jboss-identity-commits
January 2009
jboss-identity-commits@lists.jboss.org
- 1 participants
- 85 discussions
JBoss Identity SVN: r259 - in identity-federation/trunk: identity-bindings/src/main/java/org/jboss/identity/federation/bindings and 9 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-01-28 17:31:17 -0500 (Wed, 28 Jan 2009)
New Revision: 259
Added:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletConfig.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletContext.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletRequest.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletResponse.java
identity-federation/trunk/identity-bindings/src/test/resources/logging.properties
identity-federation/trunk/identity-bindings/src/test/resources/xacml/
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-01-top-level.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02a-CDA.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02b-N.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02c-N-PermCollections.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02d-prog-note.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02e-MA.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02f-emergency.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/config/
identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/config/rsaConfPolicyConfig.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/
identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-01.xml
identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-02.xml
Modified:
identity-federation/trunk/identity-bindings/.classpath
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
Log:
add a soap/saml/xacml processing servlet
Modified: identity-federation/trunk/identity-bindings/.classpath
===================================================================
--- identity-federation/trunk/identity-bindings/.classpath 2009-01-28 22:30:38 UTC (rev 258)
+++ identity-federation/trunk/identity-bindings/.classpath 2009-01-28 22:31:17 UTC (rev 259)
@@ -21,5 +21,7 @@
<classpathentry combineaccessrules="false" kind="src" path="/identity-fed-model"/>
<classpathentry kind="var" path="M2_REPO/org/apache/xmlsec/1.4.1/xmlsec-1.4.1.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/identity/jboss-identity-xmlsec-model/1.0.0-SNAPSHOT/jboss-identity-xmlsec-model-1.0.0-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.2.SP1/jboss-xacml-2.0.2.SP1.jar" sourcepath="/M2_REPO/org/jboss/security/jboss-xacml/2.0.2.SP1/jboss-xacml-2.0.2.SP1-sources.jar"/>
<classpathentry kind="output" path="target-eclipse/"/>
</classpath>
Added: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,211 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.servlets;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.jboss.identity.federation.core.saml.v2.factories.SOAPFactory;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
+import org.jboss.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Body;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
+import org.jboss.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.core.JBossRequestContext;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResponseType;
+import org.jboss.security.xacml.core.model.context.ResultType;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+
+/**
+ * Servlet that can read SOAP 1.1 messages that contain
+ * an XACML query in saml payload
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 27, 2009
+ */
+public class SOAPSAMLXACMLServlet extends HttpServlet
+{
+ private static Logger log = Logger.getLogger(SOAPSAMLXACMLServlet.class);
+
+ private static final long serialVersionUID = 1L;
+
+ String policyConfigFileName = null;
+
+ String issuerId = null;
+ String issuer = null;
+
+ public void init() throws ServletException
+ {
+ issuerId = getServletContext().getInitParameter("issuerID");
+ if(issuerId == null)
+ issuerId = "issue-id:1";
+
+ issuer = getServletContext().getInitParameter("issuer");
+ if(issuer == null)
+ issuer = "urn:jboss-identity";
+
+ policyConfigFileName = getServletContext().getInitParameter("policyConfigFileName");
+ if(policyConfigFileName == null)
+ policyConfigFileName = "policyConfig.xml";
+
+ super.init();
+ }
+
+ public void init(ServletConfig config) throws ServletException
+ {
+ super.init(config);
+ }
+
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
+ {
+ JAXBElement<RequestAbstractType> jaxbRequestType = null;
+
+ Envelope envelope = null;
+
+ try
+ {
+ Unmarshaller un = SOAPSAMLXACMLUtil.getUnmarshaller();
+ Object unmarshalledObject = un.unmarshal(req.getInputStream());
+ if(unmarshalledObject instanceof Envelope)
+ {
+ envelope = (Envelope)unmarshalledObject;
+ Body soapBody = envelope.getBody();
+ jaxbRequestType = (JAXBElement<RequestAbstractType>)soapBody.getAny().get(0);
+ }
+ else
+ if(unmarshalledObject instanceof JAXBElement)
+ {
+ jaxbRequestType = (JAXBElement<RequestAbstractType>) unmarshalledObject;
+ }
+ else
+ throw new IOException("Unknown unmarshalledObject:"+ unmarshalledObject);
+ if(jaxbRequestType == null)
+ throw new IOException("XACML Request not parsed");
+
+ XACMLAuthzDecisionQueryType xacmlRequest = (XACMLAuthzDecisionQueryType) jaxbRequestType.getValue();
+ RequestType requestType = xacmlRequest.getRequest();
+
+ RequestContext requestContext = new JBossRequestContext();
+ requestContext.setRequest(requestType);
+
+ ResponseContext responseContext = getPDP().evaluate(requestContext);
+
+ ResponseType responseType = new ResponseType();
+ ResultType resultType = responseContext.getResult();
+ responseType.getResult().add(resultType);
+
+ XACMLAuthzDecisionStatementType xacmlStatement = SOAPSAMLXACMLUtil.createXACMLAuthzDecisionStatementType();
+ xacmlStatement.setRequest(requestType);
+ xacmlStatement.setResponse(responseType);
+
+ //Place the xacml statement in an assertion
+ //Then the assertion goes inside a SAML Response
+
+ SAML2Response saml2Response = new SAML2Response();
+ IssuerInfoHolder issuerInfo = new IssuerInfoHolder(this.issuer);
+
+ AssertionType assertion = SAMLAssertionFactory.getObjectFactory().createAssertionType();
+ assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(xacmlStatement);
+
+ JAXBElement<?> jaxbResponse = JAXBElementMappingUtil.get(saml2Response.createResponseType(IDGenerator.create("ID_"), issuerInfo, assertion));
+
+ //Create a SOAP Envelope to hold the SAML response
+ envelope = SOAPFactory.getObjectFactory().createEnvelope();
+ Body body = SOAPFactory.getObjectFactory().createBody();
+ body.getAny().add(jaxbResponse);
+ envelope.setBody(body);
+ }
+ catch (JAXBException e)
+ {
+ log.error("Exception parsing SOAP:", e);
+ }
+ catch (PrivilegedActionException e)
+ {
+ log.error("Exception getting PDP:", e);
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ log.error("Exception:", e);
+ }
+ finally
+ {
+ resp.setContentType("text/xml;charset=utf-8");;
+ OutputStream os = resp.getOutputStream();
+ try
+ {
+ if(envelope == null)
+ throw new IllegalStateException("SOAPEnvelope is null");
+ JAXBElement<?> jaxbEnvelope = JAXBElementMappingUtil.get(envelope);
+ Marshaller marshaller = SOAPSAMLXACMLUtil.getMarshaller();
+ marshaller.marshal(jaxbEnvelope, os);
+ }
+ catch (JAXBException e)
+ {
+ log("marshalling exception",e);
+ }
+ }
+ }
+
+ private PolicyDecisionPoint getPDP() throws PrivilegedActionException
+ {
+ ClassLoader tcl = AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
+ {
+ public ClassLoader run() throws Exception
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ InputStream is = tcl.getResourceAsStream(this.policyConfigFileName);
+ if(is == null)
+ throw new IllegalStateException(policyConfigFileName + " could not be located");
+ return new JBossPDP(is);
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,108 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.servlets;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.HashMap;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Unmarshaller;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.bindings.servlets.SOAPSAMLXACMLServlet;
+import org.jboss.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.security.xacml.core.model.context.DecisionType;
+import org.jboss.security.xacml.core.model.context.ResultType;
+
+/**
+ * Unit Test the SOAP SAML XACML Servlet
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 28, 2009
+ */
+public class SOAPSAMLXACMLServletUnitTestCase extends TestCase
+{
+ public void testPermit() throws Exception
+ {
+ validate("xacml/requests/XacmlRequest-01-01.xml", DecisionType.PERMIT.value());
+ }
+
+ public void testDeny() throws Exception
+ {
+ validate("xacml/requests/XacmlRequest-01-02.xml", DecisionType.DENY.value());
+ }
+
+ @SuppressWarnings("unchecked")
+ private void validate(String requestFile, String value) throws Exception
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ SOAPSAMLXACMLServlet servlet = new SOAPSAMLXACMLServlet();
+ servlet.init(new TestServletConfig(getServletContext()));
+ ServletRequest sreq = new TestServletRequest(getInputStream(requestFile));
+ ServletResponse sresp = new TestServletResponse(baos);
+ servlet.service(sreq, sresp);
+
+ sresp.flushBuffer(); //Flush the servlet response ServletOutputStream to our baos
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Unmarshaller un = SOAPSAMLXACMLUtil.getUnmarshaller();
+ JAXBElement<Envelope> jax = (JAXBElement<Envelope>) un.unmarshal(bis);
+ Envelope envelope = jax.getValue();
+ assertNotNull("Envelope is not null", envelope);
+
+ JAXBElement<ResponseType> jaxbResponseType = (JAXBElement<ResponseType>) envelope.getBody().getAny().get(0);
+ ResponseType responseType = jaxbResponseType.getValue();
+
+ assertNotNull("ResponseType is not null", responseType);
+ AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);
+ XACMLAuthzDecisionStatementType xacmlStatement = (XACMLAuthzDecisionStatementType) assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0);
+ assertNotNull("XACML Authorization Statement is not null", xacmlStatement);
+ org.jboss.security.xacml.core.model.context.ResponseType xacmlResponse = xacmlStatement.getResponse();
+ ResultType resultType = xacmlResponse.getResult().get(0);
+ DecisionType decision = resultType.getDecision();
+ assertNotNull("Decision is not null", decision);
+ assertEquals(value, decision.value());
+ }
+
+ private ServletContext getServletContext()
+ {
+ HashMap<String,String> map = new HashMap<String, String>();
+ map.put("policyConfigFileName", "xacml/policies/config/rsaConfPolicyConfig.xml");
+ return new TestServletContext(map);
+ }
+
+ private InputStream getInputStream(String requestFileLoc)
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ return tcl.getResourceAsStream(requestFileLoc);
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletConfig.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletConfig.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletConfig.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.servlets;
+
+import java.util.Enumeration;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 28, 2009
+ */
+public class TestServletConfig implements ServletConfig
+{
+ private ServletContext sc;
+
+ public TestServletConfig(ServletContext sc)
+ {
+ this.sc = sc;
+ }
+
+ public String getInitParameter(String name)
+ {
+ return null;
+ }
+
+ public Enumeration getInitParameterNames()
+ {
+ return null;
+ }
+
+ public ServletContext getServletContext()
+ {
+ return sc;
+ }
+
+ public String getServletName()
+ {
+ return null;
+ }
+}
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletContext.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletContext.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletContext.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,198 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.servlets;
+
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Set;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.Servlet;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 28, 2009
+ */
+public class TestServletContext implements ServletContext
+{
+ private HashMap<String,String> params = new HashMap<String,String>();
+
+ public TestServletContext(HashMap<String,String> map)
+ {
+ this.params = map;
+ }
+
+ public Object getAttribute(String name)
+ {
+
+ return null;
+ }
+
+ public Enumeration getAttributeNames()
+ {
+
+ return null;
+ }
+
+ public ServletContext getContext(String uripath)
+ {
+
+ return null;
+ }
+
+ public String getContextPath()
+ {
