+++ /dev/null
-/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
- * All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.eduPerson;
-
-/**
- * Handles one-time library initialization
- *
- * @author Scott Cantor
- * @created May 18, 2002
- */
-public class Init
-{
- private static boolean initialized = false;
-
- /** Initializes library */
- public static synchronized void init()
- {
- if (initialized)
- return;
-
- initialized = true;
-
- edu.internet2.middleware.shibboleth.common.Init.init();
- org.opensaml.XML.parserPool.registerSchema(XML.EDUPERSON_NS, XML.EDUPERSON_SCHEMA_ID, new XML.SchemaResolver());
- }
-
- static
- {
- Init.init();
- }
-}
-
+++ /dev/null
-/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
- * All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.eduPerson;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-
-import org.opensaml.*;
-import org.w3c.dom.*;
-
-/**
- * Basic implementation of a scoped, eduPerson SAML attribute
- *
- * @author Scott Cantor
- * @created May 9, 2002
- */
-public class ScopedAttribute extends SAMLAttribute implements Cloneable
-{
- /** Default attribute scope */
- protected String defaultScope = null;
-
- /** Scopes of the attribute values */
- protected ArrayList scopes = new ArrayList();
-
- /**
- * Constructor for the ScopedAttribute object
- *
- * @param name Name of attribute
- * @param namespace Namespace/qualifier of attribute
- * @param defaultScope The default scope to apply for values
- * @param type The schema type of attribute value(s)
- * @param lifetime Effective lifetime of attribute's value(s) in
- * seconds (0 means infinite)
- * @param scopes Scopes of the attribute values
- * @param values A set of attribute values
- * @exception SAMLException Thrown if attribute cannot be built from the
- * supplied information
- */
- public ScopedAttribute(String name, String namespace, String defaultScope, QName type, long lifetime,
- Collection scopes, Collection values)
- throws SAMLException
- {
- super(name, namespace, type, lifetime, values);
- this.defaultScope = defaultScope;
-
- if (scopes != null)
- this.scopes.addAll(scopes);
- }
-
- /**
- * Reconstructs and validates an attribute from a DOM tree<P>
- *
- * Overrides the basic implementation to handle the same simple types, but
- * also picks up scope.
- *
- * @param e A DOM Attribute element
- * @exception SAMLException Thrown if the attribute cannot be constructed
- */
- public ScopedAttribute(Element e)
- throws SAMLException
- {
- super(e);
-
- // Default scope comes from subject.
- NodeList nlist = ((Element)e.getParentNode()).getElementsByTagNameNS(org.opensaml.XML.SAML_NS, "NameIdentifier");
- if (nlist ==null || nlist.getLength() != 1)
- throw new MalformedException(SAMLException.RESPONDER, "ScopedAttribute() can't find saml:NameIdentifier in enclosing statement");
- defaultScope = ((Element)nlist.item(0)).getAttributeNS(null, "NameQualifier");
- }
-
- /**
- * Adds a value to the state of the SAML Attribute<P>
- *
- * This class supports a simple text node content model with a Scope
- * attribute
- *
- * @param e The AttributeValue element containing the value to add
- * @return true iff the value was understood
- */
- public boolean addValue(Element e)
- {
- if (super.addValue(e))
- {
- scopes.add(e.getAttributeNS(null,"Scope"));
- return true;
- }
- return false;
- }
-
- /**
- * Attribute acceptance hook used while consuming attributes from an
- * assertion. Base class simply accepts anything. Override for desired
- * behavior.
- *
- * @param e An AttributeValue element to check
- * @return true iff the value is deemed acceptable
- */
- public boolean accept(Element e)
- {
- return true;
- }
-
- /**
- * Gets the values of the SAML Attribute, serialized as strings with the
- * effective scope appended
- *
- * @return The attribute's values
- */
- public Iterator getValues()
- {
- if (values == null)
- return null;
-
- ArrayList bufs = new ArrayList(values.size());
- for (int i = 0; i < values.size(); i++)
- {
- if (values.get(i) != null)
- {
- if (i < scopes.size() && scopes.get(i) != null)
- bufs.set(i, values.get(i).toString() + "@" + scopes.get(i));
- else
- bufs.set(i, values.get(i).toString() + "@" + defaultScope);
- }
- }
- return bufs.iterator();
- }
-
- /**
- * Overridden method to return a DOM tree representing the attribute<P>
- *
- * Because attributes are generalized, this base method only handles simple
- * attributes whose values are of uniform simple type and expressed in the
- * DOM as a single text node within the AttributeValue element(s). The
- * values are serialized using the toString() method.<P>
- *
- * SAML applications should override this class and reimplement or
- * supplement this method to handle other requirements.
