Code cleanups in preparation for 2.0 work. Ripped out v1.1 ARP syntax remnants.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 2 May 2006 16:16:56 +0000 (16:16 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 2 May 2006 16:16:56 +0000 (16:16 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1935 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/aa/arp/Arp.java
src/edu/internet2/middleware/shibboleth/aa/arp/ArpEngine.java
src/edu/internet2/middleware/shibboleth/aa/arp/Rule.java
src/edu/internet2/middleware/shibboleth/aa/arp/provider/MemoryArpRepository.java
src/edu/internet2/middleware/shibboleth/aa/arp/provider/ResourceTreeMatchFunction.java [deleted file]
src/edu/internet2/middleware/shibboleth/idp/IdPProtocolSupport.java
src/edu/internet2/middleware/shibboleth/idp/provider/SAMLv1_AttributeQueryHandler.java
src/edu/internet2/middleware/shibboleth/utils/ResolverTest.java

index 98425c4..084569e 100755 (executable)
 
 package edu.internet2.middleware.shibboleth.aa.arp;
 
-import java.net.URL;
 import java.security.Principal;
 import java.util.ArrayList;
-import java.util.HashSet;
+import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
-import java.util.Set;
 
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
@@ -37,18 +35,18 @@ import org.w3c.dom.NodeList;
 /**
  * An Attribute Release Policy.
  * 
- * @author Walter Hoehn (wassa@columbia.edu)
+ * @author Walter Hoehn (wassa@memphis.edu)
  */
 
 public class Arp {
 
        public static final String arpNamespace = "urn:mace:shibboleth:arp:1.0";
        private Principal principal;
-       private List rules = new ArrayList();
+       private List<Rule> rules = new ArrayList<Rule>();
        private String description;
        private boolean sitePolicy = false;
        private static Logger log = Logger.getLogger(Arp.class.getName());
-       private Set attributes = new HashSet();
+       private List<Node> attributes = new ArrayList<Node>();
 
        private NodeList ruleReferences;
 
@@ -149,15 +147,15 @@ public class Arp {
                        ruleReferences = ruleReferenceNodes;
                }
 
-               // Retain attributes declared outside the scop of a rule
+               // Retain attributes declared outside the scope of a rule
                // Not enforced!
                NodeList attributeNodes = xmlElement.getElementsByTagNameNS(Arp.arpNamespace, "Attribute");
                if (attributeNodes.getLength() > 0) {
                        for (int i = 0; i < attributeNodes.getLength(); i++) {
                                if (attributeNodes.item(i).getParentNode() == xmlElement) {
-                                       log
-                                                       .warn("Encountered an Attribute definition outside the scope of a Rule definition while marshalling an ARP.  "
-                                                                       + "References are currently unsupported by the ARP Engine.  Ignoring...");
+                                       log.warn("Encountered an Attribute definition outside the scope of a Rule "
+                                                       + "definition while marshalling an ARP.  "
+                                                       + "References are currently unsupported by the ARP Engine.  Ignoring...");
                                        attributes.add(attributeNodes.item(i));
                                }
                        }
@@ -189,9 +187,9 @@ public class Arp {
                                policyNode.appendChild(descriptionNode);
                        }
 
-                       Rule[] rules = getAllRules();
-                       for (int i = 0; rules.length > i; i++) {
-                               policyNode.appendChild(placeHolder.importNode(rules[i].unmarshall(), true));
+                       Collection<Rule> rules = getAllRules();
+                       for (Rule rule : rules) {
+                               policyNode.appendChild(placeHolder.importNode(rule.unmarshall(), true));
                        }
 
                        if (ruleReferences != null) {
@@ -220,9 +218,9 @@ public class Arp {
         * @return the rules
         */
 
-       public Rule[] getAllRules() {
+       public Collection<Rule> getAllRules() {
 
-               return (Rule[]) rules.toArray(new Rule[0]);
+               return rules;
        }
 
