Start of AA conversion to attribute resolver.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 7 Apr 2003 21:10:20 +0000 (21:10 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 7 Apr 2003 21:10:20 +0000 (21:10 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@552 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

25 files changed:
src/edu/internet2/middleware/eduPerson/Init.java [deleted file]
src/edu/internet2/middleware/eduPerson/ScopedAttribute.java [deleted file]
src/edu/internet2/middleware/eduPerson/XML.java [deleted file]
src/edu/internet2/middleware/shibboleth/aa/AAAttribute.java [moved from src/edu/internet2/middleware/shibboleth/aa/attrresolv/provider/ShibAttribute.java with 82% similarity]
src/edu/internet2/middleware/shibboleth/aa/AAAttributeSet.java [moved from src/edu/internet2/middleware/shibboleth/aa/attrresolv/provider/ShibAttributeSet.java with 82% similarity]
src/edu/internet2/middleware/shibboleth/aa/AAResponder.java
src/edu/internet2/middleware/shibboleth/aa/AAServlet.java
src/edu/internet2/middleware/shibboleth/aa/arp/ArpAttribute.java
src/edu/internet2/middleware/shibboleth/aa/arp/ArpAttributeSet.java [moved from src/edu/internet2/middleware/shibboleth/aa/ShibAttribute.java with 86% similarity, mode: 0644]
src/edu/internet2/middleware/shibboleth/aa/arp/ArpEngine.java
src/edu/internet2/middleware/shibboleth/aa/arp/provider/ShibArpAttribute.java [deleted file]
src/edu/internet2/middleware/shibboleth/aa/attrresolv/AttributeResolver.java
src/edu/internet2/middleware/shibboleth/aa/attrresolv/provider/CustomAttributeDefinition.java
src/edu/internet2/middleware/shibboleth/aa/attrresolv/provider/SimpleAttributeDefinition.java
src/edu/internet2/middleware/shibboleth/aaLocal/CmuCtxFactory.java [deleted file]
src/edu/internet2/middleware/shibboleth/aaLocal/CmuDirContext.java [deleted file]
src/edu/internet2/middleware/shibboleth/aaLocal/EchoCtxFactory.java [deleted file]
src/edu/internet2/middleware/shibboleth/aaLocal/EchoDirContext.java [deleted file]
src/edu/internet2/middleware/shibboleth/aaLocal/SQLCtxFactory.java [deleted file]
src/edu/internet2/middleware/shibboleth/aaLocal/SQLDirContext.java [deleted file]
src/edu/internet2/middleware/shibboleth/aaLocal/attributes/cmuAndrewId.java [deleted file]
src/edu/internet2/middleware/shibboleth/aaLocal/attributes/eduPersonEntitlement.java [deleted file]
src/edu/internet2/middleware/shibboleth/aaLocal/attributes/eduPersonPrincipalName.java [deleted file]
src/edu/internet2/middleware/shibboleth/aaLocal/attributes/eduPersonScopedAffiliation.java [deleted file]
src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java