- *
- * @param doc A Document object to use in manufacturing the tree
- * @return Root "Attribute" element of a DOM tree
- */
- public Node toDOM(Document doc)
- {
- super.toDOM(doc);
-
- int i=0;
- Node n=root.getFirstChild();
- while (n!=null)
- {
- if (n.getNodeType()==Node.ELEMENT_NODE)
- {
- ((Element)n).removeAttributeNS(null,"Scope");
- if (i < scopes.size() && scopes.get(i)!=null && !scopes.get(i).equals(defaultScope))
- ((Element)n).setAttributeNS(null,"Scope",(String)scopes.get(i));
- }
- n=n.getNextSibling();
- }
-
- return root;
- }
-
- /**
- * Copies a SAML object such that no dependencies exist between the original
- * and the copy
- *
- * @return The new object
- * @see java.lang.Object#clone()
- */
- public Object clone()
- throws CloneNotSupportedException
- {
- ScopedAttribute dup=(ScopedAttribute)super.clone();
-
- dup.scopes = (ArrayList)scopes.clone();
-
- return dup;
- }
-}
-
+++ /dev/null
-/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
- * All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.eduPerson;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import org.xml.sax.EntityResolver;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-/**
- * Utility class for XML constants and schema handling
- *
- * @author Scott Cantor
- * @created May 18, 2002
- */
-public class XML
-{
- /** eduPerson XML namespace */
- public final static String EDUPERSON_NS = "urn:mace:eduPerson:1.0";
-
- /** eduPerson XML schema identifier */
- public final static String EDUPERSON_SCHEMA_ID = "eduPerson.xsd";
-
- private static byte[] eduPerson_schema;
-
- /**
- * Custom schema resolver class
- *
- * @author Scott Cantor
- * @created May 18, 2002
- */
- protected static class SchemaResolver implements EntityResolver
- {
- /**
- * A customized entity resolver for the Shibboleth extension schema
- *
- * @param publicId The public identifier of the entity
- * @param systemId The system identifier of the entity
- * @return A source of bytes for the entity or
- * null
- * @exception SAXException Raised if an XML parsing problem
- * occurs
- * @exception java.io.IOException Raised if an I/O problem is detected
- */
- public InputSource resolveEntity(String publicId, String systemId)
- throws SAXException, java.io.IOException
- {
- InputSource src = null;
- if (systemId.endsWith(EDUPERSON_SCHEMA_ID) && eduPerson_schema != null)
- src = new InputSource(new ByteArrayInputStream(eduPerson_schema));
- return src;
- }
- }
-
- static
- {
- try
- {
- StringBuffer buf = new StringBuffer(1024);
- InputStream xmlin = XML.class.getResourceAsStream("/schemas/" + EDUPERSON_SCHEMA_ID);
- if (xmlin == null)
- throw new RuntimeException("XML static initializer unable to locate eduPerson schema");
- else
- {
- int b;
- while ((b = xmlin.read()) != -1)
- buf.append((char)b);
- eduPerson_schema = buf.toString().getBytes();
- xmlin.close();
- }
- }
- catch (java.io.IOException e)
- {
- throw new RuntimeException("XML static initializer caught an I/O error");
- }
- }
-}
-
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-package edu.internet2.middleware.shibboleth.aa.attrresolv.provider;
+package edu.internet2.middleware.shibboleth.aa;
import java.util.Arrays;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute;
import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute;
+import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandler;
+import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandlerException;
import edu.internet2.middleware.shibboleth.common.Constants;
/**
*
* @author Walter Hoehn (wassa@columbia.edu)
*/
-public class ShibAttribute extends SAMLAttribute implements ResolverAttribute {
+public class AAAttribute extends SAMLAttribute implements ResolverAttribute, ArpAttribute {
- private static Logger log = Logger.getLogger(ShibAttribute.class.getName());
+ private static Logger log = Logger.getLogger(AAAttribute.class.getName());
private boolean resolved = false;
private static long defaultLifetime = 1800000;
private ValueHandler valueHandler = new StringValueHandler();
- public ShibAttribute(String name) throws SAMLException {
+ public AAAttribute(String name) throws SAMLException {
super(
name,
Constants.SHIB_ATTRIBUTE_NAMESPACE_URI,
return valueHandler.getValues(values);
}
- private void setValues(Object[] values) {
+ public void setValues(Object[] values) {
if (!this.values.isEmpty()) {
this.values.clear();
}
}
/**
- * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute#resolved()
+ * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute#resolved()
*/
public boolean resolved() {
return resolved;
}
/**
- * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute#setResolved()
+ * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute#setResolved()
*/
public void setResolved() {
resolved = true;
}
/**
- * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute#resolveFromCached(edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute)
+ * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute#resolveFromCached(edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute)
*/
public void resolveFromCached(ResolverAttribute attribute) {
resolved = true;
}
/**
- * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute#registerValueHandler(edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandler)
+ * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute#registerValueHandler(edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandler)
*/
public void registerValueHandler(ValueHandler handler) {
valueHandler = handler;
}
/**
- * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute#getRegisteredValueHandler()
+ * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute#getRegisteredValueHandler()
*/
public ValueHandler getRegisteredValueHandler() {
return valueHandler;
}
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ public boolean equals(Object obj) {
+ // TODO Figure out what to do here
+ System.err.println("Hit AAAttribute equals().");
+ return super.equals(obj);
+ }
+
}
/**
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-
-package edu.internet2.middleware.shibboleth.aa.attrresolv.provider;
+
+package edu.internet2.middleware.shibboleth.aa;
import java.util.HashMap;
import java.util.Iterator;
+import org.opensaml.SAMLAttribute;
+
+import edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute;
+import edu.internet2.middleware.shibboleth.aa.arp.ArpAttributeSet;
import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute;
import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttributeSet;
*
* @author Walter Hoehn (wassa@columbia.edu)
*/
-public class ShibAttributeSet implements ResolverAttributeSet {
+public class AAAttributeSet implements ResolverAttributeSet, ArpAttributeSet {
private HashMap attributes = new HashMap();
- public void add(ShibAttribute attribute) {
+ public void add(AAAttribute attribute) {
attributes.put(attribute.getName(), attribute);
}
return shibAttributeIterator();
}
- public class ShibAttributeIterator implements ResolverAttributeIterator {
+ public ArpAttributeIterator arpAttributeIterator() {
+ return shibAttributeIterator();
+ }
+
+ public int size() {
+ return attributes.size();
+ }
+
+ public SAMLAttribute[] getAttributes() {
+ return (SAMLAttribute[]) attributes.entrySet().toArray(new SAMLAttribute[0]);
