package edu.internet2.middleware.shibboleth.aa.arp;
-import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
-import java.util.HashSet;
+import java.util.Collection;
import java.util.Iterator;
import java.util.List;
-import java.util.Set;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
/**
* An Attribute Release Policy.
*
- * @author Walter Hoehn (wassa@columbia.edu)
+ * @author Walter Hoehn (wassa@memphis.edu)
*/
public class Arp {
public static final String arpNamespace = "urn:mace:shibboleth:arp:1.0";
private Principal principal;
- private List rules = new ArrayList();
+ private List<Rule> rules = new ArrayList<Rule>();
private String description;
private boolean sitePolicy = false;
private static Logger log = Logger.getLogger(Arp.class.getName());
- private Set attributes = new HashSet();
+ private List<Node> attributes = new ArrayList<Node>();
private NodeList ruleReferences;
ruleReferences = ruleReferenceNodes;
}
- // Retain attributes declared outside the scop of a rule
+ // Retain attributes declared outside the scope of a rule
// Not enforced!
NodeList attributeNodes = xmlElement.getElementsByTagNameNS(Arp.arpNamespace, "Attribute");
if (attributeNodes.getLength() > 0) {
for (int i = 0; i < attributeNodes.getLength(); i++) {
if (attributeNodes.item(i).getParentNode() == xmlElement) {
- log
- .warn("Encountered an Attribute definition outside the scope of a Rule definition while marshalling an ARP. "
- + "References are currently unsupported by the ARP Engine. Ignoring...");
+ log.warn("Encountered an Attribute definition outside the scope of a Rule "
+ + "definition while marshalling an ARP. "
+ + "References are currently unsupported by the ARP Engine. Ignoring...");
attributes.add(attributeNodes.item(i));
}
}
policyNode.appendChild(descriptionNode);
}
- Rule[] rules = getAllRules();
- for (int i = 0; rules.length > i; i++) {
- policyNode.appendChild(placeHolder.importNode(rules[i].unmarshall(), true));
+ Collection<Rule> rules = getAllRules();
+ for (Rule rule : rules) {
+ policyNode.appendChild(placeHolder.importNode(rule.unmarshall(), true));
}
if (ruleReferences != null) {
* @return the rules
*/
- public Rule[] getAllRules() {
+ public Collection<Rule> getAllRules() {
- return (Rule[]) rules.toArray(new Rule[0]);
+ return rules;
}
/**
*
* @param requester
* the SHAR for this request
- * @param resource
- * the resource that the requestis made on behalf of
* @return the matching <code>Rule</code> objects
*/
- public Rule[] getMatchingRules(String requester, URL resource) {
+ public Collection<Rule> getMatchingRules(String requester) {
- Set effectiveSet = new HashSet();
+ List<Rule> effectiveSet = new ArrayList<Rule>();
Iterator iterator = rules.iterator();
while (iterator.hasNext()) {
Rule rule = (Rule) iterator.next();
- if (rule.matchesRequest(requester, resource)) {
+ if (rule.matchesRequest(requester)) {
effectiveSet.add(rule);
}
}
- return (Rule[]) effectiveSet.toArray(new Rule[0]);
+ return effectiveSet;
}
/**
import java.net.URI;
import java.net.URISyntaxException;
-import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
/**
* Defines a processing engine for Attribute Release Policies.