diff --git a/src/edu/internet2/middleware/eduPerson/Init.java b/src/edu/internet2/middleware/eduPerson/Init.java
deleted file mode 100755 (executable)
index c4141d9..0000000
+++ /dev/null
@@ -1,79 +0,0 @@
-/* 
- * The Shibboleth License, Version 1. 
- * Copyright (c) 2002 
- * University Corporation for Advanced Internet Development, Inc. 
- * All rights reserved
- * 
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- * 
- * Redistributions of source code must retain the above copyright notice, this 
- * list of conditions and the following disclaimer.
- * 
- * Redistributions in binary form must reproduce the above copyright notice, 
- * this list of conditions and the following disclaimer in the documentation 
- * and/or other materials provided with the distribution, if any, must include 
- * the following acknowledgment: "This product includes software developed by 
- * the University Corporation for Advanced Internet Development 
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
- * may appear in the software itself, if and wherever such third-party 
- * acknowledgments normally appear.
- * 
- * Neither the name of Shibboleth nor the names of its contributors, nor 
- * Internet2, nor the University Corporation for Advanced Internet Development, 
- * Inc., nor UCAID may be used to endorse or promote products derived from this 
- * software without specific prior written permission. For written permission, 
- * please contact shibboleth@shibboleth.org
- * 
- * Products derived from this software may not be called Shibboleth, Internet2, 
- * UCAID, or the University Corporation for Advanced Internet Development, nor 
- * may Shibboleth appear in their name, without prior written permission of the 
- * University Corporation for Advanced Internet Development.
- * 
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.eduPerson;
-
-/**
- *  Handles one-time library initialization
- *
- * @author     Scott Cantor
- * @created    May 18, 2002
- */
-public class Init
-{
-    private static boolean initialized = false;
-
-    /**  Initializes library */
-    public static synchronized void init()
-    {
-        if (initialized)
-            return;
-
-        initialized = true;
-        
-        edu.internet2.middleware.shibboleth.common.Init.init();
-        org.opensaml.XML.parserPool.registerSchema(XML.EDUPERSON_NS, XML.EDUPERSON_SCHEMA_ID, new XML.SchemaResolver());
-    }
-
-    static
-    {
-        Init.init();
-    }
-}
-
diff --git a/src/edu/internet2/middleware/eduPerson/ScopedAttribute.java b/src/edu/internet2/middleware/eduPerson/ScopedAttribute.java
deleted file mode 100755 (executable)
index 00e9936..0000000
+++ /dev/null
@@ -1,227 +0,0 @@
-/* 
- * The Shibboleth License, Version 1. 
- * Copyright (c) 2002 
- * University Corporation for Advanced Internet Development, Inc. 
- * All rights reserved
- * 
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- * 
- * Redistributions of source code must retain the above copyright notice, this 
- * list of conditions and the following disclaimer.
- * 
- * Redistributions in binary form must reproduce the above copyright notice, 
- * this list of conditions and the following disclaimer in the documentation 
- * and/or other materials provided with the distribution, if any, must include 
- * the following acknowledgment: "This product includes software developed by 
- * the University Corporation for Advanced Internet Development 
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
- * may appear in the software itself, if and wherever such third-party 
- * acknowledgments normally appear.
- * 
- * Neither the name of Shibboleth nor the names of its contributors, nor 
- * Internet2, nor the University Corporation for Advanced Internet Development, 
- * Inc., nor UCAID may be used to endorse or promote products derived from this 
- * software without specific prior written permission. For written permission, 
- * please contact shibboleth@shibboleth.org
- * 
- * Products derived from this software may not be called Shibboleth, Internet2, 
- * UCAID, or the University Corporation for Advanced Internet Development, nor 
- * may Shibboleth appear in their name, without prior written permission of the 
- * University Corporation for Advanced Internet Development.
- * 
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.eduPerson;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-
-import org.opensaml.*;
-import org.w3c.dom.*;
-
-/**
- *  Basic implementation of a scoped, eduPerson SAML attribute
- *
- * @author     Scott Cantor
- * @created    May 9, 2002
- */
-public class ScopedAttribute extends SAMLAttribute implements Cloneable
-{
-    /**  Default attribute scope */
-    protected String defaultScope = null;
-
-    /**  Scopes of the attribute values */
-    protected ArrayList scopes = new ArrayList();
-
-    /**
-     *  Constructor for the ScopedAttribute object
-     *
-     * @param  name               Name of attribute
-     * @param  namespace          Namespace/qualifier of attribute
-     * @param  defaultScope       The default scope to apply for values
-     * @param  type               The schema type of attribute value(s)
-     * @param  lifetime           Effective lifetime of attribute's value(s) in
-     *      seconds (0 means infinite)
-     * @param  scopes             Scopes of the attribute values
-     * @param  values             A set of attribute values
-     * @exception  SAMLException  Thrown if attribute cannot be built from the
-     *      supplied information
-     */
-    public ScopedAttribute(String name, String namespace, String defaultScope, QName type, long lifetime,
-                           Collection scopes, Collection values)
-        throws SAMLException
-    {
-        super(name, namespace, type, lifetime, values);
-        this.defaultScope = defaultScope;
-
-        if (scopes != null)
-            this.scopes.addAll(scopes);
-    }
-
-    /**
-     *  Reconstructs and validates an attribute from a DOM tree<P>
-     *
-     *  Overrides the basic implementation to handle the same simple types, but
-     *  also picks up scope.
-     *
-     * @param  e                  A DOM Attribute element
-     * @exception  SAMLException  Thrown if the attribute cannot be constructed
-     */
-    public ScopedAttribute(Element e)
-        throws SAMLException
-    {
-        super(e);
-
-        // Default scope comes from subject.
-        NodeList nlist = ((Element)e.getParentNode()).getElementsByTagNameNS(org.opensaml.XML.SAML_NS, "NameIdentifier");
-        if (nlist ==null || nlist.getLength() != 1)
-            throw new MalformedException(SAMLException.RESPONDER, "ScopedAttribute() can't find saml:NameIdentifier in enclosing statement");
-        defaultScope = ((Element)nlist.item(0)).getAttributeNS(null, "NameQualifier");
-    }
-
-    /**
-     *  Adds a value to the state of the SAML Attribute<P>
-     *
-     *  This class supports a simple text node content model with a Scope
-     *  attribute
-     *
-     * @param  e  The AttributeValue element containing the value to add
-     * @return    true iff the value was understood
-     */
-    public boolean addValue(Element e)
-    {
-        if (super.addValue(e))
-        {
-            scopes.add(e.getAttributeNS(null,"Scope"));
-            return true;
-        }
-        return false;
-    }
-
-    /**
-     *  Attribute acceptance hook used while consuming attributes from an
-     *  assertion. Base class simply accepts anything. Override for desired
-     *  behavior.
-     *
-     * @param  e  An AttributeValue element to check
-     * @return    true iff the value is deemed acceptable
-     */
-    public boolean accept(Element e)
-    {
-        return true;
-    }
-
-    /**
-     *  Gets the values of the SAML Attribute, serialized as strings with the
-     *  effective scope appended
-     *
-     * @return    The attribute's values
-     */
-    public Iterator getValues()
-    {
-        if (values == null)
-            return null;
-
-        ArrayList bufs = new ArrayList(values.size());
-        for (int i = 0; i < values.size(); i++)
-        {
-            if (values.get(i) != null)
-            {
-                if (i < scopes.size() && scopes.get(i) != null)
-                    bufs.set(i, values.get(i).toString() + "@" + scopes.get(i));
-                else
-                    bufs.set(i, values.get(i).toString() + "@" + defaultScope);
-            }
-        }
-        return bufs.iterator();
-    }
-
-    /**
-     *  Overridden method to return a DOM tree representing the attribute<P>
-     *
-     *  Because attributes are generalized, this base method only handles simple
-     *  attributes whose values are of uniform simple type and expressed in the
-     *  DOM as a single text node within the AttributeValue element(s). The
-     *  values are serialized using the toString() method.<P>
-     *
-     *  SAML applications should override this class and reimplement or
-     *  supplement this method to handle other requirements.
-     *
-     * @param  doc  A Document object to use in manufacturing the tree
-     * @return      Root "Attribute" element of a DOM tree
-     */
-    public Node toDOM(Document doc)
-    {
-        super.toDOM(doc);
-        
-        int i=0;
-        Node n=root.getFirstChild();
-        while (n!=null)
-        {
-            if (n.getNodeType()==Node.ELEMENT_NODE)
-            {
-                ((Element)n).removeAttributeNS(null,"Scope");
-                if (i < scopes.size() && scopes.get(i)!=null && !scopes.get(i).equals(defaultScope))
-                    ((Element)n).setAttributeNS(null,"Scope",(String)scopes.get(i));
-            }
-            n=n.getNextSibling();
-        }
-
-        return root;
-    }
-
-    /**
-     *  Copies a SAML object such that no dependencies exist between the original
-     *  and the copy
-     * 
-     * @return      The new object
-     * @see java.lang.Object#clone()
-     */
-    public Object clone()
-        throws CloneNotSupportedException
-    {
-        ScopedAttribute dup=(ScopedAttribute)super.clone();
-
-        dup.scopes = (ArrayList)scopes.clone();
-
-        return dup;
-    }
-}
-
diff --git a/src/edu/internet2/middleware/eduPerson/XML.java b/src/edu/internet2/middleware/eduPerson/XML.java
deleted file mode 100755 (executable)
index 44c6810..0000000
+++ /dev/null
@@ -1,126 +0,0 @@
-/* 
- * The Shibboleth License, Version 1. 
- * Copyright (c) 2002 
- * University Corporation for Advanced Internet Development, Inc. 
- * All rights reserved
- * 
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- * 
- * Redistributions of source code must retain the above copyright notice, this 
- * list of conditions and the following disclaimer.
- * 
- * Redistributions in binary form must reproduce the above copyright notice, 
- * this list of conditions and the following disclaimer in the documentation 
- * and/or other materials provided with the distribution, if any, must include 
- * the following acknowledgment: "This product includes software developed by 
- * the University Corporation for Advanced Internet Development 
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
- * may appear in the software itself, if and wherever such third-party 
- * acknowledgments normally appear.
- * 
- * Neither the name of Shibboleth nor the names of its contributors, nor 
- * Internet2, nor the University Corporation for Advanced Internet Development, 
- * Inc., nor UCAID may be used to endorse or promote products derived from this 
- * software without specific prior written permission. For written permission, 
- * please contact shibboleth@shibboleth.org
- * 
- * Products derived from this software may not be called Shibboleth, Internet2, 
- * UCAID, or the University Corporation for Advanced Internet Development, nor 
- * may Shibboleth appear in their name, without prior written permission of the 
- * University Corporation for Advanced Internet Development.
- * 
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.eduPerson;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import org.xml.sax.EntityResolver;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-/**
- *  Utility class for XML constants and schema handling
- *
- * @author     Scott Cantor
- * @created    May 18, 2002
- */
-public class XML
-{
-    /**  eduPerson XML namespace */
-    public final static String EDUPERSON_NS = "urn:mace:eduPerson:1.0";
-
-    /**  eduPerson XML schema identifier */
-    public final static String EDUPERSON_SCHEMA_ID = "eduPerson.xsd";
-
-    private static byte[] eduPerson_schema;
-
-    /**
-     *  Custom schema resolver class
-     *
-     * @author     Scott Cantor
-     * @created    May 18, 2002
-     */
-    protected static class SchemaResolver implements EntityResolver
-    {
-        /**
-         *  A customized entity resolver for the Shibboleth extension schema
-         *
-         * @param  publicId                 The public identifier of the entity
-         * @param  systemId                 The system identifier of the entity
-         * @return                          A source of bytes for the entity or
-         *      null
-         * @exception  SAXException         Raised if an XML parsing problem
-         *      occurs
-         * @exception  java.io.IOException  Raised if an I/O problem is detected
-         */
-        public InputSource resolveEntity(String publicId, String systemId)
-            throws SAXException, java.io.IOException
-        {
-            InputSource src = null;
-            if (systemId.endsWith(EDUPERSON_SCHEMA_ID) && eduPerson_schema != null)
-                src = new InputSource(new ByteArrayInputStream(eduPerson_schema));
-            return src;
-        }
-    }
-
-    static
-    {
-        try
-        {
-            StringBuffer buf = new StringBuffer(1024);
-            InputStream xmlin = XML.class.getResourceAsStream("/schemas/" + EDUPERSON_SCHEMA_ID);
-            if (xmlin == null)
-                throw new RuntimeException("XML static initializer unable to locate eduPerson schema");
-            else
-            {
-                int b;
-                while ((b = xmlin.read()) != -1)
-                    buf.append((char)b);
-                eduPerson_schema = buf.toString().getBytes();
-                xmlin.close();
-            }
-        }
-        catch (java.io.IOException e)
-        {
-            throw new RuntimeException("XML static initializer caught an I/O error");
-        }
-    }
-}
-
@@ -47,7 +47,7 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
  
-package edu.internet2.middleware.shibboleth.aa.attrresolv.provider;
+package edu.internet2.middleware.shibboleth.aa;
 
 
 import java.util.Arrays;
@@ -63,7 +63,10 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute;
 import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute;
+import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandler;
+import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandlerException;
 import edu.internet2.middleware.shibboleth.common.Constants;
 
 /**
@@ -72,14 +75,14 @@ import edu.internet2.middleware.shibboleth.common.Constants;
  * 
  * @author Walter Hoehn (wassa@columbia.edu)
  */
-public class ShibAttribute extends SAMLAttribute implements ResolverAttribute {
+public class AAAttribute extends SAMLAttribute implements ResolverAttribute, ArpAttribute {
 