+ }
+
+ public class ShibAttributeIterator implements ResolverAttributeIterator, ArpAttributeIterator {
private Iterator genericIterator;
return nextShibAttribute();
}
- public ShibAttribute nextShibAttribute() {
- return (ShibAttribute) genericIterator.next();
+ public AAAttribute nextShibAttribute() {
+ return (AAAttribute) genericIterator.next();
}
public void remove() {
genericIterator.remove();
}
- }
+ public ArpAttribute nextArpAttribute() {
+ return (ArpAttribute) genericIterator.next();
+ }
+ }
}
-
import java.net.URI;
import java.net.URL;
import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import javax.naming.CommunicationException;
-import javax.naming.NameNotFoundException;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
import org.apache.log4j.Logger;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLException;
-import edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute;
import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
import edu.internet2.middleware.shibboleth.aa.arp.ArpProcessingException;
-import edu.internet2.middleware.shibboleth.aa.arp.provider.ShibArpAttribute;
+import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver;
public class AAResponder {
- protected ArpEngine arpEngine;
- protected DirContext ctx;
- protected String domain;
+ private ArpEngine arpEngine;
+ private AttributeResolver resolver;
private static Logger log = Logger.getLogger(AAResponder.class.getName());
- public AAResponder(ArpEngine arpEngine, DirContext ctx, String domain) throws AAException {
+ public AAResponder(ArpEngine arpEngine, AttributeResolver resolver) throws AAException {
this.arpEngine = arpEngine;
- this.ctx = ctx;
- this.domain = domain;
+ this.resolver = resolver;
}
- public SAMLAttribute[] getReleaseAttributes(
- Principal principal,
- String searchFilter,
- String requester,
- URL resource)
+ public SAMLAttribute[] getReleaseAttributes(Principal principal, String requester, URL resource)
throws AAException {
- DirContext userCtx = queryDataSource(principal, searchFilter);
-
try {
- //optimization... find out which attributes to resolve
URI[] potentialAttributes = arpEngine.listPossibleReleaseAttributes(principal, requester, resource);
+ return getReleaseAttributes(principal, requester, resource, potentialAttributes);
- //resolve for each attribute
- Set arpAttributes = new HashSet();
-
- for (int i = 0; i < potentialAttributes.length; i++) {
- ShibArpAttribute arpAttribute = new ShibArpAttribute(potentialAttributes[i].toString());
-
- Attribute dAttr;
- if (potentialAttributes[i].toString().equals("urn:mace:eduPerson:1.0:eduPersonScopedAffiliation")) {
- Attributes attrs = userCtx.getAttributes("", new String[] { "eduPersonAffiliation" });
- dAttr = attrs.get("eduPersonAffiliation");
- } else {
- Attributes attrs =
- userCtx.getAttributes(
- "",
- new String[] {
- arpAttribute.getName().substring(arpAttribute.getName().lastIndexOf(":") + 1)});
- dAttr = attrs.get(arpAttribute.getName().substring(arpAttribute.getName().lastIndexOf(":") + 1));
- }
- if (dAttr == null) {
- continue;
- }
- NamingEnumeration directoryValuesEnum = dAttr.getAll();
- List directoryValues = new ArrayList();
- while (directoryValuesEnum.hasMoreElements()) {
- directoryValues.add(directoryValuesEnum.next());
- }
- arpAttribute.setValues(directoryValues.toArray());
- arpAttributes.add(arpAttribute);
- }
-
- //filter and convert to SAML
- ArpAttribute[] filteredAttributes =
- arpEngine.filterAttributes(
- (ArpAttribute[]) arpAttributes.toArray(new ArpAttribute[0]),
- principal,
- requester,
- resource);
-
- Set samlAttributes = new HashSet();
- for (int i = 0; i < filteredAttributes.length; i++) {
- samlAttributes.add(toSaml(filteredAttributes[i], requester));
- }
- return (SAMLAttribute[]) samlAttributes.toArray(new SAMLAttribute[0]);
-
- } catch (NamingException e) {
- log.error(
- "An error occurred while retieving data for principal ("
- + principal.getName()
- + ") :"
- + e.getMessage());
- throw new AAException("Error retrieving data for principal.");
} catch (ArpProcessingException e) {
log.error(
"An error occurred while processing the ARPs for principal ("
+ e.getMessage());
throw new AAException("Error retrieving data for principal.");
}
-
}
-
- private DirContext queryDataSource(Principal principal, String searchFilter)
+
+ public SAMLAttribute[] getReleaseAttributes(
+ Principal principal,
+ String requester,
+ URL resource,
+ URI[] attributeNames)
throws AAException {
+
try {
- try {
- return getUserContext(principal.getName(), searchFilter);
- } catch (CommunicationException ce) {
- synchronized (ctx) {
- log.debug(ce);
- log.warn(
- "Encountered a connection problem while querying for attributes. Re-initializing JNDI context and retrying...");
- ctx = new InitialDirContext(ctx.getEnvironment());
- }
- return getUserContext(principal.getName(), searchFilter);
+ AAAttributeSet attributeSet = new AAAttributeSet();
+ for (int i = 0; i < attributeNames.length; i++) {
+ AAAttribute attribute = new AAAttribute(attributeNames[i].toString());
+ attributeSet.add(attribute);
}
- } catch (NamingException e) {
+
+ return resolveAttributes(principal, requester, resource, attributeSet);
+
+ } catch (SAMLException e) {
log.error(
- "An error occurred while retieving data for principal ("
+ "An error occurred while creating attributes for principal ("
+ principal.getName()
+ ") :"
+ e.getMessage());
throw new AAException("Error retrieving data for principal.");
- }
- }
-
- private DirContext getUserContext(String userName, String searchFilter)
- throws CommunicationException, NamingException, AAException {
-
- DirContext userCtx = null;
- if (searchFilter == null) {
- searchFilter = "";
- }
- int indx = searchFilter.indexOf("%s");
- if (indx < 0) {
- try {
- userCtx = (DirContext) ctx.lookup(searchFilter + userName);
- } catch (NameNotFoundException nnfe) {
- log.error(
- "Could not locate a user ("
- + userName
- + ") as a result of searching with ("
- + searchFilter
- + ").");
- throw new AAException("No data available for this principal.");
- }
- } else {
- /* This is a search filter. Search after replacing %s with uid*/
- StringBuffer tmp = new StringBuffer(searchFilter);
- tmp.delete(indx, indx + 2);
- tmp.insert(indx, userName);
- searchFilter = tmp.toString();
- SearchControls ctls = new SearchControls();
- ctls.setReturningObjFlag(true);
- NamingEnumeration en = ctx.search("", searchFilter, ctls);
- if (!en.hasMore()) {
- log.error(
- "Could not locate a user ("
- + userName
- + ") as a result of searching with ("
- + searchFilter
- + ").");
- throw new AAException("No data available for this principal.");
- }
- userCtx = (DirContext) ((SearchResult) en.next()).getObject();
- if (en.hasMore()) {
- log.error(
- "Located multiple ("
- + userName
- + ") users as a result of searching with ("
- + searchFilter
- + ").");
- throw new AAException("Cannot disambiguate data for this principal.");
- }
- }
- return userCtx;
- }
-
- private SAMLAttribute toSaml(ArpAttribute attribute, String recipient)
- throws NamingException, AAException {
-
- if (attribute == null) {
- return null;
- }
- log.debug("Converting Attribute (" + attribute.getName() + ") to SAML.");
-
- try {
- Class attrClass =
- Class.forName(
- "edu.internet2.middleware.shibboleth.aaLocal.attributes."