*
- * @author Walter Hoehn (wassa@columbia.edu)
+ * @author Walter Hoehn (wassa@memphis.edu)
*/
public class ArpEngine {
matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:stringNotMatch"),
"edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueNotMatchFunction");
- // Legacy
- matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"),
- "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueMatchFunction");
- matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"),
- "edu.internet2.middleware.shibboleth.aa.arp.provider.ResourceTreeMatchFunction");
- matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:stringValue"),
- "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueMatchFunction");
-
} catch (URISyntaxException e) {
log.error("Error mapping standard match functions: " + e);
}
}
}
- private Arp createEffectiveArp(Principal principal, String requester, URL resource) throws ArpProcessingException {
+ private Arp createEffectiveArp(Principal principal, String requester) throws ArpProcessingException {
try {
Arp effectiveArp = new Arp(principal);
}
for (int i = 0; userPolicies.length > i; i++) {
- Rule[] rules = userPolicies[i].getMatchingRules(requester, resource);
+ Collection<Rule> rules = userPolicies[i].getMatchingRules(requester);
- for (int j = 0; rules.length > j; j++) {
- effectiveArp.addRule(rules[j]);
+ for (Rule rule : rules) {
+ effectiveArp.addRule(rule);
}
}
return effectiveArp;
*
* @return an array of <code>URI</code> objects that name the possible attributes
*/
- public Set<URI> listPossibleReleaseAttributes(Principal principal, String requester, URL resource)
- throws ArpProcessingException {
+ public Set<URI> listPossibleReleaseAttributes(Principal principal, String requester) throws ArpProcessingException {
Set<URI> possibleReleaseSet = new HashSet<URI>();
Set<URI> anyValueDenies = new HashSet<URI>();
- Rule[] rules = createEffectiveArp(principal, requester, resource).getAllRules();
- for (int i = 0; rules.length > i; i++) {
- Rule.Attribute[] attributes = rules[i].getAttributes();
- for (int j = 0; attributes.length > j; j++) {
- if (attributes[j].releaseAnyValue()) {
- possibleReleaseSet.add(attributes[j].getName());
- } else if (attributes[j].denyAnyValue()) {
- anyValueDenies.add(attributes[j].getName());
+ Collection<Rule> rules = createEffectiveArp(principal, requester).getAllRules();
+ for (Rule rule : rules) {
+ Collection<Rule.Attribute> attributes = rule.getAttributes();
+ for (Rule.Attribute attribute : attributes) {
+ if (attribute.releaseAnyValue()) {
+ possibleReleaseSet.add(attribute.getName());
+ } else if (attribute.denyAnyValue()) {
+ anyValueDenies.add(attribute.getName());
} else {
- Rule.AttributeValue[] values = attributes[j].getValues();
- for (int k = 0; values.length > k; k++) {
- if (values[k].getRelease().equals("permit")) {
- possibleReleaseSet.add(attributes[j].getName());
+ Collection<Rule.AttributeValue> values = attribute.getValues();
+ for (Rule.AttributeValue value : values) {
+ if (value.getRelease().equals("permit")) {
+ possibleReleaseSet.add(attribute.getName());
break;
}
}
*
* @return the attributes to be released
*/
- public void filterAttributes(Collection<? extends ArpAttribute> attributes, Principal principal, String requester,
- URL resource) throws ArpProcessingException {
+ public void filterAttributes(Collection<? extends ArpAttribute> attributes, Principal principal, String requester)
+ throws ArpProcessingException {
if (attributes.isEmpty()) {
log.debug("ARP Engine was asked to apply filter to empty attribute set.");
for (Iterator<? extends ArpAttribute> nameIterator = attributes.iterator(); nameIterator.hasNext();) {
attributeNames.add(nameIterator.next().getName());
}
- Rule[] rules = createEffectiveArp(principal, requester, resource).getAllRules();
+ Collection<Rule> rules = createEffectiveArp(principal, requester).getAllRules();
Set<Rule.Attribute> applicableRuleAttributes = new HashSet<Rule.Attribute>();
- for (int i = 0; rules.length > i; i++) {
- Rule.Attribute[] ruleAttributes = rules[i].getAttributes();
- for (int j = 0; ruleAttributes.length > j; j++) {
- if (attributeNames.contains(ruleAttributes[j].getName().toString())) {
- applicableRuleAttributes.add(ruleAttributes[j]);
+ for (Rule rule : rules) {
+ Collection<Rule.Attribute> ruleAttributes = rule.getAttributes();
+ for (Rule.Attribute ruleAttribute : ruleAttributes) {
+ if (attributeNames.contains(ruleAttribute.getName().toString())) {
+ applicableRuleAttributes.add(ruleAttribute);
}
}
}
}
// Handle Permit All
- if (attribute.releaseAnyValue() && attribute.getValues().length == 0) {
+ if (attribute.releaseAnyValue() && attribute.getValues().size() == 0) {
continue;
}
// Handle "Permit All-Except" and "Permit Specific"
- ArrayList releaseValues = new ArrayList();
+ ArrayList<Object> releaseValues = new ArrayList<Object>();
for (Iterator valueIterator = arpAttribute.getValues(); valueIterator.hasNext();) {
Object value = valueIterator.next();
if (attribute.isValuePermitted(value)) {
if (attributes[i].releaseAnyValue()) {
((Rule.Attribute) canonicalSpec.get(attributes[i].getName().toString())).setAnyValuePermit(true);
}
- Rule.AttributeValue[] values = attributes[i].getValues();
- for (int j = 0; values.length > j; j++) {
- ((Rule.Attribute) canonicalSpec.get(attributes[i].getName().toString())).addValue(values[j]);
+ Collection<Rule.AttributeValue> values = attributes[i].getValues();
+ for (Rule.AttributeValue value : values) {
+ ((Rule.Attribute) canonicalSpec.get(attributes[i].getName().toString())).addValue(value);
}
}
}
import java.net.URI;
import java.net.URISyntaxException;
-import java.net.URL;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
/**
* An Attribute Release Policy Rule.
