLogfile = getServletConfig().getInitParameter("WAYFLogConfig"); -97 } -98 long pollingFrequency = 1000*60*5; -99 -100 String wayfLogfilePollFrequency = getServletContext().getInitParameter("WAYFLogConfigPollFrequency"); -101 if (null == wayfLogfilePollFrequency) { -102 wayfLogfilePollFrequency = getServletConfig().getInitParameter("WAYFLogConfigPollFrequency"); -103 } -104 if(!DatatypeHelper.isEmpty(wayfLogfilePollFrequency)){ -105 pollingFrequency = Long.parseLong(wayfLogfilePollFrequency); -106 } -107 if (wayfLogfile != null) { -108 logService = new LogbackLoggingService(wayfLogfile, pollingFrequency); -109 } -110 -111 LOG.info("Logging initiated"); -112 +92 String wayfLogfile = getServletContext().getInitParameter("WAYFLogConfig"); +93 if (null == wayfLogfile) { +94 wayfLogfile = getServletConfig().getInitParameter("WAYFLogConfig"); +95 } +96 long pollingFrequency = 1000*60*5; +97 +98 String wayfLogfilePollFrequency = getServletContext().getInitParameter("WAYFLogConfigPollFrequency"); +99 if (null == wayfLogfilePollFrequency) { +100 wayfLogfilePollFrequency = getServletConfig().getInitParameter("WAYFLogConfigPollFrequency"); +101 } +102 if(!DatatypeHelper.isEmpty(wayfLogfilePollFrequency)){ +103 pollingFrequency = Long.parseLong(wayfLogfilePollFrequency); +104 } +105 if (wayfLogfile != null) { +106 logService = new LogbackLoggingService(wayfLogfile, pollingFrequency); +107 } +108 +109 LOG.info("Logging initiated"); +110 +111 // +112 // Initialize OpenSAML 2 library 113 // -114 // Initialize OpenSAML 2 library -115 // -116 DefaultBootstrap.bootstrap(); -117 -118 BasicParserPool parser = new BasicParserPool(); -119 parser.setNamespaceAware(true); -120 Document doc; -121 try { -122 doc = parser.parse(new FileInputStream(wayfConfigFileLocation)); -123 } catch (FileNotFoundException e) { -124 LOG.error("Could not parse " + wayfConfigFileLocation, e); -125 throw new ShibbolethConfigurationException("Could not parse " + wayfConfigFileLocation, e); -126 } -127 NodeList itemElements = doc.getDocumentElement().getElementsByTagNameNS(XMLConstants.CONFIG_NS, -128 "Default"); +114 DefaultBootstrap.bootstrap(); +115 +116 BasicParserPool parser = new BasicParserPool(); +117 parser.setNamespaceAware(true); +118 Document doc; +119 try { +120 doc = parser.parse(new FileInputStream(wayfConfigFileLocation)); +121 } catch (FileNotFoundException e) { +122 LOG.error("Could not parse " + wayfConfigFileLocation, e); +123 throw new ShibbolethConfigurationException("Could not parse " + wayfConfigFileLocation, e); +124 } +125 NodeList itemElements = doc.getDocumentElement().getElementsByTagNameNS(XMLConstants.CONFIG_NS, +126 "Default"); +127 +128 HandlerConfig defaultHandlerConfig; 129 -130 HandlerConfig defaultHandlerConfig; -131 -132 if (itemElements.getLength() == 1) { -133 -134 Element element = (Element) itemElements.item(0); -135 String attribute = element.getAttribute("location"); -136 -137 if (attribute != null && !attribute.equals("")) { -138 -139 LOG.error("<Default> element cannot contain a location attribute"); -140 throw new ShibbolethConfigurationException("<Default> element cannot contain a location attribute"); -141 -142 } -143 -144 attribute = element.getAttribute("default"); -145 -146 if (attribute != null && !attribute.equals("")) { -147 -148 LOG.error("<Default> element cannot contain a default attribute"); -149 throw new ShibbolethConfigurationException("<Default> element cannot contain a default attribute"); -150 -151 } -152 -153 itemElements = element.getElementsByTagName("Federation"); -154 -155 if (itemElements.getLength() != 0) { -156 -157 LOG.error("<Default> element cannot contain <Federation> elements"); -158 throw new ShibbolethConfigurationException("<Default> element cannot contain <Federation> elements"); -159 -160 } -161 -162 defaultHandlerConfig = new HandlerConfig(element, new HandlerConfig()); -163 -164 } else if (itemElements.getLength() == 0) { -165 -166 defaultHandlerConfig = new HandlerConfig(); -167 -168 } else { -169 LOG.error("Must specify exactly one <Default> element"); -170 throw new ShibbolethConfigurationException("Must specify exactly one <Default> element"); -171 } -172 // -173 // Extra types -174 // -175 QName response = new QName(DiscoveryResponseImpl.METADATA_NS, DiscoveryResponseImpl.DEFAULT_ELEMENT_LOCAL_NAME); -176 -177 Configuration.getUnmarshallerFactory().registerUnmarshaller(response, new DiscoveryResponseUnmarshaller()); -178 Configuration.getBuilderFactory().registerBuilder(response, new