+++ /dev/null
-/*
- * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package edu.internet2.middleware.shibboleth.aa;
-
-import java.util.HashMap;
-import java.util.Iterator;
-
-import org.opensaml.SAMLAttribute;
-
-import edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute;
-import edu.internet2.middleware.shibboleth.aa.arp.ArpAttributeSet;
-import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute;
-import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttributeSet;
-
-/**
- * A set of attributes for which the Shibboleth Attribute Authority has been asked to provide assertions.
- *
- * @author Walter Hoehn (wassa@columbia.edu)
- */
-public class AAAttributeSet implements ResolverAttributeSet, ArpAttributeSet {
-
- private HashMap attributes = new HashMap();
-
- public AAAttributeSet() {
-
- }
-
- public AAAttributeSet(AAAttribute attribute) {
-
- attributes.put(attribute.getName(), attribute);
- }
-
- public AAAttributeSet(AAAttribute[] attributes) {
-
- for (int i = 0; i < attributes.length; i++) {
- this.attributes.put(attributes[i].getName(), attributes[i]);
- }
- }
-
- public void add(AAAttribute attribute) {
-
- attributes.put(attribute.getName(), attribute);
- }
-
- public ResolverAttribute getByName(String name) {
-
- return (ResolverAttribute) attributes.get(name);
- }
-
- public ShibAttributeIterator shibAttributeIterator() {
-
- return new ShibAttributeIterator(attributes.values().iterator());
- }
-
- public ResolverAttributeIterator resolverAttributeIterator() {
-
- return shibAttributeIterator();
- }
-
- public ArpAttributeIterator arpAttributeIterator() {
-
- return shibAttributeIterator();
- }
-
- public int size() {
-
- return attributes.size();
- }
-
- public SAMLAttribute[] getAttributes() {
-
- return (SAMLAttribute[]) attributes.values().toArray(new SAMLAttribute[0]);
- }
-
- public class ShibAttributeIterator implements ResolverAttributeIterator, ArpAttributeIterator {
-
- private Iterator genericIterator;
-
- private ShibAttributeIterator(Iterator iterator) {
-
- genericIterator = iterator;
- }
-
- public boolean hasNext() {
-
- return genericIterator.hasNext();
- }
-
- public ResolverAttribute nextResolverAttribute() {
-
- return nextShibAttribute();
- }
-
- public AAAttribute nextShibAttribute() {
-
- return (AAAttribute) genericIterator.next();
- }
-
- public void remove() {
-
- genericIterator.remove();
- }
-
- public ArpAttribute nextArpAttribute() {
-
- return (ArpAttribute) genericIterator.next();
- }
-
- }
-
- /**
- * @see java.lang.Object#equals(java.lang.Object)
- */
- public boolean equals(Object object) {
-
- if (!(object instanceof AAAttributeSet)) { return false; }
- return attributes.equals(((AAAttributeSet) object).attributes);
- }
-
- /**
- * @see java.lang.Object#toString()
- */
- public String toString() {
-
- StringBuffer buffer = new StringBuffer();
- buffer.append(attributes.size());
- for (Iterator iterator = attributes.values().iterator(); iterator.hasNext();) {
- AAAttribute attribute = (AAAttribute) iterator.next();
- buffer.append("(" + attribute.getName() + "):");
- for (Iterator valuesIterator = attribute.getValues(); valuesIterator.hasNext();) {
- buffer.append(" \"" + valuesIterator.next().toString() + "\"");
- }
- buffer.append(System.getProperty("line.separator"));
- }
- return buffer.toString();
- }
-
-}
+++ /dev/null
-/*
- * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package edu.internet2.middleware.shibboleth.aa.arp;
-/**
- * Defines a set of attributes whose values can be filtered by the <code>ArpEngine</code>.