*
- * @author Walter Hoehn (wassa@columbia.edu)
+ * @author Walter Hoehn (wassa@memphis.edu)
*/
public class Rule {
private String description;
private Target target;
private static Logger log = Logger.getLogger(Rule.class.getName());
- private ArrayList attributes = new ArrayList();
+ private ArrayList<Attribute> attributes = new ArrayList<Attribute>();
private NodeList attributeReferences;
private URI identifier;
* @return the attributes
*/
- public Attribute[] getAttributes() {
+ public Collection<Attribute> getAttributes() {
- return (Attribute[]) attributes.toArray(new Attribute[0]);
+ return attributes;
}
/**
*
* @param requester
* the SHAR making the request
- * @param resource
- * the resource on behalf of which the request is being made
*/
- public boolean matchesRequest(String requester, URL resource) {
+ public boolean matchesRequest(String requester) {
if (target.matchesAny()) { return true; }
try {
MatchFunction requesterFunction = ArpEngine.lookupMatchFunction(target.getRequester()
.getMatchFunctionIdentifier());
- if (!requesterFunction.match(target.getRequester().getValue(), requester)) { return false; }
-
- if (target.getResource().matchesAny()) { return true; }
-
- if (resource == null) { return false; }
-
- MatchFunction resourceFunction = ArpEngine.lookupMatchFunction(target.getResource()
- .getMatchFunctionIdentifier());
- if (resourceFunction.match(target.getResource().getValue(), resource)) { return true; }
- return false;
+ if (requesterFunction.match(target.getRequester().getValue(), requester)) {
+ return true;
+ } else {
+ return false;
+ }
} catch (ArpException e) {
log.warn("Encountered a problem while trying to find matching ARP rules: " + e);
return false;
class Target {
private Requester requester = null;
- private Resource resource = null;
private boolean matchesAny = false;
/**
return targetNode;
}
targetNode.appendChild(placeHolder.importNode(requester.unmarshall(), true));
- if (target.resource.matchesAny()) {
- Element anyResourceNode = placeHolder.createElementNS(Arp.arpNamespace, "AnyResource");
- targetNode.appendChild(anyResourceNode);
- return targetNode;
- }
- targetNode.appendChild(placeHolder.importNode(resource.unmarshall(), true));
return targetNode;
} catch (ParserConfigurationException e) {
log.error("Encountered a problem unmarshalling an ARP Rule: " + e);
throw new ArpMarshallingException(
"ARP Rule Target contains invalid data: incorrectly specified <Requester>.");
}
-
- // Handle <AnyResource/>
- NodeList anyResourceNodeList = element.getElementsByTagNameNS(Arp.arpNamespace, "AnyResource");
- if (anyResourceNodeList.getLength() == 1) {
- resource = new Resource();
- return;
- }
-
- // Create Resource
- NodeList resourceNodeList = element.getElementsByTagNameNS(Arp.arpNamespace, "Resource");
- if (resourceNodeList.getLength() == 1) {
- resource = new Resource();
- resource.marshall((Element) resourceNodeList.item(0));
- } else {
- resource = new Resource();
- }
}
boolean matchesAny() {
return requester;
}
-
- Resource getResource() {
-
- return resource;
- }
- }
-
- class Resource {
-
- private String value;
- private URI matchFunctionIdentifier;
- private boolean matchesAny;
-
- Resource() {
-
- matchesAny = true;
- }
-
- boolean matchesAny() {
-
- return matchesAny;
- }
-
- URI getMatchFunctionIdentifier() {
-
- return matchFunctionIdentifier;
- }
-
- String getValue() {
-
- return value;
- }
-
- /**
- * Unmarshalls the <code>Rule.Resource</code> into an xml <code>Element</code>.