- + attribute.getName().substring(
- attribute.getName().lastIndexOf(":") + 1));
- log.debug("Loaded the class for " + attrClass);
- ShibAttribute sa = (ShibAttribute) attrClass.newInstance();
- return sa.toSamlAttribute(this.domain, attribute.getValues(), recipient);
-
- } catch (SAMLException e) {
+ } catch (ArpProcessingException e) {
log.error(
- "Error converting attribute to SAML ("
- + attribute.getName()
+ "An error occurred while processing the ARPs for principal ("
+ + principal.getName()
+ ") :"
+ e.getMessage());
- return null;
- } catch (Exception e) {
- log.error("Failed to load the class for attribute (" + attribute.getName() + ") :" + e);
- return null;
+ throw new AAException("Error retrieving data for principal.");
}
+ }
+
+ private SAMLAttribute[] resolveAttributes(
+ Principal principal,
+ String requester,
+ URL resource,
+ AAAttributeSet attributeSet)
+ throws ArpProcessingException {
+ resolver.resolveAttributes(principal, requester, attributeSet);
+ arpEngine.filterAttributes(attributeSet, principal, requester, resource);
+ return attributeSet.getAttributes();
}
}
import java.util.List;
import java.util.Properties;
-import javax.naming.NamingException;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
import javax.servlet.ServletException;
import javax.servlet.UnavailableException;
import javax.servlet.http.HttpServlet;
import org.apache.log4j.Logger;
import org.apache.log4j.MDC;
+import org.opensaml.Init;
import org.opensaml.QName;
import org.opensaml.SAMLException;
import org.opensaml.SAMLIdentifier;
-import edu.internet2.middleware.eduPerson.Init;
import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
import edu.internet2.middleware.shibboleth.aa.arp.ArpException;
+import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver;
+import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolverException;
import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
import edu.internet2.middleware.shibboleth.common.ShibResource;
import edu.internet2.middleware.shibboleth.hs.HandleRepository;
configuration = loadConfiguration();
ArpEngine arpEngine = new ArpEngine(configuration);
-
- handleRepository = HandleRepositoryFactory.getInstance(configuration);
+ AttributeResolver resolver = new AttributeResolver(configuration);
- log.info(
- "Using JNDI context ("
- + configuration.getProperty("java.naming.factory.initial")
- + ") for attribute retrieval.");
+ handleRepository = HandleRepositoryFactory.getInstance(configuration);
- DirContext ctx = new InitialDirContext(configuration);
Init.init();
- responder =
- new AAResponder(
- arpEngine,
- ctx,
- configuration.getProperty(
- "edu.internet2.middleware.shibboleth.aa.AAServlet.authorityName"));
+ responder = new AAResponder(arpEngine, resolver);
log.info("Attribute Authority initialization complete.");
- } catch (NamingException ne) {
- log.fatal(
- "The AA could not be initialized due to a problem with the JNDI context configuration: "
- + ne);
- throw new UnavailableException("Attribute Authority failed to initialize.");
} catch (ArpException ae) {
- log.fatal(
- "The AA could not be initialized due to a problem with the ARP Engine configuration: " + ae);
+ log.fatal("The AA could not be initialized due to a problem with the ARP Engine configuration: " + ae);
+ throw new UnavailableException("Attribute Authority failed to initialize.");
+ } catch (AttributeResolverException ne) {
+ log.fatal("The AA could not be initialized due to a problem with the Attribute Resolver configuration: " + ne);
throw new UnavailableException("Attribute Authority failed to initialize.");
} catch (AAException ae) {
log.fatal("The AA could not be initialized: " + ae);
throw new UnavailableException("Attribute Authority failed to initialize.");
} catch (HandleRepositoryException he) {
log.fatal(
- "The AA could not be initialized due to a problem with the Handle Repository configuration: "
- + he);
+ "The AA could not be initialized due to a problem with the Handle Repository configuration: " + he);
throw new UnavailableException("Attribute Authority failed to initialize.");
}
}
Arrays.asList(
responder.getReleaseAttributes(
principal,
- configuration.getProperty(
- "edu.internet2.middleware.shibboleth.aa.AAServlet.ldapUserDnPhrase"),
saml.getShar(),
resource));
log.info("Got " + attrs.size() + " attributes for " + principal.getName());
-/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
+/*
+ * The Shibboleth License, Version 1.
+ * Copyright (c) 2002
+ * University Corporation for Advanced Internet Development, Inc.
* All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
+ *
+ *
+ * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
+ *
+ * Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
* acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
+ *
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
* please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
+ *
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
* University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-
+
package edu.internet2.middleware.shibboleth.aa.arp;
+import java.util.Iterator;
+
/**
- * Defines an attribute to which Shibboleth Attribute Release Policies may be applied.
- *
- * @author Walter Hoehn (wassa@columbia.edu)
+ * Defines an attribute whose values can be filtered by the <code>ArpEngine</code>.
+ *
+ * @author Walter Hoehn (wassa@columbia.edu)
*/
-public interface ArpAttribute {
- /**
- * Returns the name of the Attribute
- */
- public String getName();
- /**
- * Sets the values of the attribute to those represented in an array
- */
- public void setValues(Object[] values);
+public interface ArpAttribute {
- /**
- * Returns an array representing the attributes values
- */
- public Object[] getValues();
+ public String getName();
+ public void setValues(Object[] value);
+ public Iterator getValues();
}
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-package edu.internet2.middleware.shibboleth.aa;
-
+package edu.internet2.middleware.shibboleth.aa.arp;
/**
- * Attribute Authority & Release Policy
- * a Common interface among all attributes that are released by AA
- *
- * @author Parviz Dousti (dousti@cmu.edu)
- * @created June, 2002
+ * Defines a set of attributes whose values can be filtered by the <code>ArpEngine</code>.