DiscoveryResponseBuilder()); -179 -180 // -181 // Load metadata -182 // -183 Hashtable <String, IdPSiteSet> siteSets = new Hashtable <String, IdPSiteSet>(); -184 -185 itemElements = doc.getDocumentElement().getElementsByTagNameNS(XMLConstants.CONFIG_NS, -186 "MetadataProvider"); -187 -188 for (int i = 0; i < itemElements.getLength(); i++) { -189 -190 Element element = (Element) itemElements.item(i); -191 -192 IdPSiteSet siteset = new IdPSiteSet(element, parser, defaultHandlerConfig.getWarnOnBadBinding()); -193 -194 siteSets.put(siteset.getIdentifier(), siteset); -195 } -196 if (siteSets.size() < 1) { -197 LOG.error("No Metadata Provider metadata loaded."); -198 throw new ShibbolethConfigurationException("Could not load SAML metadata."); -199 } -200 // -201 // Load plugins -202 // -203 -204 Hashtable <String, Plugin> plugins = new Hashtable <String, Plugin>(); -205 -206 itemElements = doc.getDocumentElement().getElementsByTagNameNS(XMLConstants.CONFIG_NS, -207 "Plugin"); -208 -209 for (int i = 0; i < itemElements.getLength(); i++) { -210 -211 Plugin plugin; +130 if (itemElements.getLength() == 1) { +131 +132 Element element = (Element) itemElements.item(0); +133 String attribute = element.getAttribute("location"); +134 +135 if (attribute != null && !attribute.equals("")) { +136 +137 LOG.error("<Default> element cannot contain a location attribute"); +138 throw new ShibbolethConfigurationException("<Default> element cannot contain a location attribute"); +139 +140 } +141 +142 attribute = element.getAttribute("default"); +143 +144 if (attribute != null && !attribute.equals("")) { +145 +146 LOG.error("<Default> element cannot contain a default attribute"); +147 throw new ShibbolethConfigurationException("<Default> element cannot contain a default attribute"); +148 +149 } +150 +151 itemElements = element.getElementsByTagName("Federation"); +152 +153 if (itemElements.getLength() != 0) { +154 +155 LOG.error("<Default> element cannot contain <Federation> elements"); +156 throw new ShibbolethConfigurationException("<Default> element cannot contain <Federation> elements"); +157 +158 } +159 +160 defaultHandlerConfig = new HandlerConfig(element, new HandlerConfig()); +161 +162 } else if (itemElements.getLength() == 0) { +163 +164 defaultHandlerConfig = new HandlerConfig(); +165 +166 } else { +167 LOG.error("Must specify exactly one <Default> element"); +168 throw new ShibbolethConfigurationException("Must specify exactly one <Default> element"); +169 } +170 +171 // +172 // Load metadata +173 // +174 Hashtable <String, IdPSiteSet> siteSets = new Hashtable <String, IdPSiteSet>(); +175 +176 itemElements = doc.getDocumentElement().getElementsByTagNameNS(XMLConstants.CONFIG_NS, +177 "MetadataProvider"); +178 +179 for (int i = 0; i < itemElements.getLength(); i++) { +180 +181 Element element = (Element) itemElements.item(i); +182 +183 IdPSiteSet siteset = new IdPSiteSet(element, parser, defaultHandlerConfig.getWarnOnBadBinding()); +184 +185 siteSets.put(siteset.getIdentifier(), siteset); +186 } +187 if (siteSets.size() < 1) { +188 LOG.error("No Metadata Provider metadata loaded."); +189 throw new ShibbolethConfigurationException("Could not load SAML metadata."); +190 } +191 // +192 // Load plugins +193 // +194 +195 Hashtable <String, Plugin> plugins = new Hashtable <String, Plugin>(); +196 +197 itemElements = doc.getDocumentElement().getElementsByTagNameNS(XMLConstants.CONFIG_NS, +198 "Plugin"); +199 +200 for (int i = 0; i < itemElements.getLength(); i++) { +201 +202 Plugin plugin; +203 +204 Element element = (Element) itemElements.item(i); +205 +206 String identifier = element.getAttribute("identifier"); +207 +208 if (null == identifier || identifier.equals("")) { +209 LOG.error("Could not load plugin with no identifier"); +210 continue; +211 } 212 -213 Element element = (Element) itemElements.item(i); -214 -215 String identifier = element.getAttribute("identifier"); -216 -217 if (null == identifier || identifier.equals("")) { -218 LOG.error("Could not load plugin with no identifier"); -219 continue; -220 } -221 -222 String className = element.getAttribute("type"); -223 if (null == className || className.equals("")) { -224 LOG.error("Plugin " + identifier + " did not have a valid type"); -225 } -226 // -227 // So try to get hold of the plugin -228 // -229 try { -230 Class<Plugin> pluginClass = (Class<Plugin>) Class.forName(className); -231 Class[] classParams = {Element.class}; -232 Constructor<Plugin> pluginConstructor = pluginClass.getConstructor(classParams); -233 