--- /dev/null
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+
+ <SimpleAttributeDefinition id="urn:mace:eduPerson:1.0:eduPersonPrincipalName" smartScope="columbia.edu">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:eduPerson:1.0:eduPersonNickName">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:eduPerson:1.0:eduPersonEntitlement">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="urn:mace:eduPerson:1.0:eduPersonAffiliation">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <CustomDataConnector id="echo" cacheTime="1800000"
+ class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector" />
+
+</AttributeResolver>
\ No newline at end of file
--- /dev/null
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+
+ <SimpleAttributeDefinition id="urn:mace:eduPerson:1.0:eduPersonPrincipalName" smartScope="example.edu">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <SimpleAttributeDefinition id="foo" smartScope="example.edu">
+ <DataConnectorDependency requires="echo"/>
+ </SimpleAttributeDefinition>
+
+ <CustomDataConnector id="echo" cacheTime="1800000"
+ class="edu.internet2.middleware.shibboleth.aa.attrresolv.ScopeTestConnector" />
+
+</AttributeResolver>
\ No newline at end of file
this(name);
setValues(values);
}
+
+ public AAAttribute(String name, Object[] values, ValueHandler handler) throws SAMLException {
+ this(name);
+ setValues(values);
+ registerValueHandler(handler);
+ }
public boolean hasValues() {
if (values.isEmpty()) {
*/
public boolean equals(Object object) {
- if (!(object instanceof AAAttribute)) {
+ if (!(object instanceof AAAttribute)) {System.err.println("hey hey hey");
return false;
}
- if (lifetime != ((AAAttribute) object).lifetime) {
+ if (lifetime != ((AAAttribute) object).lifetime) {System.err.println("hey hey hey");
return false;
}
- if (name != ((AAAttribute) object).name) {
+ if (name != ((AAAttribute) object).name) {System.err.println("hey hey hey");
return false;
}
- if (!valueHandler.getClass().getName().equals(((AAAttribute) object).valueHandler.getClass().getName())) {
+ if (!valueHandler.equals(((AAAttribute) object).valueHandler)) {System.err.println("hey hey yo");
return false;
}
return values.equals(((AAAttribute) object).values);
return attributes.equals(((AAAttributeSet) object).attributes);
}
+ /**
+ * @see java.lang.Object#toString()
+ */
+ public String toString() {
+ StringBuffer buffer = new StringBuffer();
+ buffer.append(attributes.size());
+ for (Iterator iterator = attributes.values().iterator(); iterator.hasNext();) {
+ AAAttribute attribute = (AAAttribute) iterator.next();
+ buffer.append("(" + attribute.getName() + "):");
+ for (Iterator valuesIterator = attribute.getValues(); valuesIterator.hasNext();) {
+ buffer.append(" \"" + valuesIterator.next().toString() + "\"");
+ }
+ buffer.append(System.getProperty("line.separator"));
+ }
+ return buffer.toString();
+ }
+
}
package edu.internet2.middleware.shibboleth.aa.attrresolv;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
import java.io.IOException;
import java.io.InputStream;
-import java.net.MalformedURLException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import javax.naming.directory.Attributes;
-import org.apache.log4j.BasicConfigurator;
-import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.xerces.parsers.DOMParser;
-import org.apache.xml.serialize.OutputFormat;
-import org.apache.xml.serialize.XMLSerializer;
-import org.opensaml.SAMLException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
-import sun.security.acl.PrincipalImpl;
-import edu.internet2.middleware.shibboleth.aa.AAAttribute;
-import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
-import edu.internet2.middleware.shibboleth.aa.AAAttributeSet.ShibAttributeIterator;
import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttributeSet.ResolverAttributeIterator;
import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandler;
import edu.internet2.middleware.shibboleth.common.ShibResource;
private void verifyPlugIns() {
//TODO Maybe this should detect loops in the directed graph
+ //TODO this has to do better verification, if plugins are unloaded after dependants have been checked, we get null pointers
log.info("Verifying PlugIn graph consitency.");
Set inconsistent = new HashSet();
depends.addAll(Arrays.asList(((AttributeDefinitionPlugIn) plugIn).getDataConnectorDependencyIds()));
Iterator dependsIt = depends.iterator();
