...
Appendix A provides a complete list of the extension points within the IdP. Following the link to the extension-specific description will provide the various namespaces, schema file locations, and classes needed when creating a custom extension.
The SVN repository shib-extension contains some example extensions.
...
The final result of a plugin is a JAR with the following structure:
| Code Block |
|---|
/META-INF/spring.handlers
/META-INF/spring.schemas
/schema/... your schema files ...
... Java class files for extension...
|
...
| Code Block |
|---|
| title | Example Login Handler Class |
|---|
|
package org.example.shibboleth.authn;
... imports ...
public class IPAddressLoginHandler extends AbstractLoginHandler {
public IPAddressLoginHandler(String username){
// method logic
}
/** {@inheritDoc} */
public void login(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
// method logic
}
public List<String> getAllowedIPAddressRanges(){
// method logic
}
public void setAllowedIPAddressRanges(List<String> ranges){
// method logic
}
}
|
...
| Code Block |
|---|
| xml |
|---|
| title | Example Schema File for an IP-based Login Handler Type |
|---|
| xml |
|---|
|
<schema targetNamespace="urn:mace:example.org:shibboleth:authn"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler"
elementFormDefault="qualified">
<import schemaLocation="classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd" />
<complexType name="IPAddress">
<complexContent>
<extension base="ph:LoginHandlerType">
<sequence>
<element name="IPEntry" type="string" maxOccurs="unbounded" />
</sequence>
<attribute name="username" type="string" />
</extension>
</complexContent>
</complexType>
</schema>
|
If you are using Eclipse, you might want it to load an URL Handler for the "classpath:" URL scheme, so that Eclipse can find imported schemas when editing a .xsd file. You can download this JAR file and load it in Eclipse like this (assuming you downloaded the file in $HOME/shibboleth):
| Code Block |
|---|
eclipse -vmargs -Djava.protocol.handler.pkgs=org.my.protocols -Xbootclasspath/p:$HOME/shibboleth/classpath-uri-stream-handler-0.0.1-SNAPSHOT.jar
|
...
| Code Block |
|---|
| title | Bean Definition Parser for Example Login Handler |
|---|
|
package org.example.shibboleth.authn.config;
... imports ...
public class IPAddressLoginHandlerBeanDefinitionParser extends AbstractSimpleBeanDefinitionParser{
/** Schema type. */
public static final QName SCHEMA_TYPE = new QName(AuthnExtensionNamespaceHandler.NAMESPACE, "IPAddress");
/** {@inheritDoc} */
protected Class getBeanClass(Element arg0) {
return IPAddressLoginHandler.class;
}
/** {@inheritDoc} */
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
// Create a list from the <IPEntry> elements
List ipEntries; // code for populating the list omitted
builder.addPropertyValue("allowedIPAddressRanges", ipEntries);
String username = element.getAttributeNS(null, "username");
builder.addConstructorArg(username);
}
}
|
...
| Code Block |
|---|
| title | Namespace Handler for Example Login Handler |
|---|
|
package org.example.shibboleth.authn.config;
... imports ...
public class AuthnNamespaceHandler extends BaseSpringNamespaceHandler {
public static final String NAMESPACE = "urn:mace:example.org:shibboleth:authn";
public void init() {
registerBeanDefinitionParser(IPAddressLoginHandlerBeanDefinitionParser.SCHEMA_TYPE, new IPAddressLoginHandlerBeanDefinitionParser());
// other calls to registerBeanDefinitionParser for other extensions in this namespace would go here
}
}
|
...
| Code Block |
|---|
| xml |
|---|
| title | spring.schemas file for Example Login Handler |
|---|
| xml |
|---|
|
urn\:mace\:example.org\:shibboleth\:authn = schema/authn.xsd
|
...
| Code Block |
|---|
| xml |
|---|
| title | spring.handlers file for Example Login Handler |
|---|
| xml |
|---|
|
urn\:mace\:example.org\:shibboleth\:authn = org.example.shibboleth.authn.config.AuthnNamespaceHandler
|
...