Added ARP match functions for string and regular expressions that do not match. ...
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 27 Jan 2005 17:20:20 +0000 (17:20 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 27 Jan 2005 17:20:20 +0000 (17:20 +0000)
See bugzilla #228.

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1221 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/aa/arp/ArpEngine.java
src/edu/internet2/middleware/shibboleth/aa/arp/Rule.java
src/edu/internet2/middleware/shibboleth/aa/arp/provider/RegexNotMatchFunction.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/aa/arp/provider/StringValueNotMatchFunction.java [moved from src/edu/internet2/middleware/shibboleth/aa/arp/provider/ExactSharMatchFunction.java with 79% similarity, mode: 0644]
src/schemas/shibboleth-arp-1.0.xsd
tests/edu/internet2/middleware/shibboleth/aa/arp/ArpTests.java

index 5ac35f3..b12f4fd 100755 (executable)
@@ -78,18 +78,25 @@ public class ArpEngine {
        static {
                //Initialize built-in match functions
                try {
        static {
                //Initialize built-in match functions
                try {
-                       matchFunctions.put(
-                               new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"),
-                               "edu.internet2.middleware.shibboleth.aa.arp.provider.ExactSharMatchFunction");
-                       matchFunctions.put(
-                               new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"),
-                               "edu.internet2.middleware.shibboleth.aa.arp.provider.ResourceTreeMatchFunction");
-                       matchFunctions.put(
-                               new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"),
-                               "edu.internet2.middleware.shibboleth.aa.arp.provider.RegexMatchFunction");
-                       matchFunctions.put(
-                               new URI("urn:mace:shibboleth:arp:matchFunction:stringValue"),
-                               "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueMatchFunction");
+                       
+                       // Current
+                       matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"),
+                                       "edu.internet2.middleware.shibboleth.aa.arp.provider.RegexMatchFunction");
+                       matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:regexNotMatch"),
+                       "edu.internet2.middleware.shibboleth.aa.arp.provider.RegexNotMatchFunction");
+                       matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:stringMatch"),
+                                       "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueMatchFunction");
+                       matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:stringNotMatch"),
+                       "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueNotMatchFunction");
+                       
+                       // Legacy
+                       matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"),
+                                       "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueMatchFunction");
+                       matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"),
+                                       "edu.internet2.middleware.shibboleth.aa.arp.provider.ResourceTreeMatchFunction");
+                       matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:stringValue"),
+                                       "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueMatchFunction");
+                       
                } catch (URISyntaxException e) {
                        log.error("Error mapping standard match functions: " + e);
                }
                } catch (URISyntaxException e) {
                        log.error("Error mapping standard match functions: " + e);
                }
index 2271a51..89ebb4e 100755 (executable)
@@ -455,7 +455,7 @@ public class Rule {
                                        DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
                                Element requesterNode = placeHolder.createElementNS(Arp.arpNamespace, "Requester");
                                if (!matchFunctionIdentifier
                                        DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
                                Element requesterNode = placeHolder.createElementNS(Arp.arpNamespace, "Requester");
                                if (!matchFunctionIdentifier
-                                       .equals(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"))) {
+                                       .equals(new URI("urn:mace:shibboleth:arp:matchFunction:stringMatch"))) {
                                        requesterNode.setAttributeNS(Arp.arpNamespace, "matchFunction", matchFunctionIdentifier.toString());
                                }
                                Text valueNode = placeHolder.createTextNode(value);
                                        requesterNode.setAttributeNS(Arp.arpNamespace, "matchFunction", matchFunctionIdentifier.toString());
                                }
                                Text valueNode = placeHolder.createTextNode(value);
@@ -495,7 +495,7 @@ public class Rule {
                                if (element.hasAttribute("matchFunction")) {
                                        matchFunctionIdentifier = new URI(element.getAttribute("matchFunction"));