+
+ return null;
+ }
+
+ public String getInitParameter(String name)
+ {
+ return this.params.get(name);
+ }
+
+ public Enumeration getInitParameterNames()
+ {
+
+ return null;
+ }
+
+ public int getMajorVersion()
+ {
+
+ return 0;
+ }
+
+ public String getMimeType(String file)
+ {
+
+ return null;
+ }
+
+ public int getMinorVersion()
+ {
+
+ return 0;
+ }
+
+ public RequestDispatcher getNamedDispatcher(String name)
+ {
+
+ return null;
+ }
+
+ public String getRealPath(String path)
+ {
+
+ return null;
+ }
+
+ public RequestDispatcher getRequestDispatcher(String path)
+ {
+
+ return null;
+ }
+
+ public URL getResource(String path) throws MalformedURLException
+ {
+
+ return null;
+ }
+
+ public InputStream getResourceAsStream(String path)
+ {
+
+ return null;
+ }
+
+ public Set getResourcePaths(String path)
+ {
+
+ return null;
+ }
+
+ public String getServerInfo()
+ {
+
+ return null;
+ }
+
+ public Servlet getServlet(String name) throws ServletException
+ {
+
+ return null;
+ }
+
+ public String getServletContextName()
+ {
+
+ return null;
+ }
+
+ public Enumeration getServletNames()
+ {
+
+ return null;
+ }
+
+ public Enumeration getServlets()
+ {
+
+ return null;
+ }
+
+ public void log(String msg)
+ {
+
+
+ }
+
+ public void log(Exception exception, String msg)
+ {
+
+
+ }
+
+ public void log(String message, Throwable throwable)
+ {
+
+
+ }
+
+ public void removeAttribute(String name)
+ {
+
+
+ }
+
+ public void setAttribute(String name, Object object)
+ {
+
+
+ }
+
+}
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletRequest.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletRequest.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletRequest.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,377 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.servlets;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.security.Principal;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 28, 2009
+ */
+public class TestServletRequest implements HttpServletRequest
+{
+ private BufferedInputStream is = null;
+
+ public TestServletRequest(InputStream is)
+ {
+ super();
+ this.is = new BufferedInputStream(is);
+ }
+
+ public String getAuthType()
+ {
+ return null;
+ }
+
+ public String getContextPath()
+ {
+ return null;
+ }
+
+ public Cookie[] getCookies()
+ {
+ return null;
+ }
+
+ public long getDateHeader(String name)
+ {
+ return 0;
+ }
+
+ public String getHeader(String name)
+ {
+
+ return null;
+ }
+
+ public Enumeration getHeaderNames()
+ {
+
+ return null;
+ }
+
+ public Enumeration getHeaders(String name)
+ {
+
+ return null;
+ }
+
+ public int getIntHeader(String name)
+ {
+
+ return 0;
+ }
+
+ public String getMethod()
+ {
+
+ return null;
+ }
+
+ public String getPathInfo()
+ {
+
+ return null;
+ }
+
+ public String getPathTranslated()
+ {
+
+ return null;
+ }
+
+ public String getQueryString()
+ {
+
+ return null;
+ }
+
+ public String getRemoteUser()
+ {
+
+ return null;
+ }
+
+ public String getRequestURI()
+ {
+
+ return null;
+ }
+
+ public StringBuffer getRequestURL()
+ {
+
+ return null;
+ }
+
+ public String getRequestedSessionId()
+ {
+
+ return null;
+ }
+
+ public String getServletPath()
+ {
+
+ return null;
+ }
+
+ public HttpSession getSession()
+ {
+
+ return null;
+ }
+
+ public HttpSession getSession(boolean create)
+ {
+
+ return null;
+ }
+
+ public Principal getUserPrincipal()
+ {
+
+ return null;
+ }
+
+ public boolean isRequestedSessionIdFromCookie()
+ {
+
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromURL()
+ {
+
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromUrl()
+ {
+
+ return false;
+ }
+
+ public boolean isRequestedSessionIdValid()
+ {
+
+ return false;
+ }
+
+ public boolean isUserInRole(String role)
+ {
+
+ return false;
+ }
+
+ public Object getAttribute(String name)
+ {
+
+ return null;
+ }
+
+ public Enumeration getAttributeNames()
+ {
+
+ return null;
+ }
+
+ public String getCharacterEncoding()
+ {
+
+ return null;
+ }
+
+ public int getContentLength()
+ {
+
+ return 0;
+ }
+
+ public String getContentType()
+ {
+
+ return null;
+ }
+
+ public ServletInputStream getInputStream() throws IOException
+ {
+ return new ServletInputStream()
+ {
+ @Override
+ public int read() throws IOException
+ {
+ return is.read();
+ }
+ };
+ }
+
+ public String getLocalAddr()
+ {
+
+ return null;
+ }
+
+ public String getLocalName()
+ {
+
+ return null;
+ }
+
+ public int getLocalPort()
+ {
+
+ return 0;
+ }
+
+ public Locale getLocale()
+ {
+
+ return null;
+ }
+
+ public Enumeration getLocales()
+ {
+
+ return null;
+ }
+
+ public String getParameter(String name)
+ {
+
+ return null;
+ }
+
+ public Map getParameterMap()
+ {
+
+ return null;
+ }
+
+ public Enumeration getParameterNames()
+ {
+
+ return null;
+ }
+
+ public String[] getParameterValues(String name)
+ {
+
+ return null;
+ }
+
+ public String getProtocol()
+ {
+
+ return null;
+ }
+
+ public BufferedReader getReader() throws IOException
+ {
+
+ return null;
+ }
+
+ public String getRealPath(String path)
+ {
+
+ return null;
+ }
+
+ public String getRemoteAddr()
+ {
+
+ return null;
+ }
+
+ public String getRemoteHost()
+ {
+
+ return null;
+ }
+
+ public int getRemotePort()
+ {
+
+ return 0;
+ }
+
+ public RequestDispatcher getRequestDispatcher(String path)
+ {
+
+ return null;
+ }
+
+ public String getScheme()
+ {
+
+ return null;
+ }
+
+ public String getServerName()
+ {
+
+ return null;
+ }
+
+ public int getServerPort()
+ {
+
+ return 0;
+ }
+
+ public boolean isSecure()
+ {
+
+ return false;
+ }
+
+ public void removeAttribute(String name)
+ {
+
+
+ }
+
+ public void setAttribute(String name, Object o)
+ {
+
+
+ }
+
+ public void setCharacterEncoding(String env) throws UnsupportedEncodingException
+ {
+ }
+}
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletResponse.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletResponse.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/TestServletResponse.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,196 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.servlets;
+
+import java.io.BufferedOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintWriter;
+import java.util.Locale;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 28, 2009
+ */
+public class TestServletResponse implements HttpServletResponse
+{
+ private BufferedOutputStream bos = null;
+
+ public TestServletResponse(OutputStream os)
+ {
+ super();
+ bos = new BufferedOutputStream(os);
+ }
+
+ public void addCookie(Cookie cookie)
+ {
+ }
+
+ public void addDateHeader(String name, long date)
+ {
+ }
+
+ public void addHeader(String name, String value)
+ {
+ }
+
+ public void addIntHeader(String name, int value)
+ {
+ }
+
+ public boolean containsHeader(String name)
+ {
+ return false;
+ }
+
+ public String encodeRedirectURL(String url)
+ {
+ return null;
+ }
+
+ public String encodeRedirectUrl(String url)
+ {
+ return null;
+ }
+
+ public String encodeURL(String url)
+ {
+ return null;
+ }
+
+ public String encodeUrl(String url)
+ {
+ return null;
+ }
+
+ public void sendError(int sc) throws IOException
+ {
+ }
+
+ public void sendError(int sc, String msg) throws IOException
+ {
+ }
+
+ public void sendRedirect(String location) throws IOException
+ {
+ }
+
+ public void setDateHeader(String name, long date)
+ {
+ }
+
+ public void setHeader(String name, String value)
+ {
+ }
+
+ public void setIntHeader(String name, int value)
+ {
+ }
+
+ public void setStatus(int sc)
+ {
+ }
+
+ public void setStatus(int sc, String sm)
+ {
+ }
+
+ public void flushBuffer() throws IOException
+ {
+ this.bos.flush();
+ }
+
+ public int getBufferSize()
+ {
+ return 0;
+ }
+
+ public String getCharacterEncoding()
+ {
+ return null;
+ }
+
+ public String getContentType()
+ {
+ return null;
+ }
+
+ public Locale getLocale()
+ {
+ return null;
+ }
+
+ public ServletOutputStream getOutputStream() throws IOException
+ {
+ bos.flush();
+ return new ServletOutputStream()
+ {
+ @Override
+ public void write(int b) throws IOException
+ {
+ bos.write(b);
+ }
+ };
+ }
+
+ public PrintWriter getWriter() throws IOException
+ {
+ return null;
+ }
+
+ public boolean isCommitted()
+ {
+ return false;
+ }
+
+ public void reset()
+ {
+ }
+
+ public void resetBuffer()
+ {
+ }
+
+ public void setBufferSize(int size)
+ {
+ }
+
+ public void setCharacterEncoding(String charset)
+ {
+ }
+
+ public void setContentLength(int len)
+ {
+ }
+
+ public void setContentType(String type)
+ {
+ }
+
+ public void setLocale(Locale loc)
+ {
+ }
+}
Added: identity-federation/trunk/identity-bindings/src/test/resources/logging.properties
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/logging.properties (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/logging.properties 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,21 @@
+# Specify the handlers to create in the root logger
+# (all loggers are children of the root logger)
+# The following creates two handlers
+handlers = java.util.logging.ConsoleHandler, java.util.logging.FileHandler
+
+# Set the default logging level for the root logger
+.level = ALL
+
+# Set the default logging level for new ConsoleHandler instances
+java.util.logging.ConsoleHandler.level = ALL
+
+# Set the default logging level for new FileHandler instances
+java.util.logging.FileHandler.level = ALL
+
+# Set the default formatter for new ConsoleHandler instances
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter
+
+# Set the default logging level for the logger named org.jboss
+org.jboss.security.xacml.sunxacml = FINEST
+com.sun.xml.bind = OFF
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-01-top-level.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-01-top-level.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-01-top-level.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o..."
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Top level policy set which combines the CDA and N confidentiality codes.
+ </Description>
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:emergency"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:emergency</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:CDA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >UBA</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:CDA</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:MA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >MA</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:MA</PolicySetIdReference>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA:default-to-permit"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA"
+ Effect="Permit">
+ <Description>
+ If a Deny was obtained for object above then set Permit by default.
+ </Description>
+ </Rule>
+ </Policy>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:bus-rule"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:N"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N</PolicySetIdReference>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections</PolicySetIdReference>
+ </PolicySet>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02a-CDA.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02a-CDA.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02a-CDA.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o..."
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:CDA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the UBA confidentiality code.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:CDA"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:CDA:1"
+ Effect="Permit">
+ <Description>
+ If the access subject is NOT one of those users which consent has
+ been removed, then permit.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:dissented-subject-id NOT EQUAL TO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:CDA:2"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation instructs the PEP to apply privacy constraints to -->
+ <!-- user's responsibility for the data. -->
+ <Obligation
+ ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:privacy:constraint"
+ FulfillOn="Deny"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02b-N.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02b-N.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02b-N.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o..."
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for evaluating the subject:role attributes.
+ This implements an RBAC policy. This policy set matches
+ subject roles and refers to permission policy sets.
