DefaultSiteAttributeMapper.java revision 4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1c
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* https://opensso.dev.java.net/public/CDDLv1.0.html or
* opensso/legal/CDDLv1.0.txt
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: DefaultSiteAttributeMapper.java,v 1.2 2009/01/08 04:29:00 hengming Exp $
*
*/
package com.sun.identity.saml.plugins;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.sun.identity.authentication.service.AuthD;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.plugin.datastore.DataStoreProvider;
import com.sun.identity.plugin.datastore.DataStoreProviderManager;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.saml.assertion.Attribute;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLServiceManager;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.ServiceConfig;
/**
* This class reads Attribute Map in local configuration and maps user's local * attributes to list of <code>Attribute</code> objects to be returned as
* <code>AttributeStatements</code> elements, as part of the
* Authentication Assertion returned to the partner during the
* SSO scenario of Browser Artifact and POST profile.
* <p>
*
*/
public class DefaultSiteAttributeMapper implements ConsumerSiteAttributeMapper {
/**
* Returns <code>List</code> of <code>Attribute</code> objects
*
* @param token User's session.
* @param request The HttpServletRerquest object of the request which
* may contains query attributes to be included in the
* Assertion. This could be null if unavailable.
* @param response The HttpServletResponse object. This could be null
* if unavailable.
* @param targetURL value for TARGET query parameter when the user
* accessing the SAML aware servlet or post profile
* servlet. This could be null if unavailabl
* @return <code>List</code> if <code>Attribute</code> objects.
* <code>Attribute</code> is defined in the SAML SDK as part of
* <code>com.sun.identity.saml.assertion</code> package.
* @throws SAMLException if attributes cannot be obtained.
*/
public List getAttributes(Object token, HttpServletRequest request,
HttpServletResponse response, String targetURL)
throws SAMLException {
Map attrMap = (Map)SAMLServiceManager.getAttribute(
SAMLConstants.ATTRIBUTE_MAP);
if ((attrMap == null) || (attrMap.isEmpty())) {
return null;
}
Set localAttrNames = new HashSet();
localAttrNames.addAll(attrMap.values());
Map localValueMap = null;
try {
DataStoreProvider dsProvider =
DataStoreProviderManager.getInstance().
getDataStoreProvider(SAMLConstants.SAML);
localValueMap = dsProvider.getAttributes(
SessionManager.getProvider().getPrincipalName(token),
localAttrNames);
} catch (Exception ex) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("DefaultSiteAttributeMapper." +
"getAttributes:", ex);
}
}
List samlAttrs = null;
for(Iterator iter = attrMap.keySet().iterator(); iter.hasNext();) {
String samlAttrName = (String)iter.next();
String localAttrName = (String)attrMap.get(samlAttrName);
String attrNamespace = null;
StringTokenizer tokenizer = new StringTokenizer(samlAttrName, "|");
int tokenCount = tokenizer.countTokens();
if (tokenCount == 1) {
attrNamespace = SAMLConstants.assertionSAMLNameSpaceURI;
} else if (tokenCount == 2) {
attrNamespace = tokenizer.nextToken();
samlAttrName = tokenizer.nextToken();
} else {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." +
"getAttribute: invalid saml attribute in attribute " +
" map. saml attribute = " + samlAttrName + ", the " +
" syntax is namespace|attrName.");
}
continue;
}
String[] localAttrValues = null;
if ((localValueMap != null) && (!localValueMap.isEmpty())) {
Set values = (Set)localValueMap.get(localAttrName);
if ((values == null) || (values.isEmpty())) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." +
"getAttribute: user profile does not have " +
"value for " + localAttrName +
" but is going to check ssotoken:");
}
} else {
localAttrValues = (String[])values.toArray(
new String[values.size()]);
}
}
if (localAttrValues == null) {
try {
localAttrValues = SessionManager.getProvider().getProperty(
token, localAttrName);
} catch (SessionException ex) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." +
"getAttribute:", ex);
}
}
}
if ((localAttrValues == null) || (localAttrValues.length == 0)) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." +
"getAttribute: user does not have " +
localAttrName);
}
} else {
Attribute samlAttr = getSAMLAttribute(samlAttrName,
attrNamespace, localAttrValues);
if (samlAttr != null) {
if (samlAttrs == null) {
samlAttrs = new ArrayList();
}
samlAttrs.add(samlAttr);
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." +
"getAttribute: add atttribute = " + samlAttrName +
", attrNamespace = " + attrNamespace +
", values = " + localAttrValues);
}
}
}
}
return samlAttrs;
}
/**
* Returns the SAML <code>Attribute</code> object.
*
* @param name attribute name.
* @param attrNamespace Name format of the attribute
* @param values attribute values.
* @exception SAMLException if any failure.
*/
protected Attribute getSAMLAttribute(String name, String attrNamespace,
String[] values) throws SAMLException {
if ((values == null) || (values.length == 0)) {
return null;
}
Attribute attribute = new Attribute(name, attrNamespace, values[0]);
for(int i=1; i<values.length; i++) {
attribute.addAttributeValue(values[i]);
}
return attribute;
}
/**
* Checks if dynamical profile creation or ignore profile is enabled.
* @param realm realm to check the dynamical profile creation attributes.
* @return true if dynamical profile creation or ignore profile is enabled,
* false otherwise.
*/
static boolean isDynamicalOrIgnoredProfile(String realm) {
try {
OrganizationConfigManager orgConfigMgr = AuthD.getAuth().
getOrgConfigManager(realm);
ServiceConfig svcConfig = orgConfigMgr.getServiceConfig(
ISAuthConstants.AUTH_SERVICE_NAME);
Map attrs = svcConfig.getAttributes();
String tmp = CollectionHelper.getMapAttr(
attrs, ISAuthConstants.DYNAMIC_PROFILE);
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message(
"DefaultSiteAttributeMapper.isDynamicalOrIgnoredProfile:" +
" attr = " + tmp);
}
return ((tmp != null) && (tmp.equalsIgnoreCase("createAlias") ||
tmp.equalsIgnoreCase("true") ||
tmp.equalsIgnoreCase("ignore")));
} catch (Exception e) {
SAMLUtils.debug.error("DefaultSiteAttributeMapper." +
"isDynamicalOrIgnoredProfile: unable to get attribute", e);
return false;
}
}
}