Skip to Content.
Sympa Menu

mace-opensaml-users - understanding the fromDOM method

Subject: OpenSAML user discussion

List archive

understanding the fromDOM method


Chronological Thread 
  • From: "Tom Scavo" <>
  • To: OpenSAML <>
  • Subject: understanding the fromDOM method
  • Date: Mon, 23 Oct 2006 15:06:17 -0400
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=jWYy/UTB+yI5uPdrm4llyyTKkH4hphbM3lnWZu3sZ3xcn/ANmTysC5tv3lvSvbVdRwq2FEXiNgsVL08GKvmI31fV2qEv4MzeFc96eD8CCyv7YpaCA7IEWNl3pMJnaR0BBjudKv8glhsmX7fR9EEI8VDhFl08y+QbsYapKd+0J4w=
Attached are the fromDOM methods from each of the three concrete
statement types in OpenSAML V1.1. Similarly, I'm trying to extend the
abstract SAMLSubjectStatement class, but I'm having trouble
reconciling these three methods.

- Why doesn't AttributeStatement.fromDOM call checkValidity?

- Why does AuthenticationStatement.fromDOM check

if (!XML.isElementNamed(e,XML.SAML_NS,"Statement")

whereas the other two methods check

if (!XML.isElementNamed(e,XML.SAML_NS,"Statement") ||
!XML.isElementNamed(e,XML.SAML_NS,"SubjectStatement")

?

Actually, I think all three should just check

if ( !XML.isElementNamed(e,XML.SAML_NS,"SubjectStatement")

but I haven't been able to construct a unit test that causes any
method to fail, so obviously I don't understand what's going on.

Thanks,
Tom

----------------------------------------------------------------
// AuthenticationStatement
public void fromDOM(Element e) throws SAMLException {
super.fromDOM(e);

if (config.getBooleanProperty("org.opensaml.strict-dom-checking")
&& !XML.isElementNamed(e,XML.SAML_NS,"AuthenticationStatement"))
{
QName q=XML.getQNameAttribute(e,XML.XSI_NS,"type");
if (!XML.isElementNamed(e,XML.SAML_NS,"Statement") || q==null ||
!XML.SAML_NS.equals(q.getNamespaceURI()) ||
!"AuthenticationStatementType".equals(q.getLocalPart()))
throw new MalformedException(SAMLException.RESPONDER,
"SAMLAuthenticationStatement() requires saml:AuthenticationStatement
at root");
}

authMethod = XML.assign(e.getAttributeNS(null,"AuthenticationMethod"));

try {
SimpleDateFormat formatter = null;
String dateTime = XML.assign(e.getAttributeNS(null,
"AuthenticationInstant"));
int dot = dateTime.indexOf('.');
if (dot > 0) {
formatter = new
SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
}
else {
formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
}
formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
authInstant = formatter.parse(dateTime);
}
catch (java.text.ParseException ex) {
throw new MalformedException(SAMLException.RESPONDER,
"SAMLAuthenticationStatement() detected an invalid datetime while
parsing statement", ex);
}

// Check for locality
Element n = XML.getFirstChildElement(root, XML.SAML_NS,
"SubjectLocality");
if (n != null) {
subjectIP = XML.assign(n.getAttributeNS(null, "IPAddress"));
subjectDNS = XML.assign(n.getAttributeNS(null, "DNSAddress"));
n = XML.getNextSiblingElement(n);
}

// Extract bindings.
n = XML.getFirstChildElement(root, XML.SAML_NS, "AuthorityBinding");
while (n != null) {
bindings.add(new SAMLAuthorityBinding(n).setParent(this));
n = XML.getNextSiblingElement(n, XML.SAML_NS, "AuthorityBinding");
}

checkValidity();
}


// AttributeStatement
public void fromDOM(Element e) throws SAMLException {
super.fromDOM(e);

if (config.getBooleanProperty("org.opensaml.strict-dom-checking")
&& !XML.isElementNamed(e,XML.SAML_NS,"AttributeStatement"))
{
QName q = XML.getQNameAttribute(e, XML.XSI_NS, "type");
if (!XML.isElementNamed(e,XML.SAML_NS,"Statement") ||
!XML.isElementNamed(e,XML.SAML_NS,"SubjectStatement") ||
q == null || !XML.SAML_NS.equals(q.getNamespaceURI())
|| !"AttributeStatementType".equals(q.getLocalPart()))
throw new MalformedException(SAMLException.REQUESTER,
"SAMLAttributeStatement() requires saml:AttributeStatement at root");
}

// Extract attributes.
Element n = XML.getFirstChildElement(root, XML.SAML_NS, "Attribute");
while (n != null) {
try {
attrs.add(SAMLAttribute.getInstance(n).setParent(this));
}
catch (SAMLException ex) {
log.warn("exception while instantiating a
SAMLAttribute: " + ex.getMessage());
}
n = XML.getNextSiblingElement(n, XML.SAML_NS, "Attribute");
}
}


// AuthorizationDecisionStatement
public void fromDOM(Element e) throws SAMLException {
super.fromDOM(e);

if (config.getBooleanProperty("org.opensaml.strict-dom-checking")
&& !XML.isElementNamed(e,XML.SAML_NS,"AuthorizationDecisionStatement"))
{
QName q = XML.getQNameAttribute(e, XML.XSI_NS, "type");
if (!XML.isElementNamed(e,XML.SAML_NS,"Statement") ||
!XML.isElementNamed(e,XML.SAML_NS,"SubjectStatement") ||
q == null || !XML.SAML_NS.equals(q.getNamespaceURI())
|| !"AuthorizationDecisionStatementType".equals(q.getLocalPart()))
throw new MalformedException(SAMLException.REQUESTER,
"SAMLAuthorizationDecisionStatement.fromDOM() requires
saml:AuthorizationDecisionStatement at root");
}

resource = XML.assign(e.getAttributeNS(null, "Resource"));
decision = XML.assign(e.getAttributeNS(null, "Decision"));

Element n = XML.getFirstChildElement(e, XML.SAML_NS, "Action");
while (n != null) {
actions.add(new SAMLAction(n).setParent(this));
n = XML.getNextSiblingElement(n, XML.SAML_NS, "Action");
}

n = XML.getFirstChildElement(e, XML.SAML_NS, "Evidence");
if (n != null) {
Element n2 = XML.getFirstChildElement(n);
while (n2 != null) {
if (XML.isElementNamed(n2, XML.SAML_NS, "Assertion"))
evidence.add(new SAMLAssertion(n2).setParent(this));
else if (XML.isElementNamed(n2, XML.SAML_NS,
"AssertionIDReference") && n2.hasChildNodes())
evidence.add(n2.getFirstChild().getNodeValue());
n2 = XML.getNextSiblingElement(n2);
}
}

checkValidity();
}

Archive powered by MHonArc 2.6.16.

Top of Page