-       private static Logger log = Logger.getLogger(ShibAttribute.class.getName());
+       private static Logger log = Logger.getLogger(AAAttribute.class.getName());
        private boolean resolved = false;
        private static long defaultLifetime = 1800000;
        private ValueHandler valueHandler = new StringValueHandler();
 
-       public ShibAttribute(String name) throws SAMLException {
+       public AAAttribute(String name) throws SAMLException {
                super(
                        name,
                        Constants.SHIB_ATTRIBUTE_NAMESPACE_URI,
@@ -99,7 +102,7 @@ public class ShibAttribute extends SAMLAttribute implements ResolverAttribute {
                return valueHandler.getValues(values);
        }
 
-       private void setValues(Object[] values) {
+       public void setValues(Object[] values) {
                if (!this.values.isEmpty()) {
                        this.values.clear();
                }
@@ -121,21 +124,21 @@ public class ShibAttribute extends SAMLAttribute implements ResolverAttribute {
        }
 
        /**
-        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute#resolved()
+        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute#resolved()
         */
        public boolean resolved() {
                return resolved;
        }
 
        /**
-        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute#setResolved()
+        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute#setResolved()
         */
        public void setResolved() {
                resolved = true;
        }
 
        /**
-        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute#resolveFromCached(edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute)
+        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute#resolveFromCached(edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute)
         */
        public void resolveFromCached(ResolverAttribute attribute) {
                resolved = true;
@@ -188,19 +191,28 @@ public class ShibAttribute extends SAMLAttribute implements ResolverAttribute {
        }
 
        /**
-        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute#registerValueHandler(edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandler)
+        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute#registerValueHandler(edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandler)
         */
        public void registerValueHandler(ValueHandler handler) {
                valueHandler = handler;
        }
 
        /**
-        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute#getRegisteredValueHandler()
+        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute#getRegisteredValueHandler()
         */
        public ValueHandler getRegisteredValueHandler() {
                return valueHandler;
        }
 
+       /* (non-Javadoc)
+        * @see java.lang.Object#equals(java.lang.Object)
+        */
+       public boolean equals(Object obj) {
+               // TODO Figure out what to do here
+               System.err.println("Hit AAAttribute equals().");
+               return super.equals(obj);
+       }
+
 }
 
 /**
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-package edu.internet2.middleware.shibboleth.aa.attrresolv.provider;
+
+package edu.internet2.middleware.shibboleth.aa;
 
 import java.util.HashMap;
 import java.util.Iterator;
 
+import org.opensaml.SAMLAttribute;
+
+import edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute;
+import edu.internet2.middleware.shibboleth.aa.arp.ArpAttributeSet;
 import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute;
 import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttributeSet;
 
@@ -61,11 +65,11 @@ import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttributeSet;
  * 
  * @author Walter Hoehn (wassa@columbia.edu)
  */
-public class ShibAttributeSet implements ResolverAttributeSet {
+public class AAAttributeSet implements ResolverAttributeSet, ArpAttributeSet {
 
        private HashMap attributes = new HashMap();
 
-       public void add(ShibAttribute attribute) {
+       public void add(AAAttribute attribute) {
                attributes.put(attribute.getName(), attribute);
        }
 
@@ -81,7 +85,19 @@ public class ShibAttributeSet implements ResolverAttributeSet {
                return shibAttributeIterator();
        }
 
-       public class ShibAttributeIterator implements ResolverAttributeIterator {
+       public ArpAttributeIterator arpAttributeIterator() {
+               return shibAttributeIterator();
+       }
+
+       public int size() {
+               return attributes.size();
+       }
+
+       public SAMLAttribute[] getAttributes() {
+               return (SAMLAttribute[]) attributes.entrySet().toArray(new SAMLAttribute[0]);
+       }
+
+       public class ShibAttributeIterator implements ResolverAttributeIterator, ArpAttributeIterator {
 
                private Iterator genericIterator;
 
@@ -97,15 +113,17 @@ public class ShibAttributeSet implements ResolverAttributeSet {
                        return nextShibAttribute();
                }
 
-               public ShibAttribute nextShibAttribute() {
-                       return (ShibAttribute) genericIterator.next();
+               public AAAttribute nextShibAttribute() {
+                       return (AAAttribute) genericIterator.next();
                }
 
                public void remove() {
                        genericIterator.remove();
                }
 
-       }
+               public ArpAttribute nextArpAttribute() {
+                       return (ArpAttribute) genericIterator.next();
+               }
 
+       }
 }
-
index 2d94d21..f1a8304 100755 (executable)
@@ -60,109 +60,34 @@ package edu.internet2.middleware.shibboleth.aa;
 import java.net.URI;
 import java.net.URL;
 import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import javax.naming.CommunicationException;
-import javax.naming.NameNotFoundException;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
 
 import org.apache.log4j.Logger;
 import org.opensaml.SAMLAttribute;
 import org.opensaml.SAMLException;
 
-import edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpProcessingException;
-import edu.internet2.middleware.shibboleth.aa.arp.provider.ShibArpAttribute;
+import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver;
 
 public class AAResponder {
 
-       protected ArpEngine arpEngine;
-       protected DirContext ctx;
-       protected String domain;
+       private ArpEngine arpEngine;
+       private AttributeResolver resolver;
        private static Logger log = Logger.getLogger(AAResponder.class.getName());
 
-       public AAResponder(ArpEngine arpEngine, DirContext ctx, String domain) throws AAException {
+       public AAResponder(ArpEngine arpEngine, AttributeResolver resolver) throws AAException {
 
                this.arpEngine = arpEngine;
-               this.ctx = ctx;
-               this.domain = domain;
+               this.resolver = resolver;
        }
 
-       public SAMLAttribute[] getReleaseAttributes(
-               Principal principal,
-               String searchFilter,
-               String requester,
-               URL resource)
+       public SAMLAttribute[] getReleaseAttributes(Principal principal, String requester, URL resource)
                throws AAException {
 
-               DirContext userCtx = queryDataSource(principal, searchFilter);
-
                try {
-                       //optimization... find out which attributes to resolve
                        URI[] potentialAttributes = arpEngine.listPossibleReleaseAttributes(principal, requester, resource);
+                       return getReleaseAttributes(principal, requester, resource, potentialAttributes);
 
