Examples of RoleDescriptor

org.apache.derby.iapi.sql.dictionary.RoleDescriptor
This class is used by rows in the SYS.SYSROLES system table.
org.opensaml.saml2.metadata.RoleDescriptor
SAML 2.0 Metadata RoleDescriptor.

Examples of org.apache.derby.iapi.sql.dictionary.RoleDescriptor


            for (Iterator gIter = grantees.iterator(); gIter.hasNext();) {
                String grantee = (String)gIter.next();


                // check that role exists
                RoleDescriptor rd = dd.getRoleDefinitionDescriptor(role);


                if (rd == null) {
                    throw StandardException.
                        newException(SQLState.ROLE_INVALID_SPECIFICATION, role);
                }


                // Check that role is granted to us (or PUBLIC) with
                // WITH ADMIN option so we can grant it. For database
                // owner, a role definition always fulfills this
                // requirement.  If we implement granting with WITH ADMIN
                // option later, we need to look for a grant to us (or
                // PUBLIC) which has WITH ADMIN. The role definition
                // descriptor will not suffice in that case, so we
                // need something like:
                //
                // rd = dd.findRoleGrantWithAdminToRoleOrPublic(grantor)
                // if (rd != null) {
                //   :
                if (grantor.equals(rd.getGrantee())) {
                    // All ok, we are database owner
                    if (SanityManager.DEBUG) {
                        SanityManager.ASSERT(
                            lcc.getDataDictionary().
                            getAuthorizationDatabaseOwner().
                            equals(grantor),
                            "expected database owner in role descriptor");
                        SanityManager.ASSERT(
                            rd.isWithAdminOption(),
                            "expected role definition to have ADMIN OPTION");
                    }
                } else {
                    throw StandardException.newException
                        (SQLState.AUTH_ROLE_DBO_ONLY, "GRANT role");
                }


                rd = dd.getRoleGrantDescriptor(role, grantee, grantor);


                if (rd != null && withAdminOption && !rd.isWithAdminOption()) {
                    // NOTE: Never called yet, withAdminOption not yet
                    // implemented.


                    // Remove old descriptor and add a new one with admin
                    // option: cf. SQL 2003, section 12.5, general rule 3
                    rd.drop(lcc);
                    rd.setWithAdminOption(true);
                    dd.addDescriptor(rd,
                                     null,  // parent
                                     DataDictionary.SYSROLES_CATALOG_NUM,
                                     false, // no duplicatesAllowed
                                     tc);
                } else if (rd == null) {
                    RoleDescriptor gd = dd.getRoleDefinitionDescriptor(grantee);


                    if (gd != null) {
                        // FIXME: Grantee is role, need to check for circularity
                    }

View Full Code Here

Examples of org.opensaml.saml2.metadata.RoleDescriptor

        if (DatatypeHelper.isEmpty(supportedProtocol)) {
            log.debug("Supported protocol was null, skipping search for role.");
            return null;
        }


        RoleDescriptor role = doGetRole(entityID, roleName, supportedProtocol);
        if (role == null) {
            log.debug("Metadata document does not contain a role of type {} supporting protocol {} for entity {}",
                    new Object[] { roleName, supportedProtocol, entityID });
            return null;
        }

View Full Code Here

Examples of org.opensaml.saml2.metadata.RoleDescriptor

                    entityID);
            return null;
        }


        Iterator<RoleDescriptor> rolesItr = roles.iterator();
        RoleDescriptor role = null;
        while (rolesItr.hasNext()) {
            role = rolesItr.next();
            if (role != null && role.isSupportedProtocol(supportedProtocol)) {
                return role;
            }
        }


        return null;

View Full Code Here

Examples of org.opensaml.saml2.metadata.RoleDescriptor

            }


            if (DatatypeHelper.isEmpty(protocol)) {
                return metadata.getRole(entityID, role);
            } else {
                RoleDescriptor roleDescriptor = metadata.getRole(entityID, role, protocol);
                if (roleDescriptor == null) {
                    return null;
                }
                List<RoleDescriptor> roles = new ArrayList<RoleDescriptor>();
                roles.add(roleDescriptor);

View Full Code Here

Examples of org.opensaml.saml2.metadata.RoleDescriptor

        if (DatatypeHelper.isEmpty(supportedProtocol)) {
            log.debug("Supported protocol was null, skipping search for role.");
            return null;
        }


        RoleDescriptor role = doGetRole(entityID, roleName, supportedProtocol);
        if (role == null) {
            log.debug("Metadata document does not contain a role of type {} supporting protocol {} for entity {}",
                    new Object[] { roleName, supportedProtocol, entityID });
            return null;
        }

View Full Code Here

Examples of org.opensaml.saml2.metadata.RoleDescriptor

                    entityID);
            return null;
        }


        Iterator<RoleDescriptor> rolesItr = roles.iterator();
        RoleDescriptor role = null;
        while (rolesItr.hasNext()) {
            role = rolesItr.next();
            if (role != null && role.isSupportedProtocol(supportedProtocol)) {
                return role;
            }
        }


        return null;

View Full Code Here

Examples of org.opensaml.saml2.metadata.RoleDescriptor

    public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol)
            throws MetadataProviderException {
        Lock readLock = providerLock.readLock();
        readLock.lock();


