diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgAdministration.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgAdministration.class.php
new file mode 100755
index 0000000000000000000000000000000000000000..ffa10443e62941a59f02b306539f4a54ee43be26
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgAdministration.class.php
@@ -0,0 +1,735 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 13.08.2007
+// Version: 0.1.4
+// #######################################################
+
+
+class TgAdministration {
+
+ // Global variables
+ protected $rbac;
+ protected $config;
+
+
+
+ // -----------------------------------------------------
+ // Constructor
+ // Input: none
+ // Output: object RBACcore
+ // Description:
+ // Sets the configuration and creates an instance of
+ // the RBAC-class.
+ // -----------------------------------------------------
+ public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+
+ $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+
+
+ $this->config = new SimpleConfig( $inConfigurationFilename );
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addUser
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // password / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the user is added to the system.
+ // -----------------------------------------------------
+ function addUser( $inRequest ) {
+
+ $userDomain = ""; // The domain-component of the user
+ $arrTmpDomain = Array(); // Temporary array
+ $userTreeDn = ""; // The tree of the directory where to add the user
+ $addUserResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ if( preg_match( "/^.+[@]{1}.+$/", $inRequest->username ) ) {
+
+ $arrTmpDomain = preg_split( "/[@]/", $inRequest->username );
+ $userDomain = $arrTmpDomain[1];
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "user_" . $userDomain )
+ || $this->rbac->checkAccess( $inRequest->intSid, "administer", "user_base" ) ) {
+
+ // Construct the sub-dn under which the user will be added. The base-DN is
+ // not given because the RBAC-system uses this allways as base and simply starts
+ // to act from there. To give a dn to the RBAC-function is optional and not
+ // documented or supported by the ANSI-standard! It is an implementation-specific
+ // addition.
+ $userTreeDn = $this->config->getValue( "user", "userTreeAttribute" ) . "=" . $userDomain;
+
+ try {
+
+ $addUserResult = $this->rbac->addUser( $inRequest->username, $inRequest->password, $userTreeDn );
+
+
+ $result->result = $addUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "formatFault",
+ $this->config->getValue( "errorCode", "INVALID_USER_FORMAT" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INVALID_USER_FORMAT" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: deleteUser
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given user is removed from the system.
+ // -----------------------------------------------------
+ function deleteUser( $inRequest ) {
+
+ $userDomain = ""; // The domain-component of the user
+ $arrTmpDomain = Array(); // Temporary array
+ $deleteUserResult = false; // Result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ if( preg_match( "/^.+[@]{1}.+$/", $inRequest->username ) ) {
+
+ $arrTmpDomain = preg_split( "/[@]/", $inRequest->username );
+ $userDomain = $arrTmpDomain[1];
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "user_" . $userDomain )
+ || $this->rbac->checkAccess( $inRequest->intSid, "administer", "user_base" ) ) {
+
+ try {
+
+ $deleteUserResult = $this->rbac->deleteUser( $inRequest->username );
+
+
+ $result->result = $deleteUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "formatFault",
+ $this->config->getValue( "errorCode", "INVALID_USER_FORMAT" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INVALID_USER_FORMAT" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+ // -----------------------------------------------------
+ // Function: addRole
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given role is added to the system.
+ // This function creates roles without a hirarchy, so it
+ // only has to check if there is access to the "role_base".
+ // -----------------------------------------------------
+ function addRole( $inRequest ) {
+
+ $addRoleResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $addRoleResult = $this->rbac->addRole( $inRequest->role );
+
+
+ $result->result = $addRoleResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: deleteRole
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given role is removed from the system.
+ // This function removes roles without a hirarchy, so it
+ // only has to check if there is access to the "role_base".
+ // -----------------------------------------------------
+ function deleteRole( $inRequest ) {
+
+ $deleteRoleResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $deleteRoleResult = $this->rbac->deleteRole( $inRequest->role );
+
+
+ $result->result = $deleteRoleResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: assignUser
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given user is assigned to the
+ // role.
+ // -----------------------------------------------------
+ function assignUser( $inRequest ) {
+
+ $assignUserResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to assign a user
+ // to the given role. The user may have directly the right
+ // to modify the given role or the user may have the right to
+ // modify the whole role-tree.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "delegate", $inRequest->role )
+ || $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $assignUserResult = $this->rbac->assignUser( $inRequest->username, $inRequest->role );
+
+
+ $result->result = $assignUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+ // -----------------------------------------------------
+ // Function: deassignUser
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given user is deassigned from
+ // the role.
+ // -----------------------------------------------------
+ function deassignUser( $inRequest ) {
+
+ $deassignUserResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to assign a user
+ // to the given role. The user may have directly the right
+ // to modify the given role or the user may have the right to
+ // modify the whole role-tree.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "delegate", $inRequest->role )
+ || $this-rbac-checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $deassignUserResult = $this->rbac->deassignUser( $inRequest->username, $inRequest->role );
+
+
+ $result->result = $deassignUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: grantPermission
+ // Input: intSid / xsd:string
+ // resource / xsd:string
+ // operation / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given user is deassigned from
+ // the role.
+ // -----------------------------------------------------
+ function grantPermission( $inRequest ) {
+
+ $grantPermissionResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to grant a permission
+ // to the given role. The user may have directly the right
+ // to modify the given permission or the user may have the right to
+ // modify the whole permission (resource)-tree.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "delegate", $inRequest->resource ) ) {
+
+ try {
+
+ $grantPermissionResult = $this->rbac->grantPermission( $inRequest->resource, $inRequest->operation, $inRequest->role );
+
+
+ $result->result = $grantPermissionResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: revokePermission
+ // Input: intSid / xsd:string
+ // operation / xsd:string
+ // resource / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the role loses
+ // -----------------------------------------------------
+ function revokePermission( $inRequest ) {
+
+ $revokePermissionResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to grant a permission
+ // to the given role. The user may have directly the right
+ // to modify the given permission or the user may have the right to
+ // modify the whole permission (resource)-tree.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "delegate", $inRequest->resource ) ) {
+
+ try {
+
+ $revokePermissionResult = $this->rbac->revokePermission( $inRequest->operation, $inRequest->resource, $inRequest->role );
+
+
+ $result->result = $revokePermissionResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addInheritance
+ // Input: intSid / xsd:string
+ // ascendant / xsd:string
+ // descendant / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the the role inheritance between
+ // the ascendance and the descendance is established.