- *
- * @return the xml <code>Element</code>
- */
-
- Element unmarshall() throws ArpMarshallingException {
-
- try {
- Document placeHolder = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
- Element resourceNode = placeHolder.createElementNS(Arp.arpNamespace, "Resource");
- if (!matchFunctionIdentifier.equals(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"))) {
- resourceNode.setAttributeNS(Arp.arpNamespace, "matchFunction", matchFunctionIdentifier.toString());
- }
- Text valueNode = placeHolder.createTextNode(value);
- resourceNode.appendChild(valueNode);
- return resourceNode;
-
- } catch (URISyntaxException e) {
- log.error("Encountered a problem unmarshalling an ARP Rule Resource: " + e);
- throw new ArpMarshallingException("Encountered a problem unmarshalling an ARP Rule Resource.");
- } catch (ParserConfigurationException e) {
- log.error("Encountered a problem unmarshalling an ARP Rule Resource: " + e);
- throw new ArpMarshallingException("Encountered a problem unmarshalling an ARP Rule Resource.");
- }
- }
-
- /**
- * Creates an ARP Rule Target Resource from an xml representation.
- *
- * @param element
- * the xml <code>Element</code> containing the ARP Rule.
- */
- void marshall(Element element) throws ArpMarshallingException {
-
- matchesAny = false;
-
- // Make sure we are deling with a Resource
- if (!element.getTagName().equals("Resource")) {
- log.error("Element data does not represent an ARP Rule Target.");
- throw new ArpMarshallingException("Element data does not represent an ARP Rule target.");
- }
-
- // Grab the value
- if (element.hasChildNodes() && element.getFirstChild().getNodeType() == Node.TEXT_NODE) {
- value = ((CharacterData) element.getFirstChild()).getData();
- } else {
- log.error("Element data does not represent an ARP Rule Target.");
- throw new ArpMarshallingException("Element data does not represent an ARP Rule target.");
- }
-
- // Grab the match function
- try {
- if (element.hasAttribute("matchFunction")) {
- matchFunctionIdentifier = new URI(element.getAttribute("matchFunction"));
- } else {
- matchFunctionIdentifier = new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree");
- }
- } catch (URISyntaxException e) {
- log.error("ARP match function not identified by a proper URI.");
- throw new ArpMarshallingException("ARP match function not identified by a proper URI.");
- }
- }
}
class Requester {
private URI name;
private boolean anyValue = false;
private String anyValueRelease = "permit";
- private Set values = new HashSet();
+ private Set<AttributeValue> values = new HashSet<AttributeValue>();
private URI identifier;
boolean releaseAnyValue() {
if (denyAnyValue()) { return false; }
// Handle Permit All with no specific values
- if (releaseAnyValue() && getValues().length == 0) { return true; }
+ if (releaseAnyValue() && getValues().size() == 0) { return true; }
// Handle Deny Specific
Iterator iterator = values.iterator();
if (b) {
anyValue = true;
anyValueRelease = "permit";
- Iterator iterator = values.iterator();
- HashSet permittedValues = new HashSet();
+ Iterator<AttributeValue> iterator = values.iterator();
+ Set<AttributeValue> permittedValues = new HashSet<AttributeValue>();
while (iterator.hasNext()) {
AttributeValue value = (AttributeValue) iterator.next();
if (value.getRelease().equals("permit")) {
return name;
}
- AttributeValue[] getValues() {
+ Collection<AttributeValue> getValues() {
- return (AttributeValue[]) values.toArray(new AttributeValue[0]);
+ return values;
}
void addValue(AttributeValue value) {
public class MemoryArpRepository implements ArpRepository {
- private Map userPolicies = Collections.synchronizedMap(new HashMap());
+ private Map<Principal, Arp> userPolicies = Collections.synchronizedMap(new HashMap<Principal, Arp>());
private Arp sitePolicy;
private static Logger log = Logger.getLogger(MemoryArpRepository.class.getName());
public Arp[] getAllPolicies(Principal principal) throws ArpRepositoryException {
log.debug("Received a query for all policies applicable to principal: (" + principal.getName() + ").");
- Set allPolicies = new HashSet();
+ Set<Arp> allPolicies = new HashSet<Arp>();
if (getSitePolicy() != null) {
log.debug("Returning site policy.");
allPolicies.add(getSitePolicy());
+++ /dev/null
-/*
- * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package edu.internet2.middleware.shibboleth.aa.arp.provider;
-
-import edu.internet2.middleware.shibboleth.aa.arp.MatchFunction;
-import edu.internet2.middleware.shibboleth.aa.arp.MatchingException;
-
-import org.apache.log4j.Logger;
-
-import java.net.MalformedURLException;
-import java.net.URL;
-
-/**
- * MatchFuction implementation that does "tail" matching on resources.
