Modified resolvertest to support ARPs by reading configuration from origin.xml.
authornlevitt <nlevitt@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 25 Feb 2004 01:33:18 +0000 (01:33 +0000)
committernlevitt <nlevitt@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 25 Feb 2004 01:33:18 +0000 (01:33 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@900 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

bin/resolvertest
src/edu/internet2/middleware/shibboleth/common/OriginConfig.java
src/edu/internet2/middleware/shibboleth/utils/ResolverTest.java

index 5ec4404..1f3e558 100755 (executable)
@@ -50,6 +50,8 @@ do
     fi
 done
 
+SHIB_UTIL_CLASSPATH="${SHIB_HOME}/webApplication/WEB-INF/classes:$SHIB_UTIL_CLASSPATH"
+
 
 ##Here we go
 $JAVACMD -Djava.endorsed.dirs="$ENDORSED" -classpath $SHIB_UTIL_CLASSPATH  edu.internet2.middleware.shibboleth.utils.ResolverTest "$@"
index 9521dd4..e73bc99 100644 (file)
@@ -91,24 +91,25 @@ public class OriginConfig {
        /**
         * Loads the Origin Configuration file into a DOM tree.
         * 
+        * @param configFileLocation URL of the configuration file
         * @return the DOM Document
         * @throws ShibbolethConfigurationException
         *             if there was an error loading the file
         */
-       public static synchronized Document getOriginConfig(ServletContext context) throws ShibbolethConfigurationException 
+       public static synchronized Document getOriginConfig(String configFileLocation) throws ShibbolethConfigurationException
        {
-               if (getOriginConfigFile(context).equals(originConfigFile))
+               if (configFileLocation.equals(originConfigFile))
                {
                        return originConfig;
                }
                else if (originConfigFile == null)
                {
-                       originConfigFile = getOriginConfigFile(context);
+                       originConfigFile = configFileLocation;
                }
                else 
                {
-                       log.error("Previously read origin configuration from (" + originConfigFile + "), re-reading from (" + getOriginConfigFile(context) + "). This probably indicates a bug in shibboleth.");
-                       originConfigFile = getOriginConfigFile(context);
+                       log.error("Previously read origin configuration from (" + originConfigFile + "), re-reading from (" + configFileLocation + "). This probably indicates a bug in shibboleth.");
+                       originConfigFile = configFileLocation;
                }
 
                DOMParser parser = new DOMParser();
@@ -175,5 +176,20 @@ public class OriginConfig {
                originConfig = parser.getDocument();
 
                return originConfig;
+       }
+
+       /**
+        * Loads the Origin Configuration file into a DOM tree.
+        * 
+        * @param context {@link ServletContext} from which to figure out the
+        *                location of origin.xml
+        * @return the DOM Document
+        * @throws ShibbolethConfigurationException
+        *             if there was an error loading the file
+        */
+       public static Document getOriginConfig(ServletContext context) throws ShibbolethConfigurationException 
+       {
+               return getOriginConfig(getOriginConfigFile(context));
+
         }
 }
index 70472b5..112156a 100644 (file)
@@ -54,53 +54,102 @@ import jargs.gnu.CmdLineParser;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.net.URL;
+import java.net.MalformedURLException;
+import java.security.Principal;
 
-import org.apache.log4j.BasicConfigurator;
+import org.apache.log4j.ConsoleAppender;
 import org.apache.log4j.Level;
 import org.apache.log4j.Logger;
+import org.apache.log4j.PatternLayout;
 import org.apache.xml.serialize.OutputFormat;
 import org.apache.xml.serialize.XMLSerializer;
 import org.opensaml.SAMLException;
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 
 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
+import edu.internet2.middleware.shibboleth.aa.AAConfig;
 import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
 import edu.internet2.middleware.shibboleth.aa.AAAttributeSet.ShibAttributeIterator;
+import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
+import edu.internet2.middleware.shibboleth.aa.arp.ArpException;
+import edu.internet2.middleware.shibboleth.aa.arp.ArpProcessingException;
 import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver;
 import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolverException;
 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
+import edu.internet2.middleware.shibboleth.common.OriginConfig;
+import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
+import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
 