-                       //resolve for each attribute
-                       Set arpAttributes = new HashSet();
-
-                       for (int i = 0; i < potentialAttributes.length; i++) {
-                               ShibArpAttribute arpAttribute = new ShibArpAttribute(potentialAttributes[i].toString());
-
-                               Attribute dAttr;
-                               if (potentialAttributes[i].toString().equals("urn:mace:eduPerson:1.0:eduPersonScopedAffiliation")) {
-                                       Attributes attrs = userCtx.getAttributes("", new String[] { "eduPersonAffiliation" });
-                                       dAttr = attrs.get("eduPersonAffiliation");
-                               } else {
-                                       Attributes attrs =
-                                               userCtx.getAttributes(
-                                                       "",
-                                                       new String[] {
-                                                                arpAttribute.getName().substring(arpAttribute.getName().lastIndexOf(":") + 1)});
-                                       dAttr = attrs.get(arpAttribute.getName().substring(arpAttribute.getName().lastIndexOf(":") + 1));
-                               }
-                               if (dAttr == null) {
-                                       continue;
-                               }
-                               NamingEnumeration directoryValuesEnum = dAttr.getAll();
-                               List directoryValues = new ArrayList();
-                               while (directoryValuesEnum.hasMoreElements()) {
-                                       directoryValues.add(directoryValuesEnum.next());
-                               }
-                               arpAttribute.setValues(directoryValues.toArray());
-                               arpAttributes.add(arpAttribute);
-                       }
-
-                       //filter and convert to SAML
-                       ArpAttribute[] filteredAttributes =
-                               arpEngine.filterAttributes(
-                                       (ArpAttribute[]) arpAttributes.toArray(new ArpAttribute[0]),
-                                       principal,
-                                       requester,
-                                       resource);
-
-                       Set samlAttributes = new HashSet();
-                       for (int i = 0; i < filteredAttributes.length; i++) {
-                               samlAttributes.add(toSaml(filteredAttributes[i], requester));
-                       }
-                       return (SAMLAttribute[]) samlAttributes.toArray(new SAMLAttribute[0]);
-
-               } catch (NamingException e) {
-                       log.error(
-                               "An error occurred while retieving data for principal ("
-                                       + principal.getName()
-                                       + ") :"
-                                       + e.getMessage());
-                       throw new AAException("Error retrieving data for principal.");
                } catch (ArpProcessingException e) {
                        log.error(
                                "An error occurred while processing the ARPs for principal ("
@@ -171,115 +96,51 @@ public class AAResponder {
                                        + e.getMessage());
                        throw new AAException("Error retrieving data for principal.");
                }
-
        }
-
-       private DirContext queryDataSource(Principal principal, String searchFilter)
+       
+       public SAMLAttribute[] getReleaseAttributes(
+               Principal principal,
+               String requester,
+               URL resource,
+               URI[] attributeNames)
                throws AAException {
+
                try {
-                       try {
-                               return getUserContext(principal.getName(), searchFilter);
-                       } catch (CommunicationException ce) {
-                               synchronized (ctx) {
-                                       log.debug(ce);
-                                       log.warn(
-                                               "Encountered a connection problem while querying for attributes.  Re-initializing JNDI context and retrying...");
-                                       ctx = new InitialDirContext(ctx.getEnvironment());
-                               }
-                               return getUserContext(principal.getName(), searchFilter);
+                       AAAttributeSet attributeSet = new AAAttributeSet();
+                       for (int i = 0; i < attributeNames.length; i++) {
+                               AAAttribute attribute = new AAAttribute(attributeNames[i].toString());
+                               attributeSet.add(attribute);
                        }
-               } catch (NamingException e) {
+
+                       return resolveAttributes(principal, requester, resource, attributeSet);
+
+               } catch (SAMLException e) {
                        log.error(
-                               "An error occurred while retieving data for principal ("
+                               "An error occurred while creating attributes for principal ("
                                        + principal.getName()
                                        + ") :"
                                        + e.getMessage());
                        throw new AAException("Error retrieving data for principal.");
-               }
-       }
-
-       private DirContext getUserContext(String userName, String searchFilter)
-               throws CommunicationException, NamingException, AAException {
-
-               DirContext userCtx = null;
-               if (searchFilter == null) {
-                       searchFilter = "";
-               }
-               int indx = searchFilter.indexOf("%s");
-               if (indx < 0) {
-                       try {
-                               userCtx = (DirContext) ctx.lookup(searchFilter + userName);
-                       } catch (NameNotFoundException nnfe) {
-                               log.error(
-                                       "Could not locate a user ("
-                                               + userName
-                                               + ") as a result of searching with ("
-                                               + searchFilter
-                                               + ").");
-                               throw new AAException("No data available for this principal.");
-                       }
-               } else {
-                       /* This is a search filter. Search after replacing %s with uid*/
-                       StringBuffer tmp = new StringBuffer(searchFilter);
-                       tmp.delete(indx, indx + 2);
-                       tmp.insert(indx, userName);
-                       searchFilter = tmp.toString();
-                       SearchControls ctls = new SearchControls();
-                       ctls.setReturningObjFlag(true);
-                       NamingEnumeration en = ctx.search("", searchFilter, ctls);
-                       if (!en.hasMore()) {
-                               log.error(
-                                       "Could not locate a user ("
-                                               + userName
-                                               + ") as a result of searching with ("
-                                               + searchFilter
-                                               + ").");
-                               throw new AAException("No data available for this principal.");
-                       }
-                       userCtx = (DirContext) ((SearchResult) en.next()).getObject();
-                       if (en.hasMore()) {
-                               log.error(
-                                       "Located multiple ("
-                                               + userName
-                                               + ") users as a result of searching with ("
-                                               + searchFilter
-                                               + ").");
-                               throw new AAException("Cannot disambiguate data for this principal.");
-                       }
-               }
-               return userCtx;
-       }
-
-       private SAMLAttribute toSaml(ArpAttribute attribute, String recipient)
-               throws NamingException, AAException {
-
-               if (attribute == null) {
-                       return null;
-               }
 
-               log.debug("Converting Attribute (" + attribute.getName() + ") to SAML.");
-
-               try {
-                       Class attrClass =
-                               Class.forName(
-                                       "edu.internet2.middleware.shibboleth.aaLocal.attributes."
-                                               + attribute.getName().substring(
-                                                       attribute.getName().lastIndexOf(":") + 1));
-                       log.debug("Loaded the class for " + attrClass);
-                       ShibAttribute sa = (ShibAttribute) attrClass.newInstance();
-                       return sa.toSamlAttribute(this.domain, attribute.getValues(), recipient);
-
-               } catch (SAMLException e) {
+               } catch (ArpProcessingException e) {
                        log.error(
-                               "Error converting attribute to SAML ("
-                                       + attribute.getName()
+                               "An error occurred while processing the ARPs for principal ("
+                                       + principal.getName()
                                        + ") :"
                                        + e.getMessage());
-                       return null;
-               } catch (Exception e) {
-                       log.error("Failed to load the class for attribute (" + attribute.getName() + ") :" + e);
-                       return null;
+                       throw new AAException("Error retrieving data for principal.");
                }
+       }
+
+       private SAMLAttribute[] resolveAttributes(
+               Principal principal,
+               String requester,
+               URL resource,
+               AAAttributeSet attributeSet)
+               throws ArpProcessingException {
 
+               resolver.resolveAttributes(principal, requester, attributeSet);
+               arpEngine.filterAttributes(attributeSet, principal, requester, resource);
+               return attributeSet.getAttributes();
        }
 }
index 2e23003..b8d837d 100755 (executable)
@@ -59,9 +59,6 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.Properties;
 
-import javax.naming.NamingException;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
 import javax.servlet.ServletException;
 import javax.servlet.UnavailableException;
 import javax.servlet.http.HttpServlet;
@@ -70,13 +67,15 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.log4j.Logger;
 import org.apache.log4j.MDC;
+import org.opensaml.Init;
 import org.opensaml.QName;
 import org.opensaml.SAMLException;
 import org.opensaml.SAMLIdentifier;
 
-import edu.internet2.middleware.eduPerson.Init;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpException;
+import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver;
+import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolverException;
 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
 import edu.internet2.middleware.shibboleth.common.ShibResource;
 import edu.internet2.middleware.shibboleth.hs.HandleRepository;
@@ -110,41 +109,27 @@ public class AAServlet extends HttpServlet {
                        configuration = loadConfiguration();
 
                        ArpEngine arpEngine = new ArpEngine(configuration);
-                       
-                       handleRepository = HandleRepositoryFactory.getInstance(configuration);
+                       AttributeResolver resolver = new AttributeResolver(configuration);
 
-                       log.info(
-                               "Using JNDI context ("
-                                       + configuration.getProperty("java.naming.factory.initial")
-                                       + ") for attribute retrieval.");
+                       handleRepository = HandleRepositoryFactory.getInstance(configuration);
 
-                       DirContext ctx = new InitialDirContext(configuration);
                        Init.init();
-                       responder =
-                               new AAResponder(
-                                       arpEngine,
-                                       ctx,
-                                       configuration.getProperty(
-                                               "edu.internet2.middleware.shibboleth.aa.AAServlet.authorityName"));
+                       responder = new AAResponder(arpEngine, resolver);
 
                        log.info("Attribute Authority initialization complete.");
 