Object[] constructorParams = {element}; -234 -235 plugin = pluginConstructor.newInstance(constructorParams); -236 -237 } catch (Exception e) { -238 LOG.error("Plugin " + identifier + " could not be loaded ", e); -239 continue; -240 } -241 -242 plugins.put(identifier, plugin); -243 } -244 -245 -246 // -247 // Load service handlers -248 // -249 itemElements = doc.getDocumentElement().getElementsByTagNameNS(XMLConstants.CONFIG_NS, -250 "DiscoveryServiceHandler"); -251 -252 for (int i = 0; i < itemElements.getLength(); i++) { -253 -254 discoveryServices.add(new DiscoveryServiceHandler((Element)itemElements.item(i), -255 siteSets, -256 plugins, -257 defaultHandlerConfig)); -258 -259 } -260 -261 } catch (Exception e) { -262 // -263 // All other exceptions are from the parsing -264 // -265 if (LOG != null) { -266 LOG.error("Error parsing DS configuration file.", e); -267 } -268 throw new ServletException("Error parsing DS configuration file.", e); -269 } -270 -271 LOG.info("DS initialization completed."); -272 } -273 -274 /** -275 * Handle an HTTP GET. Just passes out to the appropriate handler. -276 * @param req described the request. -277 * @param res contains the response. -278 * @see HttpServlet#doGet(HttpServletRequest, HttpServletResponse) -279 */ -280 public void doGet(HttpServletRequest req, HttpServletResponse res) { -281 -282 LOG.info("Handling DS request."); -283 // Tell the browser not to cache the WAYF page -284 res.setHeader("Cache-Control", "no-cache"); -285 res.setHeader("Pragma", "no-cache"); -286 res.setDateHeader("Expires", 0); -287 -288 DiscoveryServiceHandler serviceHandler = lookupServiceHandler(req); -289 -290 serviceHandler.doGet(req, res); -291 -292 } -293 -294 /** -295 * Given a request (an HTTP Get) find the apropriate DiscoveryService (from the name). -296 * @param req desribed the request -297 * @return the apropriate DiscoveryService. -298 */ -299 private DiscoveryServiceHandler lookupServiceHandler(HttpServletRequest req) { -300 -301 Iterator<DiscoveryServiceHandler> it = discoveryServices.iterator(); -302 String requestURL = req.getRequestURL().toString(); -303 DiscoveryServiceHandler defaultHandler = null; -304 -305 while (it.hasNext()) { -306 DiscoveryServiceHandler handler = it.next(); -307 -308 if (requestURL.matches(handler.getLocation())) { -309 return handler; -310 } -311 if (defaultHandler == null || handler.isDefault()) { -312 defaultHandler = handler; -313 } -314 } -315 LOG.warn("Could not find Discovery service Handler for " + requestURL); -316 return defaultHandler; -317 } -318 } +213 String className = element.getAttribute("type"); +214 if (null == className || className.equals("")) { +215 LOG.error("Plugin " + identifier + " did not have a valid type"); +216 } +217 // +218 // So try to get hold of the plugin +219 // +220 try { +221 Class<Plugin> pluginClass = (Class<Plugin>) Class.forName(className); +222 Class[] classParams = {Element.class}; +223 Constructor<Plugin> pluginConstructor = pluginClass.getConstructor(classParams); +224 Object[] constructorParams = {element}; +225 +226 plugin = pluginConstructor.newInstance(constructorParams); +227 +228 } catch (Exception e) { +229 LOG.error("Plugin " + identifier + " could not be loaded ", e); +230 continue; +231 } +232 +233 plugins.put(identifier, plugin); +234 } +235 +236 +237 // +238 // Load service handlers +239 // +240 itemElements = doc.getDocumentElement().getElementsByTagNameNS(XMLConstants.CONFIG_NS, +241 "DiscoveryServiceHandler"); +242 +243 for (int i = 0; i < itemElements.getLength(); i++) { +244 +245 discoveryServices.add(new DiscoveryServiceHandler((Element)itemElements.item(i), +246 siteSets, +247 plugins, +248 defaultHandlerConfig)); +249 +250 } +251 +252 } catch (Exception e) { +253 // +254 // All other exceptions are from the parsing +255 // +256 if (LOG != null) { +257 LOG.error("Error parsing DS configuration file.", e); +258 } +259 throw new ServletException("Error parsing DS configuration file.", e); +260 } +261 +262 LOG.info("DS initialization completed."); +263 } +264 +265 /** +266 * Handle an HTTP GET. Just passes out to the appropriate handler. +267 * @param req described the request. +268 * @param res contains the response. +269 * @see HttpServlet#doGet(HttpServletRequest, HttpServletResponse) +270 */ +271 public void doGet(HttpServletRequest req, HttpServletResponse res) { +272 +273 LOG.info("Handling DS request."); +274 // Tell the browser not to cache the WAYF page +275 res.setHeader("Cache-Control", "no-cache"); +276 