 /**
  * Utility for testing an Attribute Resolver configuration.
  * 
  * @author Walter Hoehn
+ * @author Noah Levitt
  */
-public class ResolverTest {
-
+public class ResolverTest 
+{
        private static boolean debug = false;
-       private static String file = null;
+       private static String resolverxml = null;
+       private static String originxml = null;
        private static String requester = null;
        private static String user = null;
+       private static String resource = null;
+       private static URL resourceUrl = null;
+       private static AttributeResolver resolver = null;
+       private static ArpEngine arpEngine = null;
+
+       public static void main(String[] args) 
+       {
+               parseCommandLine(args);
+               initializeResolver();
+               AAAttributeSet attributeSet = createAttributeSet();
+               resolveAttributes(attributeSet);
+
+               System.out.println("Received the following from the Attribute Resolver:");
+               System.out.println();
+               printAttributes(System.out, attributeSet);
+       }
+
+       private static void resolveAttributes(AAAttributeSet attributeSet)
+       {
+               Principal principal = new AuthNPrincipal(user);
 
-       public static void main(String[] args) {
+               resolver.resolveAttributes(principal, requester, attributeSet);
+
+               try {
+                       if (arpEngine != null) {
+                               arpEngine.filterAttributes(attributeSet, principal, requester, resourceUrl);
+                       }
+               }
+               catch (ArpProcessingException e) {
+                       System.err.println("Error applying Attribute Release Policy: " + e.getMessage());
+                       System.exit(1);
+               }
+       }
 
+       private static void parseCommandLine(String[] args)
+       {
                CmdLineParser parser = new CmdLineParser();
+
                CmdLineParser.Option helpOption = parser.addBooleanOption('h', "help");
                CmdLineParser.Option debugOption = parser.addBooleanOption('d', "debug");
-               CmdLineParser.Option fileOption = parser.addStringOption('f', "file");
+               CmdLineParser.Option originxmlOption = parser.addStringOption('\u0000', "originxml");
                CmdLineParser.Option userOption = parser.addStringOption('u', "user");
                CmdLineParser.Option requesterOption = parser.addStringOption('r', "requester");
+               CmdLineParser.Option resolverxmlOption = parser.addStringOption('\u0000', "resolverxml");
+               CmdLineParser.Option fileOption = parser.addStringOption('f', "file"); // deprecated
+               CmdLineParser.Option resourceOption = parser.addStringOption('\u0000', "resource");
 
                try {
                        parser.parse(args);
-               } catch (CmdLineParser.OptionException e) {
-                       System.err.println(e.getMessage());
-                       try {
-                               Thread.sleep(100); //silliness to get error to print first
-                       } catch (InterruptedException ie) {
-                               //doesn't matter
-                       }
+               } 
+               catch (CmdLineParser.OptionException e) {
+                       System.out.println(e.getMessage());
                        printUsage(System.out);
                        System.exit(1);
                }
@@ -116,93 +165,184 @@ public class ResolverTest {
                        debug = debugEnabled.booleanValue();
                }
 
-               file = (String) parser.getOptionValue(fileOption);
+               // if --resolverxml and --file both specified, silently use --resolverxml
+               resolverxml = (String) parser.getOptionValue(resolverxmlOption); 
+               if (resolverxml == null) {
+                       resolverxml = (String) parser.getOptionValue(fileOption);
+               }
+
+               originxml = (String) parser.getOptionValue(originxmlOption); 
+
                user = (String) parser.getOptionValue(userOption);
                requester = (String) parser.getOptionValue(requesterOption);
+               resource = (String) parser.getOptionValue(resourceOption);
 
                configureLogging(debug);
                checkRequired();
+       }
 
-               try {
-                       AttributeResolver resolver = new AttributeResolver(file);
-                       String[] attributes = resolver.listRegisteredAttributeDefinitionPlugIns();
+       /**
+        * Ensures that all required parameters were specified and successfully parsed.
+        */
+       private static void checkRequired() 
+       {
+               if (user == null) {
+                       System.out.println("Missing required parameter --user.");
+                       System.out.println();
+                       printUsage(System.out);
+                       System.exit(1);
+               }
+               if ((resolverxml == null && originxml == null) || (resolverxml != null && originxml != null)) {
+                       System.out.println("Exactly one of --originxml and --resolverxml is required.");
+                       System.out.println();
+                       printUsage(System.out);
+                       System.exit(1);
+               }
+       }
 
