Merge pull request #350 from mauromol/improve-input-params-api

Improve authentication and logout request input params API

Author: pitbulk

core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java

@@ -42,26 +42,6 @@ public class AuthnRequest {
      */
 	private final Saml2Settings settings;
 
-	/**
-	 * When true the AuthNRequest will set the ForceAuthn='true'
-	 */
-	private final boolean forceAuthn;
-
-	/**
-	 * When true the AuthNRequest will set the IsPassive='true'
-	 */
-	private final boolean isPassive;
-
-	/**
-	 * When true the AuthNReuqest will set a nameIdPolicy
-	 */
-	private final boolean setNameIdPolicy;
-
-	/**
-	 * Indicates to the IdP the subject that should be authenticated
-	 */
-	private final String nameIdValueReq;
-	
 	/**
 	 * Time stamp that indicates when the AuthNRequest was created
 	 */
@@ -72,55 +52,73 @@ public class AuthnRequest {
 	 *
 	 * @param settings
 	 *            OneLogin_Saml2_Settings
+	 * @see #AuthnRequest(Saml2Settings, AuthnRequestParams)
 	 */
 	public AuthnRequest(Saml2Settings settings) {
-		this(settings, false, false, true);
+		this(settings, new AuthnRequestParams(false, false, true));
 	}
 
 	/**
 	 * Constructs the AuthnRequest object.
 	 *
 	 * @param settings
-	 *            OneLogin_Saml2_Settings
+	 *              OneLogin_Saml2_Settings
 	 * @param forceAuthn
-	 *            When true the AuthNReuqest will set the ForceAuthn='true'
+	 *              When true the AuthNReuqest will set the ForceAuthn='true'
 	 * @param isPassive
-	 *            When true the AuthNReuqest will set the IsPassive='true'
+	 *              When true the AuthNReuqest will set the IsPassive='true'
 	 * @param setNameIdPolicy
-	 *            When true the AuthNReuqest will set a nameIdPolicy
+	 *              When true the AuthNReuqest will set a nameIdPolicy
 	 * @param nameIdValueReq
-	 *            Indicates to the IdP the subject that should be authenticated
+	 *              Indicates to the IdP the subject that should be authenticated
+	 * @deprecated use {@link #AuthnRequest(Saml2Settings, AuthnRequestParams)} with
+	 *             {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean, String)}
+	 *             instead
 	 */
+	@Deprecated
 	public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy, String nameIdValueReq) {
-		this.id = Util.generateUniqueID(settings.getUniqueIDPrefix());
-		issueInstant = Calendar.getInstance();
-		this.isPassive = isPassive;
-		this.settings = settings;
-		this.forceAuthn = forceAuthn;
-		this.setNameIdPolicy = setNameIdPolicy;
-		this.nameIdValueReq = nameIdValueReq;
-
-		StrSubstitutor substitutor = generateSubstitutor(settings);
-		authnRequestString = postProcessXml(substitutor.replace(getAuthnRequestTemplate()), settings);
-		LOGGER.debug("AuthNRequest --> " + authnRequestString);
+		this(settings, new AuthnRequestParams(forceAuthn, isPassive, setNameIdPolicy, nameIdValueReq));
 	}
-
+	
 	/**
 	 * Constructs the AuthnRequest object.
 	 *
 	 * @param settings
-	 *            OneLogin_Saml2_Settings
+	 *              OneLogin_Saml2_Settings
 	 * @param forceAuthn
-	 *            When true the AuthNReuqest will set the ForceAuthn='true'
+	 *              When true the AuthNReuqest will set the ForceAuthn='true'
 	 * @param isPassive
-	 *            When true the AuthNReuqest will set the IsPassive='true'
+	 *              When true the AuthNReuqest will set the IsPassive='true'
 	 * @param setNameIdPolicy
-	 *            When true the AuthNReuqest will set a nameIdPolicy
+	 *              When true the AuthNReuqest will set a nameIdPolicy
+	 * @deprecated use {@link #AuthnRequest(Saml2Settings, AuthnRequestParams)} with
+	 *             {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean)}
+	 *             instead
 	 */
+	@Deprecated
 	public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy) {
 		this(settings, forceAuthn, isPassive, setNameIdPolicy, null);
 	}
 
+	/**
+	 * Constructs the AuthnRequest object.
+	 *
+	 * @param settings
+	 *              OneLogin_Saml2_Settings
+	 * @param params
+	 *              a set of authentication request input parameters that shape the
+	 *              request to create
+	 */
+	public AuthnRequest(Saml2Settings settings, AuthnRequestParams params) {
+		this.id = Util.generateUniqueID(settings.getUniqueIDPrefix());
+		issueInstant = Calendar.getInstance();
+		this.settings = settings;
+
+		StrSubstitutor substitutor = generateSubstitutor(params, settings);
+		authnRequestString = postProcessXml(substitutor.replace(getAuthnRequestTemplate()), params, settings);
+		LOGGER.debug("AuthNRequest --> " + authnRequestString);
+	}
+
 	/**
 	 * Allows for an extension class to post-process the AuthnRequest XML generated
 	 * for this request, in order to customize the result.
@@ -132,15 +130,17 @@ public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassiv
 	 * @param authnRequestXml
 	 *              the XML produced for this AuthnRequest by the standard
 	 *              implementation provided by {@link AuthnRequest}
+	 * @param params
+	 *              the authentication request input parameters
 	 * @param settings
 	 *              the settings
 	 * @return the post-processed XML for this AuthnRequest, which will then be
 	 *         returned by any call to {@link #getAuthnRequestXml()}
 	 */
-	protected String postProcessXml(final String authnRequestXml, final Saml2Settings settings) {
+	protected String postProcessXml(final String authnRequestXml, final AuthnRequestParams params, final Saml2Settings settings) {
 		return authnRequestXml;
 	}
-	
+
 	/**
 	 * @return the base64 encoded unsigned AuthnRequest (deflated or not)
 	 *
@@ -181,22 +181,24 @@ public String getAuthnRequestXml() {
 	/**
 	 * Substitutes AuthnRequest variables within a string by values.
 	 *
+	 * @param params
+	 *              the authentication request input parameters
 	 * @param settings
 	 * 				Saml2Settings object. Setting data
 	 * 
 	 * @return the StrSubstitutor object of the AuthnRequest 
 	 */ 
-	private StrSubstitutor generateSubstitutor(Saml2Settings settings) {
+	private StrSubstitutor generateSubstitutor(AuthnRequestParams params, Saml2Settings settings) {
 
