next step to attribute authority

bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/SamlAAConfigurationDao.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.dao;
+
+import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
+
+public interface SamlAAConfigurationDao extends BaseDao<SamlAAConfigurationEntity, Long> {
+
+	SamlAAConfigurationEntity findByHostname(String hostname);
+
+	SamlAAConfigurationEntity findByEntityId(String entityId);
+
+}

bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/jpa/JpaSamlAAConfigurationDao.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.dao.jpa;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.inject.Named;
+import javax.persistence.NoResultException;
+import javax.persistence.criteria.CriteriaBuilder;
+import javax.persistence.criteria.CriteriaQuery;
+import javax.persistence.criteria.ListJoin;
+import javax.persistence.criteria.Root;
+
+import edu.kit.scc.webreg.dao.SamlAAConfigurationDao;
+import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
+
+@Named
+@ApplicationScoped
+public class JpaSamlAAConfigurationDao extends JpaBaseDao<SamlAAConfigurationEntity, Long> implements SamlAAConfigurationDao {
+
+    @Override
+	public SamlAAConfigurationEntity findByEntityId(String entityId) {
+		CriteriaBuilder builder = em.getCriteriaBuilder();
+		CriteriaQuery<SamlAAConfigurationEntity> criteria = builder.createQuery(SamlAAConfigurationEntity.class);
+		Root<SamlAAConfigurationEntity> root = criteria.from(SamlAAConfigurationEntity.class);
+		criteria.where(
+				builder.equal(root.get("entityId"), entityId));
+		criteria.select(root);
+
+		try {
+			return em.createQuery(criteria).getSingleResult();
+		}
+		catch (NoResultException e) {
+			return null;
+		}
+	}	
+	
+	@Override
+	public SamlAAConfigurationEntity findByHostname(String hostname) {
+		CriteriaBuilder builder = em.getCriteriaBuilder();
+		CriteriaQuery<SamlAAConfigurationEntity> criteria = builder.createQuery(SamlAAConfigurationEntity.class);
+		Root<SamlAAConfigurationEntity> root = criteria.from(SamlAAConfigurationEntity.class);
+		ListJoin<SamlAAConfigurationEntity, String> elementJoin = root.joinList("hostNameList");
+		
+		criteria.select(root);
+		criteria.where(
+				builder.equal(elementJoin.as(String.class), hostname));
+
+		try {
+			return em.createQuery(criteria).getSingleResult();
+		}
+		catch (NoResultException e) {
+			return null;
+		}		
+	}
+
+	@Override
+	public Class<SamlAAConfigurationEntity> getEntityClass() {
+		return SamlAAConfigurationEntity.class;
+	}
+}

bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/SamlAAConfigurationEntity.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.entity;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.persistence.Column;
+import javax.persistence.ElementCollection;
+import javax.persistence.Entity;
+import javax.persistence.Table;
+
+@Entity
+@Table(name = "aaconfig")
+public class SamlAAConfigurationEntity extends SamlConfigurationEntity {
+
+	private static final long serialVersionUID = 1L;
+	
+	@Column(name = "aq", length = 2048)
+	private String aq;
+	
+	@ElementCollection
+	private List<String> hostNameList = new ArrayList<String>();
+	
+	public List<String> getHostNameList() {
+		return hostNameList;
+	}
+
+	public void setHostNameList(List<String> hostNameList) {
+		this.hostNameList = hostNameList;
+	}
+
+	public String getAq() {
+		return aq;
+	}
+
+	public void setAq(String aq) {
+		this.aq = aq;
+	}
+}

bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/SamlConfigurationEntity.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.entity;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
+import javax.persistence.Inheritance;
+import javax.persistence.InheritanceType;
+import javax.persistence.Lob;
+
+import org.hibernate.annotations.Type;
+
+@Entity
+@Inheritance(strategy = InheritanceType.TABLE_PER_CLASS)
+public abstract class SamlConfigurationEntity extends AbstractBaseEntity {
+
+	private static final long serialVersionUID = 1L;
+
+	@Column(name = "entity_id", length = 2048)
+	private String entityId;
+	
+	@Enumerated(EnumType.STRING)
+	private SamlMetadataEntityStatus status;
+	
+	@Column(name = "private_key")
+	@Lob
+	@Type(type = "org.hibernate.type.TextType")		
+	private String privateKey;
+	
+	@Column(name = "certificate")
+	@Lob
+	@Type(type = "org.hibernate.type.TextType")		
+	private String certificate;
+	
+	public String getPrivateKey() {
+		return privateKey;
+	}
+
+	public void setPrivateKey(String privateKey) {
+		this.privateKey = privateKey;
+	}
+
+	public String getCertificate() {
+		return certificate;
+	}
+
+	public void setCertificate(String certificate) {
+		this.certificate = certificate;
+	}
+
+	public String getEntityId() {
+		return entityId;
+	}
+
+	public void setEntityId(String entityId) {
+		this.entityId = entityId;
+	}
+}

bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/SamlSpConfigurationEntity.java

@@ -16,35 +16,13 @@ import java.util.List;
 import javax.persistence.Column;
 import javax.persistence.ElementCollection;
 import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
-import javax.persistence.FetchType;
-import javax.persistence.Lob;
 import javax.persistence.Table;
 
-import org.hibernate.annotations.Type;
-
 @Entity
 @Table(name = "spconfig")
-public class SamlSpConfigurationEntity extends AbstractBaseEntity {
+public class SamlSpConfigurationEntity extends SamlConfigurationEntity {
 
 	private static final long serialVersionUID = 1L;
-
-	@Column(name = "entity_id", length = 2048)
-	private String entityId;
-	
-	@Enumerated(EnumType.STRING)
-	private SamlMetadataEntityStatus status;
-	
-	@Column(name = "private_key")
-	@Lob
-	@Type(type = "org.hibernate.type.TextType")		
-	private String privateKey;
-	
-	@Column(name = "certificate")
-	@Lob
-	@Type(type = "org.hibernate.type.TextType")		
-	private String certificate;
 	
 	@Column(name = "acs", length = 2048)
 	private String acs;
@@ -52,25 +30,9 @@ public class SamlSpConfigurationEntity extends AbstractBaseEntity {
 	@Column(name = "ecp", length = 2048)
 	private String ecp;
 	
-	@ElementCollection(fetch = FetchType.EAGER)
+	@ElementCollection
 	private List<String> hostNameList = new ArrayList<String>();
 	
-	public String getPrivateKey() {
-		return privateKey;
-	}
-
-	public void setPrivateKey(String privateKey) {
-		this.privateKey = privateKey;
-	}
-
-	public String getCertificate() {
-		return certificate;
-	}
-
-	public void setCertificate(String certificate) {
-		this.certificate = certificate;
-	}
-
 	public List<String> getHostNameList() {
 		return hostNameList;
 	}
@@ -94,12 +56,4 @@ public class SamlSpConfigurationEntity extends AbstractBaseEntity {
 	public void setEcp(String ecp) {
 		this.ecp = ecp;
 	}
-
-	public String getEntityId() {
-		return entityId;
-	}
-
-	public void setEntityId(String entityId) {
-		this.entityId = entityId;
-	}
 }

bwreg-service/src/main/java/edu/kit/scc/webreg/service/SamlAAConfigurationService.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.service;
+
+import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
+
+public interface SamlAAConfigurationService extends BaseService<SamlAAConfigurationEntity, Long> {
+
+	SamlAAConfigurationEntity findByHostname(String hostname);
+
+	SamlAAConfigurationEntity findByEntityId(String entityId);
+
+}

bwreg-service/src/main/java/edu/kit/scc/webreg/service/impl/SamlAAConfigurationServiceImpl.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.service.impl;
+
+import javax.ejb.Stateless;
+import javax.inject.Inject;
+
+import edu.kit.scc.webreg.dao.BaseDao;
+import edu.kit.scc.webreg.dao.SamlAAConfigurationDao;
+import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
+import edu.kit.scc.webreg.service.SamlAAConfigurationService;
+
+@Stateless
+public class SamlAAConfigurationServiceImpl extends BaseServiceImpl<SamlAAConfigurationEntity, Long> implements SamlAAConfigurationService {
+
+	private static final long serialVersionUID = 1L;
+
+	@Inject
+	private SamlAAConfigurationDao dao;
+	
+	@Override
+	public SamlAAConfigurationEntity findByEntityId(String entityId) {
+		return dao.findByEntityId(entityId);
+	}
+
+	@Override
+	public SamlAAConfigurationEntity findByHostname(String hostname) {
+		return dao.findByHostname(hostname);
+	}
+
+	@Override
+	protected BaseDao<SamlAAConfigurationEntity, Long> getDao() {
+		return dao;
+	}
+
+}

bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/Saml2AttributeQueryServlet.java