+ // After this, the descendant has all the rights of
+ // the ascendant.
+ // -----------------------------------------------------
+ function addInheritance( $inRequest ) {
+
+ $addInheritanceResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to add an inheritance
+ // between the given roles. The user may have directly the right
+ // to add an inheritance to the descendant or he is allowed to
+ // modify all of the roles inheritances.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $addInheritanceResult = $this->rbac->addInheritance( $inRequest->ascendant, $inRequest->descendant );
+
+
+ $result->result = $addInheritanceResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: deleteInheritance
+ // Input: intSid / xsd:string
+ // ascendant / xsd:string
+ // descendant / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the role inheritance between
+ // the ascendance and the descendance is removed.
+ // After this, the descendant no longer has the rights of
+ // the ascendant.
+ // -----------------------------------------------------
+ function deleteInheritance( $inRequest ) {
+
+ $deleteInheritanceResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to add an inheritance
+ // between the given roles. The user may have directly the right
+ // to delete the inheritance or he is allowed to
+ // modify all of the roles inheritances.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $deleteInheritanceResult = $this->rbac->deleteInheritance( $inRequest->ascendant, $inRequest->descendant );
+
+
+ $result->result = $deleteInheritanceResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addAscendant
+ // Input: intSid / xsd:string
+ // ascendant / xsd:string
+ // descendant / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the new role "ascendant" is added and
+ // the inheritance between the ascendance and the
+ // descendance is established. After this, the descendant
+ // has all the rights of the ascendant.
+ // -----------------------------------------------------
+ function addAscendant( $inRequest ) {
+
+ $addAscendantResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to add an ascendant.
+ // The user may have directly the right to add the ascendant
+ // or he is allowed to modify all of the roles.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "delegate", $inRequest->descendant )
+ || $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $addAscendantResult = $this->rbac->addAscendant( $inRequest->ascendant, $inRequest->descendant );
+
+
+ $result->result = $addAscendantResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addDescendant
+ // Input: intSid / xsd:string
+ // ascendant / xsd:string
+ // descendant / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the new role "descendant" is added and
+ // the inheritance between the ascendance and the
+ // descendance is established. After this, the descendant
+ // has all the rights of the ascendant.
+ // -----------------------------------------------------
+ function addDescendant( $inRequest ) {
+
+ $addDescendantResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to add an descendant.
+ // The user may have directly the right to add the ascendant
+ // or he is allowed to modify all of the roles.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $addDescendantResult = $this->rbac->addDescendant( $inRequest->ascendant, $inRequest->descendant );
+
+
+ $result->result = $addDescendantResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+}
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
new file mode 100755
index 0000000000000000000000000000000000000000..d63f9496f177784c9a704c3c61f1c67c5faefd06
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
@@ -0,0 +1,1670 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.07.2007
+// Modification date: 08.04.2008
+// Version: 0.2.0
+// #######################################################
+
+
+
+class TgExtra {
+
+ // Global variables
+ protected $rbac;
+ protected $config;
+ protected $connection;
+
+
+
+ // -----------------------------------------------------
+ // Constructor
+ // Input: none
+ // Output: object RBACcore
+ // Description:
+ // Creates initial connections to the LDAP-server and
+ // sets some configuration parameters.
+ // -----------------------------------------------------
+ public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+
+ $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+
+
+ $this->config = new SimpleConfig( $inConfigurationFilename );
+
+
+ // Create connection
+ $this->connection['user'] = new LDAP();
+ $this->connection['user']->connect( $this->config->getValue( "authentication", "host" ),
+ $this->config->getValue( "authentication", "port" ),
+ $this->config->getValue( "authentication", "version" ),
+ preg_match( "/yes/i", $this->config->getValue( "authentication", "tls" ) ) ? true : false );
+ $this->connection['user']->bind( $this->config->getValue( "authentication", "binddn" ),
+ $this->config->getValue( "authentication", "password" ) );
+
+
+ $this->connection['counter'] = new LDAP();
+ $this->connection['counter']->connect( $this->config->getValue( "counter", "host" ),
+ $this->config->getValue( "counter", "port" ),
+ $this->config->getValue( "counter", "version" ),
+ preg_match( "/yes/i", $this->config->getValue( "counter", "tls" ) ) ? true : false );
+ $this->connection['counter']->bind( $this->config->getValue( "counter", "binddn" ),
+ $this->config->getValue( "counter", "password" ) );
+
+
+ $this->connection['resource'] = $this->rbac->getConnection( "resource" );
+ $this->connection['role'] = $this->rbac->getConnection( "role" );
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: userExists
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // username / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Checks if a given user exists in the LDAP directory.
+ // -----------------------------------------------------
+ function userExists( $inRequest ) {
+
+ $result = new booleanResponse(); // The result
+
+
+ $filter = "(&" . $this->config->getValue( "authentication", "filter" );
+ $filter .= "(" . $this->config->getValue( "authentication", "namingattribute" ) . "=" . $inRequest->username . "))";
+
+
+ // Search for the users entry
+ $arrUserEntry = $this->connection['user']->search( $this->config->getValue( "authentication", "base" ), $filter, "sub",
+ Array( $this->config->getValue( "authentication", "namingattribute" ) ) );
+
+
+ if( isset( $arrUserEntry[0] )
+ && isset( $arrUserEntry[0]['dn'] ) ) {
+
+ $result->result = true;
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+ // -----------------------------------------------------
+ // Function: authenticate
+ // Input: username / xsd:string
+ // password / xsd:string
+ // log / xsd:string
+ // Output: sid / xsd:string
+ // Description
+ // Tries to authenticate the user. If this is
+ // successful a session-ID is generated and a
+ // session is startet.