- *
- * @author Walter Hoehn (wassa@columbia.edu)
- */
-public interface ArpAttributeSet {
-
- public ArpAttributeIterator arpAttributeIterator();
-
- public interface ArpAttributeIterator {
- public boolean hasNext();
- public ArpAttribute nextArpAttribute();
- public void remove();
- }
-}
import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
-import edu.internet2.middleware.shibboleth.aa.arp.ArpAttributeSet.ArpAttributeIterator;
import edu.internet2.middleware.shibboleth.idp.IdPConfig;
import edu.internet2.middleware.shibboleth.xml.Parser;
private static Logger log = Logger.getLogger(ArpEngine.class.getName());
private ArpRepository repository;
- private static Map matchFunctions = Collections.synchronizedMap(new HashMap());
+ private static Map<URI, String> matchFunctions = Collections.synchronizedMap(new HashMap<URI, String>());
static {
// Initialize built-in match functions
try {
*
* @return an array of <code>URI</code> objects that name the possible attributes
*/
- public URI[] listPossibleReleaseAttributes(Principal principal, String requester, URL resource)
+ public Set<URI> listPossibleReleaseAttributes(Principal principal, String requester, URL resource)
throws ArpProcessingException {
- Set possibleReleaseSet = new HashSet();
- Set anyValueDenies = new HashSet();
+ Set<URI> possibleReleaseSet = new HashSet<URI>();
+ Set<URI> anyValueDenies = new HashSet<URI>();
Rule[] rules = createEffectiveArp(principal, requester, resource).getAllRules();
for (int i = 0; rules.length > i; i++) {
Rule.Attribute[] attributes = rules[i].getAttributes();
log.debug("Possible attribute: " + iterator.next().toString());
}
}
- return (URI[]) possibleReleaseSet.toArray(new URI[0]);
+ return possibleReleaseSet;
}
/**
*
* @return the attributes to be released
*/
- public void filterAttributes(ArpAttributeSet attributes, Principal principal, String requester, URL resource)
- throws ArpProcessingException {
+ public void filterAttributes(Collection<ArpAttribute> attributes, Principal principal, String requester,
+ URL resource) throws ArpProcessingException {
- ArpAttributeIterator iterator = attributes.arpAttributeIterator();
- if (!iterator.hasNext()) {
+ if (attributes.isEmpty()) {
log.debug("ARP Engine was asked to apply filter to empty attribute set.");
return;
}
log.info("Applying Attribute Release Policies.");
if (log.isDebugEnabled()) {
log.debug("Processing the following attributes:");
- for (ArpAttributeIterator attrIterator = attributes.arpAttributeIterator(); attrIterator.hasNext();) {
- log.debug("Attribute: (" + attrIterator.nextArpAttribute().getName() + ")");
+ for (Iterator<ArpAttribute> attrIterator = attributes.iterator(); attrIterator.hasNext();) {
+ log.debug("Attribute: (" + attrIterator.next().getName() + ")");
}
}
// Gather all applicable ARP attribute specifiers
- Set attributeNames = new HashSet();
- for (ArpAttributeIterator nameIterator = attributes.arpAttributeIterator(); nameIterator.hasNext();) {
- attributeNames.add(nameIterator.nextArpAttribute().getName());
+ Set<String> attributeNames = new HashSet<String>();
+ for (Iterator<ArpAttribute> nameIterator = attributes.iterator(); nameIterator.hasNext();) {
+ attributeNames.add(nameIterator.next().getName());
}
Rule[] rules = createEffectiveArp(principal, requester, resource).getAllRules();
- Set applicableRuleAttributes = new HashSet();
+ Set<Rule.Attribute> applicableRuleAttributes = new HashSet<Rule.Attribute>();
for (int i = 0; rules.length > i; i++) {
Rule.Attribute[] ruleAttributes = rules[i].getAttributes();
for (int j = 0; ruleAttributes.length > j; j++) {
.toArray(new Rule.Attribute[0]));
// Filter
- for (ArpAttributeIterator returnIterator = attributes.arpAttributeIterator(); returnIterator.hasNext();) {
+ for (Iterator<ArpAttribute> returnIterator = attributes.iterator(); returnIterator.hasNext();) {
- ArpAttribute arpAttribute = returnIterator.nextArpAttribute();
+ ArpAttribute arpAttribute = returnIterator.next();
Rule.Attribute attribute = (Rule.Attribute) arpAttributeSpecs.get(arpAttribute.getName());
// Handle no specifier
}
}
- private Map createCanonicalAttributeSpec(Rule.Attribute[] attributes) {
+ private Map<String, Rule.Attribute> createCanonicalAttributeSpec(Rule.Attribute[] attributes) {
- Map canonicalSpec = new HashMap();
+ Map<String, Rule.Attribute> canonicalSpec = new HashMap<String, Rule.Attribute>();
for (int i = 0; attributes.length > i; i++) {
if (!canonicalSpec.containsKey(attributes[i].getName().toString())) {
canonicalSpec.put(attributes[i].getName().toString(), attributes[i]);
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
-import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttributeSet.ResolverAttributeIterator;
import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandler;
import edu.internet2.middleware.shibboleth.common.ShibResource;
import edu.internet2.middleware.shibboleth.common.ShibResource.ResourceNotAvailableException;
public class AttributeResolver {
private static Logger log = Logger.getLogger(AttributeResolver.class.getName());
- private HashMap plugIns = new HashMap();
+ private HashMap<String, ResolutionPlugIn> plugIns = new HashMap<String, ResolutionPlugIn>();
private ResolverCache resolverCache = new ResolverCache();
public static final String resolverNamespace = "urn:mace:shibboleth:resolver:1.0";
private void verifyPlugIns() throws AttributeResolverException {
log.info("Verifying PlugIn graph consitency.");
- Set inconsistent = new HashSet();
+ Set<String> inconsistent = new HashSet<String>();
Iterator registered = plugIns.keySet().iterator();
while (registered.hasNext()) {
- ResolutionPlugIn plugIn = lookupPlugIn((String) registered.next());
+ ResolutionPlugIn plugIn = plugIns.get((String) registered.next());
log.debug("Checking PlugIn (" + plugIn.getId() + ") for consistency.");
- verifyPlugIn(plugIn, new HashSet(), inconsistent);
+ verifyPlugIn(plugIn, new HashSet<String>(), inconsistent);
}
if (!inconsistent.isEmpty()) {
}
- private void verifyPlugIn(ResolutionPlugIn plugIn, Set verifyChain, Set inconsistent) {
+ private void verifyPlugIn(ResolutionPlugIn plugIn, Set<String> verifyChain, Set<String> inconsistent) {
// Short-circuit if we have already found this PlugIn to be inconsistent
if (inconsistent.contains(plugIn.getId())) { return; }
}
// Recursively go through all DataConnector dependencies and make sure all are registered and consistent.
