Clover Coverage Report
Coverage timestamp: Sun Mar 23 2008 08:24:39 GMT
Overview   Package   File
    FRAMES   NO FRAMES     
15   208   4   1.88
4   64   0.73   8
8     1.38  
1    
 
 
  ShibbolethAuthzTokenParser       Line # 115 15 4 48.1% 0.4814815
 
No Tests
 
1    /*
2    * Copyright (c) 2000-2005, University of Salford
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions are met:
7    *
8    * Redistributions of source code must retain the above copyright notice, this
9    * list of conditions and the following disclaimer.
10    *
11    * Redistributions in binary form must reproduce the above copyright notice,
12    * this list of conditions and the following disclaimer in the documentation
13    * and/or other materials provided with the distribution.
14    *
15    * Neither the name of the University of Salford nor the names of its
16    * contributors may be used to endorse or promote products derived from this
17    * software without specific prior written permission.
18    *
19    * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20    * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21    * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22    * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23    * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24    * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25    * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26    * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27    * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28    * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29    * POSSIBILITY OF SUCH DAMAGE.
30    */
31    /*
32    * Copyright (c) 2006, University of Kent
33    * All rights reserved.
34    *
35    * Redistribution and use in source and binary forms, with or without
36    * modification, are permitted provided that the following conditions are met:
37    *
38    * Redistributions of source code must retain the above copyright notice, this
39    * list of conditions and the following disclaimer.
40    *
41    * Redistributions in binary form must reproduce the above copyright notice,
42    * this list of conditions and the following disclaimer in the documentation
43    * and/or other materials provided with the distribution.
44    *
45    * 1. Neither the name of the University of Kent nor the names of its
46    * contributors may be used to endorse or promote products derived from this
47    * software without specific prior written permission.
48    *
49    * 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
50    * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
51    * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
52    * PURPOSE ARE DISCLAIMED.
53    *
54    * 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
55    * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
56    * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
57    * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
58    * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
59    * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
60    * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
61    * POSSIBILITY OF SUCH DAMAGE.
62    *
63    * 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE
64    * IN THE CIRCUMSTANCES. IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS
65    * SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS
66    * SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH
67    * GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH
68    * TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY
69    * IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE
70    * SERIOUS FAULTS, IN THIS SOFTWARE.
71    *
72    * 5. This license is governed, except to the extent that local laws
73    * necessarily apply, by the laws of England and Wales.
74    */
75   
76    package issrg.shibboleth;
77   
78    import issrg.pba.DefaultParsedToken;
79    import issrg.pba.ParsedToken;
80    import issrg.pba.rbac.SignatureVerifier;
81    import issrg.pba.rbac.RoleBasedAuthzTokenParser;
82    import issrg.pba.rbac.RoleHierarchyPolicy;
83    import java.util.Map;
84    import java.util.Hashtable;
85   
86    import issrg.pba.Credentials;
87    import issrg.pba.rbac.PermisCredentials;
88    import issrg.pba.rbac.RoleBasedCredentials;
89    import issrg.pba.rbac.ExpirableCredentials;
90    import issrg.pba.rbac.AnyTimeValidityPeriod;
91    import issrg.pba.PbaException;
92   
93    import issrg.pba.repository.UserEntry;
94    import issrg.pba.repository.EntryLocator;
95    import issrg.utils.repository.Entry;
96    import issrg.pba.rbac.LDAPDNPrincipal;
97    import issrg.pba.rbac.BadURLException;
98   
99    /**
100    * This class is a AuthTokenParser that can be used in connection with Shibboleth.
101    * mod_permis Apache module collects the attributes that are made available by
102    * Shibboleth, then it can use PERMIS to make access control decisions. For this
103    * purpose it should call getCreds method on PERMIS RBAC. Since by default
104    * PermisRBAC uses RoleBasedACParser (which expects X.509 Attribute Certificates)
105    * a different AuthTokenParser should be provided for PermisRBAC at construction
106    * time (see CustomisePERMIS).
107    *
108    * <p>By extending from RoleBasedAuthTokenParser it inherits some existing
109    * functionality.
110    *
111    * @author A.Otenko
112    * @see issrg.pba.rbac.CustomisePERMIS, issrg.pba.rbac.RoleBasedAuthTokenParser
113    */
114   
 