+ </Description>
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:physician"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:role:hl7:physician</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ </PolicySet>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02c-N-PermCollections.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02c-N-PermCollections.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02c-N-PermCollections.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o..."
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for evaluating the subject:hl7:permission attributes.
+ This implements an RBAC policy. This policy set matches
+ subject roles and refers to permission policy sets.
+ </Description>
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set-0"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set-1"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ </PolicySet>
+ </PolicySet>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02d-prog-note.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02d-prog-note.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02d-prog-note.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o..."
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the business rule for unsigned progress notes.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:progress-note"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:sig"
+ Effect="Permit">
+ <Description>
+ If the progress-note is signed allow any user to see it. If not signed
+ then only author may see it.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if resource:hl7:progress-note:signed EQUAL TO True -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >True</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:signed"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:author"
+ Effect="Permit">
+ <Description>
+ If a Permit was not obtained then subject must be author.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:author-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:deny-sig"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation informs the PEP access denied unsigned non-author -->
+ <Obligation
+ ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:deny:unsigned:non-author"
+ FulfillOn="Deny"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02e-MA.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02e-MA.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02e-MA.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o..."
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:MA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the MA confidentiality code.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA:1"
+ Effect="Deny">
+ <Description>
+ If the access subject is NOT one of those users which consent has
+ been removed, then deny.
+ Note: there is reverse logic here because the Obligation that denies
+ access to the user for this object must be issued when the user has
+ obtained a Permit. So, the caller of this policy must know to reverse
+ sense as well.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:radiology:dissented-subject-id NOTEQUALTO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <!-- True if hl7:radiology:dissented-subject-id EQUALTO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA:2"
+ Effect="Permit">
+ <Description>
+ If a Deny was not obtained above then set Permit by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation instructs the PEP to apply privacy constraints to -->
+ <!-- user's responsibility for the data. -->
+ <Obligation
+ ObligationId=
+ "urn:va:xacml:2.0:interop:rsa8:obligation:ma:privacy:constraint:radiology"
+ FulfillOn="Permit"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02f-emergency.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02f-emergency.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-02f-emergency.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o..."
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:emergency"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set to allow emergency access for non-facility subjects.
+ Returns Deny if user not from supported facility AND does not have emergency perm
+ Returns Permit if not from supported facility AND not denied access
+ Returns NotApplicable if plain old user from supported facility
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:emergency"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:emergency:deny"
+ Effect="Deny">
+ <Description>
+ If the subject is not from a supported facility AND
+. if the subject does not have emergency permission THEN Deny access.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <!-- AND if hl7:pea-001 NOT EQUAL TO ANYOF subject:hl7:permission -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <EnvironmentAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ <!-- True if hl7:pea-001 NOT EQUAL TO ANYOF subject:hl7:permission -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:pea-001</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:emergency:permit"
+ Effect="Permit">
+ <Description>
+ If a Deny was not obtained above AND subject not part of a supported
+ facility then subject must have emergency permission.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <EnvironmentAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation informs the PEP user granted emergency access -->
+ <Obligation
+ ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:emergency:permit"
+ FulfillOn="Permit"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o..."
+ PolicySetId=
+ "urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set that points to the Permission PolicySet for medical record
+ resources and actions.
+ </Description>
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:PPS:PRD-004</PolicySetIdReference>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,180 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o..."
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:PPS:PRD-004"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the PRD-004 permission. This permission allows
+ access to all medical records.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:N:PPS:PRD-004:1"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:demographics</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:chart</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:problemlist</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:procedures</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:laboratory</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medications</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:vitals</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:patientsearch</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:policy:N:PPS:PRD-004:1:rule:1"
+ Effect="Permit">
+ <Condition>
+
+ <!-- Returns true iff the first argument is a subset of the second argument -->
+ <!-- i.e. the permissions required by the resource must be a -->
+ <!-- subset of the permissions supplied by the subject -->
+
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+
+ <!-- 1st argument: returns the values of all Attributes with -->
+ <!-- DataType="http://www.w3.org/2001/XMLSchema#string" and -->
+ <!-- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission" -->
+ <ResourceAttributeDesignator
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"/>
+
+ <!-- 2nd argument: returns the values of all Attributes with -->
+ <!-- DataType="http://www.w3.org/2001/XMLSchema#string" and -->
+ <!-- AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission" -->
+ <SubjectAttributeDesignator
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"/>
+
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:N:PPS:PRD-004:1:rule:2"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/config/rsaConfPolicyConfig.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/config/rsaConfPolicyConfig.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/policies/config/rsaConfPolicyConfig.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,35 @@
+<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
+ <ns:Policies>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-01-top-level.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02a-CDA.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02b-N.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml</ns:Location>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02c-N-PermCollections.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02d-prog-note.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02e-MA.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>xacml/policies/XacmlPolicySet-02f-emergency.xml</ns:Location>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ </ns:Policies>
+ <ns:Locators>
+ <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">
+ </ns:Locator>
+ </ns:Locators>
+</ns:jbosspdp>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-01.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-01.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-01.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<samlp:RequestAbstract xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+xsi:type="xacml-samlp:XACMLAuthzDecisionQueryType"
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+xacml-samlp:InputContextOnly="true"
+xacml-samlp:ReturnContext="true"
+ID="s2846efb514a944cc3dc5b65ed8a76dde449787617" Version="2.0"
+IssueInstant="2008-03-19T22:18:42Z" Destination="destination-uri">
+<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">vaPepEntity</saml:Issuer>
+<xacml-context:Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-...">
+ <!-- **************************************************************** -->
+ <!-- Test case 1-01: Should be Perm: Dr A has all reqd perms -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <xacml-context:Subject>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Dr. Alice</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Subject>
+ <xacml-context:Resource>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Anthony Gurrola</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>xxx-DummyConfCode</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Dr. Alice</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Resource>
+ <xacml-context:Action/>
+ <xacml-context:Environment>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Environment>
+</xacml-context:Request>
+</samlp:RequestAbstract>
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-02.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-02.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-01-02.xml 2009-01-28 22:31:17 UTC (rev 259)
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<samlp:RequestAbstract xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+xsi:type="xacml-samlp:XACMLAuthzDecisionQueryType"
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+xacml-samlp:InputContextOnly="true"
+xacml-samlp:ReturnContext="true"
+ID="s2846efb514a944cc3dc5b65ed8a76dde449787617" Version="2.0"
+IssueInstant="2008-03-19T22:18:42Z" Destination="destination-uri">
+<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">vaPepEntity</saml:Issuer>
+<xacml-context:Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-...">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 1-02: Should be Deny: Dr A missing 2 reqd perms -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <xacml-context:Subject>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Dr. Alice</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Subject>
+ <xacml-context:Resource>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Anthony Gurrola</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>xxx-DummyConfCode</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Dr. Alice</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Resource>
+ <xacml-context:Action/>
+ <xacml-context:Environment>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Environment>
+</xacml-context:Request>
+</samlp:RequestAbstract>
\ No newline at end of file
Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-01-28 22:30:38 UTC (rev 258)
+++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-01-28 22:31:17 UTC (rev 259)
@@ -33,6 +33,7 @@
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLProtocolFactory;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
@@ -41,6 +42,7 @@
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
+import org.jboss.identity.federation.saml.v2.assertion.StatementAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
/**
@@ -80,6 +82,11 @@
return JBossSAMLAuthnResponseFactory.createResponseType(ID, sp, idp, issuerInfo);
}
+ public ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertion) throws Exception
+ {
+ return JBossSAMLAuthnResponseFactory.createResponseType(ID, issuerInfo, assertion);
+ }
+
/**
* Add validity conditions to the SAML2 Assertion
* @param assertion
@@ -127,7 +134,7 @@
public void marshall(ResponseType responseType, OutputStream os) throws Exception
{
Marshaller marshaller = JBossSAMLAuthnResponseFactory.getValidatingMarshaller();
- JAXBElement<ResponseType> jaxb = JBossSAMLAuthnResponseFactory.getObjectFactory().createResponse(responseType);
+ JAXBElement<ResponseType> jaxb = SAMLProtocolFactory.getObjectFactory().createResponse(responseType);
marshaller.marshal(jaxb, os);
}
@@ -140,7 +147,7 @@
public void marshall(ResponseType responseType, Writer writer) throws Exception
{
Marshaller marshaller = JBossSAMLAuthnResponseFactory.getValidatingMarshaller();
- JAXBElement<ResponseType> jaxb = JBossSAMLAuthnResponseFactory.getObjectFactory().createResponse(responseType);
+ JAXBElement<ResponseType> jaxb = SAMLProtocolFactory.getObjectFactory().createResponse(responseType);
marshaller.marshal(jaxb, writer);
}
}
\ No newline at end of file
15 years, 3 months
- 1
- 0
JBoss Identity SVN: r258 - identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-01-28 17:30:38 -0500 (Wed, 28 Jan 2009)
New Revision: 258
Added:
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
Log:
add util
Added: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java (rev 0)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2009-01-28 22:30:38 UTC (rev 258)
@@ -0,0 +1,75 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.util;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+
+import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.ObjectFactory;
+import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
+
+/**
+ * Utility associated with SOAP 1.1 Envelope,
+ * SAML2 and XACML2
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 28, 2009
+ */
+public class SOAPSAMLXACMLUtil
+{
+ private static String SOAP_PKG = "org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope";