-                       AAAttributeSet attributeSet = new AAAttributeSet();
-                       for (int i = 0; i < attributes.length; i++) {
+       private static AAAttributeSet createAttributeSet()
+       {
+               String[] attributes = resolver.listRegisteredAttributeDefinitionPlugIns();
+               AAAttributeSet attributeSet = new AAAttributeSet();
+
+               for (int i = 0; i < attributes.length; i++) {
+                       try { 
                                attributeSet.add(new AAAttribute(attributes[i]));
                        }
+                       catch (SAMLException e) {
+                               System.err.println("Error creating AAAttribute (" + attributes[i] + "): " + e.getMessage());
+                               System.exit(1);
+                       }
+               }
+
+               return attributeSet;
+       }
 
-                       resolver.resolveAttributes(new AuthNPrincipal(user), requester, attributeSet);
+       private static void initializeResolver()
+       {
+               if (originxml != null) {
+                       try {
+                               Document originConfig = OriginConfig.getOriginConfig(originxml);
+                               AAConfig configuration = new AAConfig(originConfig.getDocumentElement());
 
-                       System.out.println(
-                               "Received the following back from the Attribute Resolver:" + System.getProperty("line.separator"));
+                               resolver = new AttributeResolver(configuration);
 
-                       for (ShibAttributeIterator iterator = attributeSet.shibAttributeIterator(); iterator.hasNext();) {
+                               NodeList itemElements =
+                                       originConfig.getDocumentElement().getElementsByTagNameNS(
+                                                       ShibbolethOriginConfig.originConfigNamespace,
+                                                       "ReleasePolicyEngine");
+
+                               if (itemElements.getLength() > 1) {
+                                       System.err.println("Warning: encountered multiple <ReleasePolicyEngine> configuration elements in (" + originxml + "). Using first...");
+                               }
+
+                               if (itemElements.getLength() < 1) {
+                                       arpEngine = new ArpEngine();
+                               } else {
+                                       arpEngine = new ArpEngine((Element) itemElements.item(0));
+                               }
+
+                               if (resource != null) {
+                                       resourceUrl = new URL(resource);
+                               }
+                       } 
+                       catch (ShibbolethConfigurationException e) {
+                               System.err.println("Error loading origin configuration file (" + originxml + "): " + e.getMessage());
+                               System.exit(1);
+                       }
+                       catch (AttributeResolverException e) {
+                               System.err.println("Error initializing the Attribute Resolver: " + e.getMessage());
+                               System.exit(1);
+                       }
+                       catch (ArpException e) {
+                               System.err.println("Error initializing the ARP Engine: " + e.getMessage());
+                               System.exit(1);
+                       }
+                       catch (MalformedURLException e) {
+                               System.err.println("Specified resource URL is invalid: " + e.getMessage());
+                               System.exit(1);
+                       }
+               }
+               else {
+                       try {
+                               resolver = new AttributeResolver(resolverxml);
+                       } 
+                       catch (AttributeResolverException e) {
+                               System.err.println("Error initializing the Attribute Resolver: " + e.getMessage());
+                       }
+               }
+       }
+
+       private static void printAttributes(PrintStream out, AAAttributeSet attributeSet)
+       {
+               try
+               {
+                       for (ShibAttributeIterator iterator = attributeSet.shibAttributeIterator(); iterator.hasNext();) 
+                       {
                                AAAttribute attribute = iterator.nextShibAttribute();
                                Node node = attribute.toDOM();
+
                                ByteArrayOutputStream xml = new ByteArrayOutputStream();
                                if (!(node instanceof Element)) {
-                                       throw new IOException("Received bad Element data from SAML library.");
+                                       System.err.println("Received bad Element data from SAML library.");
+                                       System.exit(1);
                                }
                                OutputFormat format = new OutputFormat();
                                format.setIndenting(true);
                                format.setIndent(4);
+
                                new XMLSerializer(xml, format).serialize((Element) node);
-                               System.out.println(xml.toString() + System.getProperty("line.separator"));
+
+                               out.println(xml.toString());
+                               out.println();
                        }
-               
-               } catch (AttributeResolverException e) {
-                       System.err.println("Error initializing the Attribute Resolver: " + e.getMessage());
-               } catch (SAMLException e) {
+               }
+               catch (SAMLException e) {
                        System.err.println("Error creating SAML attribute: " + e.getMessage());
-               } catch (IOException e) {
-                       System.err.println("Error serializing output from Resolver: " + e.getMessage());
+                       System.exit(1);
                }
-       }
-
-       /**
-        * Ensures that all required parameters were specified and successfully parsed.
-        *
-        */
-       private static void checkRequired() {
-               if (file == null || user == null) {
-                       System.err.println("Missing required parameter(s).");
-                       try {
-                               Thread.sleep(100); //silliness to get error to print first
-                       } catch (InterruptedException e) {
-                               //doesn't matter
-                       }
-                       printUsage(System.out);
+               catch (IOException e) {
+                       System.err.println("Error serializing output from Resolver: " + e.getMessage());
                        System.exit(1);
                }
        }
 