+ // -----------------------------------------------------
+ function authenticate( $inRequest ) {
+
+ $filter = ""; // search-filter
+ $result = new authenticateResponse(); // service-resonse
+ $arrUserEntry; // the users entry in the directory
+ $intSid = ""; // the generated session-ID
+ $creationResult; // the result of the creation of the session
+
+
+ // Construct the search-filter
+ $filter .= "(&" . $this->config->getValue( "authentication", "filter" );
+ $filter .= "(" . $this->config->getValue( "authentication", "namingattribute" ) . "=" . $inRequest->username . "))";
+
+
+ // Search for the users entry
+ $arrUserEntry = $this->connection['user']->search( $this->config->getValue( "authentication", "base" ), $filter, "sub",
+ Array( $this->config->getValue( "authentication", "namingattribute" ) ) );
+
+
+ if( isset( $arrUserEntry[0] )
+ && isset( $arrUserEntry[0]['dn'] ) ) {
+
+ // Try to bind with the given password
+ $bindResult = $this->connection['user']->bind( $arrUserEntry[0]['dn'], $inRequest->password );
+
+
+ if( $bindResult ) {
+
+ $intSid = $this->createSessionID();
+
+
+ // Try to create the session in the rbac-system
+ $creationResult = $this->rbac->createSession( $inRequest->username, Array(), $intSid );
+ if( $creationResult == $this->config->getValue( "errorCode", "OK" ) ) {
+
+ $result->auth = $intSid;
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "AUTHENTICATION_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "AUTHENTICATION_ERROR" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "AUTHENTICATION_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "AUTHENTICATION_ERROR" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "UNKNOWN_USER" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "UNKNOWN_USER" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgCheckAccess
+ // Input: log / xsd:string
+ // session / xsd:string
+ // operation / xsd:string
+ // resource / xsd:string
+ // Output: sid / xsd:string
+ // Description
+ // Tries to authenticate the user. If this is
+ // successful a session-ID is generated and a
+ // session is startet.
+ // -----------------------------------------------------
+ public function tgCheckAccess( $inRequest ) {
+
+ $result = new booleanResponse();
+
+
+ $result->result = $this->rbac->checkAccess( $inRequest->auth, $inRequest->operation, $inRequest->resource );
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: createSessionID
+ // Input: none
+ // Output: sid / xsd:string
+ // Description
+ // Creates a new session-ID.
+ // -----------------------------------------------------
+ public function getSid() {
+
+ $result = new getSidResponse();
+
+
+ $result->sid = $this->createSessionID();
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: filterBySid
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // sid / xsd:string
+ // resource / xsd:string
+ // operation / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the function filters all the ressources
+ // given by checking if the sid has appropriate access.
+ // -----------------------------------------------------
+ function filterBySid( $inRequest ) {
+
+ $filterBySidResult = Array(); // The resources that pass the filter
+ $result = new filterResponse(); // The result
+
+
+ $res = $inRequest->resource;
+ // Make sure it is an array
+ if( !is_array( $res ) ) {
+
+ $res = Array( $res );
+
+ }
+
+
+ try {
+
+ for( $i = 0; $i < sizeof( $res ); $i++ ) {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, $inRequest->operation, $res[$i] ) ) {
+
+ $filterBySidResult[] = $res[$i];
+
+ }
+
+ }
+
+
+ $result->resource = $filterBySidResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addMember
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // username / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to add a user to a project. This is only possible
+ // if the user exists and the session has the permission
+ // "delegate" on the project.
+ // -----------------------------------------------------
+ public function addMember( $inRequest ) {
+
+ $arrSplit = Array();
+ $project = false;
+ $result = new booleanResponse(); // The return-result
+
+
+ // Extract the project from the role
+ $arrSplit = preg_split( "/[,]/", $inRequest->role );
+
+ for( $i = 0; $i < sizeof( $arrSplit ); $i++ ) {
+
+ if( preg_match( "/^tgpr[0-9]+$/i", $arrSplit[$i] ) ) {
+
+ $project = $arrSplit[$i];
+
+ }
+
+ }
+
+
+ if( $project
+ && $this->rbac->checkAccess( $inRequest->auth, "delegate", $project ) ) {
+
+ try {
+
+ if( $this->rbac->assignUser( $inRequest->username, $inRequest->role ) ) {
+
+ $result->result = true;
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgGrantPermission
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // role / xsd:string
+ // resource / xsd:string
+ // operation / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Grants a permission to a resource if the user
+ // given by the auth parameter has the right to
+ // do this.
+ // -----------------------------------------------------
+ public function tgGrantPermission( $inRequest ) {
+
+ $result = new booleanResponse();
+
+
+ try {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->resource ) ) {
+
+ $result->result = $this->rbac->grantPermission( $inRequest->resource, $inRequest->operation, $inRequest->role );
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgRevokePermission
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // role / xsd:string
+ // resource / xsd:string
+ // operation / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Revokes a permission for a resource if the user
+ // given by the auth parameter has the right to
+ // do this.
+ // -----------------------------------------------------
+ public function tgRevokePermission( $inRequest ) {
+
+ $result = new booleanResponse();
+
+
+ try {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->resource ) ) {
+
+ $result->result = $this->rbac->revokePermission( $inRequest->operation, $inRequest->resource, $inRequest->role );
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getObjects
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns a list of all resources that the user corresponding
+ // to the session-ID (auth) may read.