- *
- * @author Walter Hoehn (wassa@columbia.edu)
- */
-public class ResourceTreeMatchFunction implements MatchFunction {
-
- private static Logger log = Logger.getLogger(ResourceTreeMatchFunction.class.getName());
-
- /**
- * @see edu.internet2.middleware.shibboleth.aa.arp.MatchFunction#match(Object, Object)
- */
- public boolean match(Object arpComponent, Object requestComponent) throws MatchingException {
-
- if (!(arpComponent instanceof String) || !(requestComponent instanceof URL)) {
- log.error("Invalid use of ARP matching function (ResourceTreeMatchFunction).");
- throw new MatchingException("Invalid use of ARP matching function (ResourceTreeMatchFunction).");
- }
-
- URL arpURL = null;
-
- try {
- arpURL = new URL((String) arpComponent);
- } catch (MalformedURLException e) {
- log.error("Invalid use of ARP matching function (ResourceTreeMatchFunction): ARP Component is not a URL.");
- throw new MatchingException("Invalid use of ARP matching function (ResourceTreeMatchFunction).");
- }
-
- if (!matchProtocol(arpURL, (URL) requestComponent)) { return false; }
-
- if (!matchHost(arpURL, (URL) requestComponent)) { return false; }
-
- if (!matchPort(arpURL, (URL) requestComponent)) { return false; }
-
- if (!matchPath(arpURL, (URL) requestComponent)) { return false; }
-
- if (!matchQuery(arpURL, (URL) requestComponent)) { return false; }
-
- return true;
- }
-
- protected boolean matchHost(URL arpURL, URL requestURL) {
-
- return arpURL.getHost().equals(requestURL.getHost());
- }
-
- protected boolean matchPath(URL arpURL, URL requestURL) {
-
- String arpPath = arpURL.getPath();
-
- if (arpPath.equals("")) {
- arpPath = "/";
- }
-
- String requestPath = requestURL.getPath();
-
- if (requestPath.equals("")) {
- requestPath = "/";
- }
-
- return requestPath.startsWith(arpPath);
- }
-
- protected boolean matchPort(URL arpURL, URL requestURL) {
-
- int arpPort = arpURL.getPort();
-
- if (arpPort < 1) {
- arpPort = arpURL.getDefaultPort();
- }
-
- int requestPort = requestURL.getPort();
-
- if (requestPort < 1) {
- requestPort = requestURL.getDefaultPort();
- }
-
- if (arpPort == requestPort) { return true; }
-
- return false;
- }
-
- protected boolean matchProtocol(URL arpURL, URL requestURL) {
-
- return arpURL.getProtocol().equals(requestURL.getProtocol());
- }
-
- protected boolean matchQuery(URL arpURL, URL requestURL) {
-
- if (arpURL.getQuery() == null) { return true; }
-
- return arpURL.getQuery().equals(requestURL.getQuery());
- }
-}
package edu.internet2.middleware.shibboleth.idp;
import java.net.URI;
-import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
private static Logger log = Logger.getLogger(IdPProtocolSupport.class.getName());
private Logger transactionLog;
private IdPConfig config;
- private ArrayList metadata = new ArrayList();
+ private ArrayList<Metadata> metadata = new ArrayList<Metadata>();
private NameMapper nameMapper;
private ServiceProviderMapper spMapper;
private ArpEngine arpEngine;
}
public Collection<? extends SAMLAttribute> getReleaseAttributes(Principal principal, RelyingParty relyingParty,
- String requester, URL resource) throws AAException {
+ String requester) throws AAException {
try {
- Collection<URI> potentialAttributes = arpEngine.listPossibleReleaseAttributes(principal, requester,
- resource);
- return getReleaseAttributes(principal, relyingParty, requester, resource, potentialAttributes);
+ Collection<URI> potentialAttributes = arpEngine.listPossibleReleaseAttributes(principal, requester);
+ return getReleaseAttributes(principal, relyingParty, requester, potentialAttributes);
} catch (ArpProcessingException e) {