-               } catch (NamingException ne) {
-                       log.fatal(
-                               "The AA could not be initialized due to a problem with the JNDI context configuration: "
-                                       + ne);
-                       throw new UnavailableException("Attribute Authority failed to initialize.");
                } catch (ArpException ae) {
-                       log.fatal(
-                               "The AA could not be initialized due to a problem with the ARP Engine configuration: " + ae);
+                       log.fatal("The AA could not be initialized due to a problem with the ARP Engine configuration: " + ae);
+                       throw new UnavailableException("Attribute Authority failed to initialize.");
+               } catch (AttributeResolverException ne) {
+                       log.fatal("The AA could not be initialized due to a problem with the Attribute Resolver configuration: " + ne);
                        throw new UnavailableException("Attribute Authority failed to initialize.");
                } catch (AAException ae) {
                        log.fatal("The AA could not be initialized: " + ae);
                        throw new UnavailableException("Attribute Authority failed to initialize.");
                } catch (HandleRepositoryException he) {
                        log.fatal(
-                               "The AA could not be initialized due to a problem with the Handle Repository configuration: "
-                                       + he);
+                               "The AA could not be initialized due to a problem with the Handle Repository configuration: " + he);
                        throw new UnavailableException("Attribute Authority failed to initialize.");
                }
        }
@@ -270,8 +255,6 @@ public class AAServlet extends HttpServlet {
                                Arrays.asList(
                                        responder.getReleaseAttributes(
                                                principal,
-                                               configuration.getProperty(
-                                                       "edu.internet2.middleware.shibboleth.aa.AAServlet.ldapUserDnPhrase"),
                                                saml.getShar(),
                                                resource));
                        log.info("Got " + attrs.size() + " attributes for " + principal.getName());
index 75ba633..bebd468 100755 (executable)
@@ -1,72 +1,65 @@
-/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
+/* 
+ * The Shibboleth License, Version 1. 
+ * Copyright (c) 2002 
+ * University Corporation for Advanced Internet Development, Inc. 
  * All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
+ * 
+ * 
+ * Redistribution and use in source and binary forms, with or without 
  * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
+ * 
+ * Redistributions of source code must retain the above copyright notice, this 
  * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice, 
+ * this list of conditions and the following disclaimer in the documentation 
+ * and/or other materials provided with the distribution, if any, must include 
+ * the following acknowledgment: "This product includes software developed by 
+ * the University Corporation for Advanced Internet Development 
+ * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
+ * may appear in the software itself, if and wherever such third-party 
  * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
+ * 
+ * Neither the name of Shibboleth nor the names of its contributors, nor 
+ * Internet2, nor the University Corporation for Advanced Internet Development, 
+ * Inc., nor UCAID may be used to endorse or promote products derived from this 
+ * software without specific prior written permission. For written permission, 
  * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
+ * 
+ * Products derived from this software may not be called Shibboleth, Internet2, 
+ * UCAID, or the University Corporation for Advanced Internet Development, nor 
+ * may Shibboleth appear in their name, without prior written permission of the 
  * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * 
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-
 package edu.internet2.middleware.shibboleth.aa.arp;
 
+import java.util.Iterator;
+
 /**
- * Defines an attribute to which Shibboleth Attribute Release Policies may be applied.
- *
- * @author Walter Hoehn (wassa&#064;columbia.edu)
+ * Defines an attribute whose values can be filtered by the <code>ArpEngine</code>.
+ * 
+ * @author Walter Hoehn (wassa@columbia.edu)
  */
-public interface ArpAttribute {
-       /**
-        * Returns the name of the Attribute
-        */
-       public String getName();
 
-       /**
-        * Sets the values of the attribute to those represented in an array
-        */
-       public void setValues(Object[] values);
+public interface ArpAttribute {
 
-       /**
-        * Returns an array representing the attributes values
-        */
-       public Object[] getValues();
+       public String getName();
+       public void setValues(Object[] value);
+       public Iterator getValues();
 }
old mode 100755 (executable)
new mode 100644 (file)
similarity index 86%
rename from src/edu/internet2/middleware/shibboleth/aa/ShibAttribute.java
rename to src/edu/internet2/middleware/shibboleth/aa/arp/ArpAttributeSet.java
index 84b968a..9ab7e99
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-package edu.internet2.middleware.shibboleth.aa;
-
+package edu.internet2.middleware.shibboleth.aa.arp;
 /**
- *  Attribute Authority & Release Policy
- *  a Common interface among all attributes that are released by AA
- *
- * @author     Parviz Dousti (dousti@cmu.edu)
- * @created    June, 2002
+ * Defines a set of attributes whose values can be filtered by the <code>ArpEngine</code>.
+ * 
+ * @author Walter Hoehn (wassa@columbia.edu)
  */
+public interface ArpAttributeSet {
 
-
-import org.opensaml.*;
-
-public interface ShibAttribute{
-    
-    public SAMLAttribute toSamlAttribute(String defaultScope, Object[] values, String recipient)
-       throws SAMLException;
-
+       public ArpAttributeIterator arpAttributeIterator();
+       
+       public interface ArpAttributeIterator {
+               public boolean hasNext();
+               public ArpAttribute nextArpAttribute();
+               public void remove();
+       }
 }
-
index e876cc3..0ff3d98 100755 (executable)
@@ -66,6 +66,8 @@ import org.apache.log4j.Logger;
 import org.apache.xml.serialize.OutputFormat;
 import org.apache.xml.serialize.XMLSerializer;
 
+import edu.internet2.middleware.shibboleth.aa.arp.ArpAttributeSet.ArpAttributeIterator;
+
 /**
  *  Defines a processing engine for Attribute Release Policies.
  *
@@ -225,32 +227,27 @@ public class ArpEngine {
         * Applies all applicable ARPs to a set of attributes.
         * @return the attributes to be released
         */
-       public ArpAttribute[] filterAttributes(
-               ArpAttribute[] attributes,
-               Principal principal,
-               String requester,
-               URL resource)
+       public void filterAttributes(ArpAttributeSet attributes, Principal principal, String requester, URL resource)
                throws ArpProcessingException {
-                       
-                       if (attributes.length == 0) {
-                               log.debug("ARP Engine was asked to apply filter to empty attribute set.");
-                               return new ArpAttribute[0];
-                       }
 
-               Set releaseSet = new HashSet();
+               ArpAttributeIterator iterator = attributes.arpAttributeIterator();
+               if (!iterator.hasNext()) {
+                       log.debug("ARP Engine was asked to apply filter to empty attribute set.");
+                       return;
+               }
 
                log.info("Applying Attribute Release Policies.");
                if (log.isDebugEnabled()) {
                        log.debug("Processing the following attributes:");
-                       for (int i = 0; attributes.length > i; i++) {
-                               log.debug("Attribute: (" + attributes[i].getName() + ")");
+                       for (ArpAttributeIterator attrIterator = attributes.arpAttributeIterator(); attrIterator.hasNext();) {
+                               log.debug("Attribute: (" + attrIterator.nextArpAttribute().getName() + ")");
                        }
                }
 
                //Gather all applicable ARP attribute specifiers
                Set attributeNames = new HashSet();
-               for (int i = 0; attributes.length > i; i++) {
-                       attributeNames.add(attributes[i].getName());
+               for (ArpAttributeIterator nameIterator = attributes.arpAttributeIterator(); nameIterator.hasNext();) {
+                       attributeNames.add(nameIterator.nextArpAttribute().getName());
                }
                Rule[] rules = createEffectiveArp(principal, requester, resource).getAllRules();
                Set applicableRuleAttributes = new HashSet();
@@ -265,41 +262,41 @@ public class ArpEngine {
 
                //Canonicalize specifiers
                Map arpAttributeSpecs =
-                       createCanonicalAttributeSpec(
-                               (Rule.Attribute[]) applicableRuleAttributes.toArray(new Rule.Attribute[0]));
+                       createCanonicalAttributeSpec((Rule.Attribute[]) applicableRuleAttributes.toArray(new Rule.Attribute[0]));
 
                //Filter
-               for (int i = 0; attributes.length > i; i++) {
-                       Rule.Attribute attribute = (Rule.Attribute) arpAttributeSpecs.get(attributes[i].getName());
+               for (ArpAttributeIterator returnIterator = attributes.arpAttributeIterator(); returnIterator.hasNext();) {
+                       
+                       ArpAttribute arpAttribute = returnIterator.nextArpAttribute();
+                       Rule.Attribute attribute = (Rule.Attribute) arpAttributeSpecs.get(arpAttribute.getName());
 
                        //Handle no specifier
                        if (attribute == null) {
+                               returnIterator.remove();
                                continue;
                        }
 
                        //Handle Deny All
                        if (attribute.denyAnyValue()) {
+                               returnIterator.remove();
                                continue;
                        }
 
                        //Handle Permit All
                        if (attribute.releaseAnyValue() && attribute.getValues().length == 0) {
-                               releaseSet.add(attributes[i]);
                                continue;
                        }
 