+ // -----------------------------------------------------
+ public function getObjects( $inRequest ) {
+
+ $result = new resourcesetResponse(); // The return-result
+ $filter = ""; // RBAC-filter
+ $arrResource = Array(); // Resoult of the RBAC-search
+ $arrSessionRole = Array(); // The active roles of the session
+ $i = 0; // Loop
+
+
+ $arrSessionRole = $this->rbac->sessionRoles( $inRequest->auth, false );
+
+
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(tgprojectid=" . $inRequest->project . ")";
+ $filter .= "(|";
+
+
+ for( $i = 0; $i < sizeof( $arrSessionRole ); $i++ ) {
+
+ $filter .= "(rbacPermission=" . $arrSessionRole[$i] . ":-:read)";
+
+ }
+
+
+ $filter .= "))";
+
+
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ),
+ $filter, "sub",
+ Array( $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" ),
+ $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) ) );
+
+ for( $i = 0; $i < sizeof( $arrResource ); $i++ ) {
+
+ $result->resource[] = $arrResource[$i][$this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" )][0];
+
+ }
+
+
+/*
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(tgprojectid=" . $inRequest->project . "))";
+
+
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ),
+ $filter, "sub",
+ Array( $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" ),
+ $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) ) );
+
+
+ for( $i = 0; $i < sizeof( $arrResource ); $i++ ) {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "read",
+ $arrResource[$i][$this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" )][0] ) ) {
+
+ $result->resource[] = $arrResource[$i][$this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" )][0];
+
+ }
+
+ }
+*/
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: isPublic
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // resource / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns true if the resource is public. In every
+ // other case there will be returned false.
+ // -----------------------------------------------------
+ public function isPublic( $inRequest ) {
+
+ $result = new booleanResponse();
+ $filter = "";
+ $arrResource = Array();
+
+
+ // Create a filter that searches for the
+ // given resource.
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(|(" . $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) . "=" . $inRequest->resource . ")";
+ $filter .= " (" . $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" ) . "=" . $inRequest->resource . ")))";
+
+
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ),
+ $filter, "sub",
+ Array( "tgispublic" ) );
+
+
+ // If the attribute is not set or there was no
+ // resource found, return false.
+ if( !isset( $arrResource[0]['tgispublic'] ) ) {
+
+ $result->result = false;
+
+ }
+ else {
+
+ preg_match( "/^true$/i", $arrResource[0]['tgispublic'][0] ) ? $result->result = true : $result->result = false;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getOwner
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // resource / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns the owner of a resource. This owner has nothing
+ // to do with any permissions, it is just the owner.
+ // -----------------------------------------------------
+ public function getOwner( $inRequest ) {
+
+ $result = new getOwnerResponse(); // The return-result
+ $filter = ""; // RBAC-filter
+ $arrResource = Array(); // Resoult of the RBAC-search
+
+
+ // Create a filter that searches for the
+ // given resource.
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(|(" . $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) . "=" . $inRequest->resource . ")";
+ $filter .= " (" . $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" ) . "=" . $inRequest->resource . ")))";
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "read", $inRequest->resource ) ) {
+
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ),
+ $filter, "sub",
+ Array( "tgresourceowner" ) );
+
+
+ if( sizeof( $arrResource ) == 1 ) {
+
+ $result->owner = $arrResource[0]['tgresourceowner'][0];
+
+ }
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getMembers
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns a list of members in a project.
+ // -----------------------------------------------------
+ public function getMembers( $inRequest ) {
+
+ $result = new usersetResponse(); // The return-result
+ $arrMember = Array(); // Resoult of the RBAC-search
+
+
+ $arrMember = $this->rbac->authorizedUsers( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $this->config->getValue( "project", "base" )
+ . "," . $this->rbac->getConfiguration()->getValue( "role", "base" ) );
+
+
+ // The user has to be in the project to be
+ // allowed to display all other users
+ if( in_array( $this->rbac->sessionUser( $inRequest->auth ), $arrMember ) ) {
+
+ $result->username = $arrMember;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getRights
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // resource / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns a list of operations allowed by the user
+ // on a specific resource.
+ // -----------------------------------------------------
+ public function getRights( $inRequest ) {
+
+ $arrOperation = Array();
+ $result = new operationsetResponse(); // The return-result
+
+
+ if( preg_match( "/.+/", $inRequest->username ) ) {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->resource ) ) {
+
+ $arrOperation = $this->rbac->userOperationsOnObject( $inRequest->username, $inRequest->resource );
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+ }
+ else {
+
+ $arrOperation = $this->rbac->userOperationsOnObject( $this->rbac->sessionUser( $inRequest->auth ), $inRequest->resource );
+
+ }
+
+
+ $result->operation = $arrOperation;
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: publish
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns a list of operations allowed by the user
+ // on a specific resource.
+ // -----------------------------------------------------
+ public function publish( $inRequest ) {
+
+ $arrResource = Array();
+ $arrModify = Array();
+ $filter = "";
+ $result = new booleanResponse(); // The return-result
+
+
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(|(" . $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) . "=" . $inRequest->resource . ")";
+ $filter .= " (" . $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" ) . "=" . $inRequest->resource . ")))";
+
+
+ // Get the resource
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $filter, "sub",
+ Array( "tgispublic", "tgprojectid" ) );
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "publish", $inRequest->resource ) ) {
+
+ $arrModify['tgispublic'][] = "TRUE";
+ $result->result = $this->connection['resource']->modify( $arrResource[0]['dn'], $arrModify );
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getProjectDescription
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // Output: result / xsd:string
+ // Description
+ // Returns the description of a project
+ // -----------------------------------------------------
+ public function getProjectDescription( $inRequest ) {
+
+ $result = new getProjectDescriptionResponse();
+ $filter = "";
+
+
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "role", "filter" );
+ $filter .= "(" . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . "))";
+
+
+ $arrProject = $this->connection['role']->getEntry( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $this->config->getValue( "project", "base" )
+ . "," . $this->rbac->getConfiguration()->getValue( "role", "base" ) );
+
+
+ if( isset( $arrProject['dn'] ) ) {
+
+ $result->project = new stdClass();
+ $result->project->description = $arrProject['tgprojectdescription'][0];
+ $result->project->name = $arrProject['tgprojectname'][0];
+ $result->project->id = $arrProject['tgprojectid'][0];
+
+ }
+ else {
+
+ $result->project->description = "Not available";
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgAssignedProjects
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns a list of all projects of the user corresponding
+ // to the session-ID (auth).