log.error("An error occurred while processing the ARPs for principal (" + principal.getName() + ") :"
}
public Collection<? extends SAMLAttribute> getReleaseAttributes(Principal principal, RelyingParty relyingParty,
- String requester, URL resource, Collection<URI> attributeNames) throws AAException {
+ String requester, Collection<URI> attributeNames) throws AAException {
try {
Map<String, AAAttribute> attributes = new HashMap<String, AAAttribute>();
}
return resolveAttributes(principal, requester, relyingParty.getIdentityProvider().getProviderId(),
- resource, attributes);
+ attributes);
} catch (SAMLException e) {
log.error("An error occurred while creating attributes for principal (" + principal.getName() + ") :"
}
public Collection<? extends SAMLAttribute> resolveAttributes(Principal principal, String requester,
- String responder, URL resource, Map<String, AAAttribute> attributeSet) throws ArpProcessingException {
+ String responder, Map<String, AAAttribute> attributeSet) throws ArpProcessingException {
resolver.resolveAttributes(principal, requester, responder, attributeSet);
- arpEngine.filterAttributes(attributeSet.values(), principal, requester, resource);
+ arpEngine.filterAttributes(attributeSet.values(), principal, requester);
return attributeSet.values();
}
}
}
- attrs = support.getReleaseAttributes(principal, relyingParty, effectiveName, null, requestedAttrs);
+ attrs = support.getReleaseAttributes(principal, relyingParty, effectiveName, requestedAttrs);
} else {
log.info("Request does not designate specific attributes, resolving all available.");
attrs = support.getReleaseAttributes(principal, relyingParty, effectiveName, null);
import java.io.PrintStream;
import java.io.PrintWriter;
-import java.net.MalformedURLException;
-import java.net.URL;
import java.security.Principal;
import java.util.Collection;
import java.util.HashMap;
private static String requester = null;
private static String responder = null;
private static String user = null;
- private static String resource = null;
- private static URL resourceUrl = null;
private static AttributeResolver resolver = null;
private static ArpEngine arpEngine = null;
try {
if (arpEngine != null) {
- arpEngine.filterAttributes(attributeSet.values(), principal, requester, resourceUrl);
+ arpEngine.filterAttributes(attributeSet.values(), principal, requester);
}
} catch (ArpProcessingException e) {
System.err.println("Error applying Attribute Release Policy: " + e.getMessage());
CmdLineParser.Option responderOption = parser.addStringOption('i', "responder");
CmdLineParser.Option resolverxmlOption = parser.addStringOption('\u0000', "resolverxml");
CmdLineParser.Option fileOption = parser.addStringOption('f', "file"); // deprecated
- CmdLineParser.Option resourceOption = parser.addStringOption('\u0000', "resource");
try {
parser.parse(args);
user = (String) parser.getOptionValue(userOption);
requester = (String) parser.getOptionValue(requesterOption);
responder = (String) parser.getOptionValue(responderOption);
- resource = (String) parser.getOptionValue(resourceOption);
configureLogging(debug);
checkRequired();
arpEngine = new ArpEngine((Element) itemElements.item(0));
}
- if (resource != null) {
- resourceUrl = new URL(resource);
- }
} catch (ShibbolethConfigurationException e) {
System.err.println("Error loading IdP configuration file (" + idpXml + "): " + e.getMessage());
System.exit(1);
} catch (ArpException e) {
System.err.println("Error initializing the ARP Engine: " + e.getMessage());
System.exit(1);
- } catch (MalformedURLException e) {
- System.err.println("Specified resource URL is invalid: " + e.getMessage());
- System.exit(1);
}
} else {
try {