                        //Handle "Permit All-Except" and "Permit Specific"
-                       Object[] resolvedValues = attributes[i].getValues();
                        Set releaseValues = new HashSet();
-                       for (int j = 0; resolvedValues.length > j; j++) {
-                               if (attribute.isValuePermitted(resolvedValues[j])) {
-                                       releaseValues.add(resolvedValues[j]);
+                       for (Iterator valueIterator = arpAttribute.getValues();valueIterator.hasNext();) {
+                               Object value = valueIterator.next();
+                               if (attribute.isValuePermitted(value)) {
+                                       releaseValues.add(value);
                                }
                        }
-                       attributes[i].setValues((Object[]) releaseValues.toArray(new Object[0]));
-                       releaseSet.add(attributes[i]);
+                       arpAttribute.setValues((Object[]) releaseValues.toArray(new Object[0]));
                }
-               return (ArpAttribute[]) releaseSet.toArray(new ArpAttribute[0]);
        }
 
        private Map createCanonicalAttributeSpec(Rule.Attribute[] attributes) {
diff --git a/src/edu/internet2/middleware/shibboleth/aa/arp/provider/ShibArpAttribute.java b/src/edu/internet2/middleware/shibboleth/aa/arp/provider/ShibArpAttribute.java
deleted file mode 100755 (executable)
index c218bd3..0000000
+++ /dev/null
@@ -1,74 +0,0 @@
-package edu.internet2.middleware.shibboleth.aa.arp.provider;
-
-import java.util.Arrays;
-import java.util.HashSet;
-
-import edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute;
-
-/**
- *  Shibboleth implementation of an attribute to which ARPs may be applied.
- *
- * @author Walter Hoehn (wassa@columbia.edu)
- */
-public class ShibArpAttribute implements ArpAttribute {
-
-       private String name;
-       private Object[] values;
-
-       public ShibArpAttribute(String name, Object[] values) {
-               this.name = name;
-               this.values = values;
-       }
-
-       public ShibArpAttribute(String name) {
-               this.name = name;
-       }
-
-       /**
-        * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getName()
-        */
-       public String getName() {
-               return name;
-       }
-
-       /**
-        * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getValues()
-        */
-       public Object[] getValues() {
-               if (values != null) {
-                       return values;
-               } else {
-                       return new Object[0];
-               }
-       }
-
-       /**
-        * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#setValues(Object[])
-        */
-       public void setValues(Object[] values) {
-               this.values = values;
-       }
-
-       /**
-        * @see java.lang.Object#equals(Object)
-        */
-       public boolean equals(Object object) {
-               if (!(object instanceof ShibArpAttribute)) {
-                       return false;
-               }
-               return (new HashSet(Arrays.asList(values))).equals(
-                       new HashSet(Arrays.asList(((ShibArpAttribute) object).getValues())));
-       }
-
-       /**
-       * @see java.lang.Object#hashCode()
-       */
-       public int hashCode() {
-               int code = 0;
-               for (int i = 0; i < values.length; i++) {
-                       code += values[i].hashCode();
-               }
-               return name.hashCode() + code;
-       }
-
-}
index dd30f20..ca6b5a1 100644 (file)
@@ -85,11 +85,11 @@ import org.xml.sax.SAXException;
 import org.xml.sax.SAXParseException;
 
 import sun.security.acl.PrincipalImpl;
+import edu.internet2.middleware.shibboleth.aa.AAAttribute;
+import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
+import edu.internet2.middleware.shibboleth.aa.AAAttributeSet.ShibAttributeIterator;
 import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttributeSet.ResolverAttributeIterator;
-import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ShibAttribute;
-import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ShibAttributeSet;
 import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandler;
-import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ShibAttributeSet.ShibAttributeIterator;
 import edu.internet2.middleware.shibboleth.common.ShibResource;
 import edu.internet2.middleware.shibboleth.common.ShibResource.ResourceNotAvailableException;
 
@@ -131,8 +131,7 @@ public class AttributeResolver {
                                                InputStream stream;
                                                try {
                                                        return new InputSource(
-                                                               new ShibResource(
-                                                                       new File("shibboleth-resolver-1.0.xsd").toURL().toString(),
+                                                               new ShibResource("/schemas/shibboleth-resolver-1.0.xsd",
                                                                        this.getClass())
                                                                        .getInputStream());
                                                } catch (IOException e) {
@@ -263,7 +262,7 @@ public class AttributeResolver {
 
                try {
                        Properties props = new Properties();
-                       File file = new File("testconfig.xml");
+                       File file = new File("src/conf/resolver.xml");
 
                        props.setProperty(
                                "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig",
@@ -271,21 +270,21 @@ public class AttributeResolver {
                        AttributeResolver ar = new AttributeResolver(props);
                        for (int j = 0; j < 2; j++) {
                                System.out.println("Resolving pass: " + (j + 1));
-                               ShibAttributeSet attributes = new ShibAttributeSet();
+                               AAAttributeSet attributes = new AAAttributeSet();
                                if (j == 1) {
-                                       attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonPrincipalName"));
+                                       attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonPrincipalName"));
                                }
-                               attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonNickName"));
-                               attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonPrimaryAffiliation"));
-                               attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonScopedAffiliation"));
-                               attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonAffiliation"));
-                               attributes.add(new ShibAttribute("urn:mace:eduPerson:1.0:eduPersonEntitlement"));
-                               attributes.add(new ShibAttribute("urn:mace:rfc2079:labeledURI"));
+                               attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonNickName"));
+                               attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonPrimaryAffiliation"));
+                               attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonScopedAffiliation"));
+                               attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonAffiliation"));
+                               attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonEntitlement"));
+                               attributes.add(new AAAttribute("urn:mace:rfc2079:labeledURI"));
 
                                ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", attributes);
                                ShibAttributeIterator iterator = attributes.shibAttributeIterator();
                                while (iterator.hasNext()) {
-                                       ShibAttribute attribute = iterator.nextShibAttribute();
+                                       AAAttribute attribute = iterator.nextShibAttribute();
                                        System.out.println(attribute.getName());
                                        System.out.println("LifeTime: " + attribute.getLifetime());
                                        System.out.println("\t" + " values:");
index d16ea91..1697301 100644 (file)
@@ -99,7 +99,7 @@ public class CustomAttributeDefinition implements ResolutionPlugIn, AttributeDef
        }
 
        /**
-        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeDefinitionPlugIn#resolve(edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute, java.security.Principal, java.lang.String, edu.internet2.middleware.shibboleth.aa.attrresolv.Dependencies)
+        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeDefinitionPlugIn#resolve(edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute, java.security.Principal, java.lang.String, edu.internet2.middleware.shibboleth.aa.attrresolv.Dependencies)
         */
        public void resolve(ResolverAttribute attribute, Principal principal, String requester, Dependencies depends)
                throws ResolutionPlugInException {
index e8f12eb..bc18e0a 100644 (file)
@@ -149,7 +149,7 @@ public class SimpleAttributeDefinition extends BaseAttributeDefinition implement
        }
 