                                } else {
                                if (element.hasAttribute("matchFunction")) {
                                        matchFunctionIdentifier = new URI(element.getAttribute("matchFunction"));
                                } else {
-                                       matchFunctionIdentifier = new URI("urn:mace:shibboleth:arp:matchFunction:exactShar");
+                                       matchFunctionIdentifier = new URI("urn:mace:shibboleth:arp:matchFunction:stringMatch");
                                }
                        } catch (URISyntaxException e) {
                                log.error("ARP match function not identified by a proper URI.");
                                }
                        } catch (URISyntaxException e) {
                                log.error("ARP match function not identified by a proper URI.");
@@ -685,7 +685,7 @@ public class Rule {
                                        valueNode.setAttributeNS(Arp.arpNamespace, "release", value.getRelease());
                                        if (!value
                                                .getMatchFunctionIdentifier()
                                        valueNode.setAttributeNS(Arp.arpNamespace, "release", value.getRelease());
                                        if (!value
                                                .getMatchFunctionIdentifier()
-                                               .equals(new URI("urn:mace:shibboleth:arp:matchFunction:stringValue"))) {
+                                               .equals(new URI("urn:mace:shibboleth:arp:matchFunction:stringMatch"))) {
                                                valueNode.setAttributeNS(
                                                        Arp.arpNamespace,
                                                        "matchFunction",
                                                valueNode.setAttributeNS(
                                                        Arp.arpNamespace,
                                                        "matchFunction",
@@ -800,7 +800,7 @@ public class Rule {
                                this.matchFunctionIdentifier = matchFunctionIdentifier;
                        } else {
                                try {
                                this.matchFunctionIdentifier = matchFunctionIdentifier;
                        } else {
                                try {
-                                       matchFunctionIdentifier = new URI("urn:mace:shibboleth:arp:matchFunction:stringValue");
+                                       matchFunctionIdentifier = new URI("urn:mace:shibboleth:arp:matchFunction:stringMatch");
                                } catch (URISyntaxException e) {
                                        throw new ArpMarshallingException("ARP Engine internal error: could not set default matching function for attribute value.");
                                }
                                } catch (URISyntaxException e) {
                                        throw new ArpMarshallingException("ARP Engine internal error: could not set default matching function for attribute value.");
                                }
diff --git a/src/edu/internet2/middleware/shibboleth/aa/arp/provider/RegexNotMatchFunction.java b/src/edu/internet2/middleware/shibboleth/aa/arp/provider/RegexNotMatchFunction.java
new file mode 100644 (file)
index 0000000..ef15320
--- /dev/null
@@ -0,0 +1,84 @@
+/*
+ * The Shibboleth License, Version 1.
+ * Copyright (c) 2002
+ * University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved
+ *
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear.
+ *
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
+ * please contact shibboleth@shibboleth.org
+ *
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
+ * University Corporation for Advanced Internet Development.
+ *
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.aa.arp.provider;
+
+import java.net.URL;
+
+import edu.internet2.middleware.shibboleth.aa.arp.MatchFunction;
+import edu.internet2.middleware.shibboleth.aa.arp.MatchingException;
+
+import org.apache.log4j.Logger;
+
+/**
+ * Match function implementaiton that matches when a given regular expression does NOT match.
+ *
+ * @author Walter Hoehn (wassa&#064;columbia.edu)
+ */
+public class RegexNotMatchFunction implements MatchFunction {
+       private static Logger log = Logger.getLogger(RegexNotMatchFunction.class.getName());
+
+       /**
+        * @see edu.internet2.middleware.shibboleth.aa.arp.MatchFunction#match(Object,
+        *              Object)
+        */
+       public boolean match(Object arpComponent, Object requestComponent)
+               throws MatchingException
+       {
+               if (!(arpComponent instanceof String) || !(requestComponent instanceof String || requestComponent instanceof URL)) {
+                       log.error("Invalid use of ARP matching function (RegexMatchFunction).");
+                       throw new MatchingException(
+                               "Invalid use of ARP matching function (RegexMatchFunction).");
+               }
+               if (requestComponent instanceof URL) {
+                       return ((URL) requestComponent).toString().matches((String) arpComponent);
+               }
+               return !((String) requestComponent).matches((String) arpComponent);
+       }
+}
@@ -55,12 +55,12 @@ import edu.internet2.middleware.shibboleth.aa.arp.MatchFunction;
 import edu.internet2.middleware.shibboleth.aa.arp.MatchingException;
 