res.setHeader("Pragma", "no-cache"); +277 res.setDateHeader("Expires", 0); +278 +279 DiscoveryServiceHandler serviceHandler = lookupServiceHandler(req); +280 +281 serviceHandler.doGet(req, res); +282 +283 } +284 +285 /** +286 * Given a request (an HTTP Get) find the apropriate DiscoveryService (from the name). +287 * @param req desribed the request +288 * @return the apropriate DiscoveryService. +289 */ +290 private DiscoveryServiceHandler lookupServiceHandler(HttpServletRequest req) { +291 +292 Iterator<DiscoveryServiceHandler> it = discoveryServices.iterator(); +293 String requestURL = req.getRequestURL().toString(); +294 DiscoveryServiceHandler defaultHandler = null; +295 +296 while (it.hasNext()) { +297 DiscoveryServiceHandler handler = it.next(); +298 +299 if (requestURL.matches(handler.getLocation())) { +300 return handler; +301 } +302 if (defaultHandler == null || handler.isDefault()) { +303 defaultHandler = handler; +304 } +305 } +306 LOG.warn("Could not find Discovery service Handler for " + requestURL); +307 return defaultHandler; +308 } +309 }

diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/package-frame.html b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/package-frame.html index 579ca32..2d58240 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/package-frame.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/package-frame.html @@ -3,7 +3,7 @@ - Shibboleth Discovery Service 1.1.0 Reference Package edu.internet2.middleware.shibboleth.wayf + Shibboleth Discovery Service 1.1.1 Reference Package edu.internet2.middleware.shibboleth.wayf @@ -19,15 +19,6 @@ Compare

- DiscoveryResponseBuilder -

- DiscoveryResponseImpl -

- DiscoveryResponseUnmarshaller -

DiscoveryServiceHandler

diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/package-summary.html b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/package-summary.html index 0bc1365..22bbd46 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/package-summary.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/package-summary.html @@ -3,7 +3,7 @@ - Shibboleth Discovery Service 1.1.0 Reference Package edu.internet2.middleware.shibboleth.wayf + Shibboleth Discovery Service 1.1.1 Reference Package edu.internet2.middleware.shibboleth.wayf @@ -42,21 +42,6 @@ - DiscoveryResponseBuilder - - - - - DiscoveryResponseImpl - - - - - DiscoveryResponseUnmarshaller - - - - DiscoveryServiceHandler diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/package-frame.html b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/package-frame.html index 856f7b5..f1f59a9 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/package-frame.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/package-frame.html @@ -3,7 +3,7 @@ - Shibboleth Discovery Service 1.1.0 Reference Package edu.internet2.middleware.shibboleth.wayf.plugins + Shibboleth Discovery Service 1.1.1 Reference Package edu.internet2.middleware.shibboleth.wayf.plugins diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/package-summary.html b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/package-summary.html index 2c26dfd..09d4e41 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/package-summary.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/package-summary.html @@ -3,7 +3,7 @@ - Shibboleth Discovery Service 1.1.0 Reference Package edu.internet2.middleware.shibboleth.wayf.plugins + Shibboleth Discovery Service 1.1.1 Reference Package edu.internet2.middleware.shibboleth.wayf.plugins diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/BindingFilter.html b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/BindingFilter.html index 9a234f3..8b1fa09 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/BindingFilter.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/BindingFilter.html @@ -36,154 +36,152 @@ 26 import org.opensaml.saml2.metadata.SPSSODescriptor; 27 import org.opensaml.saml2.metadata.provider.FilterException; 28 import org.opensaml.saml2.metadata.provider.MetadataFilter; -29 import org.opensaml.xml.XMLObject; -30 import org.slf4j.Logger; -31 import org.slf4j.LoggerFactory; -32 -33 import edu.internet2.middleware.shibboleth.wayf.DiscoveryResponseImpl; -34 import edu.internet2.middleware.shibboleth.wayf.HandlerConfig; -35 -36 /** -37 * See SDSJ-48. If we get a DS endpoint then we need to check that the binding is provided -38 * and that it is correct. -39 * -40 * @author Rod Widdowson -41 * -42 */ -43 public class BindingFilter implements MetadataFilter { -44 -45 /** -46 * Log for the