        RoleDescriptor roleDescriptor = null;
        try {
            for (MetadataProvider provider : providers) {
                log.debug("Checking child metadata provider for entity descriptor with entity ID: {}", entityID);
                try {
                    roleDescriptor = provider.getRole(entityID, roleName, supportedProtocol);

View Full Code Here

Examples of org.opensaml.saml2.metadata.RoleDescriptor

            }


            if (DatatypeHelper.isEmpty(protocol)) {
                return metadata.getRole(entityID, role);
            } else {
                RoleDescriptor roleDescriptor = metadata.getRole(entityID, role, protocol);
                if (roleDescriptor == null) {
                    return null;
                }
                List<RoleDescriptor> roles = new ArrayList<RoleDescriptor>();
                roles.add(roleDescriptor);

View Full Code Here

Examples of org.opensaml.saml2.metadata.RoleDescriptor

            verifySignature(entityDescriptor, entityID, false);
        }
        
        Iterator<RoleDescriptor> roleIter = entityDescriptor.getRoleDescriptors().iterator();
        while (roleIter.hasNext()) {
           RoleDescriptor roleChild = roleIter.next(); 
            if (!roleChild.isSigned()) {
                log.trace("RoleDescriptor member '{}' was not signed, skipping signature processing...",
                        roleChild.getElementQName());
                continue;
            } else {
                log.trace("Processing signed RoleDescriptor member: {}", roleChild.getElementQName());
            }
            
            try {
                String roleID = getRoleIDToken(entityID, roleChild);
                verifySignature(roleChild, roleID, false);
            } catch (FilterException e) {
                log.error("RoleDescriptor '{}' subordinate to entity '{}' failed signature verification, " 
                       + "removing from metadata provider", 
                       roleChild.getElementQName(), entityID); 
                // Note that this is ok since we're iterating over an IndexedXMLObjectChildrenList directly,
                // rather than a sublist like in processEntityGroup, and iterator remove() is supported there.
               roleIter.remove();
            }
        }

View Full Code Here

Examples of org.opensaml.saml2.metadata.RoleDescriptor

    /** Class logger. */
    private final Logger log = LoggerFactory.getLogger(RoleDescriptorMarshaller.class);


    /** {@inheritDoc} */
    protected void marshallAttributes(XMLObject samlElement, Element domElement) throws MarshallingException {
        RoleDescriptor roleDescriptor = (RoleDescriptor) samlElement;


        // Set the ID attribute
        if (roleDescriptor.getID() != null) {
            log.trace("Writing ID attribute to RoleDescriptor DOM element");
            domElement.setAttributeNS(null, RoleDescriptor.ID_ATTRIB_NAME, roleDescriptor.getID());
            domElement.setIdAttributeNS(null, RoleDescriptor.ID_ATTRIB_NAME, true);
        }


        // Set the validUntil attribute
        if (roleDescriptor.getValidUntil() != null) {
            log.trace("Writting validUntil attribute to RoleDescriptor DOM element");
            String validUntilStr = Configuration.getSAMLDateFormatter().print(roleDescriptor.getValidUntil());
            domElement.setAttributeNS(null, TimeBoundSAMLObject.VALID_UNTIL_ATTRIB_NAME, validUntilStr);
        }


        // Set the cacheDuration attribute
        if (roleDescriptor.getCacheDuration() != null) {
            log.trace("Writting cacheDuration attribute to EntitiesDescriptor DOM element");
            String cacheDuration = XMLHelper.longToDuration(roleDescriptor.getCacheDuration());
            domElement.setAttributeNS(null, CacheableSAMLObject.CACHE_DURATION_ATTRIB_NAME, cacheDuration);
        }


        // Set the protocolSupportEnumeration attribute
        List<String> supportedProtocols = roleDescriptor.getSupportedProtocols();
        if (supportedProtocols != null && supportedProtocols.size() > 0) {
            log.trace("Writting protocolSupportEnumberation attribute to RoleDescriptor DOM element");


            StringBuilder builder = new StringBuilder();
            for (String protocol : supportedProtocols) {
                builder.append(protocol);
                builder.append(" ");
            }


            domElement.setAttributeNS(null, RoleDescriptor.PROTOCOL_ENUMERATION_ATTRIB_NAME, builder.toString().trim());
        }


        // Set errorURL attribute
        if (roleDescriptor.getErrorURL() != null) {
            log.trace("Writting errorURL attribute to RoleDescriptor DOM element");
            domElement.setAttributeNS(null, RoleDescriptor.ERROR_URL_ATTRIB_NAME, roleDescriptor.getErrorURL());
        }


        Attr attribute;
        for (Entry<QName, String> entry : roleDescriptor.getUnknownAttributes().entrySet()) {
            attribute = XMLHelper.constructAttribute(domElement.getOwnerDocument(), entry.getKey());
            attribute.setValue(entry.getValue());
            domElement.setAttributeNodeNS(attribute);
            if (Configuration.isIDAttribute(entry.getKey())
                    || roleDescriptor.getUnknownAttributes().isIDAttribute(entry.getKey())) {
                attribute.getOwnerElement().setIdAttributeNode(attribute, true);
            }
        }
    }

View Full Code Here

0 1 2 3

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.