 /**
 import edu.internet2.middleware.shibboleth.aa.arp.MatchingException;
 
 /**
- * Match function that does exact matching on requesters.
+ * Match function that matches strings that are not the same.
  *
  * @author Walter Hoehn (wassa&#064;columbia.edu)
  */
  *
  * @author Walter Hoehn (wassa&#064;columbia.edu)
  */
-public class ExactSharMatchFunction implements MatchFunction {
-       private static Logger log = Logger.getLogger(ExactSharMatchFunction.class.getName());
+public class StringValueNotMatchFunction implements MatchFunction {
+       private static Logger log = Logger.getLogger(StringValueNotMatchFunction.class.getName());
        /**
         * @see edu.internet2.middleware.shibboleth.aa.arp.MatchFunction#match(Object,
         *              Object)
        /**
         * @see edu.internet2.middleware.shibboleth.aa.arp.MatchFunction#match(Object,
         *              Object)
@@ -68,14 +68,10 @@ public class ExactSharMatchFunction implements MatchFunction {
        public boolean match(Object arpComponent, Object requestComponent)
                throws MatchingException
        {
        public boolean match(Object arpComponent, Object requestComponent)
                throws MatchingException
        {
-               if (arpComponent == null || requestComponent == null) {
-            log.error("Invalid use of ARP matching function (ExactSharMatchFunction). One of the operands was null.");
-            throw new MatchingException("Invalid use of ARP matching function (ExactSharMatchFunction).");
+               if (!(arpComponent instanceof String) || !(requestComponent instanceof String)) {
+                       log.error("Invalid use of ARP matching function (StringValueNotMatchFunction).");
+                       throw new MatchingException("Invalid use of ARP matching function (StringValueNotMatchFunction).");
                }
                }
-               else if (!(arpComponent instanceof String) || !(requestComponent instanceof String)) {
-                       log.error("Invalid use of ARP matching function (ExactSharMatchFunction). arpComponent: (" + arpComponent + "). requestComponent: (" + requestComponent + ").");
-                       throw new MatchingException("Invalid use of ARP matching function (ExactSharMatchFunction).");
-               }
-               return arpComponent.equals(requestComponent);
+               return !arpComponent.equals(requestComponent);
        }
 }
        }
 }
index ca0e737..3c17f08 100755 (executable)
@@ -18,7 +18,7 @@
                                        <xs:sequence minOccurs="0">
                                                <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
                                        </xs:sequence>
                                        <xs:sequence minOccurs="0">
                                                <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
                                        </xs:sequence>
-                                       <xs:attribute name="matchFunction" type="xs:anyURI" default="urn:mace:shibboleth:arp:matchFunction:stringValue"/>
+                                       <xs:attribute name="matchFunction" type="xs:anyURI" default="urn:mace:shibboleth:arp:matchFunction:stringMatch"/>
                                        <xs:attribute name="release" type="arp:RequireType" use="required"/>
                                </xs:complexType>
                        </xs:element>
                                        <xs:attribute name="release" type="arp:RequireType" use="required"/>
                                </xs:complexType>
                        </xs:element>
@@ -46,7 +46,7 @@
                                                                                                        <xs:complexType>
                                                                                                                <xs:simpleContent>
                                                                                                                        <xs:extension base="xs:string">
                                                                                                        <xs:complexType>
                                                                                                                <xs:simpleContent>
                                                                                                                        <xs:extension base="xs:string">
-                                                                                                                               <xs:attribute name="matchFunction" type="xs:anyURI" default="urn:mace:shibboleth:arp:matchFunction:exactShar"/>
+                                                                                                                               <xs:attribute name="matchFunction" type="xs:anyURI" default="urn:mace:shibboleth:arp:matchFunction:stringMatch"/>
                                                                                                                        </xs:extension>
                                                                                                                </xs:simpleContent>
                                                                                                        </xs:complexType>
                                                                                                                        </xs:extension>
                                                                                                                </xs:simpleContent>
                                                                                                        </xs:complexType>
index 0a4ac39..1097ac2 100755 (executable)
@@ -238,6 +238,12 @@ public class ArpTests extends TestCase {
                        assertNull("ArpEngine did not return null on dummy function.", noFunction);
 