        /**
@@ -253,21 +251,19 @@ public class Arp {
         * 
         * @param requester
         *            the SHAR for this request
-        * @param resource
-        *            the resource that the requestis made on behalf of
         * @return the matching <code>Rule</code> objects
         */
-       public Rule[] getMatchingRules(String requester, URL resource) {
+       public Collection<Rule> getMatchingRules(String requester) {
 
-               Set effectiveSet = new HashSet();
+               List<Rule> effectiveSet = new ArrayList<Rule>();
                Iterator iterator = rules.iterator();
                while (iterator.hasNext()) {
                        Rule rule = (Rule) iterator.next();
-                       if (rule.matchesRequest(requester, resource)) {
+                       if (rule.matchesRequest(requester)) {
                                effectiveSet.add(rule);
                        }
                }
-               return (Rule[]) effectiveSet.toArray(new Rule[0]);
+               return effectiveSet;
        }
 
        /**
index 675cb96..7660b5f 100755 (executable)
@@ -18,7 +18,6 @@ package edu.internet2.middleware.shibboleth.aa.arp;
 
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URL;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -44,7 +43,7 @@ import edu.internet2.middleware.shibboleth.xml.Parser;
 /**
  * Defines a processing engine for Attribute Release Policies.
  * 
- * @author Walter Hoehn (wassa@columbia.edu)
+ * @author Walter Hoehn (wassa@memphis.edu)
  */
 
 public class ArpEngine {
@@ -66,14 +65,6 @@ public class ArpEngine {
                        matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:stringNotMatch"),
                                        "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueNotMatchFunction");
 
-                       // Legacy
-                       matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"),
-                                       "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueMatchFunction");
-                       matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"),
-                                       "edu.internet2.middleware.shibboleth.aa.arp.provider.ResourceTreeMatchFunction");
-                       matchFunctions.put(new URI("urn:mace:shibboleth:arp:matchFunction:stringValue"),
-                                       "edu.internet2.middleware.shibboleth.aa.arp.provider.StringValueMatchFunction");
-
                } catch (URISyntaxException e) {
                        log.error("Error mapping standard match functions: " + e);
                }
@@ -174,7 +165,7 @@ public class ArpEngine {
                }
        }
 
-       private Arp createEffectiveArp(Principal principal, String requester, URL resource) throws ArpProcessingException {
+       private Arp createEffectiveArp(Principal principal, String requester) throws ArpProcessingException {
 
                try {
                        Arp effectiveArp = new Arp(principal);
@@ -196,10 +187,10 @@ public class ArpEngine {
                        }
 
                        for (int i = 0; userPolicies.length > i; i++) {
-                               Rule[] rules = userPolicies[i].getMatchingRules(requester, resource);
+                               Collection<Rule> rules = userPolicies[i].getMatchingRules(requester);
 
-                               for (int j = 0; rules.length > j; j++) {
-                                       effectiveArp.addRule(rules[j]);
+                               for (Rule rule : rules) {
+                                       effectiveArp.addRule(rule);
                                }
                        }
                        return effectiveArp;
@@ -217,24 +208,23 @@ public class ArpEngine {
         * 
         * @return an array of <code>URI</code> objects that name the possible attributes
         */
-       public Set<URI> listPossibleReleaseAttributes(Principal principal, String requester, URL resource)
-                       throws ArpProcessingException {
+       public Set<URI> listPossibleReleaseAttributes(Principal principal, String requester) throws ArpProcessingException {
 