+ // -----------------------------------------------------
+ public function tgAssignedProjects( $inRequest ) {
+
+ $filter = "";
+ $username = "";
+ $arrFound = Array();
+ $result = new rolesetResponse(); // The return-result
+ $i = 0; // Loop
+ $j = 0; // Loop
+
+
+ // By default the result is an empty array
+ $result->role = Array();
+
+
+ // The user corresponding to the session
+ $username = $this->rbac->sessionUser( $inRequest->auth );
+
+
+ // Search all roles in which the user is performer.
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "role", "filter" );
+ $filter .= "(rbacPerformer=" . $username . "))";
+
+
+ // Get all the roles of the user
+ $arrRole = $this->rbac->assignedRoles( $username );
+
+
+ for( $i = 0; $i < sizeof( $arrRole ); $i++ ) {
+
+ $arrSplit = preg_split( "/[,]/", $arrRole[$i] );
+ $projectBelong = "";
+
+
+ for( $j = 0; $j < sizeof( $arrSplit ); $j++ ) {
+
+ if( preg_match( "/^TGPR[0-9]+$/i",
+ preg_replace( "/^" . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=/i", "", $arrSplit[$j] ) ) ) {
+
+ $projectBelong = preg_replace( "/^" . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=/i", "", $arrSplit[$j] );
+
+ }
+
+ }
+
+
+ if( preg_match( "/.+/", $projectBelong )
+ && !isset( $arrFound[strtolower( $projectBelong )] ) ) {
+
+ $arrFound[strtolower( $projectBelong )] = 1;
+
+ }
+
+ }
+
+
+ foreach( $arrFound as $key => $value ) {
+
+ $result->role[] = strtoupper( $key );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: deleteMember
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // username / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to remove a user from a role. This is only possible
+ // if the user exists and the session has the permission
+ // "delegate" on the project.
+ // -----------------------------------------------------
+ public function deleteMember( $inRequest ) {
+
+ $arrSplit = Array();
+ $project = false;
+ $result = new booleanResponse(); // The return-result
+
+
+ // Extract the project from the role
+ $arrSplit = preg_split( "/[,]/", $inRequest->role );
+
+ for( $i = 0; $i < sizeof( $arrSplit ); $i++ ) {
+
+ if( preg_match( "/^tgpr[0-9]+$/i", $arrSplit[$i] ) ) {
+
+ $project = $arrSplit[$i];
+
+ }
+
+ }
+
+
+ if( $project
+ && $this->rbac->checkAccess( $inRequest->auth, "delegate", $project ) ) {
+
+ if( $this->rbac->deassignUser( $inRequest->username, $inRequest->role ) ) {
+
+ $result->result = true;
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: unregisterResource
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // uri / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to remove a resource from the directory. There for
+ // a user has to have the permission "delete" on the
+ // resource.
+ // -----------------------------------------------------
+ function unregisterResource( $inRequest ) {
+
+ $resourceNamingAttribute = ""; // The naming-attribute of the resource
+ $resourceAliasAttribute = ""; // The alias-attribute of the resource
+ $filter = ""; // The LDAP-filter to find the resource
+ $result = new booleanResponse(); // The return-result
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delete", $inRequest->uri ) ) {
+
+ // The TextGrid-resource naming-attribute
+ $resourceNamingAttribute = $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" );
+ $resourceAliasAttribute = $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" );
+
+
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(|(" . $resourceNamingAttribute . "=" . $inRequest->uri . ")";
+ $filter .= " (" . $resourceAliasAttribute . "=" . $inRequest->uri . ")))";
+
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $filter, "sub" );
+
+
+ if( sizeof( $arrResource ) == 1 ) {
+
+ $result->result = $this->connection['resource']->delete( $arrResource[0]['dn'] );
+
+ }
+ else {
+
+ return new SoapFault( "unknownResourceFault",
+ $this->config->getValue( "errorCode", "RESOURCENOTFOUND_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "RESOURCENOTFOUND_ERROR" ) );
+
+ }
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: registerResource
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // uri / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to add a resource to the directory. There for
+ // a user has to have the permission "create" on the
+ // resource "project".
+ // -----------------------------------------------------
+ function registerResource( $inRequest ) {
+
+ $connection = false; // The connection for resources
+ $registered = false; // The result of the registration-tries
+ $registerTry = 10; // The number of tries of registering the resource
+ $resourceNamingAttribute = ""; // The naming-attribute of the resource
+ $arrCounter = false; // The counter entry
+ $result = new booleanResponse(); // The return-result
+
+
+ // The TextGrid-resource naming-attribute
+ $resourceNamingAttribute = $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" );
+
+
+ // Look for the counter entry for resources.
+ $arrCounter = $this->connection['counter']->getEntry( "cn=resource," . $this->config->getValue( "counter", "base" ) );
+
+
+ // If there is a counter entry, use it
+ if( isset( $arrCounter['dn'] ) ) {
+
+ $freeNumber = $arrCounter['sn'][0] + 1;
+
+ }
+ else {
+
+ $arrResourceName = $this->connection['resource']->search( $this->config->getValue( "textGridResource", "base" ),
+ "(objectClass=textGridResource)",
+ "one", $resourceNamingAttribute );
+
+
+ // Every returned resource has to be examined for
+ // its number to get the next free one.