                        //Lookup some real functions
                        assertNull("ArpEngine did not return null on dummy function.", noFunction);
 
                        //Lookup some real functions
+                       MatchFunction stringMatch =
+                               ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringMatch"));
+                       assertNotNull("ArpEngine did not properly load the String Match function.", stringMatch);
+                       MatchFunction stringValue =
+                               ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringValue"));
+                       assertNotNull("ArpEngine did not properly load the String Value function.", stringValue);
                        MatchFunction exactSharFunction =
                                ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
                        assertNotNull("ArpEngine did not properly load the Exact SHAR function.", exactSharFunction);
                        MatchFunction exactSharFunction =
                                ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
                        assertNotNull("ArpEngine did not properly load the Exact SHAR function.", exactSharFunction);
@@ -247,6 +253,12 @@ public class ArpTests extends TestCase {
                        MatchFunction regexFunction =
                                ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
                        assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
                        MatchFunction regexFunction =
                                ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
                        assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
+                       MatchFunction regexNotFunction =
+                               ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexNotMatch"));
+                       assertNotNull("ArpEngine did not properly load the Regex Not Match function.", regexNotFunction);
+                       MatchFunction stringNotFunction =
+                               ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringNotMatch"));
+                       assertNotNull("ArpEngine did not properly load the String Not Match function.", stringNotFunction);
 
                        /* 
                         * Test the Exact SHAR function (requester)
 
                        /* 
                         * Test the Exact SHAR function (requester)
@@ -383,6 +395,39 @@ public class ArpTests extends TestCase {
                        } catch (ArpException ie) {
                                //This is supposed to fail
                        }
                        } catch (ArpException ie) {
                                //This is supposed to fail
                        }
+                       
+                       // Test the StringNotMatch function
+                       assertFalse(
+                                       "StringNotMatch function: false positive",
+                                       stringNotFunction.match("foo", "foo"));
+                       assertTrue(
+                                       "StringNotMatch function: false negative",
+                                       stringNotFunction.match("foo", "bar"));
+                       //Make sure we properly handle bad input
+                       try {
+                               stringNotFunction.match(null, null);
+                               fail("StringNotMatch function seems to take improper input without throwing an exception.");
+                       } catch (ArpException ie) {
+                               //This is supposed to fail
+                       }
+                       
+                       //Test the RegexNotMatch function
+                       
+                       assertFalse("Regex function: false positive", regexNotFunction.match("^foo$", "foo"));
+                       assertTrue("Regex function: false negative", regexNotFunction.match("foo$", "bar"));
+                       
+                       // Make sure we properly handle bad input
+                       try {
+                               regexNotFunction.match(null, null);
+                               fail("RegexNotMatch function seems to take improper input without throwing an exception.");
+                       } catch (ArpException ie) {
+                               //This is supposed to fail
+                       }
+                       
+                       
+                       
+                       
+                       
 
                } catch (ArpException e) {
                        fail("Encountered a problem loading match function: " + e);
 
                } catch (ArpException e) {
                        fail("Encountered a problem loading match function: " + e);