                Set<URI> possibleReleaseSet = new HashSet<URI>();
                Set<URI> anyValueDenies = new HashSet<URI>();
-               Rule[] rules = createEffectiveArp(principal, requester, resource).getAllRules();
-               for (int i = 0; rules.length > i; i++) {
-                       Rule.Attribute[] attributes = rules[i].getAttributes();
-                       for (int j = 0; attributes.length > j; j++) {
-                               if (attributes[j].releaseAnyValue()) {
-                                       possibleReleaseSet.add(attributes[j].getName());
-                               } else if (attributes[j].denyAnyValue()) {
-                                       anyValueDenies.add(attributes[j].getName());
+               Collection<Rule> rules = createEffectiveArp(principal, requester).getAllRules();
+               for (Rule rule : rules) {
+                       Collection<Rule.Attribute> attributes = rule.getAttributes();
+                       for (Rule.Attribute attribute : attributes) {
+                               if (attribute.releaseAnyValue()) {
+                                       possibleReleaseSet.add(attribute.getName());
+                               } else if (attribute.denyAnyValue()) {
+                                       anyValueDenies.add(attribute.getName());
                                } else {
-                                       Rule.AttributeValue[] values = attributes[j].getValues();
-                                       for (int k = 0; values.length > k; k++) {
-                                               if (values[k].getRelease().equals("permit")) {
-                                                       possibleReleaseSet.add(attributes[j].getName());
+                                       Collection<Rule.AttributeValue> values = attribute.getValues();
+                                       for (Rule.AttributeValue value : values) {
+                                               if (value.getRelease().equals("permit")) {
+                                                       possibleReleaseSet.add(attribute.getName());
                                                        break;
                                                }
                                        }
@@ -257,8 +247,8 @@ public class ArpEngine {
         * 
         * @return the attributes to be released
         */
-       public void filterAttributes(Collection<? extends ArpAttribute> attributes, Principal principal, String requester,
-                       URL resource) throws ArpProcessingException {
+       public void filterAttributes(Collection<? extends ArpAttribute> attributes, Principal principal, String requester)
+                       throws ArpProcessingException {
 
                if (attributes.isEmpty()) {
                        log.debug("ARP Engine was asked to apply filter to empty attribute set.");
@@ -278,13 +268,13 @@ public class ArpEngine {
                for (Iterator<? extends ArpAttribute> nameIterator = attributes.iterator(); nameIterator.hasNext();) {
                        attributeNames.add(nameIterator.next().getName());
                }
-               Rule[] rules = createEffectiveArp(principal, requester, resource).getAllRules();
+               Collection<Rule> rules = createEffectiveArp(principal, requester).getAllRules();
                Set<Rule.Attribute> applicableRuleAttributes = new HashSet<Rule.Attribute>();
-               for (int i = 0; rules.length > i; i++) {
-                       Rule.Attribute[] ruleAttributes = rules[i].getAttributes();
-                       for (int j = 0; ruleAttributes.length > j; j++) {
-                               if (attributeNames.contains(ruleAttributes[j].getName().toString())) {
-                                       applicableRuleAttributes.add(ruleAttributes[j]);
+               for (Rule rule : rules) {
+                       Collection<Rule.Attribute> ruleAttributes = rule.getAttributes();
+                       for (Rule.Attribute ruleAttribute : ruleAttributes) {
+                               if (attributeNames.contains(ruleAttribute.getName().toString())) {
+                                       applicableRuleAttributes.add(ruleAttribute);
                                }
                        }
                }
@@ -312,12 +302,12 @@ public class ArpEngine {
                        }
 
                        // Handle Permit All
-                       if (attribute.releaseAnyValue() && attribute.getValues().length == 0) {
+                       if (attribute.releaseAnyValue() && attribute.getValues().size() == 0) {
                                continue;
                        }
 
                        // Handle "Permit All-Except" and "Permit Specific"
-                       ArrayList releaseValues = new ArrayList();
+                       ArrayList<Object> releaseValues = new ArrayList<Object>();
                        for (Iterator valueIterator = arpAttribute.getValues(); valueIterator.hasNext();) {
                                Object value = valueIterator.next();
                                if (attribute.isValuePermitted(value)) {
@@ -351,9 +341,9 @@ public class ArpEngine {
                                if (attributes[i].releaseAnyValue()) {
                                        ((Rule.Attribute) canonicalSpec.get(attributes[i].getName().toString())).setAnyValuePermit(true);
                                }
-                               Rule.AttributeValue[] values = attributes[i].getValues();
-                               for (int j = 0; values.length > j; j++) {
-                                       ((Rule.Attribute) canonicalSpec.get(attributes[i].getName().toString())).addValue(values[j]);
+                               Collection<Rule.AttributeValue> values = attributes[i].getValues();
+                               for (Rule.AttributeValue value : values) {
+                                       ((Rule.Attribute) canonicalSpec.get(attributes[i].getName().toString())).addValue(value);
                                }
                        }
                }
index 6fc7751..4a548b5 100755 (executable)
@@ -18,8 +18,8 @@ package edu.internet2.middleware.shibboleth.aa.arp;
 