+ for( $i = 0; $i < sizeof( $arrResourceName ); $i++ ) {
+
+ $resourceName = preg_replace( "/^TGRS/i", "", $arrResourceName[$i][$resourceNamingAttribute][0] );
+ $maxNumber = max( $maxNumber, intval( $resourceName ) );
+
+ }
+
+
+ $freeNumber = $maxNumber + 1;
+
+ }
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "create", $inRequest->project ) ) {
+
+ // As long as the resource is not registered and the number
+ // of tries has not been reached, try to register
+ while( !$registered
+ && ($registerTry > 0) ) {
+
+ // This is the resource-entry that will be
+ // added to the directory
+ $arrEntry = Array();
+ $arrEntry['objectclass'][] = "textgridResource";
+ $arrEntry['objectclass'][] = "rbacResource";
+ $arrEntry['rbacoperation'][] = "read";
+ $arrEntry['rbacoperation'][] = "write";
+ $arrEntry['rbacoperation'][] = "delegate";
+ $arrEntry['rbacoperation'][] = "delete";
+ $arrEntry['rbacoperation'][] = "publish";
+ $arrEntry['tgresourceuri'][] = $inRequest->uri;
+ $arrEntry['tgprojectid'][] = $inRequest->project;
+ $arrEntry['tgispublic'][] = "FALSE";
+ $arrEntry[$resourceNamingAttribute][] = "TGRS" . ($freeNumber);
+ $arrEntry['tgresourceowner'][] = $this->rbac->sessionUser( $inRequest->auth );
+
+
+ // Add the default permissions to the resource
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:delegate";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:publish";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Administrator,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:delete";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Bearbeiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:read";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Bearbeiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:write";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Beobachter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:read";
+
+
+ // Try to add the resource with the appropriate number. If
+ // this fails, we will try again (10 times).
+ $registered = $this->connection['resource']->add( $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) . "=TGRS"
+ . $freeNumber . "," . $this->config->getValue( "textGridResource", "base" ),
+ $arrEntry );
+
+
+ $registerTry--;
+
+
+ $registered ? false : $freeNumber++;
+
+ }
+
+
+ // This entry will add or modify the directory that way
+ // that there is a counter entry.
+ $arrEntry = Array();
+ $arrEntry['objectclass'][] = "person";
+ $arrEntry['cn'][] = "resource";
+ $arrEntry['sn'][] = $freeNumber;
+
+
+ if( !isset( $arrCounter['dn'] ) ) {
+
+ $this->connection['counter']->add( "cn=resource," . $this->config->getValue( "counter", "base" ), $arrEntry );
+
+ }
+ else {
+
+ $this->connection['counter']->modify( "cn=resource," . $this->config->getValue( "counter", "base" ), $arrEntry );
+
+ }
+
+
+ $result->result = $registered;
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getLeader
+ // Input: log / xsd:string
+ // Output: username[] / tns:xsd:string
+ // Description
+ // Searches for the leader(s) of a project.
+ // -----------------------------------------------------
+ public function getLeader( $inRequest ) {
+
+ $arrUser = Array();
+ $result = new usersetResponse();
+
+
+ $result->username = $this->rbac->assignedUsers( "Projektleiter," . $inRequest->project . ","
+ . $this->config->getValue( "project", "base" ) );
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getAllProjects
+ // Input: log / xsd:string
+ // Output: project[] / tns:projectInfo
+ // Description
+ // Searches for all projects and returns them as a list.
+ // -----------------------------------------------------
+ public function getAllProjects( $inRequest ) {
+
+ $arrProject = Array(); // All project-entries found
+ $connection = false; // The connection for roles
+ $result = new getAllProjectsResponse(); // Return
+
+
+ // The role-connection is needed because projects
+ // are representated as roles.
+ $connection = $this->rbac->getConnection( "resource" );
+
+
+ // Search the directory
+ $arrProject = $connection->search( $this->rbac->getConfiguration()->getValue( "project", "base" ), "(objectClass=rbacRole)", "one",
+ $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) );
+
+
+ for( $i = 0; $i < sizeof( $arrProject ); $i++ ) {
+
+ $result->project[] = new ProjectInfo( $arrProject[$i][$this->rbac->getConfiguration()->getValue( "role", "namingattribute" )][0],
+ $arrProject[$i]['tgprojectname'][0], $arrProject[$i]['tgprojectdescription'][0] );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: createProject
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // name / xsd:string
+ // description / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given role is added to the system.
+ // This function creates roles without a hirarchy, so it
+ // only has to check if there is access to the "role_base".
+ // -----------------------------------------------------
+ function createProject( $inRequest ) {
+
+ $createProjectResult = false; // The result of the process
+ $connection = false; // The connection to the projects
+ $arrProjectName = Array(); // All present projects
+ $projectName = ""; // At last Holds the project-name
+ $maxNumber = 0; // The highest free project-number
+ $result = new createProjectResponse(); // The result
+ $i = 0; // Loop
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "registerResource", "resource_base" ) ) {
+
+ // The role-connection is needed because projects
+ // are representated as roles.
+ $connection = $this->rbac->getConnection( "role" );
+
+
+ // Search the directory
+ $arrProjectName = $connection->search( $this->rbac->getConfiguration()->getValue( "project", "base" ), "(objectClass=rbacRole)", "one",
+ $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) );
+
+
+ // Every returned project has to be examined for
+ // its number to get the next free one.