115    public class ShibbolethAuthzTokenParser implements RoleBasedAuthzTokenParser {
116    protected RoleHierarchyPolicy roleHierarchy=null;
117   
118    protected Entry h = null;
119   
 
120  2 toggle public ShibbolethAuthzTokenParser(){
121  2 h = new UserEntry(LDAPDNPrincipal.WHOLE_WORLD_DN); // all the users are anonymous in Shibboleth
122    }
123   
 
124  0 toggle public Map getAuthTokenParsingRules(){
125  0 Map m = new Hashtable();
126  0 m.put(RoleHierarchyPolicy.class, roleHierarchy);
127  0 return m;
128    }
129   
 
130  2 toggle public void setAuthTokenParsingRules(Map m) {
131  2 setRoleHierarchy((RoleHierarchyPolicy) m.get(RoleHierarchyPolicy.class));
132    }
133   
 
134  2 toggle public void setRoleHierarchy(RoleHierarchyPolicy rhp) {
135  2 roleHierarchy = rhp;
136    }
137   
138    /**
139    * This method decodes the given Shibboleth credentials. It expects
140    * RoleBasedCredentials
141    * objects on input, and its value is mapped directly into the roles defined
142    * in PERMIS Policy.
143    *
144    * <p>Note that the type of the role and its value are taken from HTTP Header.
145    * by mod_permis. This method assumes the holder of the Credentials is
146    * "whole world", which corresponds to a null LDAP Distinguished Name.
147    *
148    * @param creds - the Object representing a credentials; must be a String of
149    * a format, supported by ShibbolethPrincipal
150    *
151    * @return ParsedToken corresponding to the credentials String on input, the
152    * holder of which is "the whole world".
153    *
154    * @see ShibbolethPrincipal
155    */
 
156  0 toggle public ParsedToken decode(Object creds) throws PbaException {
157  0 return decode(creds, h);
158    }
159   
160    /**
161    * This method parses the Credentials that is a String encoding of a role
162    * and assumes the holder of the Credentials is provided. The format of the
163    * String is described in ShibbolethPrincipal.
164    *
165    * @param creds - the Credentials to be decoded
166    * @param h - the holder of the Credentials
167    *
168    * @return ParsedToken corresponding to the credentials String on input the
169    * holder of which is specified explicitly
170    *
171    * @see ShibbolethPrincipal
172    */
 
173  9 toggle public ParsedToken decode(Object creds, Entry h) throws PbaException {
174  9 if (creds==null || !(creds instanceof String)) {
175  0 throw new PbaException("String was expected, but "+(creds==null?"null":creds.getClass().getName())+" was found");
176    }
177   
178  9 ShibbolethPrincipal shibCreds;
179   
180  9 try{
181  9 shibCreds = new ShibbolethPrincipal((String)creds);
182    }catch(BadURLException bue){
183  0 throw new PbaException("Failed to get credentials: "+bue.getMessage(), bue);
184    }
185   
186  9 return new DefaultParsedToken(h, new EntryLocator(shibCreds.getIssuerEntry(), shibCreds.getIssuerEntry().getEntryName(), null, null),
187    new ExpirableCredentials(
188    new PermisCredentials(roleHierarchy.getRole(
189    shibCreds.getAttributeType(),
190    shibCreds.getAttributeValue())
191    ),
192    new AnyTimeValidityPeriod()
193    )
194    );
195    }
196   
197    /**
198    * This method does nothing, as Shibboleth Credentials are not signed.
199    */
 
200  0 toggle public void setSignatureVerifier(SignatureVerifier sv){}
201   
202    /**
203    * This method always returns null, as no signature verification happens.
204    */
 
205  0 toggle public SignatureVerifier getSignatureVerifier(){
206  0 return null;
207    }
208    }
 
CloverReport generated by Clover Code Coverage v2.0.3
Sun Mar 23 2008 08:29:30 GMT.		   Clover: Open Source License registered to OpenPERMIS.