        /**
-        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeDefinitionPlugIn#resolve(edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute, java.security.Principal, java.lang.String, edu.internet2.middleware.shibboleth.aa.attrresolv.Dependencies)
+        * @see edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeDefinitionPlugIn#resolve(edu.internet2.middleware.shibboleth.aa.attrresolv.ArpAttribute, java.security.Principal, java.lang.String, edu.internet2.middleware.shibboleth.aa.attrresolv.Dependencies)
         */
        public void resolve(ResolverAttribute attribute, Principal principal, String requester, Dependencies depends)
                throws ResolutionPlugInException {
diff --git a/src/edu/internet2/middleware/shibboleth/aaLocal/CmuCtxFactory.java b/src/edu/internet2/middleware/shibboleth/aaLocal/CmuCtxFactory.java
deleted file mode 100755 (executable)
index 4e6ce98..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-/**
- *  Attribute Authority & Release Policy
- *  Directory layer for CMU specific LDAP set up
- *
- * @author     Parviz Dousti (dousti@cmu.edu)
- * @created    June, 2002
- */
-
-import java.util.Hashtable;
-import javax.naming.*;
-import javax.naming.spi.*;
-
-
-public class CmuCtxFactory implements InitialContextFactory{
-
-    public Context getInitialContext(Hashtable env)
-       throws NamingException{
-       return new CmuDirContext(env);
-    }
-
-}
diff --git a/src/edu/internet2/middleware/shibboleth/aaLocal/CmuDirContext.java b/src/edu/internet2/middleware/shibboleth/aaLocal/CmuDirContext.java
deleted file mode 100755 (executable)
index 1a1f1d2..0000000
+++ /dev/null
@@ -1,55 +0,0 @@
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-/**
- *  Attribute Authority & Release Policy
- *  Directory layer for CMU
- *
- * @author     Parviz Dousti (dousti@cmu.edu)
- * @created    June, 2002
- */
-
-
-import java.util.*;
-import javax.naming.*;
-import javax.naming.directory.*;
-
-public class CmuDirContext extends InitialDirContext{
-
-    DirContext ctx; 
-
-    public CmuDirContext(Hashtable env)
-       throws NamingException{
-
-       Hashtable env1 = new Hashtable(11);
-       env1.put(Context.INITIAL_CONTEXT_FACTORY,
-              "com.sun.jndi.ldap.LdapCtxFactory");
-
-       env1.put(Context.PROVIDER_URL, env.get(Context.PROVIDER_URL));
-       ctx = new InitialDirContext(env1);
-    }
-
-    
-    public Object lookup(String s) throws NamingException{
-       String uid = null;
-
-       int i = s.indexOf("=");
-       if(i >= 0)
-           uid = s.substring(i+1);
-       else
-           uid = s;
-
-       NamingEnumeration ne = ctx.search("", "cmuAndrewId="+uid, null, null);
-
-       if(ne != null && ne.hasMoreElements()){
-           SearchResult rs = (SearchResult)ne.nextElement();
-           String guid = (String)rs.getAttributes().get("GUID").get();
-           return ctx.lookup("guid="+guid);
-       }
-       return null;
-    }
-    
-    public Attributes getAttributes(String name, String[] ids)
-       throws NamingException{
-       return ctx.getAttributes(name, ids);
-    }
-}
diff --git a/src/edu/internet2/middleware/shibboleth/aaLocal/EchoCtxFactory.java b/src/edu/internet2/middleware/shibboleth/aaLocal/EchoCtxFactory.java
deleted file mode 100755 (executable)
index 270dcf5..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-
-/**
- *  Attribute Authority & Release Policy
- *  Very simple implementation of directory layer.
- *
- * @author     Parviz Dousti (dousti@cmu.edu)
- * @created    June, 2002
- */
-
-
-import java.util.Hashtable;
-import javax.naming.*;
-import javax.naming.spi.*;
-
-
-public class EchoCtxFactory implements InitialContextFactory{
-
-    public Context getInitialContext(Hashtable env)
-       throws NamingException{
-       return new EchoDirContext(env);
-    }
-
-}
diff --git a/src/edu/internet2/middleware/shibboleth/aaLocal/EchoDirContext.java b/src/edu/internet2/middleware/shibboleth/aaLocal/EchoDirContext.java
deleted file mode 100755 (executable)
index ae08712..0000000
+++ /dev/null
@@ -1,62 +0,0 @@
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-/**
- *  Attribute Authority & Release Policy
- *  Simple implementation of a trivial directory layer
- *  mostly for demo and testing
- *
- * @author     Parviz Dousti (dousti@cmu.edu)
- * @created    June, 2002
- */
-
-
-import java.util.*;
-import javax.naming.*;
-import javax.naming.directory.*;
-
-public class EchoDirContext extends InitialDirContext{
-
-    String uid = "unknown";
-    
-
-    public EchoDirContext(Hashtable env)
-       throws NamingException{
-    }
-
-    
-    public Object lookup(String s) throws NamingException{
-       int i = s.indexOf("=");
-       if(i >= 0)
-           uid = s.substring(i+1);
-       else
-           uid = s;
-
-       return this;
-    }
-    
-    public Attributes getAttributes(String name, String[] ids)
-       throws NamingException{
-
-       BasicAttributes attrs = new BasicAttributes();
-
-       for(int i=0; i<ids.length; i++){
-           if(ids[i].equalsIgnoreCase("eduPersonScopedAffiliation")){
-               // return member as value;
-               attrs.put(new BasicAttribute("eduPersonScopedAffiliation", "member"));
-           }
-               if(ids[i].equalsIgnoreCase("eduPersonAffiliation")){
-               // return member as value;
-               attrs.put(new BasicAttribute("eduPersonAffiliation", "member"));
-               }
-           if(ids[i].equalsIgnoreCase("eduPersonPrincipalName")){
-               // return uid
-               attrs.put(new BasicAttribute("eduPersonPrincipalName", uid));
-           }
-               if(ids[i].equalsIgnoreCase("eduPersonEntitlement")){
-               // return uid
-               attrs.put(new BasicAttribute("eduPersonEntitlement", "urn:mace:example.edu:exampleEntitlement"));
-               }
-       }
-       return attrs;
-    }
-}
diff --git a/src/edu/internet2/middleware/shibboleth/aaLocal/SQLCtxFactory.java b/src/edu/internet2/middleware/shibboleth/aaLocal/SQLCtxFactory.java
deleted file mode 100755 (executable)
index 3369839..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-/**
- *  Attribute Authority & Release Policy
- *  Demonstration of how a SQL impl. of directory layer
- *  might work.
- *
- * @author     Parviz Dousti (dousti@cmu.edu)
- * @created    June, 2002
- */
-
-
-import java.util.Hashtable;
-import javax.naming.*;
-import javax.naming.spi.*;
-
-
-public class SQLCtxFactory implements InitialContextFactory{
-
-    public Context getInitialContext(Hashtable env)
-       throws NamingException{
-       return new SQLDirContext(env);
-    }
-
-}
diff --git a/src/edu/internet2/middleware/shibboleth/aaLocal/SQLDirContext.java b/src/edu/internet2/middleware/shibboleth/aaLocal/SQLDirContext.java
deleted file mode 100755 (executable)
index 9f2bdad..0000000
+++ /dev/null
@@ -1,117 +0,0 @@
-package edu.internet2.middleware.shibboleth.aaLocal;
-
-/**
- *  Attribute Authority & Release Policy
- *  Demonstration of SQL impl. for directory layer.
- *
- * @author     Parviz Dousti (dousti@cmu.edu)
- * @created    June, 2002
- */
-
-
-import java.util.*;
-import java.sql.*;
-import javax.naming.*;
-import javax.naming.directory.*;
-
-public class SQLDirContext extends InitialDirContext{
-
-    Connection con;
-    String uid;
-    String guid;
-    Hashtable id2name;
-
-    public SQLDirContext(Hashtable env)
-       throws NamingException{
-
-       String url = (String)env.get(Context.PROVIDER_URL);
-       String driver = (String)env.get("SQL_DRIVER");
-       String user = (String)env.get("SECURITY_PRINCIPAL");
-       String passwd = (String)env.get("SECURITY_CREDENTIALS");
-       uid = (String)env.get("USER_IDENTIFIER");
-       if(url == null)
-           throw new NamingException("Context.PROVIDER_URL not provided");
-       if(driver == null)
-           throw new NamingException("SQL_DRIVER is required");
-       if(user == null)
-           throw new NamingException("SECURITY_PRINCIPAL is required");
-       if(passwd == null)
-           throw new NamingException("SECURITY_CREDENTIALS is required");
-       if(uid == null)
-           throw new NamingException("USER_IDENTIFIER is required");
-       id2name = new Hashtable();
-
-
-
-       try{
-           Class.forName(driver);
-           con = DriverManager.getConnection(url, user, passwd);
-           // get the small sql table and keep it as a hashtable for performance
-           Statement stmt = con.createStatement();
-           ResultSet rs = stmt.executeQuery("SELECT attr_id,attr_name from danr.person_attributes");       
-           while(rs.next()){
-               int i = rs.getInt("attr_id");
-               String n = rs.getString("attr_name");
-               id2name.put(new Integer(i), n);
-           }
-
-           // find the guid from uid
-           String guidQ1 = "SELECT guid from danr.person_attrib WHERE attr_id = ";
-           String guidQ2 = "(SELECT attr_id from danr.person_attributes where attr_name = 'cmuAndrewId')";