+ private static String SAML_PROTO_PKG = "org.jboss.identity.federation.saml.v2.protocol";
+ private static String XACML_CTX_PKG = "org.jboss.security.xacml.core.model.context";
+ private static String XACML_SAMLPROTO_PKG = "org.jboss.identity.federation.saml.v2.profiles.xacml.protocol";
+ private static String XACML_SAMLASSERT_PKG = "org.jboss.identity.federation.saml.v2.profiles.xacml.assertion";
+
+ private static String COLON = ":";
+
+ private static String collectivePackage = getPackage();
+
+ public static Marshaller getMarshaller() throws JAXBException
+ {
+ JAXBContext jaxb = JAXBContext.newInstance(collectivePackage);
+ return jaxb.createMarshaller();
+ }
+ public static Unmarshaller getUnmarshaller() throws JAXBException
+ {
+ JAXBContext jaxb = JAXBContext.newInstance(collectivePackage);
+ Unmarshaller un = jaxb.createUnmarshaller();
+ return un;
+ }
+
+ public static XACMLAuthzDecisionStatementType createXACMLAuthzDecisionStatementType()
+ {
+ ObjectFactory of = new ObjectFactory();
+ return of.createXACMLAuthzDecisionStatementType();
+ }
+
+ private static String getPackage()
+ {
+ StringBuffer buf = new StringBuffer();
+ buf.append(SOAP_PKG).append(COLON).append(SAML_PROTO_PKG).append(COLON);
+ buf.append(XACML_CTX_PKG).append(COLON).append(XACML_SAMLPROTO_PKG).append(COLON).append(XACML_SAMLASSERT_PKG);
+ return buf.toString();
+ }
+}
\ No newline at end of file
15 years, 3 months
- 1
- 0
JBoss Identity SVN: r257 - in identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2: holders and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-01-28 17:29:06 -0500 (Wed, 28 Jan 2009)
New Revision: 257
Added:
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLProtocolFactory.java
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SOAPFactory.java
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/XACMLStatementFactory.java
Modified:
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/IssuerInfoHolder.java
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java
Log:
add factories to get to respective object factory
Modified: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2009-01-27 15:43:56 UTC (rev 256)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2009-01-28 22:29:06 UTC (rev 257)
@@ -30,7 +30,6 @@
import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.ObjectFactory;
/**
* Factory for SAML2 AuthnRequest
@@ -41,8 +40,6 @@
{
private static String pkgName = "org.jboss.identity.federation.saml.v2.protocol:org.jboss.identity.xmlsec.w3.xmldsig";
private static String schemaLocation = "schema/saml/v2/saml-schema-protocol-2.0.xsd";
-
- private static ObjectFactory protocolObjectFactory = new ObjectFactory();
/**
* Create a AuthnRequestType
@@ -50,7 +47,7 @@
*/
public static AuthnRequestType createAuthnRequestType()
{
- AuthnRequestType authnRequestType = protocolObjectFactory.createAuthnRequestType();
+ AuthnRequestType authnRequestType = SAMLProtocolFactory.getObjectFactory().createAuthnRequestType();
return authnRequestType;
}
@@ -67,7 +64,7 @@
{
XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
- AuthnRequestType authnRequest = protocolObjectFactory.createAuthnRequestType();
+ AuthnRequestType authnRequest = SAMLProtocolFactory.getObjectFactory().createAuthnRequestType();
authnRequest.setID(id);
authnRequest.setVersion(JBossSAMLConstants.VERSION_2_0.get());
authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
@@ -91,19 +88,10 @@
*/
public static JAXBElement<AuthnRequestType> createAuthnRequestType(AuthnRequestType authnRequestType)
{
- return protocolObjectFactory.createAuthnRequest(authnRequestType);
+ return SAMLProtocolFactory.getObjectFactory().createAuthnRequest(authnRequestType);
}
/**
- * Get the Object Factory useful for dealing with SAML2 requests
- * @return
- */
- public static ObjectFactory getObjectFactory()
- {
- return protocolObjectFactory;
- }
-
- /**
* Get the validating marshaller
* @return
* @throws Exception
Modified: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2009-01-27 15:43:56 UTC (rev 256)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2009-01-28 22:29:06 UTC (rev 257)
@@ -35,7 +35,6 @@
import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
-import org.jboss.identity.federation.saml.v2.protocol.ObjectFactory;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.saml.v2.protocol.StatusCodeType;
import org.jboss.identity.federation.saml.v2.protocol.StatusType;
@@ -50,8 +49,6 @@
private static String pkgName = "org.jboss.identity.federation.saml.v2.protocol:org.jboss.identity.xmlsec.w3.xmldsig";
private static String schemaLocation = "schema/saml/v2/saml-schema-protocol-2.0.xsd";
- private static ObjectFactory protocolObjectFactory = new ObjectFactory();
-
/**
* Create a StatusType given the status code uri
* @param statusCodeURI
@@ -59,10 +56,10 @@
*/
public static StatusType createStatusType(String statusCodeURI)
{
- StatusCodeType sct = protocolObjectFactory.createStatusCodeType();
+ StatusCodeType sct = SAMLProtocolFactory.getObjectFactory().createStatusCodeType();
sct.setValue(statusCodeURI);
- StatusType statusType = protocolObjectFactory.createStatusType();
+ StatusType statusType = SAMLProtocolFactory.getObjectFactory().createStatusType();
statusType.setStatusCode(sct);
return statusType;
}
@@ -78,7 +75,7 @@
*/
public static ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo) throws Exception
{
- ResponseType responseType = protocolObjectFactory.createResponseType();
+ /*ResponseType responseType = protocolObjectFactory.createResponseType();
responseType.setVersion(issuerInfo.getSamlVersion());
//ID
@@ -103,15 +100,19 @@
XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
//IssueInstant
- responseType.setIssueInstant(issueInstant);
+ responseType.setIssueInstant(issueInstant);*/
+ String responseDestinationURI = sp.getResponseDestinationURI();
+
+ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
+
//Create an assertion
AssertionType assertionType = JBossSAMLBaseFactory.createAssertion();
assertionType.setID("ID_" + JBossSAMLBaseFactory.createUUID());
assertionType.setVersion(issuerInfo.getSamlVersion());
assertionType.setIssueInstant(issueInstant);
- assertionType.setIssuer(issuer);
+ assertionType.setIssuer(issuerInfo.getIssuer());
//Create assertion -> subject
SubjectType subjectType = JBossSAMLBaseFactory.createSubject();
@@ -138,17 +139,42 @@
assertionType.setSubject(subjectType);
- responseType.getAssertionOrEncryptedAssertion().add(assertionType);
+ ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
+ //InResponseTo ID
+ responseType.setInResponseTo(sp.getRequestID());
+ //Destination
+ responseType.setDestination(responseDestinationURI);
+
return responseType;
}
- /**
- * Return the JAXB2 object factory (mainly for invocation chaining)
- * @return
- */
- public static ObjectFactory getObjectFactory()
+ public static ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertionType)
+ throws Exception
{
- return protocolObjectFactory;
+ ResponseType responseType = SAMLProtocolFactory.getObjectFactory().createResponseType();
+ responseType.setVersion(issuerInfo.getSamlVersion());
+
+ //ID
+ responseType.setID(ID);
+
+ //Issuer
+ NameIDType issuer = issuerInfo.getIssuer();
+ responseType.setIssuer(issuer);
+
+ //Status
+ String statusCode = issuerInfo.getStatusCode();
+ if(statusCode == null)
+ throw new IllegalArgumentException("issuerInfo missing status code");
+
+ responseType.setStatus(createStatusType(statusCode) );
+
+ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
+
+ //IssueInstant
+ responseType.setIssueInstant(issueInstant);
+
+ responseType.getAssertionOrEncryptedAssertion().add(assertionType);
+ return responseType;
}
/**
Added: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java (rev 0)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java 2009-01-28 22:29:06 UTC (rev 257)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.factories;
+
+import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
+
+/**
+ * Get the SAML Assertion Object Factory
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 28, 2009
+ */
+public class SAMLAssertionFactory
+{
+ private static ObjectFactory factory = new ObjectFactory();
+
+ public static ObjectFactory getObjectFactory()
+ {
+ return factory;
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLProtocolFactory.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLProtocolFactory.java (rev 0)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLProtocolFactory.java 2009-01-28 22:29:06 UTC (rev 257)
@@ -0,0 +1,40 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.factories;
+
+import org.jboss.identity.federation.saml.v2.protocol.ObjectFactory;
+
+/**
+ * Provides an handle to the ObjectFactory
+ * for creating SAML Protocol objects
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 28, 2009
+ */
+public class SAMLProtocolFactory
+{
+ private static ObjectFactory factory = new ObjectFactory();
+
+ public static ObjectFactory getObjectFactory()
+ {
+ return factory;
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SOAPFactory.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SOAPFactory.java (rev 0)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SOAPFactory.java 2009-01-28 22:29:06 UTC (rev 257)
@@ -0,0 +1,40 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.factories;
+
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.ObjectFactory;
+
+/**
+ * Provides an handle to the ObjectFactory that is capable
+ * of creating SOAP objects
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 28, 2009
+ */
+public class SOAPFactory
+{
+ private static ObjectFactory factory = new ObjectFactory();
+
+ public static ObjectFactory getObjectFactory()
+ {
+ return factory;
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/XACMLStatementFactory.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/XACMLStatementFactory.java (rev 0)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/XACMLStatementFactory.java 2009-01-28 22:29:06 UTC (rev 257)
@@ -0,0 +1,45 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.factories;
+
+import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.ObjectFactory;
+
+/**
+ * Factory for dealing with XACML Statements
+ * sent as SAML statements
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 28, 2009
+ */
+public class XACMLStatementFactory
+{
+ private static ObjectFactory factory = new ObjectFactory();
+
+ /**
+ * Return the object factory to be
+ * used in chain of method invocation
+ * @return
+ */
+ public static ObjectFactory getObjectFactory()
+ {
+ return factory;
+ }
+}
\ No newline at end of file
Modified: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/IssuerInfoHolder.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/IssuerInfoHolder.java 2009-01-27 15:43:56 UTC (rev 256)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/holders/IssuerInfoHolder.java 2009-01-28 22:29:06 UTC (rev 257)
@@ -22,6 +22,7 @@
package org.jboss.identity.federation.core.saml.v2.holders;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
@@ -35,7 +36,7 @@
{
private NameIDType issuer;
- private String statusCodeURI;
+ private String statusCodeURI = JBossSAMLURIConstants.STATUS_SUCCESS.get();
private String samlVersion = JBossSAMLConstants.VERSION_2_0.get();
Modified: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java 2009-01-27 15:43:56 UTC (rev 256)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java 2009-01-28 22:29:06 UTC (rev 257)
@@ -23,55 +23,80 @@
import javax.xml.bind.JAXBElement;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLProtocolFactory;
+import org.jboss.identity.federation.core.saml.v2.factories.SOAPFactory;
+import org.jboss.identity.federation.core.saml.v2.factories.XACMLStatementFactory;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
+import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.jboss.identity.federation.saml.v2.protocol.ArtifactResolveType;
import org.jboss.identity.federation.saml.v2.protocol.AssertionIDRequestType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ManageNameIDRequestType;
import org.jboss.identity.federation.saml.v2.protocol.NameIDMappingRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.ObjectFactory;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
/**
+ * Maps various saml/xacml types to their corresponding JAXBElement
* @author Anil.Saldhana(a)redhat.com
* @since Jan 22, 2009
*/
public class JAXBElementMappingUtil
{
+ /**
+ * Get the JAXBElement for the request type
+ * @param requestAbstractType
+ * @return
+ */
public static JAXBElement<?> get(RequestAbstractType requestAbstractType)
- {
- ObjectFactory factory = new ObjectFactory();
+ {
if(requestAbstractType instanceof AuthnRequestType)
{
AuthnRequestType art = (AuthnRequestType) requestAbstractType;
- return factory.createAuthnRequest(art);
+ return SAMLProtocolFactory.getObjectFactory().createAuthnRequest(art);
}
if(requestAbstractType instanceof LogoutRequestType)
{
LogoutRequestType lrt = (LogoutRequestType) requestAbstractType;
- return factory.createLogoutRequest(lrt);
+ return SAMLProtocolFactory.getObjectFactory().createLogoutRequest(lrt);
}
if(requestAbstractType instanceof AssertionIDRequestType)
{
AssertionIDRequestType airt = (AssertionIDRequestType) requestAbstractType;
- return factory.createAssertionIDRequest(airt);
+ return SAMLProtocolFactory.getObjectFactory().createAssertionIDRequest(airt);
}
if(requestAbstractType instanceof NameIDMappingRequestType)
{
NameIDMappingRequestType airt = (NameIDMappingRequestType) requestAbstractType;
- return factory.createNameIDMappingRequest(airt);
+ return SAMLProtocolFactory.getObjectFactory().createNameIDMappingRequest(airt);
}
if(requestAbstractType instanceof ArtifactResolveType)
{
ArtifactResolveType airt = (ArtifactResolveType) requestAbstractType;
- return factory.createArtifactResolve(airt);
+ return SAMLProtocolFactory.getObjectFactory().createArtifactResolve(airt);
}
if(requestAbstractType instanceof ManageNameIDRequestType)
{
ManageNameIDRequestType airt = (ManageNameIDRequestType) requestAbstractType;
- return factory.createManageNameIDRequest(airt);
+ return SAMLProtocolFactory.getObjectFactory().createManageNameIDRequest(airt);
}
throw new IllegalArgumentException("Unknown Type:"+requestAbstractType);
}
+
+ public static JAXBElement<?> get(ResponseType responseType)
+ {
+ return SAMLProtocolFactory.getObjectFactory().createResponse(responseType);
+ }
+
+ public static JAXBElement<?> get(Envelope envelope)
+ {
+ return SOAPFactory.getObjectFactory().createEnvelope(envelope);
+ }
+
+ public static JAXBElement<?> get(XACMLAuthzDecisionStatementType xacmlStatement)
+ {
+ return XACMLStatementFactory.getObjectFactory().createXACMLAuthzDecisionStatement(xacmlStatement);
+ }
}
\ No newline at end of file
15 years, 3 months
- 1
- 0
JBoss Identity SVN: r256 - in idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl: store/hibernate and 1 other directory.