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URL;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
@@ -38,7 +38,7 @@ import org.w3c.dom.Text;
 /**
  * An Attribute Release Policy Rule.
  * 
- * @author Walter Hoehn (wassa@columbia.edu)
+ * @author Walter Hoehn (wassa@memphis.edu)
  */
 
 public class Rule {
@@ -46,7 +46,7 @@ public class Rule {
        private String description;
        private Target target;
        private static Logger log = Logger.getLogger(Rule.class.getName());
-       private ArrayList attributes = new ArrayList();
+       private ArrayList<Attribute> attributes = new ArrayList<Attribute>();
        private NodeList attributeReferences;
 
        private URI identifier;
@@ -80,9 +80,9 @@ public class Rule {
         * @return the attributes
         */
 
-       public Attribute[] getAttributes() {
+       public Collection<Attribute> getAttributes() {
 
-               return (Attribute[]) attributes.toArray(new Attribute[0]);
+               return attributes;
        }
 
        /**
@@ -192,11 +192,9 @@ public class Rule {
         * 
         * @param requester
         *            the SHAR making the request
-        * @param resource
-        *            the resource on behalf of which the request is being made
         */
 
-       public boolean matchesRequest(String requester, URL resource) {
+       public boolean matchesRequest(String requester) {
 
                if (target.matchesAny()) { return true; }
 
@@ -205,16 +203,11 @@ public class Rule {
                try {
                        MatchFunction requesterFunction = ArpEngine.lookupMatchFunction(target.getRequester()
                                        .getMatchFunctionIdentifier());
-                       if (!requesterFunction.match(target.getRequester().getValue(), requester)) { return false; }
-
-                       if (target.getResource().matchesAny()) { return true; }
-
-                       if (resource == null) { return false; }
-
-                       MatchFunction resourceFunction = ArpEngine.lookupMatchFunction(target.getResource()
-                                       .getMatchFunctionIdentifier());
-                       if (resourceFunction.match(target.getResource().getValue(), resource)) { return true; }
-                       return false;
+                       if (requesterFunction.match(target.getRequester().getValue(), requester)) {
+                               return true;
+                       } else {
+                               return false;
+                       }
                } catch (ArpException e) {
                        log.warn("Encountered a problem while trying to find matching ARP rules: " + e);
                        return false;
@@ -224,7 +217,6 @@ public class Rule {
        class Target {
 
                private Requester requester = null;
-               private Resource resource = null;
                private boolean matchesAny = false;
 
                /**
@@ -245,12 +237,6 @@ public class Rule {
                                        return targetNode;
                                }
                                targetNode.appendChild(placeHolder.importNode(requester.unmarshall(), true));
-                               if (target.resource.matchesAny()) {
-                                       Element anyResourceNode = placeHolder.createElementNS(Arp.arpNamespace, "AnyResource");
-                                       targetNode.appendChild(anyResourceNode);
-                                       return targetNode;
-                               }
-                               targetNode.appendChild(placeHolder.importNode(resource.unmarshall(), true));
                                return targetNode;
                        } catch (ParserConfigurationException e) {
                                log.error("Encountered a problem unmarshalling an ARP Rule: " + e);
@@ -289,22 +275,6 @@ public class Rule {
                                throw new ArpMarshallingException(
                                                "ARP Rule Target contains invalid data: incorrectly specified <Requester>.");
                        }
-
-                       // Handle <AnyResource/>
-                       NodeList anyResourceNodeList = element.getElementsByTagNameNS(Arp.arpNamespace, "AnyResource");
-                       if (anyResourceNodeList.getLength() == 1) {
-                               resource = new Resource();
-                               return;
-                       }
-
-                       // Create Resource
-                       NodeList resourceNodeList = element.getElementsByTagNameNS(Arp.arpNamespace, "Resource");
-                       if (resourceNodeList.getLength() == 1) {
-                               resource = new Resource();
-                               resource.marshall((Element) resourceNodeList.item(0));
-                       } else {
-                               resource = new Resource();
-                       }
                }
 