-           String guidQ3 = " AND attr_value = '"+uid+"'";
-
-
-           rs = stmt.executeQuery(guidQ1+guidQ2+guidQ3);
-           rs.next();
-           guid = rs.getString("GUID");
-       }catch(Exception e){
-           throw new NamingException("Failed to create SQLDirContext: "+e);
-       }
-    }
-
-    public Attributes getAttributes(String name,
-                                   String[] attrIds)
-       throws NamingException {
-
-       long aTime = System.currentTimeMillis();
-       String q1 = "select attr_id,attr_value from danr.person_attrib where guid = '";
-       String q2 = "' and attr_id = (select attr_id from danr.person_attributes where attr_name ='";
-       String q3 = "')";
-       StringBuffer buf = new StringBuffer(q1+guid+q2);
-       BasicAttributes attrs = new BasicAttributes();
-       try{
-           int len = attrIds.length;
-
-           String[] attrNames = new String[len];
-           System.arraycopy(attrIds, 0, attrNames, 0, len);
-           Arrays.sort(attrNames);
-
-           for(int i=0; i <len-1; i++)
-               buf.append(attrIds[i] + "' OR attr_name ='");
-           buf.append(attrIds[len-1]);
-           buf.append(q3);
-
-           Statement stmt = con.createStatement();
-           ResultSet rs = stmt.executeQuery(buf.toString());       
-
-           BasicAttribute[] attrArray = new BasicAttribute[len];
-           for(int i=0; i <len; i++)
-               attrArray[i] = new BasicAttribute(attrIds[i]);
-
-           while(rs.next()){
-               int anId = rs.getInt("attr_id");
-               String aName = (String)id2name.get(new Integer(anId));
-               Object value = rs.getObject("attr_value");
-               int indx = Arrays.binarySearch(attrNames, aName);
-               attrArray[indx].add(value);
-           }
-           
-           for(int i=0; i <len; i++)
-               attrs.put(attrArray[i]);
-           System.out.print(" ("+(System.currentTimeMillis() - aTime)+" sec)");
-           return attrs;
-       }catch(Exception e){
-           throw new NamingException("Failed to get Attributes: "+e);
-       }
-    }
-}
diff --git a/src/edu/internet2/middleware/shibboleth/aaLocal/attributes/cmuAndrewId.java b/src/edu/internet2/middleware/shibboleth/aaLocal/attributes/cmuAndrewId.java
deleted file mode 100644 (file)
index 1e4a591..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-package edu.internet2.middleware.shibboleth.aaLocal.attributes;
-
-import java.util.Arrays;
-
-import edu.internet2.middleware.eduPerson.*;
-import edu.internet2.middleware.shibboleth.common.Constants; 
-import org.opensaml.*;
-
-
-public class cmuAndrewId extends ScopedAttribute{
-    
-
-    public cmuAndrewId(String[] scopes, Object[] values)
-       throws SAMLException{
-
-       super("urn:mace:eduPerson:1.0:eduPersonPrincipalName",
-                  Constants.SHIB_ATTRIBUTE_NAMESPACE_URI, 
-           scopes[0],
-           null,
-                  10*60,
-           Arrays.asList(scopes),
-                  Arrays.asList(values));
-    }
-}
-
diff --git a/src/edu/internet2/middleware/shibboleth/aaLocal/attributes/eduPersonEntitlement.java b/src/edu/internet2/middleware/shibboleth/aaLocal/attributes/eduPersonEntitlement.java
deleted file mode 100644 (file)
index bb47613..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-package edu.internet2.middleware.shibboleth.aaLocal.attributes;
-
-
-/**
- *  Attribute Authority & Release Policy
- *  A specific class for eduPersonEntitlement attribute
- *
- * @author     Parviz Dousti (dousti@cmu.edu)
- * @created    June, 2002
- */
-
-import java.util.Arrays;
-
-import edu.internet2.middleware.shibboleth.common.Constants; 
-import edu.internet2.middleware.shibboleth.aa.ShibAttribute;
-import org.opensaml.*;
-
-public class eduPersonEntitlement implements ShibAttribute{
-    
-
-    public SAMLAttribute toSamlAttribute(String defaultScope, Object[] values, String recipient)
-       throws SAMLException{
-
-       return new SAMLAttribute("urn:mace:eduPerson:1.0:eduPersonEntitlement",
-                                Constants.SHIB_ATTRIBUTE_NAMESPACE_URI, 
-                                new QName(org.opensaml.XML.XSD_NS,"anyURI"),
-                                10*60,
-                                Arrays.asList(values));
-
-    }
-}
-
diff --git a/src/edu/internet2/middleware/shibboleth/aaLocal/attributes/eduPersonPrincipalName.java b/src/edu/internet2/middleware/shibboleth/aaLocal/attributes/eduPersonPrincipalName.java
deleted file mode 100644 (file)
index e3d720b..0000000
+++ /dev/null
@@ -1,56 +0,0 @@
-package edu.internet2.middleware.shibboleth.aaLocal.attributes;
-
-
-/**
- *  Attribute Authority & Release Policy
- *  A specific class for EPPN
- *
- * @author     Parviz Dousti (dousti@cmu.edu)
- * @created    June, 2002
- */
-
-import java.util.Collections;
-
-import edu.internet2.middleware.eduPerson.*;
-import edu.internet2.middleware.shibboleth.common.Constants; 
-import edu.internet2.middleware.shibboleth.aa.ShibAttribute;
-
-import org.apache.log4j.Logger;
-import org.opensaml.*;
-
-public class eduPersonPrincipalName implements ShibAttribute{
-       
-       private static Logger log = Logger.getLogger(eduPersonPrincipalName.class.getName());
-    
-
-    public SAMLAttribute toSamlAttribute(String defaultScope, Object[] values, String recipient)
-       throws SAMLException{
-
-       String scope = null;
-       String val = null;
-       String eppn = (String)values[0];
-
-       int x = eppn.indexOf("@") ;
-       log.debug("EPPN: "+eppn+"    @ at "+x);
-       if(x > 0){
-           val = eppn.substring(0,x);
-           scope = eppn.substring(x+1);
-       }else{
-           val = eppn;
-           scope = defaultScope;
-       }
-
-       log.debug("Sending value=" + val + ", scope=" + scope);
-               
-       return new ScopedAttribute("urn:mace:eduPerson:1.0:eduPersonPrincipalName",
-                                Constants.SHIB_ATTRIBUTE_NAMESPACE_URI, 
-                 defaultScope,
-                                null,
-                                10*60,
-                 Collections.singleton(scope),
-                                Collections.singleton(val));
-
-    }
-
-}
-
diff --git a/src/edu/internet2/middleware/shibboleth/aaLocal/attributes/eduPersonScopedAffiliation.java b/src/edu/internet2/middleware/shibboleth/aaLocal/attributes/eduPersonScopedAffiliation.java
deleted file mode 100644 (file)
index 29cd39e..0000000
+++ /dev/null
@@ -1,48 +0,0 @@
-package edu.internet2.middleware.shibboleth.aaLocal.attributes;
-
-
-/**
- *  Attribute Authority & Release Policy
- *  A specific class for eduPersonScopedAffiliation attribute
- *
- * @author     Parviz Dousti (dousti@cmu.edu)
- * @created    June, 2002
- */
-
-import java.util.Arrays;
-
-import edu.internet2.middleware.eduPerson.*;
-import edu.internet2.middleware.shibboleth.common.Constants; 
-import edu.internet2.middleware.shibboleth.aa.ShibAttribute;
-import org.opensaml.*;
-
-public class eduPersonScopedAffiliation implements ShibAttribute{
-    
-
-    public SAMLAttribute toSamlAttribute(String defaultScope, Object[] values, String recipient)
-       throws SAMLException{
-
-       for(int i=0; i<values.length; i++){
-           String val = (String)values[i];
-           if(val.equalsIgnoreCase("faculty") ||
-              val.equalsIgnoreCase("student") ||
-              val.equalsIgnoreCase("staff") ||
-              val.equalsIgnoreCase("alum") ||
-              val.equalsIgnoreCase("member") ||
-              val.equalsIgnoreCase("affiliate") ||
-              val.equalsIgnoreCase("employee") )
-               values[i] = val.toLowerCase();
-           else
-               values[i] = "member";
-       }
-
-       return new ScopedAttribute("urn:mace:eduPerson:1.0:eduPersonScopedAffiliation",
-                  Constants.SHIB_ATTRIBUTE_NAMESPACE_URI, 
-           defaultScope,
-           null,
-                  10*60,
-           null,
-                  Arrays.asList(values));
-    }
-}
-
index 5e8be01..da49c80 100644 (file)
@@ -74,13 +74,14 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.log4j.Logger;
 import org.apache.log4j.MDC;
 import org.doomdark.uuid.UUIDGenerator;
+import org.opensaml.Init;
 import org.opensaml.QName;
 import org.opensaml.SAMLAuthorityBinding;
 import org.opensaml.SAMLBinding;
 import org.opensaml.SAMLException;
 import org.opensaml.SAMLResponse;
-import sun.misc.BASE64Decoder;
 
+import sun.misc.BASE64Decoder;
 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
 import edu.internet2.middleware.shibboleth.common.ShibPOSTProfile;
 import edu.internet2.middleware.shibboleth.common.ShibPOSTProfileFactory;
@@ -173,7 +174,7 @@ public class HandleServlet extends HttpServlet {
                        log.info("Initializing Handle Service.");
                        configuration = loadConfiguration();
 
-                       edu.internet2.middleware.eduPerson.Init.init();
+                       Init.init();
 
                        initPKI();