by jboss-identity-commits@lists.jboss.org
Author: bdaw
Date: 2009-01-27 10:43:56 -0500 (Tue, 27 Jan 2009)
New Revision: 256
Modified:
idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/api/session/managers/PersistenceManagerImpl.java
idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java
Log:
minor fixes
Modified: idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/api/session/managers/PersistenceManagerImpl.java
===================================================================
--- idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/api/session/managers/PersistenceManagerImpl.java 2009-01-27 15:28:46 UTC (rev 255)
+++ idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/api/session/managers/PersistenceManagerImpl.java 2009-01-27 15:43:56 UTC (rev 256)
@@ -144,10 +144,7 @@
public void removeIdentity(Identity identity, boolean force) throws IdentityException
{
- IdentityObjectType iot = getIdentityObjectType();
-
getRepository().removeIdentityObject(getInvocationContext(), createIdentityObject(identity));
-
}
public void removeGroup(Group group, boolean force) throws IdentityException
Modified: idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java
===================================================================
--- idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java 2009-01-27 15:28:46 UTC (rev 255)
+++ idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java 2009-01-27 15:43:56 UTC (rev 256)
@@ -1062,7 +1062,7 @@
public Set<String> getRelationshipNames(IdentityStoreInvocationContext ctx, IdentityObjectSearchControl[] controls) throws IdentityException, OperationNotSupportedException
{
- Set<String> names = new HashSet<String>();
+ Set<String> names = null;
HibernateEntityManager em = getHibernateEntityManager(ctx);
@@ -1254,7 +1254,6 @@
HibernateIdentityObject hibernateObject = safeGet(ctx, identity);
Set<HibernateIdentityObjectAttribute> storeAttributes = hibernateObject.getAttributes();
- Map<String, IdentityObjectAttribute> result = new HashMap<String, IdentityObjectAttribute>();
// Remap the names
for (HibernateIdentityObjectAttribute attribute : storeAttributes)
15 years, 3 months
- 1
- 0
JBoss Identity SVN: r255 - in idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl: store/ldap and 1 other directory.
by jboss-identity-commits@lists.jboss.org
Author: bdaw
Date: 2009-01-27 10:28:46 -0500 (Tue, 27 Jan 2009)
New Revision: 255
Modified:
idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/api/BinaryCredential.java
idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/ldap/LDAPIdentityStoreImpl.java
idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/ldap/SimpleLDAPIdentityObjectTypeConfiguration.java
Log:
few minor code fixes
Modified: idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/api/BinaryCredential.java
===================================================================
--- idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/api/BinaryCredential.java 2009-01-27 06:05:23 UTC (rev 254)
+++ idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/api/BinaryCredential.java 2009-01-27 15:28:46 UTC (rev 255)
@@ -35,7 +35,7 @@
public BinaryCredential(byte[] value)
{
super(TYPE);
- this.value = value;
+ this.value = value.clone();
}
public byte[] getValue()
Modified: idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/ldap/LDAPIdentityStoreImpl.java
===================================================================
--- idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2009-01-27 06:05:23 UTC (rev 254)
+++ idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2009-01-27 15:28:46 UTC (rev 255)
@@ -2054,14 +2054,24 @@
private LdapContext getLDAPContext(IdentityStoreInvocationContext ctx) throws IdentityException
{
+
+ LdapContext ldapContext = null;
+
try
{
- return (LdapContext)ctx.getIdentityStoreSession().getSessionContext();
+ ldapContext = (LdapContext)ctx.getIdentityStoreSession().getSessionContext();
}
catch (Exception e)
{
throw new IdentityException("Could not obtain LDAP connection: ", e);
}
+
+ if (ldapContext == null)
+ {
+ throw new IdentityException("IllegalState: - Could not obtain LDAP connection");
+ }
+
+ return ldapContext;
}
private LDAPIdentityStoreConfiguration getConfiguration(IdentityStoreInvocationContext ctx) throws IdentityException
Modified: idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/ldap/SimpleLDAPIdentityObjectTypeConfiguration.java
===================================================================
--- idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/ldap/SimpleLDAPIdentityObjectTypeConfiguration.java 2009-01-27 06:05:23 UTC (rev 254)
+++ idm/trunk/idm/src/main/java/org/jboss/identity/idm/impl/store/ldap/SimpleLDAPIdentityObjectTypeConfiguration.java 2009-01-27 15:28:46 UTC (rev 255)
@@ -132,13 +132,15 @@
allowedMembershipTypes = relationships.toArray(new String[relationships.size()]);
- attributeNames = new HashMap<String, String>();
+ Map<String, String> attrsNames = new HashMap<String, String>();
for (IdentityObjectAttributeMetaData attributeMetaData : objectTypeMD.getAttributes())
{
- attributeNames.put(attributeMetaData.getName(), attributeMetaData.getStoreMapping());
+ attrsNames.put(attributeMetaData.getName(), attributeMetaData.getStoreMapping());
}
+ attributeNames = Collections.unmodifiableMap(attrsNames);
+
List<String> dns = objectTypeMD.getOption(CTX_DNS);
if (dns != null)
{
@@ -151,8 +153,6 @@
Map<String, List<String>> createEntryAttributesMap = new HashMap<String, List<String>>();
-
-
List<String> createAttributes = objectTypeMD.getOption(CREATE_ENTRY_ATTRIBUTE_VALUES);
if (createAttributes != null && createAttributes.size() > 0 )
@@ -187,11 +187,11 @@
createEntryAttributesArray.put(entry.getKey(), entry.getValue().toArray(new String[entry.getValue().size()]));
}
- this.createEntryAttributeValues = createEntryAttributesArray;
+ this.createEntryAttributeValues = Collections.unmodifiableMap(createEntryAttributesArray);
}
else
{
- this.createEntryAttributeValues = new HashMap<String, String[]>();
+ this.createEntryAttributeValues = Collections.unmodifiableMap(new HashMap<String, String[]>());
}
//TODO: validate all required options - throw exception for missing ones and set defaults for others
@@ -214,15 +214,15 @@
{
this.idAttributeName = idAttributeName;
this.passwordAttributeName = passwordAttributeName;
- this.ctxDNs = ctxDNs;
+ this.ctxDNs = ctxDNs.clone();
this.entrySearchFilter = entrySearchFilter;
this.allowCreateEntry = allowCreateEntry;
- this.createEntryAttributeValues = createEntryAttributeValues;
- this.allowedMembershipTypes = allowedMembershipTypes;
+ this.createEntryAttributeValues = Collections.unmodifiableMap(createEntryAttributeValues);
+ this.allowedMembershipTypes = allowedMembershipTypes.clone();
this.membershipAttributeName = membershipAttributeName;
isMembershipAttributeDN = membershipAttributeDN;
this.allowEmptyMemberships = allowEmptyMemberships;
- this.attributeNames = attributeNames;
+ this.attributeNames = Collections.unmodifiableMap(attributeNames);
}
@@ -234,7 +234,7 @@
public String[] getCtxDNs()
{
- return ctxDNs;
+ return ctxDNs.clone();
}
public String getEntrySearchFilter()
@@ -254,7 +254,7 @@
public String[] getAllowedMembershipTypes()
{
- return allowedMembershipTypes;
+ return allowedMembershipTypes.clone();
}
public String getMembershipAttributeName()
15 years, 3 months
- 1
- 0
JBoss Identity SVN: r254 - in identity-federation/trunk: doc and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-01-27 01:05:23 -0500 (Tue, 27 Jan 2009)
New Revision: 254
Added:
identity-federation/trunk/doc/
identity-federation/trunk/doc/diagrams/
identity-federation/trunk/doc/diagrams/HubNSpokeArchitecture.png
identity-federation/trunk/doc/diagrams/HubNSpokeArchitecture.svg
Log:
inkscape diagrams
Added: identity-federation/trunk/doc/diagrams/HubNSpokeArchitecture.png
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/doc/diagrams/HubNSpokeArchitecture.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/doc/diagrams/HubNSpokeArchitecture.svg
===================================================================
--- identity-federation/trunk/doc/diagrams/HubNSpokeArchitecture.svg (rev 0)
+++ identity-federation/trunk/doc/diagrams/HubNSpokeArchitecture.svg 2009-01-27 06:05:23 UTC (rev 254)
@@ -0,0 +1,922 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ width="400"
+ height="600"
+ id="svg2"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="HubNSpokeArchitecture.svg"
+ version="1.0"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/anil/identity/identity-federation/trunk/doc/diagrams/HubNSpokeArchitecture.png"
+ inkscape:export-xdpi="92.099998"
+ inkscape:export-ydpi="92.099998">
+ <defs
+ id="defs4">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 526.18109 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="744.09448 : 526.18109 : 1"
+ inkscape:persp3d-origin="372.04724 : 350.78739 : 1"
+ id="perspective10" />
+ <pattern
+ id="pattern3652"
+ patternTransform="matrix(0.7855705,0,0,0.8102884,-40.026507,344.29146)"
+ height="55.170761"
+ width="93.184761"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(54.693176,-356.59338)"
+ id="g3556">
+ <rect
+ style="opacity:1;fill:#bababa;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3558"
+ width="93.184761"
+ height="55.170761"
+ x="-54.693176"
+ y="356.59338"
+ ry="0" />
+ <g
+ transform="translate(-75.355185,-11.774248)"
+ style="fill:#e1e1e1;fill-opacity:1"
+ id="g3560">
+ <g
+ style="fill:#e1e1e1;fill-opacity:1"
+ id="g3562">
+ <g
+ style="fill:#e1e1e1;fill-opacity:1"
+ id="g3564">
+ <rect
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3566"
+ width="55.187168"
+ height="9.515029"
+ x="57.140121"
+ y="399.08557"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3568"
+ width="8.801403"
+ height="9.515029"
+ x="44.532711"
+ y="399.08557"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3570"
+ width="8.801403"
+ height="9.515029"
+ x="33.828304"
+ y="399.08557"
+ ry="4.7575145" />
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="22.29133"
+ height="9.515029"
+ width="8.801403"
+ id="rect3572"
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ </g>
+ <g
+ style="fill:#e1e1e1;fill-opacity:1"
+ id="g3574">
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="57.140121"
+ height="9.515029"
+ width="55.187168"
+ id="rect3576"
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="44.532711"
+ height="9.515029"
+ width="8.801403"
+ id="rect3578"
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="33.828304"
+ height="9.515029"
+ width="8.801403"
+ id="rect3580"
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3582"
+ width="8.801403"
+ height="9.515029"
+ x="22.29133"
+ y="412.88235"
+ ry="4.7575145" />
+ </g>
+ </g>
+ <g
+ style="fill:#e1e1e1;fill-opacity:1"
+ id="g3584"
+ transform="matrix(-1,0,0,1,134.61862,-29.020838)">
+ <g
+ style="fill:#e1e1e1;fill-opacity:1"
+ id="g3586">
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="57.140121"
+ height="9.515029"
+ width="55.187168"
+ id="rect3588"
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="44.532711"
+ height="9.515029"
+ width="8.801403"
+ id="rect3590"
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="33.828304"
+ height="9.515029"