                boolean matchesAny() {
@@ -316,102 +286,6 @@ public class Rule {
 
                        return requester;
                }
-
-               Resource getResource() {
-
-                       return resource;
-               }
-       }
-
-       class Resource {
-
-               private String value;
-               private URI matchFunctionIdentifier;
-               private boolean matchesAny;
-
-               Resource() {
-
-                       matchesAny = true;
-               }
-
-               boolean matchesAny() {
-
-                       return matchesAny;
-               }
-
-               URI getMatchFunctionIdentifier() {
-
-                       return matchFunctionIdentifier;
-               }
-
-               String getValue() {
-
-                       return value;
-               }
-
-               /**
-                * Unmarshalls the <code>Rule.Resource</code> into an xml <code>Element</code>.
-                * 
-                * @return the xml <code>Element</code>
-                */
-
-               Element unmarshall() throws ArpMarshallingException {
-
-                       try {
-                               Document placeHolder = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
-                               Element resourceNode = placeHolder.createElementNS(Arp.arpNamespace, "Resource");
-                               if (!matchFunctionIdentifier.equals(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"))) {
-                                       resourceNode.setAttributeNS(Arp.arpNamespace, "matchFunction", matchFunctionIdentifier.toString());
-                               }
-                               Text valueNode = placeHolder.createTextNode(value);
-                               resourceNode.appendChild(valueNode);
-                               return resourceNode;
-
-                       } catch (URISyntaxException e) {
-                               log.error("Encountered a problem unmarshalling an ARP Rule Resource: " + e);
-                               throw new ArpMarshallingException("Encountered a problem unmarshalling an ARP Rule Resource.");
-                       } catch (ParserConfigurationException e) {
-                               log.error("Encountered a problem unmarshalling an ARP Rule Resource: " + e);
-                               throw new ArpMarshallingException("Encountered a problem unmarshalling an ARP Rule Resource.");
-                       }
-               }
-
-               /**
-                * Creates an ARP Rule Target Resource from an xml representation.
-                * 
-                * @param element
-                *            the xml <code>Element</code> containing the ARP Rule.
-                */
-               void marshall(Element element) throws ArpMarshallingException {
-
-                       matchesAny = false;
-
-                       // Make sure we are deling with a Resource
-                       if (!element.getTagName().equals("Resource")) {
-                               log.error("Element data does not represent an ARP Rule Target.");
-                               throw new ArpMarshallingException("Element data does not represent an ARP Rule target.");
-                       }
-
-                       // Grab the value
-                       if (element.hasChildNodes() && element.getFirstChild().getNodeType() == Node.TEXT_NODE) {
-                               value = ((CharacterData) element.getFirstChild()).getData();
-                       } else {
-                               log.error("Element data does not represent an ARP Rule Target.");
-                               throw new ArpMarshallingException("Element data does not represent an ARP Rule target.");
-                       }
-
-                       // Grab the match function
-                       try {
-                               if (element.hasAttribute("matchFunction")) {
-                                       matchFunctionIdentifier = new URI(element.getAttribute("matchFunction"));
-                               } else {
-                                       matchFunctionIdentifier = new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree");
-                               }
-                       } catch (URISyntaxException e) {
-                               log.error("ARP match function not identified by a proper URI.");
-                               throw new ArpMarshallingException("ARP match function not identified by a proper URI.");
-                       }
-               }
        }
 
        class Requester {
@@ -497,7 +371,7 @@ public class Rule {
                private URI name;
                private boolean anyValue = false;
                private String anyValueRelease = "permit";
-               private Set values = new HashSet();
+               private Set<AttributeValue> values = new HashSet<AttributeValue>();
                private URI identifier;
 
                boolean releaseAnyValue() {
@@ -531,7 +405,7 @@ public class Rule {
                        if (denyAnyValue()) { return false; }
 
                        // Handle Permit All with no specific values
-                       if (releaseAnyValue() && getValues().length == 0) { return true; }
+                       if (releaseAnyValue() && getValues().size() == 0) { return true; }
 