while (dependsIt.hasNext()) {
- if (!plugIns.containsKey(dependsIt.next())) {
+ String key = (String) dependsIt.next();
+ if (!plugIns.containsKey(key)) {
log.error(
"The PlugIn ("
+ plugIn.getId()
- + ") is inconsistent. It depends on a PlugIn that is not registered.");
+ + ") is inconsistent. It depends on a PlugIn (" + key + ") that is not registered.");
inconsistent.add(plugIn.getId());
}
}
return (ResolutionPlugIn) plugIns.get(id);
}
- public static void main(String[] args) {
-
- BasicConfigurator.configure();
- Logger.getRootLogger().setLevel(Level.WARN);
-
- try {
- Properties props = new Properties();
- File file = new File("src/conf/resolver.xml");
-
- props.setProperty(
- "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig",
- file.toURL().toString());
- AttributeResolver ar = new AttributeResolver(props);
- for (int j = 0; j < 2; j++) {
- System.out.println("Resolving pass: " + (j + 1));
- AAAttributeSet attributes = new AAAttributeSet();
- if (j == 1) {
- attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonPrincipalName"));
- }
- attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonNickName"));
- attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonPrimaryAffiliation"));
- attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonScopedAffiliation"));
- attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonAffiliation"));
- attributes.add(new AAAttribute("urn:mace:eduPerson:1.0:eduPersonEntitlement"));
- attributes.add(new AAAttribute("urn:mace:rfc2079:labeledURI"));
-
- ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", attributes);
- ShibAttributeIterator iterator = attributes.shibAttributeIterator();
- while (iterator.hasNext()) {
- AAAttribute attribute = iterator.nextShibAttribute();
- System.out.println(attribute.getName());
- System.out.println("LifeTime: " + attribute.getLifetime());
- System.out.println("\t" + " values:");
- for (Iterator attrIterator = attribute.getValues(); attrIterator.hasNext();) {
- System.out.println("\t\t" + attrIterator.next().toString());
- }
- System.out.println("To DOM:");
- Node dom = attribute.toDOM();
- ByteArrayOutputStream xmlOut = new ByteArrayOutputStream();
- new XMLSerializer(xmlOut, new OutputFormat()).serialize((Element) dom);
- System.out.write(xmlOut.toByteArray());
- System.out.println(System.getProperty("line.separator") + System.getProperty("line.separator"));
- }
- }
-
- } catch (AttributeResolverException e) {
- log.error("Couldn't load attribute resolver: " + e.getMessage());
- } catch (MalformedURLException e1) {
- e1.printStackTrace();
- } catch (SAMLException se) {
- se.printStackTrace();
- } catch (IOException e) {
- log.error("Couldn't load attribute resolver: " + e.getMessage());
- }
- }
-
/**
* Resolve a set of attributes for a particular principal and requester.
*
*
* @author Walter Hoehn (wassa@columbia.edu)
*/
-class ScopedStringValueHandler implements ValueHandler {
+public class ScopedStringValueHandler implements ValueHandler {
private static Logger log = Logger.getLogger(ScopedStringValueHandler.class.getName());
public String smartScope;
return values.iterator();
}
+ /**
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ public boolean equals(Object object) {
+ if (!(object instanceof ScopedStringValueHandler)) {
+ return false;
+ }
+ return smartScope.equals(((ScopedStringValueHandler) object).smartScope);
+ }
+
}
--- /dev/null
+/*
+ * The Shibboleth License, Version 1.
+ * Copyright (c) 2002
+ * University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved
+ *
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear.
+ *
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
+ * please contact shibboleth@shibboleth.org
+ *
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
+ * University Corporation for Advanced Internet Development.
+ *
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.aa.attrresolv;
+
+import java.io.File;
+import java.net.MalformedURLException;
+import java.util.Properties;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.BasicConfigurator;
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.opensaml.SAMLException;
+
+import sun.security.acl.PrincipalImpl;
+import edu.internet2.middleware.shibboleth.aa.AAAttribute;
+import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
+import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ScopedStringValueHandler;
+
+/**
+ * Validation suite for the <code>AttributeResolver</code>.