+ for( $i = 0; $i < sizeof( $arrProjectName ); $i++ ) {
+
+ $projectName = preg_replace( "/^TGPR/i", "", $arrProjectName[$i][$this->rbac->getConfiguration()->getValue( "role", "namingattribute" )][0] );
+ $maxNumber = max( $maxNumber, intval( $projectName ) );
+
+ }
+
+
+ try {
+
+ // Create the project-role
+ $createProjectResult = $this->rbac->addAscendant( "TGPR" . ($maxNumber + 1),
+ $this->rbac->getConfiguration()->getValue( "project", "base" ) );
+
+
+ // The user of the session-ID will be the Leader
+ // of this new project.
+ $this->rbac->assignUser( $this->rbac->sessionUser( $inRequest->auth ),
+ $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=TGPR" . ($maxNumber + 1) . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) );
+
+
+ // Set the project-description and name
+ $connection->modify( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=TGPR" . ($maxNumber + 1) . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ),
+ Array( "tgprojectdescription" => Array( $inRequest->description ),
+ "tgprojectname" => Array( $inRequest->name ) ) );
+
+
+ $result->projectId = "TGPR" . ($maxNumber + 1);
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: deactivateProject
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Adds an assigned role to the list of active session
+ // roles.
+ // -----------------------------------------------------
+ public function deactivateProject( $inRequest ) {
+
+ $renameResult = false; // The result of the rename process
+ $flagResult = false; // The result of setting the flag to the project role
+ $result = new booleanResponse(); // Return
+ $arrProject = ""; // The username corresponding to the session-ID
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->project ) ) {
+
+ $arrProject = $this->connection['role']->getEntry( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $this->config->getValue( "project", "base" )
+ . "," . $this->rbac->getConfiguration()->getValue( "role", "base" ) );
+
+
+ // Mark all users as deactivated that are directly
+ // assigned to the project role.
+ for( $i = 0; $i < sizeof( $arrModify['rbacperformer'] ); $i++ ) {
+
+ $arrModify['rbacperformer'][] = $arrProject['rbacperformer'][$i] . "__deactivated";
+
+ }
+
+
+ // Try to rename all users so they cannot
+ // activate any roles from this project
+ // anymore.
+ $renameResult = $this->renameRbacPerformers( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $this->config->getValue( "project", "base" )
+ . "," . $this->rbac->getConfiguration()->getValue( "role", "base" ) );
+
+
+ if( $renameResult ) {
+
+ // Set the flag to "TRUE"
+ $arrModify['tgprojectdeactivated'][] = "TRUE";
+
+
+ $flagResult = $this->connection['role']->modify( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $this->config->getValue( "project", "base" )
+ . "," . $this->rbac->getConfiguration()->getValue( "role", "base" ),
+ $arrModify );
+ }
+
+
+ $result->result = $renameResult && $flagResult;
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: renameRbacPerformers
+ // Input: inBase / string
+ // inRecursive / boolean
+ // Output: result / xsd:boolean
+ // Description
+ // The users stored in the rbacPerformer attribute are
+ // recursively renamed to <username>__deactivated.
+ // -----------------------------------------------------
+ private function renameRbacPerformers( $inBase, $inRecursive = true ) {
+
+ $arrEntry = Array();
+ $arrModify = Array();
+ $i = 0;
+ $result = true;
+
+
+ // Get the entry
+ $arrEntry = $this->connection['role']->getEntry( $inBase );
+
+
+ // Mark all users as deactivated that are directly
+ // assigned to the project role.
+ for( $i = 0; $i < sizeof( $arrEntry['rbacperformer'] ); $i++ ) {
+
+ $arrModify['rbacperformer'][] = $arrEntry['rbacperformer'][$i] . "__deactivated";
+
+ }
+
+
+ // If there are any users present in the entry,
+ // send the modifications.
+ if( sizeof( $arrModify['rbacperformer'] ) > 0 ) {
+
+ $this->connection['role']->modify( $inBase, $arrModify );
+
+ }
+
+
+ // Query all sub entries that still need to be
+ // processed.
+ $arrSub = $this->connection['role']->search( $inBase, $this->rbac->getConfiguration()->getValue( "role", "filter" ), "one" );
+
+
+ for( $i = 0; $i < sizeof( $arrSub ); $i++ ) {
+
+ $result = $result && $this->renameRbacPerformers( $arrSub[$i]['dn'] );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgAddActiveRole
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Adds an assigned role to the list of active session
+ // roles.
+ // -----------------------------------------------------
+ public function tgAddActiveRole( $inRequest ) {
+
+ $result = new booleanResponse(); // Return
+ $username = ""; // The username corresponding to the session-ID
+
+
+ $username = $this->rbac->sessionUser( $inRequest->auth );
+
+
+ if( preg_match( "/.+/", $username ) ) {
+
+ $result->result = $this->rbac->addActiveRole( $username, $inRequest->auth, $inRequest->role );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgDropActiveRole
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // role / xsd:string
+ // Output: sid / string
+ // Description
+ // Removes a role from the list of active session roles.
+ // -----------------------------------------------------
+ public function tgDropActiveRole( $inRequest ) {
+
+ $result = new booleanResponse(); // Return
+ $username = ""; // The username corresponding to the session-ID
+
+
+ $username = $this->rbac->sessionUser( $inRequest->auth );
+
+
+ if( preg_match( "/.+/", $username ) ) {
+
+ $result->result = $this->rbac->dropActiveRole( $username, $inRequest->auth, $inRequest->role );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgAssignedRoles
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // username / xsd:string
+ // Output: sid / string
+ // Description
+ // Creates a random string containing characters and
+ // numbers.
+ // -----------------------------------------------------
+ public function tgAssignedRoles( $inRequest ) {
+
+ $result = new rolesetResponse();
+ $arrActiveRole = Array();
+ $arrProject = Array();
+ $arrAllreadyChecked = Array();
+ $connection = false;
+ $i = 0; // Loop
+
+
+ if( preg_match( "/.+/", $inRequest->username )
+ && !preg_match( "/^" . $inRequest->username . "$/i", $this->rbac->sessionUser( $inRequest->auth ) ) ) {
+
+ // The roles of the user
+ $arrRole = $this->rbac->assignedRoles( $inRequest->username );
+
+
+ // Extract the different projects the user is
+ // assigned by his roles.