                        // Handle Deny Specific
                        Iterator iterator = values.iterator();
@@ -599,8 +473,8 @@ public class Rule {
                        if (b) {
                                anyValue = true;
                                anyValueRelease = "permit";
-                               Iterator iterator = values.iterator();
-                               HashSet permittedValues = new HashSet();
+                               Iterator<AttributeValue> iterator = values.iterator();
+                               Set<AttributeValue> permittedValues = new HashSet<AttributeValue>();
                                while (iterator.hasNext()) {
                                        AttributeValue value = (AttributeValue) iterator.next();
                                        if (value.getRelease().equals("permit")) {
@@ -620,9 +494,9 @@ public class Rule {
                        return name;
                }
 
-               AttributeValue[] getValues() {
+               Collection<AttributeValue> getValues() {
 
-                       return (AttributeValue[]) values.toArray(new AttributeValue[0]);
+                       return values;
                }
 
                void addValue(AttributeValue value) {
index a7b1c13..25b4129 100755 (executable)
@@ -38,7 +38,7 @@ import edu.internet2.middleware.shibboleth.aa.arp.ArpRepositoryException;
 
 public class MemoryArpRepository implements ArpRepository {
 
-       private Map userPolicies = Collections.synchronizedMap(new HashMap());
+       private Map<Principal, Arp> userPolicies = Collections.synchronizedMap(new HashMap<Principal, Arp>());
        private Arp sitePolicy;
        private static Logger log = Logger.getLogger(MemoryArpRepository.class.getName());
 
@@ -62,7 +62,7 @@ public class MemoryArpRepository implements ArpRepository {
        public Arp[] getAllPolicies(Principal principal) throws ArpRepositoryException {
 
                log.debug("Received a query for all policies applicable to principal: (" + principal.getName() + ").");
-               Set allPolicies = new HashSet();
+               Set<Arp> allPolicies = new HashSet<Arp>();
                if (getSitePolicy() != null) {
                        log.debug("Returning site policy.");
                        allPolicies.add(getSitePolicy());
diff --git a/src/edu/internet2/middleware/shibboleth/aa/arp/provider/ResourceTreeMatchFunction.java b/src/edu/internet2/middleware/shibboleth/aa/arp/provider/ResourceTreeMatchFunction.java
deleted file mode 100755 (executable)
index 861e36a..0000000
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package edu.internet2.middleware.shibboleth.aa.arp.provider;
-
-import edu.internet2.middleware.shibboleth.aa.arp.MatchFunction;
-import edu.internet2.middleware.shibboleth.aa.arp.MatchingException;
-
-import org.apache.log4j.Logger;
-
-import java.net.MalformedURLException;
-import java.net.URL;
-
-/**
- * MatchFuction implementation that does "tail" matching on resources.
- * 
- * @author Walter Hoehn (wassa&#064;columbia.edu)
- */
-public class ResourceTreeMatchFunction implements MatchFunction {
-
-       private static Logger log = Logger.getLogger(ResourceTreeMatchFunction.class.getName());
-
-       /**
-        * @see edu.internet2.middleware.shibboleth.aa.arp.MatchFunction#match(Object, Object)
-        */
-       public boolean match(Object arpComponent, Object requestComponent) throws MatchingException {
-
-               if (!(arpComponent instanceof String) || !(requestComponent instanceof URL)) {
-                       log.error("Invalid use of ARP matching function (ResourceTreeMatchFunction).");
-                       throw new MatchingException("Invalid use of ARP matching function (ResourceTreeMatchFunction).");
-               }
-
-               URL arpURL = null;
-
-               try {
-                       arpURL = new URL((String) arpComponent);
-               } catch (MalformedURLException e) {
-                       log.error("Invalid use of ARP matching function (ResourceTreeMatchFunction): ARP Component is not a URL.");
-                       throw new MatchingException("Invalid use of ARP matching function (ResourceTreeMatchFunction).");
-               }
-
-               if (!matchProtocol(arpURL, (URL) requestComponent)) { return false; }
-
-               if (!matchHost(arpURL, (URL) requestComponent)) { return false; }
-
-               if (!matchPort(arpURL, (URL) requestComponent)) { return false; }
-
-               if (!matchPath(arpURL, (URL) requestComponent)) { return false; }
-
-               if (!matchQuery(arpURL, (URL) requestComponent)) { return false; }
-
-               return true;
-       }
-
-       protected boolean matchHost(URL arpURL, URL requestURL) {
-
-               return arpURL.getHost().equals(requestURL.getHost());
-       }
-
-       protected boolean matchPath(URL arpURL, URL requestURL) {
-
-               String arpPath = arpURL.getPath();
-
-               if (arpPath.equals("")) {
-                       arpPath = "/";
-               }
-
-               String requestPath = requestURL.getPath();
-
-               if (requestPath.equals("")) {
-                       requestPath = "/";
-               }
-
-               return requestPath.startsWith(arpPath);
-       }
-
-       protected boolean matchPort(URL arpURL, URL requestURL) {
-
-               int arpPort = arpURL.getPort();
-
-               if (arpPort < 1) {
-                       arpPort = arpURL.getDefaultPort();
-               }
-
-               int requestPort = requestURL.getPort();
-
-               if (requestPort < 1) {
-                       requestPort = requestURL.getDefaultPort();
-               }
-
-               if (arpPort == requestPort) { return true; }
-
-               return false;
-       }
-
-       protected boolean matchProtocol(URL arpURL, URL requestURL) {
-
-               return arpURL.getProtocol().equals(requestURL.getProtocol());
-       }
-
-       protected boolean matchQuery(URL arpURL, URL requestURL) {
-
-               if (arpURL.getQuery() == null) { return true; }
-
-               return arpURL.getQuery().equals(requestURL.getQuery());
-       }
-}
index 04e1c08..c171721 100644 (file)
@@ -10,7 +10,6 @@
 package edu.internet2.middleware.shibboleth.idp;
 