- List depends = new ArrayList();
+ List<String> depends = new ArrayList<String>();
depends.addAll(Arrays.asList(plugIn.getDataConnectorDependencyIds()));
- Iterator dependsIt = depends.iterator();
+ Iterator<String> dependsIt = depends.iterator();
while (dependsIt.hasNext()) {
- String key = (String) dependsIt.next();
+ String key = dependsIt.next();
if (!plugIns.containsKey(key)) {
log.error("The PlugIn (" + plugIn.getId() + ") is inconsistent. It depends on a PlugIn (" + key
+ ") that is not registered.");
return;
}
- ResolutionPlugIn dependent = lookupPlugIn(key);
+ ResolutionPlugIn dependent = plugIns.get(key);
if (!(dependent instanceof DataConnectorPlugIn)) {
log.error("The PlugIn (" + plugIn.getId() + ") is inconsistent. It depends on a PlugIn (" + key
+ ") that is mislabeled as an DataConnectorPlugIn.");
return;
}
- ResolutionPlugIn dependent = lookupPlugIn(key);
+ ResolutionPlugIn dependent = plugIns.get(key);
if (!(dependent instanceof AttributeDefinitionPlugIn)) {
log.error("The PlugIn (" + plugIn.getId() + ") is inconsistent. It depends on a PlugIn (" + key
+ ") that is mislabeled as an AttributeDefinitionPlugIn.");
return;
}
- ResolutionPlugIn dependent = lookupPlugIn(key);
+ ResolutionPlugIn dependent = plugIns.get(key);
if (!(dependent instanceof DataConnectorPlugIn)) {
log.error("The PlugIn (" + plugIn.getId()
+ ") is inconsistent. It depends on a fail-over PlugIn (" + key
}
- private ResolutionPlugIn lookupPlugIn(String id) {
-
- return (ResolutionPlugIn) plugIns.get(id);
- }
-
/**
* Resolve a set of attributes for a particular principal and requester.
*
* @param attributes
* the set of attributes to be resolved
*/
- public void resolveAttributes(Principal principal, String requester, String responder,
- ResolverAttributeSet attributes) {
+ public void resolveAttributes(Principal principal, String requester, String responder, Map attributes) {
- HashMap requestCache = new HashMap();
- ResolverAttributeIterator iterator = attributes.resolverAttributeIterator();
+ HashMap requestCache = new HashMap<String, ResolverAttribute>();
+ Iterator<ResolverAttribute> iterator = attributes.values().iterator();
while (iterator.hasNext()) {
- ResolverAttribute attribute = iterator.nextResolverAttribute();
+ ResolverAttribute attribute = iterator.next();
try {
- if (lookupPlugIn(attribute.getName()) == null) {
+ if (plugIns.get(attribute.getName()) == null) {
log.warn("No PlugIn registered for attribute: (" + attribute.getName() + ")");
iterator.remove();
} else {
}
}
- public String[] listRegisteredAttributeDefinitionPlugIns() {
+ public Collection<String> listRegisteredAttributeDefinitionPlugIns() {
log.debug("Listing available Attribute Definition PlugIns.");
- Set found = new HashSet();
+ Set<String> found = new HashSet<String>();
Iterator registered = plugIns.keySet().iterator();
while (registered.hasNext()) {
- ResolutionPlugIn plugIn = lookupPlugIn((String) registered.next());
+ ResolutionPlugIn plugIn = plugIns.get((String) registered.next());
if (plugIn instanceof AttributeDefinitionPlugIn) {
found.add(((AttributeDefinitionPlugIn) plugIn).getId());
}
log.debug("Found registered Attribute Definition: " + (String) iterator.next());
}
}
- return (String[]) found.toArray(new String[0]);
+ return found;
}
private Attributes resolveConnector(String connector, Principal principal, String requester, String responder,
- Map requestCache, ResolverAttributeSet requestedAttributes) throws ResolutionPlugInException {
+ Map requestCache, Map<String, ResolverAttribute> requestedAttributes) throws ResolutionPlugInException {
- DataConnectorPlugIn currentDefinition = (DataConnectorPlugIn) lookupPlugIn(connector);
+ DataConnectorPlugIn currentDefinition = (DataConnectorPlugIn) plugIns.get(connector);
// Check to see if we have already resolved the connector during this request
if (requestCache.containsKey(currentDefinition.getId())) {
for (int i = 0; attributeDependencies.length > i; i++) {
log.debug("Connector (" + currentDefinition.getId() + ") depends on attribute (" + attributeDependencies[i]