+ *
+ * @author Walter Hoehn (wassa@columbia.edu)
*/
+public interface ArpAttributeSet {
-
-import org.opensaml.*;
-
-public interface ShibAttribute{
-
- public SAMLAttribute toSamlAttribute(String defaultScope, Object[] values, String recipient)
- throws SAMLException;
-
+ public ArpAttributeIterator arpAttributeIterator();
+
+ public interface ArpAttributeIterator {
+ public boolean hasNext();
+ public ArpAttribute nextArpAttribute();
+ public void remove();
+ }
}
-
import org.apache.xml.serialize.OutputFormat;
import org.apache.xml.serialize.XMLSerializer;
+import edu.internet2.middleware.shibboleth.aa.arp.ArpAttributeSet.ArpAttributeIterator;
+
/**
* Defines a processing engine for Attribute Release Policies.
*
* Applies all applicable ARPs to a set of attributes.
* @return the attributes to be released
*/
- public ArpAttribute[] filterAttributes(
- ArpAttribute[] attributes,
- Principal principal,
- String requester,
- URL resource)
+ public void filterAttributes(ArpAttributeSet attributes, Principal principal, String requester, URL resource)
throws ArpProcessingException {
-
- if (attributes.length == 0) {
- log.debug("ARP Engine was asked to apply filter to empty attribute set.");
- return new ArpAttribute[0];
- }
- Set releaseSet = new HashSet();
+ ArpAttributeIterator iterator = attributes.arpAttributeIterator();
+ if (!iterator.hasNext()) {
+ log.debug("ARP Engine was asked to apply filter to empty attribute set.");
+ return;
+ }
log.info("Applying Attribute Release Policies.");
if (log.isDebugEnabled()) {
log.debug("Processing the following attributes:");
- for (int i = 0; attributes.length > i; i++) {
- log.debug("Attribute: (" + attributes[i].getName() + ")");
+ for (ArpAttributeIterator attrIterator = attributes.arpAttributeIterator(); attrIterator.hasNext();) {
+ log.debug("Attribute: (" + attrIterator.nextArpAttribute().getName() + ")");
}
}
//Gather all applicable ARP attribute specifiers
Set attributeNames = new HashSet();
- for (int i = 0; attributes.length > i; i++) {
- attributeNames.add(attributes[i].getName());
+ for (ArpAttributeIterator nameIterator = attributes.arpAttributeIterator(); nameIterator.hasNext();) {
+ attributeNames.add(nameIterator.nextArpAttribute().getName());
}
Rule[] rules = createEffectiveArp(principal, requester, resource).getAllRules();
Set applicableRuleAttributes = new HashSet();
//Canonicalize specifiers
Map arpAttributeSpecs =
- createCanonicalAttributeSpec(
- (Rule.Attribute[]) applicableRuleAttributes.toArray(new Rule.Attribute[0]));
+ createCanonicalAttributeSpec((Rule.Attribute[]) applicableRuleAttributes.toArray(new Rule.Attribute[0]));
//Filter
- for (int i = 0; attributes.length > i; i++) {
- Rule.Attribute attribute = (Rule.Attribute) arpAttributeSpecs.get(attributes[i].getName());
+ for (ArpAttributeIterator returnIterator = attributes.arpAttributeIterator(); returnIterator.hasNext();) {
+
+ ArpAttribute arpAttribute = returnIterator.nextArpAttribute();
+ Rule.Attribute attribute = (Rule.Attribute) arpAttributeSpecs.get(arpAttribute.getName());
//Handle no specifier
if (attribute == null) {
+ returnIterator.remove();
continue;
}
//Handle Deny All
if (attribute.denyAnyValue()) {
+ returnIterator.remove();
continue;
}
//Handle Permit All
if (attribute.releaseAnyValue() && attribute.getValues().length == 0) {
- releaseSet.add(attributes[i]);
continue;
}
//Handle "Permit All-Except" and "Permit Specific"
- Object[] resolvedValues = attributes[i].getValues();
Set releaseValues = new HashSet();
- for (int j = 0; resolvedValues.length > j; j++) {
- if (attribute.isValuePermitted(resolvedValues[j])) {
- releaseValues.add(resolvedValues[j]);
+ for (Iterator valueIterator = arpAttribute.getValues();valueIterator.hasNext();) {
+ Object value = valueIterator.next();
+ if (attribute.isValuePermitted(value)) {
+ releaseValues.add(value);
}
}
- attributes[i].setValues((Object[]) releaseValues.toArray(new Object[0]));
- releaseSet.add(attributes[i]);
+ arpAttribute.setValues((Object[]) releaseValues.toArray(new Object[0]));
}
- return (ArpAttribute[]) releaseSet.toArray(new ArpAttribute[0]);
}
private Map createCanonicalAttributeSpec(Rule.Attribute[] attributes) {
+++ /dev/null
-package edu.internet2.middleware.shibboleth.aa.arp.provider;
-
-import java.util.Arrays;
-import java.util.HashSet;
-
-import edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute;
-
-/**
- * Shibboleth implementation of an attribute to which ARPs may be applied.
