View Javadoc

1   /*
2    * Copyright 2008 University Corporation for Advanced Internet Development, Inc.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
18  
19  import java.util.List;
20  
21  import javax.xml.namespace.QName;
22  
23  import org.opensaml.xml.util.DatatypeHelper;
24  import org.opensaml.xml.util.LazyList;
25  import org.opensaml.xml.util.XMLHelper;
26  import org.slf4j.Logger;
27  import org.slf4j.LoggerFactory;
28  import org.springframework.beans.factory.BeanCreationException;
29  import org.springframework.beans.factory.support.BeanDefinitionBuilder;
30  import org.w3c.dom.Element;
31  
32  import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
33  import edu.internet2.middleware.shibboleth.idp.util.IPRange;
34  
35  /** Spring bean definition parser for IP address authentication handlers. */
36  public class IPAddressLoginHandlerBeanDefinitionParser extends AbstractLoginHandlerBeanDefinitionParser {
37  
38      /** Schema type. */
39      public static final QName SCHEMA_TYPE = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "IPAddress");
40  
41      /** Class logger. */
42      private final Logger log = LoggerFactory.getLogger(IPAddressLoginHandlerBeanDefinitionParser.class);
43  
44      /** {@inheritDoc} */
45      protected Class getBeanClass(Element element) {
46          return IPAddressLoginHandlerFactoryBean.class;
47      }
48  
49      /** {@inheritDoc} */
50      protected void doParse(Element config, BeanDefinitionBuilder builder) {
51          super.doParse(config, builder);
52  
53          String username = DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null, "username"));
54          if (username == null) {
55              String msg = "No username specified.";
56              log.error(msg);
57              throw new BeanCreationException(msg);
58          }
59          log.debug("authenticated username: {}", username);
60          builder.addPropertyValue("authenticatedUser", username);
61  
62          List<IPRange> ranges = getIPRanges(config);
63          log.debug("registered IP ranges: {}", ranges.size());
64          builder.addPropertyValue("ipRanges", ranges);
65  
66          boolean defaultDeny = XMLHelper.getAttributeValueAsBoolean(config.getAttributeNodeNS(null, "defaultDeny"));
67          log.debug("default deny: {}", defaultDeny);
68          builder.addPropertyValue("ipInRangeIsAuthenticated", defaultDeny);
69      }
70  
71      /**
72       * Gets the list of IP ranges given in the configuration.
73       * 
74       * @param config current configuration
75       * 
76       * @return list of IP ranges
77       */
78      protected List<IPRange> getIPRanges(Element config) {
79          List<Element> ipEntries = XMLHelper.getChildElementsByTagNameNS(config,
80                  ProfileHandlerNamespaceHandler.NAMESPACE, "IPEntry");
81          if (ipEntries == null || ipEntries.isEmpty()) {
82              String msg = "At least one IPEntry must be specified.";
83              log.error(msg);
84              throw new BeanCreationException(msg);
85          }
86  
87          List<IPRange> ranges = new LazyList<IPRange>();
88          for (Element ipEntry : ipEntries) {
89              ranges.add(IPRange.parseCIDRBlock(ipEntry.getTextContent()));
90          }
91  
92          return ranges;
93      }
94  }