@@ -12,14 +12,11 @@ package edu.kit.scc.webreg.sec;
 
 import java.io.IOException;
 
+import javax.faces.bean.ApplicationScoped;
 import javax.inject.Inject;
-import javax.inject.Named;
-import javax.servlet.Servlet;
-import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -29,27 +26,28 @@ import org.opensaml.saml2.core.Issuer;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.Status;
 import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.soap.soap11.Body;
 import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.XMLObjectBuilderFactory;
 import org.opensaml.xml.security.SecurityException;
 import org.slf4j.Logger;
 
 import edu.kit.scc.webreg.bootstrap.ApplicationConfig;
+import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
 import edu.kit.scc.webreg.entity.SamlSpMetadataEntity;
 import edu.kit.scc.webreg.exc.SamlAuthenticationException;
 import edu.kit.scc.webreg.service.SamlIdpMetadataService;
-import edu.kit.scc.webreg.service.SamlSpConfigurationService;
 import edu.kit.scc.webreg.service.SamlSpMetadataService;
 import edu.kit.scc.webreg.service.saml.Saml2DecoderService;
 import edu.kit.scc.webreg.service.saml.Saml2ResponseValidationService;
 import edu.kit.scc.webreg.service.saml.SamlHelper;
 
-@Named
-@WebServlet(urlPatterns = {"/Shibboleth.sso/SAML2/AttributeQuery"})
-public class Saml2AttributeQueryServlet implements Servlet {
+@ApplicationScoped
+public class Saml2AttributeQueryServlet {
 
 	@Inject
 	private Logger logger;
@@ -72,13 +70,7 @@ public class Saml2AttributeQueryServlet implements Servlet {
 	@Inject
 	private ApplicationConfig appConfig;
 	
-	@Override
-	public void init(ServletConfig config) throws ServletException {
-		
-	}
-
-	@Override
-	public void service(ServletRequest servletRequest, ServletResponse servletResponse)
+	public void service(ServletRequest servletRequest, ServletResponse servletResponse, SamlAAConfigurationEntity aaConfig)
 			throws ServletException, IOException {
 
 		HttpServletRequest request = (HttpServletRequest) servletRequest;
@@ -91,8 +83,9 @@ public class Saml2AttributeQueryServlet implements Servlet {
 			logger.debug("SAML AttributeQuery decoded");
 
 			Issuer issuer = query.getIssuer();
-			if (issuer == null || issuer.getValue() == null)
+			if (issuer == null || issuer.getValue() == null) {
 				throw new SamlAuthenticationException("Issuer not set");
+			}
 
 			String issuerString = issuer.getValue();
 			SamlSpMetadataEntity spEntity = spMetadataService.findByEntityId(issuerString);
@@ -105,47 +98,62 @@ public class Saml2AttributeQueryServlet implements Servlet {
 			saml2ValidationService.verifyIssuer(spEntity, query);
 			saml2ValidationService.validateSpSignature(query, issuer, spEntityDescriptor);
 			
-			StatusCode statusCode = samlHelper.create(StatusCode.class, StatusCode.DEFAULT_ELEMENT_NAME);
-			statusCode.setValue(StatusCode.REQUEST_DENIED_URI);
-
-			Status samlStatus = samlHelper.create(Status.class, Status.DEFAULT_ELEMENT_NAME);
-			samlStatus.setStatusCode(statusCode);
-			
-			Response samlResponse = samlHelper.create(Response.class, Response.DEFAULT_ELEMENT_NAME);
-			samlResponse.setStatus(samlStatus);
+			Response samlResponse = buildSamlRespone(StatusCode.SUCCESS_URI, null);
 			