+ *
+ * @ author Walter Hoehn(wassa@columbia.edu)
+ */
+
+public class ResolverTests extends TestCase {
+
+ public ResolverTests(String name) {
+ super(name);
+ BasicConfigurator.resetConfiguration();
+ BasicConfigurator.configure();
+ Logger.getRootLogger().setLevel(Level.OFF);
+ }
+
+ public static void main(String[] args) {
+ junit.textui.TestRunner.run(ResolverTests.class);
+ BasicConfigurator.configure();
+ Logger.getRootLogger().setLevel(Level.OFF);
+ }
+
+ /**
+ * @see junit.framework.TestCase#setUp()
+ */
+ protected void setUp() throws Exception {
+ super.setUp();
+ }
+
+ public void testBasic() {
+
+ try {
+ Properties props = new Properties();
+ File file = new File("data/resolver1.xml");
+ props.setProperty(
+ "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig",
+ file.toURL().toString());
+
+ AttributeResolver ar = new AttributeResolver(props);
+
+ AAAttributeSet inputAttributes =
+ new AAAttributeSet(
+ new AAAttribute[] {
+ new AAAttribute("urn:mace:eduPerson:1.0:eduPersonNickName"),
+ new AAAttribute("urn:mace:eduPerson:1.0:eduPersonEntitlement")});
+
+ AAAttributeSet outputAttributes =
+ new AAAttributeSet(
+ new AAAttribute[] {
+ new AAAttribute(
+ "urn:mace:eduPerson:1.0:eduPersonEntitlement",
+ new Object[] { "urn:mace:example.edu:exampleEntitlement" })
+ });
+
+ ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", inputAttributes);
+
+ assertEquals("Attribute Resolver returned unexpected attribute set.", inputAttributes, outputAttributes);
+
+ } catch (AttributeResolverException e) {
+ fail("Couldn't load attribute resolver: " + e.getMessage());
+ } catch (MalformedURLException e) {
+ fail("Error in test specification: " + e.getMessage());
+ } catch (SAMLException e) {
+ fail("Error creating SAML Attribute: " + e.getMessage());
+ }
+ }
+
+ public void testSmartScoping() {
+
+ try {
+ Properties props = new Properties();
+ File file = new File("data/resolver2.xml");
+ props.setProperty(
+ "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig",
+ file.toURL().toString());
+
+ AttributeResolver ar = new AttributeResolver(props);
+
+ AAAttributeSet inputAttributes =
+ new AAAttributeSet(
+ new AAAttribute[] {
+ new AAAttribute("urn:mace:eduPerson:1.0:eduPersonPrincipalName"),
+ new AAAttribute("foo")});
+
+ AAAttributeSet outputAttributes = new AAAttributeSet(new AAAttribute[] {
+ //Attribute should have scope appended to connector output
+ new AAAttribute(
+ "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
+ new Object[] { "mytestuser@example.edu" }, new ScopedStringValueHandler("example.edu")),
+ //Attribute should retain scope from connector output
+ new AAAttribute("foo", new Object[] { "bar@example.com" }, new ScopedStringValueHandler("example.edu"))
+ });
+
+ ar.resolveAttributes(new PrincipalImpl("mytestuser"), "shar.example.edu", inputAttributes);
+ System.err.println(inputAttributes);
+ System.err.println("---");
+ System.err.println(outputAttributes);
+ assertEquals("Attribute Resolver returned unexpected attribute set.", inputAttributes, outputAttributes);
+
+ } catch (AttributeResolverException e) {
+ fail("Couldn't load attribute resolver: " + e.getMessage());
+ } catch (MalformedURLException e) {
+ fail("Error in test specification: " + e.getMessage());
+ } catch (SAMLException e) {
+ fail("Error creating SAML Attribute: " + e.getMessage());
+ }
+ }
+
+}
--- /dev/null
+/*
+ * The Shibboleth License, Version 1.
+ * Copyright (c) 2002
+ * University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved
+ *
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear.
+ *
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
+ * please contact shibboleth@shibboleth.org
+ *
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
+ * University Corporation for Advanced Internet Development.
+ *
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.aa.attrresolv;
+
+import java.security.Principal;
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+
+import org.apache.log4j.Logger;
+import org.w3c.dom.Element;
+
+import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.BaseResolutionPlugIn;
+
+/**
+ * <code>DataConnectorPlugIn</code> implementation for use in unit testing.
+ *
+ * @author Walter Hoehn
+ *
+ */
+public class ScopeTestConnector extends BaseResolutionPlugIn implements DataConnectorPlugIn {
+
+ private static Logger log = Logger.getLogger(ScopeTestConnector.class.getName());
+
+ public ScopeTestConnector(Element e) throws ResolutionPlugInException {
+ super(e);
+ }
+
+ /**
+ * @see edu.internet2.middleware.shibboleth.aa.attrresolv.DataConnectorPlugIn#resolve(Principal)
+ */
+ public Attributes resolve(Principal principal) {
+
+ log.debug("Resolving connector: (" + getId() + ")");
+ log.debug(getId() + " resolving for principal: (" + principal.getName() + ")");
+
+ BasicAttributes attributes = new BasicAttributes();
+ attributes.put(new BasicAttribute("eduPersonPrincipalName", principal.getName()));
+ attributes.put(new BasicAttribute("foo", "bar@example.com"));
+ return attributes;
+ }
+
+}
projects / java-idp.git / commitdiff