+ width="8.801403"
+ id="rect3592"
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3594"
+ width="8.801403"
+ height="9.515029"
+ x="22.29133"
+ y="399.08557"
+ ry="4.7575145" />
+ </g>
+ <g
+ style="fill:#e1e1e1;fill-opacity:1"
+ id="g3596">
+ <rect
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3598"
+ width="55.187168"
+ height="9.515029"
+ x="57.140121"
+ y="412.88235"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3600"
+ width="8.801403"
+ height="9.515029"
+ x="44.532711"
+ y="412.88235"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3602"
+ width="8.801403"
+ height="9.515029"
+ x="33.828304"
+ y="412.88235"
+ ry="4.7575145" />
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="22.29133"
+ height="9.515029"
+ width="8.801403"
+ id="rect3604"
+ style="opacity:0.6927711;fill:#e1e1e1;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ </g>
+ </g>
+ </g>
+ <g
+ transform="translate(-75.691592,-12.110655)"
+ style="fill:#000000;fill-opacity:1"
+ id="g3606"
+ clip-path="url(#clipPath3457)">
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3608">
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3610">
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3612"
+ width="55.187168"
+ height="9.515029"
+ x="57.140121"
+ y="399.08557"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3614"
+ width="8.801403"
+ height="9.515029"
+ x="44.532711"
+ y="399.08557"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3616"
+ width="8.801403"
+ height="9.515029"
+ x="33.828304"
+ y="399.08557"
+ ry="4.7575145" />
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="22.29133"
+ height="9.515029"
+ width="8.801403"
+ id="rect3618"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ </g>
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3620">
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="57.140121"
+ height="9.515029"
+ width="55.187168"
+ id="rect3622"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="44.532711"
+ height="9.515029"
+ width="8.801403"
+ id="rect3624"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="33.828304"
+ height="9.515029"
+ width="8.801403"
+ id="rect3626"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3628"
+ width="8.801403"
+ height="9.515029"
+ x="22.29133"
+ y="412.88235"
+ ry="4.7575145" />
+ </g>
+ </g>
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3630"
+ transform="matrix(-1,0,0,1,134.61862,-29.020838)">
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3632">
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="57.140121"
+ height="9.515029"
+ width="55.187168"
+ id="rect3634"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="44.532711"
+ height="9.515029"
+ width="8.801403"
+ id="rect3636"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="33.828304"
+ height="9.515029"
+ width="8.801403"
+ id="rect3638"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3640"
+ width="8.801403"
+ height="9.515029"
+ x="22.29133"
+ y="399.08557"
+ ry="4.7575145" />
+ </g>
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3642">
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3644"
+ width="55.187168"
+ height="9.515029"
+ x="57.140121"
+ y="412.88235"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3646"
+ width="8.801403"
+ height="9.515029"
+ x="44.532711"
+ y="412.88235"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3648"
+ width="8.801403"
+ height="9.515029"
+ x="33.828304"
+ y="412.88235"
+ ry="4.7575145" />
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="22.29133"
+ height="9.515029"
+ width="8.801403"
+ id="rect3650"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ </g>
+ </g>
+ </g>
+ </g>
+ </pattern>
+ <clipPath
+ id="clipPath3457"
+ clipPathUnits="userSpaceOnUse">
+ <g
+ transform="translate(1.6820352,1.682036)"
+ style="fill:#000000;fill-opacity:1"
+ id="g3459">
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3461">
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3463">
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3465"
+ width="55.187168"
+ height="9.515029"
+ x="57.140121"
+ y="399.08557"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3467"
+ width="8.801403"
+ height="9.515029"
+ x="44.532711"
+ y="399.08557"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3469"
+ width="8.801403"
+ height="9.515029"
+ x="33.828304"
+ y="399.08557"
+ ry="4.7575145" />
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="22.29133"
+ height="9.515029"
+ width="8.801403"
+ id="rect3471"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ </g>
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3473">
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="57.140121"
+ height="9.515029"
+ width="55.187168"
+ id="rect3475"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="44.532711"
+ height="9.515029"
+ width="8.801403"
+ id="rect3477"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="33.828304"
+ height="9.515029"
+ width="8.801403"
+ id="rect3479"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3481"
+ width="8.801403"
+ height="9.515029"
+ x="22.29133"
+ y="412.88235"
+ ry="4.7575145" />
+ </g>
+ </g>
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3483"
+ transform="matrix(-1,0,0,1,134.61862,-29.020838)">
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3485">
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="57.140121"
+ height="9.515029"
+ width="55.187168"
+ id="rect3487"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="44.532711"
+ height="9.515029"
+ width="8.801403"
+ id="rect3489"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ ry="4.7575145"
+ y="399.08557"
+ x="33.828304"
+ height="9.515029"
+ width="8.801403"
+ id="rect3491"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3493"
+ width="8.801403"
+ height="9.515029"
+ x="22.29133"
+ y="399.08557"
+ ry="4.7575145" />
+ </g>
+ <g
+ style="fill:#000000;fill-opacity:1"
+ id="g3495">
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3497"
+ width="55.187168"
+ height="9.515029"
+ x="57.140121"
+ y="412.88235"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3499"
+ width="8.801403"
+ height="9.515029"
+ x="44.532711"
+ y="412.88235"
+ ry="4.7575145" />
+ <rect
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ id="rect3501"
+ width="8.801403"
+ height="9.515029"
+ x="33.828304"
+ y="412.88235"
+ ry="4.7575145" />
+ <rect
+ ry="4.7575145"
+ y="412.88235"
+ x="22.29133"
+ height="9.515029"
+ width="8.801403"
+ id="rect3503"
+ style="opacity:0.6927711;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ </g>
+ </g>
+ </g>
+ </clipPath>
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 526.18109 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="744.09448 : 526.18109 : 1"
+ inkscape:persp3d-origin="372.04724 : 350.78739 : 1"
+ id="perspective2390" />
+ <inkscape:perspective
+ id="perspective2902"
+ inkscape:persp3d-origin="372.04724 : 350.78739 : 1"
+ inkscape:vp_z="744.09448 : 526.18109 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_x="0 : 526.18109 : 1"
+ sodipodi:type="inkscape:persp3d" />
+ <linearGradient
+ y2="211.3031"
+ x2="576.57422"
+ y1="133.76495"
+ x1="575.89093"
+ gradientTransform="translate(-208.2214,109.7383)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient29798"
+ xlink:href="#linearGradient22094"
+ inkscape:collect="always" />
+ <linearGradient
+ id="linearGradient22094">
+ <stop
+ id="stop22096"
+ offset="0"
+ style="stop-color:#000000;stop-opacity:1;" />
+ <stop
+ id="stop22098"
+ offset="1"
+ style="stop-color:#000000;stop-opacity:0;" />
+ </linearGradient>
+ <linearGradient
+ y2="482.6189"
+ x2="265.58069"
+ y1="306.17703"
+ x1="705.01263"
+ gradientTransform="translate(-208.2214,109.7383)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient29800"
+ xlink:href="#linearGradient22983"
+ inkscape:collect="always" />
+ <linearGradient
+ id="linearGradient22983"
+ inkscape:collect="always">
+ <stop
+ id="stop22985"
+ offset="0"
+ style="stop-color:#000000;stop-opacity:1;" />
+ <stop
+ id="stop22987"
+ offset="1"
+ style="stop-color:#000000;stop-opacity:0;" />
+ </linearGradient>
+ <linearGradient
+ y2="949.10645"
+ x2="659.70892"
+ y1="400.16699"
+ x1="491.75668"
+ gradientTransform="translate(-220.8835,106.9245)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient29802"
+ xlink:href="#linearGradient22094"
+ inkscape:collect="always" />
+ <linearGradient
+ y2="560.5694"
+ x2="379.71634"
+ y1="560.5694"
+ x1="253.14423"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient29804"
+ xlink:href="#linearGradient24757"
+ inkscape:collect="always" />
+ <linearGradient
+ id="linearGradient24757">
+ <stop
+ id="stop24759"
+ offset="0"
+ style="stop-color:#d5d5d5;stop-opacity:1;" />
+ <stop
+ id="stop24761"
+ offset="1"
+ style="stop-color:#848484;stop-opacity:0;" />
+ </linearGradient>
+ <linearGradient
+ y2="611.48108"
+ x2="306.17722"
+ y1="596.63184"
+ x1="309.71277"
+ gradientTransform="translate(-9.015606,192.1563)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient29806"
+ xlink:href="#linearGradient24757"
+ inkscape:collect="always" />
+ <linearGradient
+ y2="654.74451"
+ x2="191.44917"
+ y1="654.74451"
+ x1="177.95348"
+ gradientTransform="translate(225.2135,-257.0333)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient29808"
+ xlink:href="#linearGradient24757"
+ inkscape:collect="always" />
+ <inkscape:perspective
+ id="perspective3461"
+ inkscape:persp3d-origin="179.68343 : 156.45264 : 1"
+ inkscape:vp_z="359.36685 : 234.67896 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_x="0 : 234.67896 : 1"
+ sodipodi:type="inkscape:persp3d" />
+ <inkscape:perspective
+ id="perspective4808"
+ inkscape:persp3d-origin="372.04724 : 350.78739 : 1"
+ inkscape:vp_z="744.09448 : 526.18109 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_x="0 : 526.18109 : 1"
+ sodipodi:type="inkscape:persp3d" />
+ <filter
+ inkscape:collect="always"
+ id="filter5537">
+ <feGaussianBlur
+ inkscape:collect="always"
+ stdDeviation="40.093532"
+ id="feGaussianBlur5539" />
+ </filter>
+ </defs>
+ <sodipodi:namedview
+ id="base"
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1.0"
+ gridtolerance="10000"
+ guidetolerance="10"
+ objecttolerance="10"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:zoom="0.35"
+ inkscape:cx="375"
+ inkscape:cy="309.885"
+ inkscape:document-units="px"
+ inkscape:current-layer="layer1"
+ showgrid="false"
+ inkscape:window-width="1680"
+ inkscape:window-height="972"
+ inkscape:window-x="-5"
+ inkscape:window-y="-3" />
+ <metadata
+ id="metadata7">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <g
+ inkscape:label="Layer 1"
+ inkscape:groupmode="layer"
+ id="layer1">
+ <path
+ sodipodi:type="arc"
+ id="path3684"
+ sodipodi:cx="165.71428"
+ sodipodi:cy="284.28571"
+ sodipodi:rx="977.14288"
+ sodipodi:ry="664.28571"
+ d="M 1142.8572,284.28571 A 977.14288,664.28571 0 1 1 -811.4286,284.28571 A 977.14288,664.28571 0 1 1 1142.8572,284.28571 z"
+ style="fill:#000000;fill-opacity:0.24842769000000001;fill-rule:evenodd;filter:url(#filter5537)"
+ transform="matrix(0.998538,0,0,1.316129,-12.614871,-88.442392)"
+ inkscape:export-xdpi="92.099998"
+ inkscape:export-ydpi="92.099998"
+ inkscape:export-filename="/home/anil/identity/identity-federation/trunk/doc/diagrams/HubNSpokeArchitecture.png" />