- *
- * @author Walter Hoehn (wassa@columbia.edu)
- */
-public class ShibArpAttribute implements ArpAttribute {
-
- private String name;
- private Object[] values;
-
- public ShibArpAttribute(String name, Object[] values) {
- this.name = name;
- this.values = values;
- }
-
- public ShibArpAttribute(String name) {
- this.name = name;
- }
-
- /**
- * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getName()
- */
- public String getName() {
- return name;
- }
-
- /**
- * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getValues()
- */
- public Object[] getValues() {
- if (values != null) {
- return values;
- } else {
- return new Object[0];
- }
- }
-
- /**
- * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#setValues(Object[])
- */
- public void setValues(Object[] values) {
- this.values = values;
- }
-
- /**
- * @see java.lang.Object#equals(Object)
- */
- public boolean equals(Object object) {
- if (!(object instanceof ShibArpAttribute)) {
- return false;
- }
- return (new HashSet(Arrays.asList(values))).equals(
- new HashSet(Arrays.asList(((ShibArpAttribute) object).getValues())));
- }
-
- /**
- * @see java.lang.Object#hashCode()
- */
- public int hashCode() {
- int code = 0;
- for (int i = 0; i < values.length; i++) {
- code += values[i].hashCode();
- }
- return name.hashCode() + code;
- }
-
-}
import org.xml.sax.SAXParseException;
import sun.security.acl.PrincipalImpl;
+import edu.internet2.middleware.shibboleth.aa.AAAttribute;
+import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
+import edu.internet2.middleware.shibboleth.aa.AAAttributeSet.ShibAttributeIterator;
import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttributeSet.ResolverAttributeIterator;
-import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ShibAttribute;
-import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ShibAttributeSet;
import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandler;
-import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ShibAttributeSet.ShibAttributeIterator;
import edu.internet2.middleware.shibboleth.common.ShibResource;
import edu.internet2.middleware.shibboleth.common.ShibResource.ResourceNotAvailableException;
InputStream stream;
try {
return new InputSource(
- new ShibResource(
- new File("shibboleth-resolver-1.0.xsd").toURL().toString(),
+ new ShibResource("/schemas/shibboleth-resolver-1.0.xsd",
this.getClass())
.getInputStream());
} catch (IOException e) {
try {
Properties props = new Properties();
- File file = new File("testconfig.xml");
+ File file = new File("src/conf/resolver.xml");
props.setProperty(
"edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig",
AttributeResolver ar = new AttributeResolver(props);
for (int j = 0; j < 2; j++) {
System.out.println("Resolving pass: " + (j + 1));
- ShibAttributeSet attributes = new ShibAttributeSet();
+ AAAttributeSet attributes = new AAAttributeSet();
if (j == 1) {
- attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonPrincipalName"));
+ attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonPrincipalName"));
}
- attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonNickName"));
- attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonPrimaryAffiliation"));
- attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonScopedAffiliation"));
- attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonAffiliation"));
- attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonEntitlement"));
- attributes.add(new ShibAttribute("urn:mace:rfc2079:labeledURI"));
+ attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonNickName"));
+ attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonPrimaryAffiliation"));
+ attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonScopedAffiliation"));
+ attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonAffiliation"));
+ attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonEntitlement"));
+ attributes.add(new AAAttribute("urn:mace:rfc2079:labeledURI"));
ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", attributes);
ShibAttributeIterator iterator = attributes.shibAttributeIterator();
while (iterator.hasNext()) {
- ShibAttribute attribute = iterator.nextShibAttribute();
+ AAAttribute attribute = iterator.nextShibAttribute();
System.out.println(attribute.getName());
System.out.println("LifeTime: " + attribute.getLifetime());
System.out.println("\t" + " values:");
}
/**
- * @see edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeDefinitionPlugIn#resolve(edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute, java.security.Principal, java.lang.String, edu.internet2.middleware.shibboleth.aa.attrresolv.Dependencies)
+ * @see edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeDefinitionPlugIn#resolve(edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute, java.security.Principal, java.lang.String, edu.internet2.middleware.shibboleth.aa.attrresolv.Dependencies)
*/
public void resolve(ResolverAttribute attribute, Principal principal, String requester, Dependencies depends)
throws ResolutionPlugInException {
}
/**
- * @see edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeDefinitionPlugIn#resolve(edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute, java.security.Principal, java.lang.String, edu.internet2.middleware.shibboleth.aa.attrresolv.Dependencies)
+ * @see edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeDefinitionPlugIn#resolve(edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute, java.security.Principal, java.lang.String, edu.internet2.middleware.shibboleth.aa.attrresolv.Dependencies)
*/
public void resolve(ResolverAttribute attribute, Principal principal, String requester, Dependencies depends)
throws ResolutionPlugInException {
+++ /dev/null
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-/**
- * Attribute Authority & Release Policy
- * Directory layer for CMU specific LDAP set up
- *
- * @author Parviz Dousti (dousti@cmu.edu)
- * @created June, 2002
- */
-
-import java.util.Hashtable;
-import javax.naming.*;
-import javax.naming.spi.*;
-
-
-public class CmuCtxFactory implements InitialContextFactory{
-
- public Context getInitialContext(Hashtable env)
- throws NamingException{
- return new CmuDirContext(env);
- }
-
-}
+++ /dev/null
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-/**
- * Attribute Authority & Release Policy
- * Directory layer for CMU
- *
- * @author Parviz Dousti (dousti@cmu.edu)
- * @created June, 2002
- */
-
-
-import java.util.*;
-import javax.naming.*;
-import javax.naming.directory.*;
-
-public class CmuDirContext extends InitialDirContext{
-
- DirContext ctx;
-
- public CmuDirContext(Hashtable env)
- throws NamingException{
-
- Hashtable env1 = new Hashtable(11);
- env1.put(Context.INITIAL_CONTEXT_FACTORY,
- "com.sun.jndi.ldap.LdapCtxFactory");
-
- env1.put(Context.PROVIDER_URL, env.get(Context.PROVIDER_URL));
- ctx = new InitialDirContext(env1);
- }
-
-
- public Object lookup(String s) throws NamingException{
- String uid = null;
-
- int i = s.indexOf("=");
- if(i >= 0)
- uid = s.substring(i+1);
- else
- uid = s;
-
- NamingEnumeration ne = ctx.search("", "cmuAndrewId="+uid, null, null);
-
- if(ne != null && ne.hasMoreElements()){
- SearchResult rs = (SearchResult)ne.nextElement();
- String guid = (String)rs.getAttributes().get("GUID").get();
- return ctx.lookup("guid="+guid);
- }
- return null;
- }
-
- public Attributes getAttributes(String name, String[] ids)
- throws NamingException{
- return ctx.getAttributes(name, ids);
- }
-}
+++ /dev/null
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-
-/**
- * Attribute Authority & Release Policy
- * Very simple implementation of directory layer.