 import java.net.URI;
-import java.net.URL;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -59,7 +58,7 @@ public class IdPProtocolSupport implements Metadata {
        private static Logger log = Logger.getLogger(IdPProtocolSupport.class.getName());
        private Logger transactionLog;
        private IdPConfig config;
-       private ArrayList metadata = new ArrayList();
+       private ArrayList<Metadata> metadata = new ArrayList<Metadata>();
        private NameMapper nameMapper;
        private ServiceProviderMapper spMapper;
        private ArpEngine arpEngine;
@@ -221,12 +220,11 @@ public class IdPProtocolSupport implements Metadata {
        }
 
        public Collection<? extends SAMLAttribute> getReleaseAttributes(Principal principal, RelyingParty relyingParty,
-                       String requester, URL resource) throws AAException {
+                       String requester) throws AAException {
 
                try {
-                       Collection<URI> potentialAttributes = arpEngine.listPossibleReleaseAttributes(principal, requester,
-                                       resource);
-                       return getReleaseAttributes(principal, relyingParty, requester, resource, potentialAttributes);
+                       Collection<URI> potentialAttributes = arpEngine.listPossibleReleaseAttributes(principal, requester);
+                       return getReleaseAttributes(principal, relyingParty, requester, potentialAttributes);
 
                } catch (ArpProcessingException e) {
                        log.error("An error occurred while processing the ARPs for principal (" + principal.getName() + ") :"
@@ -236,7 +234,7 @@ public class IdPProtocolSupport implements Metadata {
        }
 
        public Collection<? extends SAMLAttribute> getReleaseAttributes(Principal principal, RelyingParty relyingParty,
-                       String requester, URL resource, Collection<URI> attributeNames) throws AAException {
+                       String requester, Collection<URI> attributeNames) throws AAException {
 
                try {
                        Map<String, AAAttribute> attributes = new HashMap<String, AAAttribute>();
@@ -252,7 +250,7 @@ public class IdPProtocolSupport implements Metadata {
                        }
 
                        return resolveAttributes(principal, requester, relyingParty.getIdentityProvider().getProviderId(),
-                                       resource, attributes);
+                                       attributes);
 