 		Map<String, String> valueMap = new HashMap<String, String>();
 
 		String forceAuthnStr = "";
-		if (forceAuthn) {
+		if (params.isForceAuthn()) {
 			forceAuthnStr = " ForceAuthn=\"true\"";
 		}
 
 		String isPassiveStr = "";
-		if (isPassive) {
+		if (params.isPassive()) {
 			isPassiveStr = " IsPassive=\"true\"";
 		}
 
@@ -211,6 +213,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) {
 		valueMap.put("destinationStr", destinationStr);
 
 		String subjectStr = "";
+		String nameIdValueReq = params.getNameIdValueReq();
 		if (nameIdValueReq != null && !nameIdValueReq.isEmpty()) {
 			String nameIDFormat = settings.getSpNameIDFormat();
 			subjectStr = "<saml:Subject>";
@@ -221,7 +224,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) {
         valueMap.put("subjectStr", subjectStr);
 
 		String nameIDPolicyStr = "";
-		if (setNameIdPolicy) {
+		if (params.isSetNameIdPolicy()) {
 			String nameIDPolicyFormat = settings.getSpNameIDFormat();
 			if (settings.getWantNameIdEncrypted()) {
 				nameIDPolicyFormat = Constants.NAMEID_ENCRYPTED;

core/src/main/java/com/onelogin/saml2/authn/AuthnRequestParams.java

@@ -0,0 +1,105 @@
+package com.onelogin.saml2.authn;
+
+/**
+ * Input parameters for a SAML 2 authentication request.
+ */
+public class AuthnRequestParams {
+
+	/**
+	 * When true the AuthNRequest will set the ForceAuthn='true'
+	 */
+	private final boolean forceAuthn;
+	/**
+	 * When true the AuthNRequest will set the IsPassive='true'
+	 */
+	private final boolean isPassive;
+	/**
+	 * When true the AuthNReuqest will set a nameIdPolicy
+	 */
+	private final boolean setNameIdPolicy;
+	/**
+	 * Indicates to the IdP the subject that should be authenticated
+	 */
+	private final String nameIdValueReq;
+
+	/**
+	 * Create a set of authentication request input parameters.
+	 *
+	 * @param forceAuthn
+	 *              whether the <code>ForceAuthn</code> attribute should be set to
+	 *              <code>true</code>
+	 * @param isPassive
+	 *              whether the <code>isPassive</code> attribute should be set to
+	 *              <code>true</code>
+	 * @param setNameIdPolicy
+	 *              whether a <code>NameIDPolicy</code> should be set
+	 */
+	public AuthnRequestParams(boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy) {
+		this(forceAuthn, isPassive, setNameIdPolicy, null);
+	}
+
+	/**
+	 * Create a set of authentication request input parameters.
+	 *
+	 * @param forceAuthn
+	 *              whether the <code>ForceAuthn</code> attribute should be set to
+	 *              <code>true</code>
+	 * @param isPassive
+	 *              whether the <code>isPassive</code> attribute should be set to
+	 *              <code>true</code>
+	 * @param setNameIdPolicy
+	 *              whether a <code>NameIDPolicy</code> should be set
+	 * @param nameIdValueReq
+	 *              the subject that should be authenticated
+	 */
+	public AuthnRequestParams(boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy, String nameIdValueReq) {
+		this.forceAuthn = forceAuthn;
+		this.isPassive = isPassive;
+		this.setNameIdPolicy = setNameIdPolicy;
+		this.nameIdValueReq = nameIdValueReq;
+	}
+
+	/**
+	 * Create a set of authentication request input parameters, by copying them from
+	 * another set.
+	 *
+	 * @param source
+	 *              the source set of authentication request input parameters
+	 */
+	protected AuthnRequestParams(AuthnRequestParams source) {
+		this.forceAuthn = source.isForceAuthn();
+		this.isPassive = source.isPassive();
+		this.setNameIdPolicy = source.isSetNameIdPolicy();
+		this.nameIdValueReq = source.getNameIdValueReq();
+	}
+
+	/**
+	 * @return whether the <code>ForceAuthn</code> attribute should be set to
+	 *         <code>true</code>
+	 */
+	protected boolean isForceAuthn() {
+		return forceAuthn;
+	}
+
+	/**
+	 * @return whether the <code>isPassive</code> attribute should be set to
+	 *         <code>true</code>
+	 */
+	protected boolean isPassive() {
+		return isPassive;
+	}
+
+	/**
+	 * @return whether a <code>NameIDPolicy</code> should be set
+	 */
+	protected boolean isSetNameIdPolicy() {
+		return setNameIdPolicy;
+	}
+
+	/**
+	 * @return the subject that should be authenticated
+	 */
+	protected String getNameIdValueReq() {
+		return nameIdValueReq;
+	}
+}