- *
- * @author Parviz Dousti (dousti@cmu.edu)
- * @created June, 2002
- */
-
-
-import java.util.Hashtable;
-import javax.naming.*;
-import javax.naming.spi.*;
-
-
-public class EchoCtxFactory implements InitialContextFactory{
-
- public Context getInitialContext(Hashtable env)
- throws NamingException{
- return new EchoDirContext(env);
- }
-
-}
+++ /dev/null
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-/**
- * Attribute Authority & Release Policy
- * Simple implementation of a trivial directory layer
- * mostly for demo and testing
- *
- * @author Parviz Dousti (dousti@cmu.edu)
- * @created June, 2002
- */
-
-
-import java.util.*;
-import javax.naming.*;
-import javax.naming.directory.*;
-
-public class EchoDirContext extends InitialDirContext{
-
- String uid = "unknown";
-
-
- public EchoDirContext(Hashtable env)
- throws NamingException{
- }
-
-
- public Object lookup(String s) throws NamingException{
- int i = s.indexOf("=");
- if(i >= 0)
- uid = s.substring(i+1);
- else
- uid = s;
-
- return this;
- }
-
- public Attributes getAttributes(String name, String[] ids)
- throws NamingException{
-
- BasicAttributes attrs = new BasicAttributes();
-
- for(int i=0; i<ids.length; i++){
- if(ids[i].equalsIgnoreCase("eduPersonScopedAffiliation")){
- // return member as value;
- attrs.put(new BasicAttribute("eduPersonScopedAffiliation", "member"));
- }
- if(ids[i].equalsIgnoreCase("eduPersonAffiliation")){
- // return member as value;
- attrs.put(new BasicAttribute("eduPersonAffiliation", "member"));
- }
- if(ids[i].equalsIgnoreCase("eduPersonPrincipalName")){
- // return uid
- attrs.put(new BasicAttribute("eduPersonPrincipalName", uid));
- }
- if(ids[i].equalsIgnoreCase("eduPersonEntitlement")){
- // return uid
- attrs.put(new BasicAttribute("eduPersonEntitlement", "urn:mace:example.edu:exampleEntitlement"));
- }
- }
- return attrs;
- }
-}
+++ /dev/null
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-/**
- * Attribute Authority & Release Policy
- * Demonstration of how a SQL impl. of directory layer
- * might work.
- *
- * @author Parviz Dousti (dousti@cmu.edu)
- * @created June, 2002
- */
-
-
-import java.util.Hashtable;
-import javax.naming.*;
-import javax.naming.spi.*;
-
-
-public class SQLCtxFactory implements InitialContextFactory{
-
- public Context getInitialContext(Hashtable env)
- throws NamingException{
- return new SQLDirContext(env);
- }
-
-}
+++ /dev/null
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-/**
- * Attribute Authority & Release Policy
- * Demonstration of SQL impl. for directory layer.
- *
- * @author Parviz Dousti (dousti@cmu.edu)
- * @created June, 2002
- */
-
-
-import java.util.*;
-import java.sql.*;
-import javax.naming.*;
-import javax.naming.directory.*;
-
-public class SQLDirContext extends InitialDirContext{
-
- Connection con;
- String uid;
- String guid;
- Hashtable id2name;
-
- public SQLDirContext(Hashtable env)
- throws NamingException{
-
- String url = (String)env.get(Context.PROVIDER_URL);
- String driver = (String)env.get("SQL_DRIVER");
- String user = (String)env.get("SECURITY_PRINCIPAL");
- String passwd = (String)env.get("SECURITY_CREDENTIALS");
- uid = (String)env.get("USER_IDENTIFIER");
- if(url == null)
- throw new NamingException("Context.PROVIDER_URL not provided");
- if(driver == null)
- throw new NamingException("SQL_DRIVER is required");
- if(user == null)
- throw new NamingException("SECURITY_PRINCIPAL is required");
- if(passwd == null)
- throw new NamingException("SECURITY_CREDENTIALS is required");
- if(uid == null)
- throw new NamingException("USER_IDENTIFIER is required");
- id2name = new Hashtable();
-
-
-
- try{
- Class.forName(driver);
- con = DriverManager.getConnection(url, user, passwd);
- // get the small sql table and keep it as a hashtable for performance
- Statement stmt = con.createStatement();
- ResultSet rs = stmt.executeQuery("SELECT attr_id,attr_name from danr.person_attributes");
- while(rs.next()){
- int i = rs.getInt("attr_id");
- String n = rs.getString("attr_name");
- id2name.put(new Integer(i), n);
- }
-
- // find the guid from uid
- String guidQ1 = "SELECT guid from danr.person_attrib WHERE attr_id = ";
- String guidQ2 = "(SELECT attr_id from danr.person_attributes where attr_name = 'cmuAndrewId')";
- String guidQ3 = " AND attr_value = '"+uid+"'";
-
-
- rs = stmt.executeQuery(guidQ1+guidQ2+guidQ3);
- rs.next();
- guid = rs.getString("GUID");
- }catch(Exception e){
- throw new NamingException("Failed to create SQLDirContext: "+e);
- }
- }
-
- public Attributes getAttributes(String name,
- String[] attrIds)
- throws NamingException {
-
- long aTime = System.currentTimeMillis();
- String q1 = "select attr_id,attr_value from danr.person_attrib where guid = '";
- String q2 = "' and attr_id = (select attr_id from danr.person_attributes where attr_name ='";
- String q3 = "')";
- StringBuffer buf = new StringBuffer(q1+guid+q2);
- BasicAttributes attrs = new BasicAttributes();
- try{
- int len = attrIds.length;
-
- String[] attrNames = new String[len];
- System.arraycopy(attrIds, 0, attrNames, 0, len);
- Arrays.sort(attrNames);
-
- for(int i=0; i <len-1; i++)
- buf.append(attrIds[i] + "' OR attr_name ='");
- buf.append(attrIds[len-1]);
- buf.append(q3);
-
- Statement stmt = con.createStatement();
- ResultSet rs = stmt.executeQuery(buf.toString());
-