-			XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
-			Envelope envelope = (Envelope) bf.getBuilder(
-					Envelope.DEFAULT_ELEMENT_NAME).buildObject(
-					Envelope.DEFAULT_ELEMENT_NAME);
-			Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME)
-					.buildObject(Body.DEFAULT_ELEMENT_NAME);
-
-			body.getUnknownXMLObjects().add(samlResponse);
-			envelope.setBody(body);
-
+			Envelope envelope = buildSoapEnvelope(samlResponse);
 			response.getWriter().print(samlHelper.marshal(envelope));
 			
 		} catch (MessageDecodingException e) {
-			throw new ServletException("Authentication problem", e);
+			logger.info("Could not execute AttributeQuery: {}", e.getMessage());
+			sendErrorResponse(response, StatusCode.REQUEST_DENIED_URI, e.getMessage());
 		} catch (SecurityException e) {
-			throw new ServletException("Authentication problem", e);
+			logger.info("Could not execute AttributeQuery: {}", e.getMessage());
+			sendErrorResponse(response, StatusCode.REQUEST_DENIED_URI, e.getMessage());
 		} catch (SamlAuthenticationException e) {
-			throw new ServletException("Authentication problem", e);
+			logger.info("Could not execute AttributeQuery: {}", e.getMessage());
+			sendErrorResponse(response, StatusCode.REQUEST_DENIED_URI, e.getMessage());
 		}
 	}
+
+	private void sendErrorResponse(HttpServletResponse response, String statusCodeString, String messageString) 
+			throws IOException {
+		Response samlResponse = buildSamlRespone(statusCodeString, messageString);
+		
+		Envelope envelope = buildSoapEnvelope(samlResponse);
+		response.getWriter().print(samlHelper.marshal(envelope));
+	}
 	
-	@Override
-	public ServletConfig getServletConfig() {
-		return null;
+	private Envelope buildSoapEnvelope(XMLObject xmlObject) {
+		XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
+		Envelope envelope = (Envelope) bf.getBuilder(
+				Envelope.DEFAULT_ELEMENT_NAME).buildObject(
+				Envelope.DEFAULT_ELEMENT_NAME);
+		Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME)
+				.buildObject(Body.DEFAULT_ELEMENT_NAME);
+
+		body.getUnknownXMLObjects().add(xmlObject);
+		envelope.setBody(body);		
+		return envelope;
 	}
-
-	@Override
-	public String getServletInfo() {
-		return null;
+	
+	private Response buildSamlRespone(String statusCodeString, String messageString) {
+		Response samlResponse = samlHelper.create(Response.class, Response.DEFAULT_ELEMENT_NAME);
+		samlResponse.setStatus(buildSamlStatus(statusCodeString, messageString));
+		return samlResponse;
 	}
+	
+	private Status buildSamlStatus(String statusCodeString, String messageString) {
+		StatusCode statusCode = samlHelper.create(StatusCode.class, StatusCode.DEFAULT_ELEMENT_NAME);
+		statusCode.setValue(statusCodeString);
+		
+		Status samlStatus = samlHelper.create(Status.class, Status.DEFAULT_ELEMENT_NAME);
+		samlStatus.setStatusCode(statusCode);
 
-	@Override
-	public void destroy() {
-	}	
+		if (messageString != null) {
+			StatusMessage statusMessage = samlHelper.create(StatusMessage.class, StatusMessage.DEFAULT_ELEMENT_NAME);
+			statusMessage.setMessage(messageString);
+			samlStatus.setStatusMessage(statusMessage);
+		}
+		return samlStatus;
+	}
 }

bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/Saml2DispatcherServlet.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.sec;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.servlet.Servlet;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+
+import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
+import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
+import edu.kit.scc.webreg.service.SamlAAConfigurationService;
+import edu.kit.scc.webreg.service.SamlSpConfigurationService;
+import edu.kit.scc.webreg.util.SessionManager;
+
+@Named
+@WebServlet(urlPatterns = {"/Shibboleth.sso/*", "/saml/*"})
+public class Saml2DispatcherServlet implements Servlet {
+
+	@Inject
+	private Logger logger;
+
+	@Inject
+	private SessionManager session;
+
+	@Inject 
+	private SamlSpConfigurationService spConfigService;
+
+	@Inject 
+	private SamlAAConfigurationService aaConfigService;
+
+	@Inject
+	private Saml2AttributeQueryServlet attributeQueryServlet;
+	
+	@Inject
+	private Saml2PostHandlerServlet postHandlerServlet;
+	
+	@Override