-       private static void configureLogging(boolean debugEnabled) {
+       private static void configureLogging(boolean debugEnabled) 
+       {
+               ConsoleAppender rootAppender = new ConsoleAppender();
+               rootAppender.setWriter(new PrintWriter(System.out));
+               rootAppender.setName("stdout");
+               Logger.getRootLogger().addAppender(rootAppender);
 
-               BasicConfigurator.configure();
                if (debugEnabled) {
                        Logger.getRootLogger().setLevel(Level.DEBUG);
+                       rootAppender.setLayout(new PatternLayout("%-5p %-41X{serviceId} %d{ISO8601} (%c:%L) - %m%n")); 
                } else {
                        Logger.getRootLogger().setLevel(Level.INFO);
                        Logger.getLogger("edu.internet2.middleware.shibboleth.aa.attrresolv").setLevel(Level.WARN);
+                       rootAppender.setLayout(new PatternLayout(PatternLayout.TTCC_CONVERSION_PATTERN)); 
                }
                Logger.getLogger("org.apache.xml.security").setLevel(Level.OFF);
        }
 
-       private static void printUsage(PrintStream out) {
-
-               out.println("Usage: resolvertest [options]..." + System.getProperty("line.separator"));
-               out.println("Tests an AA Attribute Resolver configuration." + System.getProperty("line.separator"));
-
-               out.println("-d, --debug                   run in debug mode");
-               out.println("-h, --help                    print usage information");
-               out.println("-f, --file=FILEURL            the URL of the resolver configuration");
-               out.println("                                file (resolver.xml)");
-               out.println("-u, --user=USER               the user for which attributes should");
-               out.println("                                be resolved");
-               out.println("-r, --requester=REQUESTER     the name of the requester (SHAR),");
-               out.println("                                emulates unauthenticated requester if");
-               out.println("                                not specified" + System.getProperty("line.separator"));
-
+       private static void printUsage(PrintStream out) 
+       {
+               // out.println("Tests an AA Attribute Resolver configuration.");
+               out.println("Usage: resolvertest --user=USER {--originxml=URL|--resolverxml=URL} [OPTION...]");
+               out.println();
+               out.println("Options:");
+               out.println("  -h, --help                Print usage information");
+               out.println("  -d, --debug               Run in debug mode");
+               out.println("  --originxml=FILEURL       URL of the origin configuration file. Attributes");
+               out.println("                            will be filtered according to the Attribute Release");
+               out.println("                            Policy (ARP) specified in the configuration file");
+               out.println("  --resolverxml=FILEURL     URL of the resolver configuration file. No ARP");
+               out.println("                            filtering will be done");
+               out.println("  --user=USER               User for whom attributes should be resolved");
+               out.println("  --requester=REQUESTER     Name of the requester (SHAR). Emulates");
+               out.println("                            unauthenticated requester if not specified");
+               out.println("  --resource=URL            URL of the resource. Only attributes available");
+               out.println("                            to any resource will be returned if not specified");
        }
 }
+