- BasicAttribute[] attrArray = new BasicAttribute[len];
- for(int i=0; i <len; i++)
- attrArray[i] = new BasicAttribute(attrIds[i]);
-
- while(rs.next()){
- int anId = rs.getInt("attr_id");
- String aName = (String)id2name.get(new Integer(anId));
- Object value = rs.getObject("attr_value");
- int indx = Arrays.binarySearch(attrNames, aName);
- attrArray[indx].add(value);
- }
-
- for(int i=0; i <len; i++)
- attrs.put(attrArray[i]);
- System.out.print(" ("+(System.currentTimeMillis() - aTime)+" sec)");
- return attrs;
- }catch(Exception e){
- throw new NamingException("Failed to get Attributes: "+e);
- }
- }
-}
+++ /dev/null
-package edu.internet2.middleware.shibboleth.aaLocal.attributes;
-
-import java.util.Arrays;
-
-import edu.internet2.middleware.eduPerson.*;
-import edu.internet2.middleware.shibboleth.common.Constants;
-import org.opensaml.*;
-
-
-public class cmuAndrewId extends ScopedAttribute{
-
-
- public cmuAndrewId(String[] scopes, Object[] values)
- throws SAMLException{
-
- super("urn:mace:eduPerson:1.0:eduPersonPrincipalName",
- Constants.SHIB_ATTRIBUTE_NAMESPACE_URI,
- scopes[0],
- null,
- 10*60,
- Arrays.asList(scopes),
- Arrays.asList(values));
- }
-}
-
+++ /dev/null
-package edu.internet2.middleware.shibboleth.aaLocal.attributes;
-
-
-/**
- * Attribute Authority & Release Policy
- * A specific class for eduPersonEntitlement attribute
- *
- * @author Parviz Dousti (dousti@cmu.edu)
- * @created June, 2002
- */
-
-import java.util.Arrays;
-
-import edu.internet2.middleware.shibboleth.common.Constants;
-import edu.internet2.middleware.shibboleth.aa.ShibAttribute;
-import org.opensaml.*;
-
-public class eduPersonEntitlement implements ShibAttribute{
-
-
- public SAMLAttribute toSamlAttribute(String defaultScope, Object[] values, String recipient)
- throws SAMLException{
-
- return new SAMLAttribute("urn:mace:eduPerson:1.0:eduPersonEntitlement",
- Constants.SHIB_ATTRIBUTE_NAMESPACE_URI,
- new QName(org.opensaml.XML.XSD_NS,"anyURI"),
- 10*60,
- Arrays.asList(values));
-
- }
-}
-
+++ /dev/null
-package edu.internet2.middleware.shibboleth.aaLocal.attributes;
-
-
-/**
- * Attribute Authority & Release Policy
- * A specific class for EPPN
- *
- * @author Parviz Dousti (dousti@cmu.edu)
- * @created June, 2002
- */
-
-import java.util.Collections;
-
-import edu.internet2.middleware.eduPerson.*;
-import edu.internet2.middleware.shibboleth.common.Constants;
-import edu.internet2.middleware.shibboleth.aa.ShibAttribute;
-
-import org.apache.log4j.Logger;
-import org.opensaml.*;
-
-public class eduPersonPrincipalName implements ShibAttribute{
-
- private static Logger log = Logger.getLogger(eduPersonPrincipalName.class.getName());
-
-
- public SAMLAttribute toSamlAttribute(String defaultScope, Object[] values, String recipient)
- throws SAMLException{
-
- String scope = null;
- String val = null;
- String eppn = (String)values[0];
-
- int x = eppn.indexOf("@") ;
- log.debug("EPPN: "+eppn+" @ at "+x);
- if(x > 0){
- val = eppn.substring(0,x);
- scope = eppn.substring(x+1);
- }else{
- val = eppn;
- scope = defaultScope;
- }
-
- log.debug("Sending value=" + val + ", scope=" + scope);
-
- return new ScopedAttribute("urn:mace:eduPerson:1.0:eduPersonPrincipalName",
- Constants.SHIB_ATTRIBUTE_NAMESPACE_URI,
- defaultScope,
- null,
- 10*60,
- Collections.singleton(scope),
- Collections.singleton(val));
-
- }
-
-}
-
+++ /dev/null
-package edu.internet2.middleware.shibboleth.aaLocal.attributes;
-
-
-/**
- * Attribute Authority & Release Policy
- * A specific class for eduPersonScopedAffiliation attribute
- *
- * @author Parviz Dousti (dousti@cmu.edu)
- * @created June, 2002
- */
-
-import java.util.Arrays;
-
-import edu.internet2.middleware.eduPerson.*;
-import edu.internet2.middleware.shibboleth.common.Constants;
-import edu.internet2.middleware.shibboleth.aa.ShibAttribute;
-import org.opensaml.*;
-
-public class eduPersonScopedAffiliation implements ShibAttribute{
-
-
- public SAMLAttribute toSamlAttribute(String defaultScope, Object[] values, String recipient)
- throws SAMLException{
-
- for(int i=0; i<values.length; i++){
- String val = (String)values[i];
- if(val.equalsIgnoreCase("faculty") ||
- val.equalsIgnoreCase("student") ||
- val.equalsIgnoreCase("staff") ||
- val.equalsIgnoreCase("alum") ||
- val.equalsIgnoreCase("member") ||
- val.equalsIgnoreCase("affiliate") ||
- val.equalsIgnoreCase("employee") )
- values[i] = val.toLowerCase();
- else
- values[i] = "member";
- }
-
- return new ScopedAttribute("urn:mace:eduPerson:1.0:eduPersonScopedAffiliation",
- Constants.SHIB_ATTRIBUTE_NAMESPACE_URI,
- defaultScope,
- null,
- 10*60,
- null,
- Arrays.asList(values));
- }
-}
-
import org.apache.log4j.Logger;
import org.apache.log4j.MDC;
import org.doomdark.uuid.UUIDGenerator;
+import org.opensaml.Init;
import org.opensaml.QName;
import org.opensaml.SAMLAuthorityBinding;
import org.opensaml.SAMLBinding;
import org.opensaml.SAMLException;
import org.opensaml.SAMLResponse;
-import sun.misc.BASE64Decoder;
+import sun.misc.BASE64Decoder;
import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
import edu.internet2.middleware.shibboleth.common.ShibPOSTProfile;
import edu.internet2.middleware.shibboleth.common.ShibPOSTProfileFactory;
log.info("Initializing Handle Service.");
configuration = loadConfiguration();
- edu.internet2.middleware.eduPerson.Init.init();
+ Init.init();
initPKI();