+ <g
+ transform="matrix(1.0715544,0,0,0.9939127,-244.74484,-205.5078)"
+ id="g3479"
+ inkscape:label="Layer 1">
+ <g
+ inkscape:export-ydpi="90"
+ inkscape:export-xdpi="90"
+ inkscape:export-filename="c:\documents and settings\602654809\My Documents\My Icons\text9507.png"
+ transform="matrix(0.952519,0,0,0.806306,78.74153,104.8958)"
+ id="g29774">
+ <path
+ style="fill:#ffffff;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="M 154.75,296.11218 L 363.75,243.61218 L 531.5,249.36218 L 528.5,612.61218 L 403.25,825.61218 L 169.5,769.11218 L 154.75,296.11218 z"
+ id="path29776" />
+ <g
+ id="g29778">
+ <path
+ sodipodi:nodetypes="ccccc"
+ id="path29780"
+ d="M 363.70083,243.50326 L 531.9118,249.63086 L 404.09406,306.03452 L 154.77598,296.26206 L 363.70083,243.50326 z"
+ style="fill:url(#linearGradient29798);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
+ <path
+ sodipodi:nodetypes="ccccc"
+ id="path29782"
+ d="M 531.39497,249.13188 L 528.29145,612.11242 L 403.25401,825.07754 L 403.42554,305.81484 L 531.39497,249.13188 z"
+ style="fill:url(#linearGradient29800);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
+ <path
+ sodipodi:nodetypes="ccccc"
+ id="path29784"
+ d="M 154.6313,296.25873 L 403.64607,305.63904 L 403.47362,825.23045 L 169.928,768.9544 L 154.6313,296.25873 z"
+ style="fill:url(#linearGradient29802);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
+ <path
+ sodipodi:nodetypes="ccccc"
+ id="path29786"
+ d="M 253.14422,300.00056 L 377.59503,304.59676 L 380.06989,819.3705 L 346.77522,811.59232 L 253.14422,300.00056 z"
+ style="fill:url(#linearGradient29804);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
+ <path
+ sodipodi:nodetypes="ccccc"
+ id="path29788"
+ d="M 169.8824,768.98913 L 169.35209,752.90246 L 403.05086,806.28906 L 402.99021,824.67381 L 169.8824,768.98913 z"
+ style="fill:url(#linearGradient29806);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
+ <path
+ sodipodi:nodetypes="ccccc"
+ id="path29790"
+ d="M 403.75796,306.01097 L 416.66267,300.5309 L 416.66265,803.28386 L 403.16698,824.85059 L 403.75796,306.01097 z"
+ style="fill:url(#linearGradient29808);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
+ <path
+ sodipodi:nodetypes="ccccc"
+ id="path29792"
+ d="M 352.15947,337.77874 L 391.73926,340.00093 L 390.97756,351.6339 L 351.56225,349.37156 L 352.15947,337.77874 z"
+ style="fill:#3c36d3;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
+ <path
+ sodipodi:nodetypes="ccccc"
+ id="path29794"
+ d="M 352.15947,371.93927 L 391.73926,374.16146 L 390.97756,385.79444 L 351.56225,383.53209 L 352.15947,371.93927 z"
+ style="fill:#3c36d3;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
+ <path
+ sodipodi:nodetypes="ccccc"
+ id="path29796"
+ d="M 352.15947,406.0998 L 391.73926,408.32199 L 390.97757,419.95497 L 351.56225,417.69262 L 352.15947,406.0998 z"
+ style="fill:#3c36d3;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" />
+ </g>
+ </g>
+ </g>
+ <flowRoot
+ xml:space="preserve"
+ id="flowRoot3497"
+ style="fill:black;stroke:none;stroke-opacity:1;stroke-width:1px;stroke-linejoin:miter;stroke-linecap:butt;fill-opacity:1;font-family:Sans;font-style:normal;font-weight:normal;font-size:40px;-inkscape-font-specification:Sans;font-stretch:normal;font-variant:normal"><flowRegion
+ id="flowRegion3499"><rect
+ id="rect3502"
+ width="68.571426"
+ height="228.57143"
+ x="60"
+ y="-282.85715" /></flowRegion><flowPara
+ id="flowPara3504"></flowPara></flowRoot> <flowRoot
+ xml:space="preserve"
+ id="flowRoot3506"
+ style="fill:black;stroke:none;stroke-opacity:1;stroke-width:1px;stroke-linejoin:miter;stroke-linecap:butt;fill-opacity:1;font-family:Sans;font-style:normal;font-weight:normal;font-size:40px;-inkscape-font-specification:Sans;font-stretch:normal;font-variant:normal"><flowRegion
+ id="flowRegion3508"><rect
+ id="rect3510"
+ width="674.28571"
+ height="157.14285"
+ x="-145.71428"
+ y="-317.14285" /></flowRegion><flowPara
+ id="flowPara3512"></flowPara></flowRoot> <image
+ y="-13.357134"
+ x="1005.3572"
+ id="image4810"
+ height="392.42856"
+ width="237.85715"
+ sodipodi:absref="/tmp/ocal-H0N3NU-buggi_server.png"
+ xlink:href="/tmp/ocal-H0N3NU-buggi_server.png" />
+ <image
+ y="29.500013"
+ x="-893.21429"
+ id="image4814"
+ height="392.42856"
+ width="237.85715"
+ sodipodi:absref="/tmp/ocal-H0N3NU-buggi_server.png"
+ xlink:href="/tmp/ocal-H0N3NU-buggi_server.png" />
+ <image
+ y="-710.5"
+ x="72.500038"
+ id="image4816"
+ height="392.42856"
+ width="237.85715"
+ sodipodi:absref="/tmp/ocal-H0N3NU-buggi_server.png"
+ xlink:href="/tmp/ocal-H0N3NU-buggi_server.png" />
+ <image
+ y="972.35718"
+ x="55.357117"
+ id="image4818"
+ height="392.42856"
+ width="237.85715"
+ sodipodi:absref="/tmp/ocal-H0N3NU-buggi_server.png"
+ xlink:href="/tmp/ocal-H0N3NU-buggi_server.png" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:22.6469841;stroke-linecap:butt;stroke-linejoin:miter;marker-end:none;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M -646.8908,193.10921 L -1.6806355,338.31937"
+ id="path4840"
+ inkscape:connector-type="polyline" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:26.39681625;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 202.15873,-319.30159 L 194.98412,99.301592"
+ id="path5363"
+ inkscape:connector-type="polyline" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:25.55309296;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 377.4194,296.86631 L 1005.4378,263.13369"
+ id="path5365"
+ inkscape:connector-type="polyline" />
+ <path
+ style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:25.74223518;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 216.77174,971.05745 L 208.94255,543.22826"
+ id="path5367"
+ inkscape:connector-type="polyline" />
+ <text
+ xml:space="preserve"
+ style="font-size:40px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Sans;-inkscape-font-specification:Sans"
+ x="-440.85715"
+ y="680.28571"
+ id="text3493"><tspan
+ sodipodi:role="line"
+ id="tspan3495"
+ x="-440.85715"
+ y="680.28571"
+ style="font-size:72px">Identity Provider</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:72;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Sans;-inkscape-font-specification:Sans"
+ x="1337.1429"
+ y="162.85715"
+ id="text5369"><tspan
+ sodipodi:role="line"
+ id="tspan5371"
+ x="1337.1429"
+ y="162.85715">Service </tspan><tspan
+ sodipodi:role="line"
+ x="1337.1429"
+ y="212.85715"
+ id="tspan5373">Provider</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:72px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Sans;-inkscape-font-specification:Sans"
+ x="-1219.1984"
+ y="110.41322"
+ id="text5375"><tspan
+ sodipodi:role="line"
+ id="tspan5377"
+ x="-1219.1984"
+ y="110.41322">Service </tspan><tspan
+ sodipodi:role="line"
+ x="-1219.1984"
+ y="200.41319"
+ id="tspan5379">Provider</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:72px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Sans;-inkscape-font-specification:Sans"
+ x="-324.91266"
+ y="1236.1276"
+ id="text5381"><tspan
+ sodipodi:role="line"
+ id="tspan5383"
+ x="-324.91266"
+ y="1236.1276">Service </tspan><tspan
+ sodipodi:role="line"
+ x="-324.91266"
+ y="1326.1276"
+ id="tspan5385">Provider</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:72px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Sans;-inkscape-font-specification:Sans"
+ x="455.08737"
+ y="-638.1582"
+ id="text5387"><tspan
+ sodipodi:role="line"
+ id="tspan5389"
+ x="455.08737"
+ y="-638.1582">Service </tspan><tspan
+ sodipodi:role="line"
+ x="455.08737"
+ y="-548.1582"
+ id="tspan5391">Provider</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:56;font-style:italic;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Sans;-inkscape-font-specification:Sans Italic"
+ x="948.57141"
+ y="897.14288"
+ id="text5541"><tspan
+ sodipodi:role="line"
+ id="tspan5543"
+ x="948.57141"
+ y="897.14288">Circle Of Trust</tspan></text>
+ </g>
+</svg>
15 years, 3 months
- 1
- 0
JBoss Identity SVN: r253 - in identity-federation/trunk/identity-fed-api/src: test/java/org/jboss/test/identity/federation/api/saml/v2 and 1 other directory.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-01-27 01:04:07 -0500 (Tue, 27 Jan 2009)
New Revision: 253
Added:
identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2RequestUnitTestCase.java
Modified:
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
Log:
add logout req
Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
--- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-01-27 04:59:21 UTC (rev 252)
+++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-01-27 06:04:07 UTC (rev 253)
@@ -31,9 +31,13 @@
import javax.xml.bind.Unmarshaller;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
+import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
import org.jboss.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
+import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
/**
@@ -114,6 +118,27 @@
}
/**
+ * Create a Logout Request
+ * @param issuer
+ * @return
+ * @throws Exception
+ */
+ public LogoutRequestType createLogoutRequest(String issuer) throws Exception
+ {
+ org.jboss.identity.federation.saml.v2.protocol.ObjectFactory of
+ = new org.jboss.identity.federation.saml.v2.protocol.ObjectFactory();
+ LogoutRequestType lrt = of.createLogoutRequestType();
+ lrt.setIssueInstant(XMLTimeUtil.getIssueInstant());
+
+ //Create an issuer
+ NameIDType issuerNameID = JBossSAMLBaseFactory.createNameID();
+ issuerNameID.setValue(issuer);
+ lrt.setIssuer(issuerNameID);
+
+ return lrt;
+ }
+
+ /**
* Parse an XACML Authorization Decision Query from an xml file
* @param resourceName
* @return
Added: identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2RequestUnitTestCase.java
===================================================================
--- identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2RequestUnitTestCase.java (rev 0)
+++ identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2RequestUnitTestCase.java 2009-01-27 06:04:07 UTC (rev 253)
@@ -0,0 +1,44 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.api.saml.v2;
+
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.saml.v2.protocol.LogoutRequestType;
+
+import junit.framework.TestCase;
+
+
+/**
+ * Unit Test the SAMl2Request API
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 26, 2009
+ */
+public class SAML2RequestUnitTestCase extends TestCase
+{
+ public void testLogOut() throws Exception
+ {
+ SAML2Request saml2Request = new SAML2Request();
+ LogoutRequestType lrt = saml2Request.createLogoutRequest("http://idp");
+ assertNotNull("LogoutRequest is not null", lrt);
+ }
+
+}
\ No newline at end of file
15 years, 3 months
- 1
- 0
JBoss Identity SVN: r252 - in identity-federation/trunk: identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp and 3 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-01-26 23:59:21 -0500 (Mon, 26 Jan 2009)
New Revision: 252
Added:
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/ValveUtilUnitTestCase.java
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/IssuerNotTrustedException.java
Modified:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
Log:
bring in trust between SP and IDP
