--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+ <Description>Combining a few Rules that might apply to the same target.</Description>
+ <Rule>
+ <Target>
+ <AnyTarget/>
+ </Target>
+ <Attribute name="urn:mace:eduPerson:1.0:eduPersonAffiliation">
+ <Value release="permit">member@example.edu</Value>
+ </Attribute>
+ </Rule>
+ <Rule>
+ <Target>
+ <Requester matchFunction="urn:mace:shibboleth:arp:matchFunction:regexMatch">shar[1-9]\.example\.edu</Requester>
+ <Resource matchFunction="urn:mace:shibboleth:arp:matchFunction:regexMatch">^https?://.+\.example\.edu/.*$</Resource>
+ </Target>
+ <Attribute name="urn:mace:eduPerson:1.0:eduPersonAffiliation">
+ <Value release="permit">faculty@example.edu</Value>
+ </Attribute>
+ </Rule>
+ <Rule>
+ <Target>
+ <Requester>shar.example.edu</Requester>
+ <Resource>http://www.example.edu/example1/</Resource>
+ </Target>
+ <Attribute name="urn:mace:eduPerson:1.0:eduPersonAffiliation">
+ <Value release="deny">faculty@example.edu</Value>
+ </Attribute>
+ </Rule>
+ <Rule>
+ <Target>
+ <Requester>shar.example.edu</Requester>
+ <Resource>http://www.example.edu/example2/</Resource>
+ </Target>
+ <Attribute name="urn:mace:eduPerson:1.0:eduPersonAffiliation">
+ <AnyValue release="permit"/>
+ </Attribute>
+ </Rule>
+</AttributeReleasePolicy>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
+ <Description>A Rule Reference.</Description>
+ <RuleReference identifier="http://example.edu/rules/rule11" />
+</AttributeReleasePolicy>
<?xml version="1.0" encoding="UTF-8"?>
<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" >
- <Description>Combining a few Rules that might apply to the same target.</Description>
- <Rule>
+ <Description>Adding an identifier to an attribute and a rule.</Description>
+ <Rule identifier="http://example.edu/rules/rule10">
<Target>
<AnyTarget/>
</Target>
- <Attribute name="urn:mace:eduPerson:1.0:eduPersonAffiliation">
+ <Attribute identifier="http://example.edu/attributes/attribute10" name="urn:mace:eduPerson:1.0:eduPersonAffiliation">
<Value release="permit">member@example.edu</Value>
</Attribute>
</Rule>
- <Rule>
- <Target>
- <Requester matchFunction="urn:mace:shibboleth:arp:matchFunction:regexMatch">shar[1-9]\.example\.edu</Requester>
- <Resource matchFunction="urn:mace:shibboleth:arp:matchFunction:regexMatch">^https?://.+\.example\.edu/.*$</Resource>
- </Target>
- <Attribute name="urn:mace:eduPerson:1.0:eduPersonAffiliation">
- <Value release="permit">faculty@example.edu</Value>
- </Attribute>
- </Rule>
- <Rule>
- <Target>
- <Requester>shar.example.edu</Requester>
- <Resource>http://www.example.edu/example1/</Resource>
- </Target>
- <Attribute name="urn:mace:eduPerson:1.0:eduPersonAffiliation">
- <Value release="deny">faculty@example.edu</Value>
- </Attribute>
- </Rule>
- <Rule>
- <Target>
- <Requester>shar.example.edu</Requester>
- <Resource>http://www.example.edu/example2/</Resource>
- </Target>
- <Attribute name="urn:mace:eduPerson:1.0:eduPersonAffiliation">
- <AnyValue release="permit"/>
- </Attribute>
- </Rule>
</AttributeReleasePolicy>
private static Logger log = Logger.getLogger(Arp.class.getName());
private Set attributes = new HashSet();
+ private NodeList ruleReferences;
+
/**
* Creates an Arp for the specified <code>Principal</code>.
*/
rules.add(rule);
}
- //Retain attributes declared outside the scop of a rule
- //Not enforced!
- NodeList attributeNodes =
- xmlElement.getElementsByTagNameNS(Arp.arpNamespace, "Attribute");
- if (attributeNodes.getLength() > 0) {
- for (int i = 0; i < attributeNodes.getLength(); i++) {
- if (attributeNodes.item(i).getParentNode() == xmlElement) {
- log.warn(
- "Encountered an Attribute definition outside the scope of a Rule definition while marshalling an ARP. "
- + "References are currently unsupported by the ARP Engine. Ignoring...");
- attributes.add(attributeNodes.item(i));
- }
+ }
+
+ //Retain Rule references
+ //Not enforced!
+ NodeList ruleReferenceNodes =
+ xmlElement.getElementsByTagNameNS(arpNamespace, "RuleReference");
+ if (ruleReferenceNodes.getLength() > 0) {
+ log.warn(
+ "Encountered a Rule Reference while marshalling an ARP. "
+ + "References are currently unsupported by the ARP Engine. Ignoring...");
+ ruleReferences = ruleReferenceNodes;
+ }
+
+ //Retain attributes declared outside the scop of a rule
+ //Not enforced!