+ ").");
- ResolverAttribute dependant = requestedAttributes.getByName(attributeDependencies[i]);
+ ResolverAttribute dependant = requestedAttributes.get(attributeDependencies[i]);
if (dependant == null) {
dependant = new DependentOnlyResolutionAttribute(attributeDependencies[i]);
}
}
private void resolveAttribute(ResolverAttribute attribute, Principal principal, String requester, String responder,
- Map requestCache, ResolverAttributeSet requestedAttributes) throws ResolutionPlugInException {
+ Map<String, ResolverAttribute> requestCache, Map<String, ResolverAttribute> requestedAttributes)
+ throws ResolutionPlugInException {
- AttributeDefinitionPlugIn currentDefinition = (AttributeDefinitionPlugIn) lookupPlugIn(attribute.getName());
+ AttributeDefinitionPlugIn currentDefinition = (AttributeDefinitionPlugIn) plugIns.get(attribute.getName());
// Check to see if we have already resolved the attribute during this request
// (this checks dependency-only attributes and attributes resolved with no values
// Check to see if we have already resolved the attribute during this request
// (this checks attributes that were submitted to the AR for resolution)
- ResolverAttribute requestedAttribute = requestedAttributes.getByName(currentDefinition.getId());
+ ResolverAttribute requestedAttribute = requestedAttributes.get(currentDefinition.getId());
if (requestedAttribute != null && requestedAttribute.resolved()) {
- attribute.resolveFromCached(requestedAttribute);
- return;
+ attribute.resolveFromCached(requestedAttribute);
+ return;
}
// Check to see if we have a cached resolution for this attribute
for (int i = 0; attributeDependencies.length > i; i++) {
log.debug("Attribute (" + attribute.getName() + ") depends on attribute (" + attributeDependencies[i]
+ ").");
- ResolverAttribute dependant = requestedAttributes.getByName(attributeDependencies[i]);
+ ResolverAttribute dependant = requestedAttributes.get(attributeDependencies[i]);
if (dependant == null) {
dependancyOnly = true;
dependant = new DependentOnlyResolutionAttribute(attributeDependencies[i]);
+++ /dev/null
-/*
- * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package edu.internet2.middleware.shibboleth.aa.attrresolv;
-
-/**
- * Defines a set of attributes that can be resolved by the <code>AttributeResolver</code>.
- *
- * @author Walter Hoehn (wassa@columbia.edu)
- */
-public interface ResolverAttributeSet {
-
- public ResolverAttributeIterator resolverAttributeIterator();
-
- public ResolverAttribute getByName(String name);
-
- public interface ResolverAttributeIterator {
-
- public boolean hasNext();
-
- public ResolverAttribute nextResolverAttribute();
-
- public void remove();
- }
-}
import java.io.FileReader;
import java.io.IOException;
import java.io.LineNumberReader;
+import java.util.HashMap;
+import java.util.Map;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import org.opensaml.SAMLException;
import edu.internet2.middleware.shibboleth.aa.AAAttribute;
-import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
/**
* The AttributesFile reads attributes specified in a file as name-value pairs separated by an 'equals' sign (=)
}
}
- public synchronized ResolverAttributeSet getResolverAttributes(boolean returnValues) throws IOException,
+ public synchronized Map<String, AAAttribute> getResolverAttributes(boolean returnValues) throws IOException,
SAMLException {
open();
try {
- AAAttributeSet attributes = new AAAttributeSet();
+ Map<String, AAAttribute> attributes = new HashMap<String, AAAttribute>();
AVPair av = readAV();
while (av != null) {
- AAAttribute attr = (AAAttribute) attributes.getByName(av.name);
+ AAAttribute attr = (AAAttribute) attributes.get(av.name);
if (attr == null) {
// The intern() is to work-around the bug in AAAttribute.equals() where the name of the
// attribute is compared
// using "==" rather than "equals" ...
attr = new AAAttribute(av.name.intern());
- attributes.add(attr);
+ attributes.put(attr.getName(), attr);
}
if (returnValues) {
attr.addValue(av.value);
projects / java-idp.git / commitdiff