warning. -47 */ -48 private static final Logger LOG = LoggerFactory.getLogger(BindingFilter.class.getName()); -49 -50 /** -51 * Set if we just want to warn on failure. -52 */ -53 private final boolean warnOnFailure; -54 -55 /** -56 * Only the protected constructor should be visible. -57 */ -58 private BindingFilter() { -59 this.warnOnFailure = false; -60 } -61 -62 /** -63 * Initialize the filter. -64 * @param warn do we warn or do we fail if we see badness? -65 */ -66 public BindingFilter(boolean warn) { -67 this.warnOnFailure = warn; -68 } -69 -70 /** -71 * Apply the filter. -72 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) -73 * @param metadata what to filter. -74 * @throws FilterException if it sees any missed or bad bindings. -75 */ -76 public void doFilter(XMLObject metadata) throws FilterException { -77 -78 if (metadata instanceof EntitiesDescriptor) { +29 import org.opensaml.samlext.idpdisco.DiscoveryResponse; +30 import org.opensaml.xml.XMLObject; +31 import org.slf4j.Logger; +32 import org.slf4j.LoggerFactory; +33 +34 /** +35 * See SDSJ-48. If we get a DS endpoint then we need to check that the binding is provided +36 * and that it is correct. +37 * +38 * @author Rod Widdowson +39 * +40 */ +41 public class BindingFilter implements MetadataFilter { +42 +43 /** +44 * Log for the warning. +45 */ +46 private static final Logger LOG = LoggerFactory.getLogger(BindingFilter.class.getName()); +47 +48 /** +49 * Set if we just want to warn on failure. +50 */ +51 private final boolean warnOnFailure; +52 +53 /** +54 * Only the protected constructor should be visible. +55 */ +56 private BindingFilter() { +57 this.warnOnFailure = false; +58 } +59 +60 /** +61 * Initialize the filter. +62 * @param warn do we warn or do we fail if we see badness? +63 */ +64 public BindingFilter(boolean warn) { +65 this.warnOnFailure = warn; +66 } +67 +68 /** +69 * Apply the filter. +70 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) +71 * @param metadata what to filter. +72 * @throws FilterException if it sees any missed or bad bindings. +73 */ +74 public void doFilter(XMLObject metadata) throws FilterException { +75 +76 if (metadata instanceof EntitiesDescriptor) { +77 +78 checkEntities((EntitiesDescriptor) metadata); 79 -80 checkEntities((EntitiesDescriptor) metadata); -81 -82 } else if (metadata instanceof EntityDescriptor) { -83 EntityDescriptor entity = (EntityDescriptor) metadata; -84 -85 if (!checkEntity(entity)) { -86 if (warnOnFailure) { -87 LOG.warn("Badly formatted binding for " + entity.getEntityID()); -88 } else { -89 LOG.error("Badly formatted binding for top level entity " + entity.getEntityID()); -90 } -91 } -92 } -93 } -94 -95 /** -96 * If the entity has an SP characteristic, and it has a DS endpoint -97 * then check its binding. -98 * -99 * @param entity what to check. -100 * @return true if all is OK. -101 */ -102 private static boolean checkEntity(EntityDescriptor entity) { -103 List<RoleDescriptor> roles = entity.getRoleDescriptors(); -104 -105 for (RoleDescriptor role:roles) { -106 +80 } else if (metadata instanceof EntityDescriptor) { +81 EntityDescriptor entity = (EntityDescriptor) metadata; +82 +83 if (!checkEntity(entity)) { +84 if (warnOnFailure) { +85 LOG.warn("Badly formatted binding for " + entity.getEntityID()); +86 } else { +87 LOG.error("Badly formatted binding for top level entity " + entity.getEntityID()); +88 } +89 } +90 } +91 } +92 +93 /** +94 * If the entity has an SP characteristic, and it has a DS endpoint +95 * then check its binding. +96 * +97 * @param entity what to check. +98 * @return true if all is OK. +99 */ +100 private static boolean checkEntity(EntityDescriptor entity) { +101 List<RoleDescriptor> roles = entity.getRoleDescriptors(); +102 +103 for (RoleDescriptor role:roles) { +104 +105 // +106 // Check every role 107 // -108 // Check every role -109 // -110 if (role instanceof SPSSODescriptor) { -111 +108 if (role instanceof SPSSODescriptor) { +109 +110 // +111 // Grab hold of all the extensions for SPSSO descriptors 112 // -113 // Grab hold of all the extensions for SPSSO descriptors -114 // -115 -116 Extensions exts = role.getExtensions(); -117 if (exts != null) { +113 +114 Extensions exts = role.getExtensions(); +115 if (exts != null) { +116 // +117 // We have some children check them form <DiscoveryResponse> 118 // -119 // We have some children check them form <DiscoveryResponse> -120 // -121 List<XMLObject> children = exts.getOrderedChildren(); -122 -123 for (XMLObject obj : children) { -124 if (obj instanceof DiscoveryResponseImpl) { +119 List<XMLObject> children = exts.getOrderedChildren(); +120 +121 for (XMLObject obj : children) { +122 if (obj instanceof DiscoveryResponse) { +123 // +124 // And check or the binding 125 // -126 // And check or the binding -127 // -128 DiscoveryResponseImpl ds = (DiscoveryResponseImpl) obj; -129 String binding = ds.getBinding(); -130 -131 if (!DiscoveryResponseImpl.METADATA_NS.equals(binding)) { -132 return false; -133 } -134 } -135 } -136 } -137 } -138 } -139 return true; -140 } -141 -142 /** -143 * Check an EntitiesDescriptor call checkentities for the Entities and ourselves -144 * recursively for the EntitesDescriptors. -145 * -146 * @param entities what to check. -147 */ -148 private void checkEntities(EntitiesDescriptor entities) { -149 List<EntitiesDescriptor> childEntities = entities.getEntitiesDescriptors(); -150 List<EntityDescriptor> children = entities.getEntityDescriptors(); -151 -152 if (children != null) { -153 Iterator<EntityDescriptor> itr; -154 EntityDescriptor entity; -155 itr = children.iterator(); -156 -157 while (itr.hasNext()) { -158 entity = itr.next(); -159 if (!checkEntity(entity)) { -160 if (warnOnFailure) { -161 LOG.warn("Badly formatted binding for " + entity.getEntityID()); -162 } else { -163 LOG.error("Badly formatted binding for " + entity.getEntityID() + ". Entity has been removed"); -164 itr.remove(); -165 } -166 } -167 } -168 } -169 -170 if (childEntities != null) { -171 for (EntitiesDescriptor descriptor : childEntities) { -172 checkEntities(descriptor); -173 } -174 } -175 } -176 } +126 DiscoveryResponse ds = (DiscoveryResponse) obj; +127 String binding = ds.getBinding(); +128 +129 if (!DiscoveryResponse.IDP_DISCO_NS.equals(binding)) { +130 return false; +131 } +132 } +133 } +134 } +135 } +136 } +137 return true; +138 } +139 +140 /** +141 * Check an EntitiesDescriptor call checkentities for the Entities and ourselves +142 * recursively for the EntitesDescriptors. +143 * +144 * @param entities what to check. +145 */ +146 private void checkEntities(EntitiesDescriptor entities) { +147 List<EntitiesDescriptor> childEntities = entities.getEntitiesDescriptors(); +148 List<EntityDescriptor> children = entities.getEntityDescriptors(); +149 +150 if (children != null) { +151 Iterator<EntityDescriptor> itr; +152 EntityDescriptor entity; +153 itr = children.iterator(); +154 +155 while (itr.hasNext()) { +156 entity = itr.next(); +157 if (!checkEntity(entity)) { +158 if (warnOnFailure) { +159 LOG.warn("Badly formatted binding for " + entity.getEntityID()); +160 } else { +161 LOG.error("Badly formatted binding for " + entity.getEntityID() + ". Entity has been removed"); +162 itr.remove(); +163 } +164 } +165 } +166 } +167 +168 if (childEntities != null) { +169 for (EntitiesDescriptor descriptor : childEntities) { +170 checkEntities(descriptor); +171 } +172 } +173 } +174 }

diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/ListFilter.html b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/ListFilter.html index 270ec3e..d0b7acc 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/ListFilter.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/ListFilter.html @@ -41,157 +41,156 @@ 31 import org.w3c.dom.Element; 32 import org.w3c.dom.NodeList; 33 -34 import edu.internet2.middleware.shibboleth.wayf.HandlerConfig; -35 import edu.internet2.middleware.shibboleth.wayf.XMLConstants; -36 -37 /** -38 * See SDSJ-57. Explicit -39 * -40 * @author Rod Widdowson -41 * -42 */ -43 public class ListFilter implements MetadataFilter { -44 -45 /** -46 * Log for any messages. -47 */ -48 private static final Logger LOG = LoggerFactory.getLogger(ListFilter.class.getName()); -49 -50 /** -51 * Set if this is a blacklist. -52 */ -53 private boolean excludeEntries; -54 -55 /** -56 * The list of entities. -57 */ -58 private final Set<String> filterEntities; -59 -60 /** -61 * The name of the filter (needed for debug). -62 */ -63 private final String filterName; -64 -65 /** -66 * Only the protected constructor should be visible. -67 */ -68 private ListFilter() { -69 this.excludeEntries = false; -70 this.filterEntities = new HashSet<String>(0); -71 this.filterName = "anonymous"; -72 } -73 -74 /** -75 * Initialize the filter. -76 * @param config the configuration -77 * -78 * The configuration looks liken this -79 * <code> <Filter identifier="WhiteList" -80 * type ="edu.internet2.middleware.shibboleth.wayf.plugins.provider.ListFilter" -81 * excludeEntries = "true" > -82 * <EntityId>foo</EntityId> -83 * [...] -84 * </Filter> -85 * </code> -86 */ -87 public ListFilter(Element config) { -88 String excludeEntriesValue; -89 this.filterEntities = new HashSet<String>(10); -90 this.filterName = config.getAttribute("identifier"); -91 excludeEntriesValue = config.getAttribute("excludeEntries"); -92 -93 if (null == excludeEntriesValue || 0 == excludeEntriesValue.length()) { -94 this.excludeEntries = true; -95 } else { -96 this.excludeEntries = Boolean.getBoolean(excludeEntriesValue); -97 } -98 -99 NodeList itemElements = config.getElementsByTagNameNS(XMLConstants.CONFIG_NS, "EntityId"); -100 -101 if (excludeEntries) { -102 LOG.debug("Populating blacklist " + filterName); -103 } else { -104 LOG.debug("Populating whitelist " + filterName); -105 } -106 -107 for (int i = 0; i < itemElements.getLength(); i++) { -108 Element element = (Element) itemElements.item(i); -109 String entityId = element.getTextContent(); -110 -111 LOG.debug("\t" + entityId); -112 this.filterEntities.add(entityId); -113 } -114 } -115 -116 /** -117 * Apply the filter. -118 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) -119 * @param metadata what to filter. -120 * @throws FilterException if it sees any missed or bad bindings. -121 */ -122 public void doFilter(XMLObject metadata) throws FilterException { -123 -124 if (metadata instanceof EntitiesDescriptor) { -125 filterEntities((EntitiesDescriptor)metadata); -126 } else if (metadata instanceof EntityDescriptor) { -127 EntityDescriptor entity = (EntityDescriptor) metadata; -128 String entityName = entity.getEntityID(); -129 -130 if (excludeEntries) { -131 if (filterEntities.contains(entityName)) { -132 LOG.error("Metadata provider contains a single <EntityDescriptor> (" + entityName + -133 ") which is in exclude list"); -134 } -135 } else if (!filterEntities.contains(entity.getEntityID())) { -136 LOG.error("Metadata provider contains a single <EntityDescriptor> (" + entityName + -137 ") which is not on include list"); -138 } -139 } -140 } -141 -142 /** -143 * Filter an EntitiesDescriptor . We do this explictly for the Entities and call ourselves -144 * recursively for the EntitesDescriptors. -145 * -146 * @param entities what to check. -147 */ -148 private void filterEntities(EntitiesDescriptor entities) { -149 String entitiesName = entities.getName(); -150 List<EntitiesDescriptor> childEntities = entities.getEntitiesDescriptors(); -151 List<EntityDescriptor> children = entities.getEntityDescriptors(); -152 -153 // -154 // Go through and apply the filter -155 // -156 -157 if (children != null) { -158 Iterator<EntityDescriptor> itr; -159 EntityDescriptor entity; -160 itr = children.iterator(); -161 -162 while (itr.hasNext()) { -163 entity = itr.next(); -164 String entityName = entity.getEntityID(); -165 if (excludeEntries) { -166 -167 if (filterEntities.contains(entityName)) { -168 LOG.debug("Filter " + filterName + ": Removing blacklisted " + entityName + " from " + entitiesName); -169 itr.remove(); -170 } -171 } else if (!filterEntities.contains(entityName)) { -172 LOG.debug("Filter " + filterName + ": Removing non-whitelisted " + entityName + " from " + entitiesName); -173 itr.remove(); -174 } -175 } -176 } -177 -178 if (childEntities != null) { -179 for (EntitiesDescriptor descriptor : childEntities) { -180 filterEntities(descriptor); -181 } -182 } -183 } -184 } +34 import edu.internet2.middleware.shibboleth.wayf.XMLConstants; +35 +36 /** +37 * See SDSJ-57. Explicit +38 * +39 * @author Rod Widdowson +40 * +41 */ +42 public class ListFilter implements MetadataFilter { +43 +44 /** +45 * Log for any messages. +46 */ +47 private static final Logger LOG = LoggerFactory.getLogger(ListFilter.class.getName()); +48 +49 /** +50 * Set if this is a blacklist. +51 */ +52 private boolean excludeEntries; +53 +54 /** +55 * The list of entities. +56 */ +57 private final Set<String> filterEntities; +58 +59 /** +60 * The name of the filter (needed for debug). +61 */ +62 private final String filterName; +63 +64 /** +65 * Only the protected constructor should be visible. +66 */ +67 private ListFilter() { +68 this.excludeEntries = false; +69 this.filterEntities = new HashSet<String>(0); +70 this.filterName = "anonymous"; +71 } +72 +73 /** +74 * Initialize the filter. +75 * @param config the configuration +76 * +77 * The configuration looks liken this +78 * <code> <Filter identifier="WhiteList" +79 * type ="edu.internet2.middleware.shibboleth.wayf.plugins.provider.ListFilter" +80 * excludeEntries = "true" > +81 * <EntityId>foo</EntityId> +82 * [...] +83 * </Filter> +84 * </code> +85 */ +86 public ListFilter(Element config) { +87 String excludeEntriesValue; +88 this.filterEntities = new HashSet<String>(10); +89 this.filterName = config.getAttribute("identifier"); +90 excludeEntriesValue = config.getAttribute("excludeEntries"); +91 +92 if (null == excludeEntriesValue || 0 == excludeEntriesValue.length()) { +93 this.excludeEntries = true; +94 } else { +95 this.excludeEntries = Boolean.getBoolean(excludeEntriesValue); +96 } +97 +98 NodeList itemElements = config.getElementsByTagNameNS(XMLConstants.CONFIG_NS, "EntityId"); +99 +100 if (excludeEntries) { +101 LOG.debug("Populating blacklist " + filterName); +102 } else { +103 LOG.debug("Populating whitelist " + filterName); +104 } +105 +106 for (int i = 0; i < itemElements.getLength(); i++) { +107 Element element = (Element) itemElements.item(i); +108 String entityId = element.getTextContent(); +109 +110 LOG.debug("\t" + entityId); +111 this.filterEntities.add(entityId); +112 } +113 } +114 +115 /** +116 * Apply the filter. +117 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) +118 * @param metadata what to filter. +119 * @throws FilterException if it sees any missed or bad bindings. +120 */ +121 public void doFilter(XMLObject metadata) throws FilterException { +122 +123 if (metadata instanceof EntitiesDescriptor) { +124 filterEntities((EntitiesDescriptor)metadata); +125 } else if (metadata instanceof EntityDescriptor) { +126 EntityDescriptor entity = (EntityDescriptor) metadata; +127 String entityName = entity.getEntityID(); +128 +129 if (excludeEntries) { +130 if (filterEntities.contains(entityName)) { +131 LOG.error("Metadata provider contains a single <EntityDescriptor> (" + entityName + +132 ") which is in exclude list"); +133 } +134 } else if (!filterEntities.contains(entity.getEntityID())) { +135 LOG.error("Metadata provider contains a single <EntityDescriptor> (" + entityName + +136 ") which is not on include list"); +137 } +138 } +139 } +140 +141 /** +142 * Filter an EntitiesDescriptor . We do this explictly for the Entities and call ourselves +143 * recursively for the EntitesDescriptors. +144 * +145 * @param entities what to check. +146 */ +147 private void filterEntities(EntitiesDescriptor entities) { +148 String entitiesName = entities.getName(); +149 List<EntitiesDescriptor> childEntities = entities.getEntitiesDescriptors(); +150 List<EntityDescriptor> children = entities.getEntityDescriptors(); +151 +152 // +153 // Go through and apply the filter +154 // +155 +156 if (children != null) { +157 Iterator<EntityDescriptor> itr; +158 EntityDescriptor entity; +159 itr = children.iterator(); +160 +161 while (itr.hasNext()) { +162 entity = itr.next(); +163 String entityName = entity.getEntityID(); +164 if (excludeEntries) { +165 +166 if (filterEntities.contains(entityName)) { +167 LOG.debug("Filter " + filterName + ": Removing blacklisted " + entityName + " from " + entitiesName); +168 itr.remove(); +169 } +170 } else if (!filterEntities.contains(entityName)) { +171 LOG.debug("Filter " + filterName + ": Removing non-whitelisted " + entityName + " from " + entitiesName); +172 itr.remove(); +173 } +174 } +175 } +176 +177 if (childEntities != null) { +178 for (EntitiesDescriptor descriptor : childEntities) { +179 filterEntities(descriptor); +180 } +181 } +182 } +183 }

diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/package-frame.html b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/package-frame.html index 5eb51b5..b7af423 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/package-frame.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/package-frame.html @@ -3,7 +3,7 @@ - Shibboleth Discovery Service 1.1.0 Reference Package edu.internet2.middleware.shibboleth.wayf.plugins.provider + Shibboleth Discovery Service 1.1.1 Reference Package edu.internet2.middleware.shibboleth.wayf.plugins.provider diff --git a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/package-summary.html b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/package-summary.html index 2f91e22..206dc1d 100644 --- a/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/package-summary.html +++ b/doc/src-xref/edu/internet2/middleware/shibboleth/wayf/plugins/provider/package-summary.html @@ -3,7 +3,7 @@ - Shibboleth Discovery Service 1.1.0 Reference Package edu.internet2.middleware.shibboleth.wayf.plugins.provider + Shibboleth Discovery Service 1.1.1 Reference Package edu.internet2.middleware.shibboleth.wayf.plugins.provider -- cgit v1.1