                } catch (SAMLException e) {
                        log.error("An error occurred while creating attributes for principal (" + principal.getName() + ") :"
@@ -267,10 +265,10 @@ public class IdPProtocolSupport implements Metadata {
        }
 
        public Collection<? extends SAMLAttribute> resolveAttributes(Principal principal, String requester,
-                       String responder, URL resource, Map<String, AAAttribute> attributeSet) throws ArpProcessingException {
+                       String responder, Map<String, AAAttribute> attributeSet) throws ArpProcessingException {
 
                resolver.resolveAttributes(principal, requester, responder, attributeSet);
-               arpEngine.filterAttributes(attributeSet.values(), principal, requester, resource);
+               arpEngine.filterAttributes(attributeSet.values(), principal, requester);
                return attributeSet.values();
        }
 
index 1fb2aaf..0c4aff0 100644 (file)
@@ -233,7 +233,7 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
                                        }
                                }
 
-                               attrs = support.getReleaseAttributes(principal, relyingParty, effectiveName, null, requestedAttrs);
+                               attrs = support.getReleaseAttributes(principal, relyingParty, effectiveName, requestedAttrs);
                        } else {
                                log.info("Request does not designate specific attributes, resolving all available.");
                                attrs = support.getReleaseAttributes(principal, relyingParty, effectiveName, null);
index 2b68464..1dcd8a2 100644 (file)
@@ -20,8 +20,6 @@ import jargs.gnu.CmdLineParser;
 
 import java.io.PrintStream;
 import java.io.PrintWriter;
-import java.net.MalformedURLException;
-import java.net.URL;
 import java.security.Principal;
 import java.util.Collection;
 import java.util.HashMap;
@@ -64,8 +62,6 @@ public class ResolverTest {
        private static String requester = null;
        private static String responder = null;
        private static String user = null;
-       private static String resource = null;
-       private static URL resourceUrl = null;
        private static AttributeResolver resolver = null;
        private static ArpEngine arpEngine = null;
 
@@ -89,7 +85,7 @@ public class ResolverTest {
 
                try {
                        if (arpEngine != null) {
-                               arpEngine.filterAttributes(attributeSet.values(), principal, requester, resourceUrl);
+                               arpEngine.filterAttributes(attributeSet.values(), principal, requester);
                        }
                } catch (ArpProcessingException e) {
                        System.err.println("Error applying Attribute Release Policy: " + e.getMessage());
@@ -109,7 +105,6 @@ public class ResolverTest {
                CmdLineParser.Option responderOption = parser.addStringOption('i', "responder");
                CmdLineParser.Option resolverxmlOption = parser.addStringOption('\u0000', "resolverxml");
                CmdLineParser.Option fileOption = parser.addStringOption('f', "file"); // deprecated
-               CmdLineParser.Option resourceOption = parser.addStringOption('\u0000', "resource");
 
                try {
                        parser.parse(args);
@@ -141,7 +136,6 @@ public class ResolverTest {
                user = (String) parser.getOptionValue(userOption);
                requester = (String) parser.getOptionValue(requesterOption);
                responder = (String) parser.getOptionValue(responderOption);
-               resource = (String) parser.getOptionValue(resourceOption);
 
                configureLogging(debug);
                checkRequired();
@@ -207,9 +201,6 @@ public class ResolverTest {
                                        arpEngine = new ArpEngine((Element) itemElements.item(0));
                                }
 
-                               if (resource != null) {
-                                       resourceUrl = new URL(resource);
-                               }
                        } catch (ShibbolethConfigurationException e) {
                                System.err.println("Error loading IdP configuration file (" + idpXml + "): " + e.getMessage());
                                System.exit(1);
@@ -219,9 +210,6 @@ public class ResolverTest {
                        } catch (ArpException e) {
                                System.err.println("Error initializing the ARP Engine: " + e.getMessage());
                                System.exit(1);
-                       } catch (MalformedURLException e) {
-                               System.err.println("Specified resource URL is invalid: " + e.getMessage());
-                               System.exit(1);
                        }
                } else {
                        try {