Move SAML logging to separate class

LEDfan · LEDfan · commit ba7d12c6d34f · 2021-01-15T14:05:06.000+01:00
diff --git a/src/main/java/eu/openanalytics/containerproxy/auth/impl/saml/AttributeUtils.java b/src/main/java/eu/openanalytics/containerproxy/auth/impl/saml/AttributeUtils.java
@@ -0,0 +1,83 @@
+/**
+ * ContainerProxy
+ *
+ * Copyright (C) 2016-2020 Open Analytics
+ *
+ * ===========================================================================
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Apache License as published by
+ * The Apache Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * Apache License for more details.
+ *
+ * You should have received a copy of the Apache License
+ * along with this program.  If not, see <http://www.apache.org/licenses/>
+ */
+package eu.openanalytics.containerproxy.auth.impl.saml;
+
+import org.apache.logging.log4j.Logger;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSAny;
+import org.opensaml.xml.schema.XSString;
+import org.springframework.security.saml.SAMLCredential;
+
+import java.util.List;
+
+public class AttributeUtils {
+
+    public static String getAttributeValue(Attribute attribute) {
+        // copied from Attribute class ...
+        List<XMLObject> attributeValues = attribute.getAttributeValues();
+        if (attributeValues == null || attributeValues.size() == 0) {
+            return null;
+        }
+        XMLObject xmlValue = attributeValues.iterator().next();
+        return getString(xmlValue);
+    }
+
+    public static String[] getAttributeAsStringArray(Attribute attribute) {
+        if (attribute == null) {
+            return null;
+        }
+        List<XMLObject> attributeValues = attribute.getAttributeValues();
+        if (attributeValues == null || attributeValues.size() == 0) {
+            return new String[0];
+        }
+        String[] result = new String[attributeValues.size()];
+        int i = 0;
+        for (XMLObject attributeValue : attributeValues) {
+            result[i++] = getString(attributeValue);
+        }
+        return result;
+    }
+
+    private static String getString(XMLObject xmlValue) {
+        if (xmlValue instanceof XSString) {
+            return ((XSString) xmlValue).getValue();
+        } else if (xmlValue instanceof XSAny) {
+            return ((XSAny) xmlValue).getTextContent();
+        } else {
+            return null;
+        }
+    }
+
+    public static void logAttributes(Logger logger, SAMLCredential credential) {
+        String userID = credential.getNameID().getValue();
+        List<Attribute> attributes = credential.getAttributes();
+        attributes.forEach((attribute) -> {
+            logger.info(String.format("[SAML] User: \"%s\" => attribute => name=\"%s\"(\"%s\") => value \"%s\" - \"%s\"",
+                    userID,
+                    attribute.getName(),
+                    attribute.getFriendlyName(),
+                    getAttributeValue(attribute),
+                    String.join(", ", getAttributeAsStringArray(attribute))));
+        });
+
+    }
+}
diff --git a/src/main/java/eu/openanalytics/containerproxy/auth/impl/saml/SAMLConfiguration.java b/src/main/java/eu/openanalytics/containerproxy/auth/impl/saml/SAMLConfiguration.java
@@ -40,8 +40,11 @@
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.util.resource.ResourceException;
+import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.StaticBasicParserPool;
 import org.opensaml.xml.parse.XMLParserException;
+import org.opensaml.xml.schema.XSAny;
+import org.opensaml.xml.schema.XSString;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
@@ -344,26 +347,17 @@ public SAMLFilterSet samlFilter() throws Exception {
 
 	private final Logger log = LogManager.getLogger(getClass());
 
+
+
 	@Bean
 	public SAMLAuthenticationProvider samlAuthenticationProvider() {
 		SAMLAuthenticationProvider samlAuthenticationProvider = new SAMLAuthenticationProvider();
 	    samlAuthenticationProvider.setUserDetails(new SAMLUserDetailsService() {
 	    	@Override
 	    	public Object loadUserBySAML(SAMLCredential credential) throws UsernameNotFoundException {
-				List<Attribute> attributes = credential.getAttributes();
 
 				if (Boolean.parseBoolean(environment.getProperty(PROP_LOG_ATTRIBUTES, "false"))) {
-					// don't use nameValue from below so that in the case this attribute isn't correctly setup,
-					// we can still log the attribtues (and the correct attribute can be found)
-					String userID = credential.getNameID().getValue();
-					attributes.forEach((attribute) -> {
-						log.info(String.format("[SAML] User: \"%s\" => attribute => name=\"%s\"(\"%s\") => value \"%s\" - \"%s\"",
-								userID,
-								attribute.getName(),
-								attribute.getFriendlyName(),
-								credential.getAttributeAsString(attribute.getName()),
-								String.join(", ", credential.getAttributeAsStringArray(attribute.getName()))));
-					});
+                    AttributeUtils.logAttributes(log, credential);
 				}
 
 				String nameAttribute = environment.getProperty("proxy.saml.name-attribute", DEFAULT_NAME_ATTRIBUTE);