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-26 13:20:45 UTC (rev 251)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-27 04:59:21 UTC (rev 252)
@@ -44,12 +44,14 @@
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.bindings.config.IDP;
+import org.jboss.identity.federation.bindings.config.Trust;
import org.jboss.identity.federation.bindings.interfaces.RoleGenerator;
import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
@@ -120,6 +122,8 @@
requestAbstractType = getSAMLRequest(request);
this.validate(request);
+ this.isTrusted(requestAbstractType.getIssuer().getValue());
+
ResponseType responseType = this.getResponse(request, userPrincipal);
send(responseType, request.getParameter("RelayState"), response);
}
@@ -143,6 +147,30 @@
}
}
+ /**
+ * Verify that the issuer is trusted
+ * @param issuer
+ * @throws IssuerNotTrustedException
+ */
+ protected void isTrusted(String issuer) throws IssuerNotTrustedException
+ {
+ try
+ {
+ String issuerDomain = ValveUtil.getDomain(issuer);
+ Trust idpTrust = idpConfiguration.getTrust();
+ if(idpTrust != null)
+ {
+ String domainsTrusted = idpTrust.getDomains();
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ catch (Exception e)
+ {
+ throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
+ }
+ }
+
protected void send(ResponseType responseType, String relayState, Response response) throws ServletException
{
try
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-01-26 13:20:45 UTC (rev 251)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-01-27 04:59:21 UTC (rev 252)
@@ -42,12 +42,14 @@
import org.jboss.identity.federation.api.util.Base64;
import org.jboss.identity.federation.api.util.DeflateUtil;
import org.jboss.identity.federation.bindings.config.SP;
+import org.jboss.identity.federation.bindings.config.Trust;
import org.jboss.identity.federation.bindings.jboss.DefaultJBossSubjectRegistration;
import org.jboss.identity.federation.bindings.jboss.JBossSubjectRegistration;
import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
@@ -158,16 +160,14 @@
catch (Exception e)
{
//TODO: send a saml response message
- log.trace("Exception:",e);
- e.printStackTrace();
+ log.trace("Exception:",e);
}
return false;
}
catch(Exception e)
{
//TODO: send a saml response message
- log.debug("Exception :",e);
- e.printStackTrace();
+ log.debug("Exception :",e);
}
//fallback
@@ -205,6 +205,25 @@
return sb.toString();
}
+ protected void isTrusted(String issuer) throws IssuerNotTrustedException
+ {
+ try
+ {
+ String issuerDomain = ValveUtil.getDomain(issuer);
+ Trust idpTrust = spConfiguration.getTrust();
+ if(idpTrust != null)
+ {
+ String domainsTrusted = idpTrust.getDomains();
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ catch (Exception e)
+ {
+ throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
+ }
+ }
+
protected boolean validate(Request request) throws Exception
{
return request.getParameter("SAMLResponse") != null;
@@ -226,6 +245,8 @@
SAML2Response saml2Response = new SAML2Response();
ResponseType responseType = saml2Response.getResponseType(is);
+
+ this.isTrusted(responseType.getIssuer().getValue());
SPUtil spUtil = new SPUtil();
return spUtil.handleSAMLResponse(request, responseType);
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-01-26 13:20:45 UTC (rev 251)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-01-27 04:59:21 UTC (rev 252)
@@ -95,4 +95,16 @@
JAXBElement<SP> jaxbSp = (JAXBElement<SP>) un.unmarshal(is);
return jaxbSp.getValue();
}
+
+ /**
+ * Given a SP or IDP issuer from the assertion, return the host
+ * @param domainURL
+ * @return
+ * @throws Exception
+ */
+ public static String getDomain(String domainURL) throws Exception
+ {
+ URL url = new URL(domainURL);
+ return url.getHost();
+ }
}
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/ValveUtilUnitTestCase.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/ValveUtilUnitTestCase.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/ValveUtilUnitTestCase.java 2009-01-27 04:59:21 UTC (rev 252)
@@ -0,0 +1,49 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.util;
+
+import org.jboss.identity.federation.bindings.util.ValveUtil;
+
+import junit.framework.TestCase;
+
+/**
+ * Unit tests for the ValveUtil
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 26, 2009
+ */
+public class ValveUtilUnitTestCase extends TestCase
+{
+ /**
+ * Given an issuer url, retrieve the host
+ * @throws Exception
+ */
+ public void testTrustedDomain() throws Exception
+ {
+ String issuerURL = "http://localhost:8080/sp";
+ String issuer = ValveUtil.getDomain(issuerURL);
+ assertEquals("localhost", "localhost", issuer);
+
+ issuerURL = "http://192.168.0.1/idp";
+ issuer = ValveUtil.getDomain(issuerURL);
+ assertEquals("192.168.0.1", "192.168.0.1", issuer);
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/IssuerNotTrustedException.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/IssuerNotTrustedException.java (rev 0)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/IssuerNotTrustedException.java 2009-01-27 04:59:21 UTC (rev 252)
@@ -0,0 +1,54 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.exceptions;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Exception indicating that the issuer is not trusted
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 26, 2009
+ */
+public class IssuerNotTrustedException extends GeneralSecurityException
+{
+ private static final long serialVersionUID = 1L;
+
+ public IssuerNotTrustedException()
+ {
+ super();
+ }
+
+ public IssuerNotTrustedException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+
+ public IssuerNotTrustedException(String msg)
+ {
+ super(msg);
+ }
+
+ public IssuerNotTrustedException(Throwable cause)
+ {
+ super(cause);
+ }
+}
\ No newline at end of file
15 years, 3 months
- 1
- 0
JBoss Identity SVN: r251 - in identity-federation/trunk: identity-fed-api and 3 other directories.
by jboss-identity-commits@lists.jboss.org
Author: mmoyses
Date: 2009-01-26 08:20:45 -0500 (Mon, 26 Jan 2009)
New Revision: 251
Modified:
identity-federation/trunk/identity-bindings/pom.xml
identity-federation/trunk/identity-fed-api/pom.xml
identity-federation/trunk/identity-fed-core/pom.xml
identity-federation/trunk/identity-fed-model/pom.xml
identity-federation/trunk/identity-xmlsecmodel/pom.xml
Log:
Adding class diagrams to javadoc
Modified: identity-federation/trunk/identity-bindings/pom.xml
===================================================================
--- identity-federation/trunk/identity-bindings/pom.xml 2009-01-26 13:19:30 UTC (rev 250)
+++ identity-federation/trunk/identity-bindings/pom.xml 2009-01-26 13:20:45 UTC (rev 251)
@@ -111,4 +111,34 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present ${project.organization.name}. All Rights Reserved."
+ -link http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
</project>
Modified: identity-federation/trunk/identity-fed-api/pom.xml
===================================================================
--- identity-federation/trunk/identity-fed-api/pom.xml 2009-01-26 13:19:30 UTC (rev 250)
+++ identity-federation/trunk/identity-fed-api/pom.xml 2009-01-26 13:20:45 UTC (rev 251)
@@ -85,4 +85,34 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present ${project.organization.name}. All Rights Reserved."
+ -link http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
</project>
Modified: identity-federation/trunk/identity-fed-core/pom.xml
===================================================================
--- identity-federation/trunk/identity-fed-core/pom.xml 2009-01-26 13:19:30 UTC (rev 250)
+++ identity-federation/trunk/identity-fed-core/pom.xml 2009-01-26 13:20:45 UTC (rev 251)
@@ -80,4 +80,34 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present ${project.organization.name}. All Rights Reserved."
+ -link http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
</project>
Modified: identity-federation/trunk/identity-fed-model/pom.xml
===================================================================
--- identity-federation/trunk/identity-fed-model/pom.xml 2009-01-26 13:19:30 UTC (rev 250)
+++ identity-federation/trunk/identity-fed-model/pom.xml 2009-01-26 13:20:45 UTC (rev 251)
@@ -102,4 +102,34 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present ${project.organization.name}. All Rights Reserved."
+ -link http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
</project>
Modified: identity-federation/trunk/identity-xmlsecmodel/pom.xml
===================================================================
--- identity-federation/trunk/identity-xmlsecmodel/pom.xml 2009-01-26 13:19:30 UTC (rev 250)
+++ identity-federation/trunk/identity-xmlsecmodel/pom.xml 2009-01-26 13:20:45 UTC (rev 251)
@@ -79,4 +79,34 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present ${project.organization.name}. All Rights Reserved."
+ -link http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
</project>
15 years, 3 months
- 1
- 0
JBoss Identity SVN: r250 - in xmlkey/trunk: common and 2 other directories.
by jboss-identity-commits@lists.jboss.org
Author: mmoyses
Date: 2009-01-26 08:19:30 -0500 (Mon, 26 Jan 2009)
New Revision: 250
Modified:
xmlkey/trunk/assembly/
xmlkey/trunk/common/
xmlkey/trunk/common/pom.xml
xmlkey/trunk/skms/
xmlkey/trunk/skms/pom.xml
xmlkey/trunk/xkms/
xmlkey/trunk/xkms/pom.xml
Log:
Adding class diagrams to javadoc
Property changes on: xmlkey/trunk/assembly
___________________________________________________________________
Name: svn:ignore
+ target
Property changes on: xmlkey/trunk/common
___________________________________________________________________
Name: svn:ignore
+ target
Modified: xmlkey/trunk/common/pom.xml
===================================================================
--- xmlkey/trunk/common/pom.xml 2009-01-26 06:23:15 UTC (rev 249)
+++ xmlkey/trunk/common/pom.xml 2009-01-26 13:19:30 UTC (rev 250)
@@ -83,4 +83,34 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present ${project.organization.name}. All Rights Reserved."
+ -link http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
</project>
Property changes on: xmlkey/trunk/skms
___________________________________________________________________
Name: svn:ignore
+ target
Modified: xmlkey/trunk/skms/pom.xml
===================================================================
--- xmlkey/trunk/skms/pom.xml 2009-01-26 06:23:15 UTC (rev 249)
+++ xmlkey/trunk/skms/pom.xml 2009-01-26 13:19:30 UTC (rev 250)
@@ -92,4 +92,34 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present ${project.organization.name}. All Rights Reserved."
+ -link http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
</project>
Property changes on: xmlkey/trunk/xkms
___________________________________________________________________
Name: svn:ignore
+ target
Modified: xmlkey/trunk/xkms/pom.xml
===================================================================
--- xmlkey/trunk/xkms/pom.xml 2009-01-26 06:23:15 UTC (rev 249)
+++ xmlkey/trunk/xkms/pom.xml 2009-01-26 13:19:30 UTC (rev 250)
@@ -98,4 +98,34 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present ${project.organization.name}. All Rights Reserved."
+ -link http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
</project>
15 years, 3 months
- 1
- 0