+ NodeList attributeNodes = xmlElement.getElementsByTagNameNS(Arp.arpNamespace, "Attribute");
+ if (attributeNodes.getLength() > 0) {
+ for (int i = 0; i < attributeNodes.getLength(); i++) {
+ if (attributeNodes.item(i).getParentNode() == xmlElement) {
+ log.warn(
+ "Encountered an Attribute definition outside the scope of a Rule definition while marshalling an ARP. "
+ + "References are currently unsupported by the ARP Engine. Ignoring...");
+ attributes.add(attributeNodes.item(i));
}
}
}
policyNode.appendChild(placeHolder.importNode(rules[i].unmarshall(), true));
}
+ if (ruleReferences != null) {
+ for (int i = 0; i < ruleReferences.getLength(); i++) {
+ policyNode.appendChild(placeHolder.importNode(ruleReferences.item(i), true));
+ }
+ }
+
Iterator attrIterator = attributes.iterator();
while (attrIterator.hasNext()) {
policyNode.appendChild(placeHolder.importNode((Node) attrIterator.next(), true));
"data/example6.xml",
"data/example7.xml",
"data/example8.xml",
- "data/example9.xml" };
+ "data/example9.xml",
+ "data/example10.xml",
+ "data/example11.xml" };
public ArpTests(String name) {
super(name);
private ArrayList attributes = new ArrayList();
private NodeList attributeReferences;
+ private URI identifier;
+
/**
* Returns the description for this <code>Rule</code>.
* @return String
try {
Document placeHolder = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
Element ruleNode = placeHolder.createElementNS(Arp.arpNamespace, "Rule");
+
+ if (identifier != null) {
+ ruleNode.setAttributeNS(Arp.arpNamespace, "identifier", identifier.toString());
+ }
if (description != null) {
Element descriptionNode = placeHolder.createElementNS(Arp.arpNamespace, "Description");
throw new ArpMarshallingException("Element data does not represent an ARP Rule.");
}
+ //Get the rule identifier
+ try {
+ if (element.hasAttribute("identifier")) {
+ identifier = new URI(element.getAttribute("identifier"));
+ }
+ } catch (URISyntaxException e) {
+ log.error("Rule not identified by a proper URI: " + e);
+ throw new ArpMarshallingException("Rule not identified by a proper URI.");
+ }
+
//Grab the description
NodeList descriptionNodes = element.getElementsByTagNameNS(Arp.arpNamespace, "Description");
if (descriptionNodes.getLength() > 0) {
private boolean anyValue = false;
private String anyValueRelease = "permit";
private Set values = new HashSet();
+ private URI identifier;
boolean releaseAnyValue() {
if (anyValueRelease.equals("permit")) {
Element attributeNode = placeHolder.createElementNS(Arp.arpNamespace, "Attribute");
attributeNode.setAttributeNS(Arp.arpNamespace, "name", name.toString());
+
+ if (identifier != null) {
+ attributeNode.setAttributeNS(
+ Arp.arpNamespace,
+ "identifier",
+ identifier.toString());
+ }
+
if (anyValue) {
- Element anyValueNode = placeHolder.createElementNS(Arp.arpNamespace, "AnyValue");
+ Element anyValueNode =
+ placeHolder.createElementNS(Arp.arpNamespace, "AnyValue");
anyValueNode.setAttributeNS(Arp.arpNamespace, "release", anyValueRelease);
attributeNode.appendChild(anyValueNode);
}
throw new ArpMarshallingException("Element data does not represent an ARP Rule target.");
}
+ //Get the attribute identifier
+ try {
+ if (element.hasAttribute("identifier")) {
+ identifier = new URI(element.getAttribute("identifier"));
+ }
+ } catch (URISyntaxException e) {
+ log.error("Attribute not identified by a proper URI: " + e);
+ throw new ArpMarshallingException("Attribute not identified by a proper URI.");
+ }
+
//Get the attribute name
try {
if (element.hasAttribute("name")) {
}
//Handle <AnyValue/> definitions
- NodeList anyValueNodeList = element.getElementsByTagNameNS(Arp.arpNamespace, "AnyValue");
+ NodeList anyValueNodeList =
+ element.getElementsByTagNameNS(Arp.arpNamespace, "AnyValue");
if (anyValueNodeList.getLength() == 1) {
anyValue = true;
if (((Element) anyValueNodeList.item(0)).hasAttribute("release")) {
release = ((Element) valueNodeList.item(i)).getAttribute("release");
}
if (((Element) valueNodeList.item(i)).hasChildNodes()
- && ((Element) valueNodeList.item(i)).getFirstChild().getNodeType() == Node.TEXT_NODE) {
- value = ((CharacterData) ((Element) valueNodeList.item(i)).getFirstChild()).getData();
+ && ((Element) valueNodeList.item(i)).getFirstChild().getNodeType()
+ == Node.TEXT_NODE) {
+ value =
+ ((CharacterData) ((Element) valueNodeList.item(i)).getFirstChild())
+ .getData();
}
if (releaseAnyValue() && release.equals("permit")) {
continue;
projects / java-idp.git / commitdiff