+ for( $i = 0; $i < sizeof( $arrRole ); $i++ ) {
+
+ $arrSplit = preg_split( "/[,]/", $arrRole[$i] );
+
+ for( $j = 0; $j < sizeof( $arrSplit ); $j++ ) {
+
+ if( preg_match( "/TGPR[0-9]+/i", $arrSplit[$j] )
+ && !in_array( trim( $arrSplit[$j] ), $arrProject ) ) {
+
+ $arrProject[] = trim( $arrSplit[$j] );
+ break;
+
+ }
+
+ }
+
+ }
+
+
+ // For each project the username is in, check if the
+ // session-ID has the right to display the assigned roles.
+ for( $i = 0; $i < sizeof( $arrProject ); $i++ ) {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $arrProject[$i] ) ) {
+
+ for( $j = 0; $j < sizeof( $arrRole ); $j++ ) {
+
+ if( preg_match( "/" . $arrProject[$i] . "/i", $arrRole[$j] ) ) {
+
+ $result->role[] = $arrRole[$j];
+
+ }
+
+ }
+
+ }
+
+ }
+
+ }
+ else {
+
+ $result->role = $this->rbac->assignedRoles( $this->rbac->sessionUser( $inRequest->auth ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: createSessionID
+ // Input: none
+ // Output: sid / string
+ // Description
+ // Creates a random string containing characters and
+ // numbers.
+ // -----------------------------------------------------
+ private function createSessionID() {
+
+ $sid = ""; // Session-ID
+ $tmp = ""; // Temporaere Session-ID
+
+
+ // Setzen eines Startwerts fuer den Zufallsgenerator
+ mt_srand( (double)microtime() * 1000000 );
+
+
+ // Erzeugen eines Zufallsstrings
+ for( $i = 0; $i < 256; $i++ ) {
+
+ $tmp = chr( mt_rand( 0, 255 ) );
+
+
+ if( preg_match( "/[a-zA-Z0-9]/", $tmp ) ) {
+
+ $sid .= $tmp;
+
+ }
+
+ }
+
+
+ return $sid;
+
+ }
+
+}
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgReview.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgReview.class.php
new file mode 100755
index 0000000000000000000000000000000000000000..63ff09752f4116fe69abf4843b0d5f9e481c464e
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgReview.class.php
@@ -0,0 +1,609 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 13.11.2007
+// Version: 0.1.6
+// #######################################################
+
+
+class TgReview {
+
+ // Global variables
+ protected $rbac;
+ protected $config;
+
+
+
+ // -----------------------------------------------------
+ // Constructor
+ // Input: none
+ // Output: object TgReview
+ // Description:
+ // Sets the configuration and creates an instance of
+ // the RBAC-class.
+ // -----------------------------------------------------
+ public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+
+ $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+
+
+ $this->config = new SimpleConfig( $inConfigurationFilename );
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: sessionRoles
+ // Input: intSid / xsd:string
+ // sid / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns a list of all roles that are activ
+ // for the given session.
+ // -----------------------------------------------------
+ public function sessionRoles( $inRequest ) {
+
+ $arrRoleResult = Array(); // The roles of the session
+ $result = new rolesetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "session_base" ) ) {
+
+ try {
+
+ $arrRoleResult = $this->rbac->sessionRoles( $inRequest->sid );
+
+
+ $result->role = $arrRoleResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: assignedRoles
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns a list of all roles the user is
+ // assigned to.
+ // -----------------------------------------------------
+ public function assignedRoles( $inRequest ) {
+
+ $userDomain = ""; // The domain-component of the user
+ $arrTmpDomain = Array(); // Temporary array
+ $arrRoleResult = Array(); // The roles of the user
+ $result = new rolesetResponse(); // The result
+
+
+ if( preg_match( "/^.+[@]{1}.+$/", $inRequest->username ) ) {
+
+ $arrTmpDomain = preg_split( "/[@]/", $inRequest->username );
+ $userDomain = $arrTmpDomain[1];
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "user_" . $userDomain )
+ || $this->rbac->checkAccess( $inRequest->intSid, "review", "user_base" ) ) {
+
+ try {
+
+ $arrRoleResult = $this->rbac->assignedRoles( $inRequest->username );
+
+
+ $result->role = $arrRoleResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "formatFault",
+ $this->config->getValue( "errorCode", "INVALID_USER_FORMAT" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INVALID_USER_FORMAT" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: assignedUsers
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns a list of all users that are
+ // assigned to the role.
+ // -----------------------------------------------------
+ public function assignedUsers( $inRequest ) {
+
+ $arrUserResult = Array(); // The users assigned to the role
+ $result = new usersetResponse(); // The result
+
+
+ // Test if the user has apropriate rights to list the users
+ // that are assigned to the role
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", $inRequest->role )
+ || $this->rbac->checkAccess( $inRequest->intSid, "review", "role_base" ) ) {
+
+ try {
+
+ $arrUserResult = $this->rbac->assignedUsers( $inRequest->role );
+
+
+ $result->username = $arrUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: rolePermissions
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // Output: result / array of tns:permission
+ // Description
+ // If the internal session has appropriate access the
+ // function returns all permissions a role has.
+ // -----------------------------------------------------
+ public function rolePermissions( $inRequest ) {
+
+ $arrPermission = Array(); // The permissions of the role
+ $result = new permissionsetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "rolePermissions", "resource_top" ) ) {
+
+ try {
+
+ $arrPermission = $this->rbac->rolePermissions( $inRequest->role );
+ $result->permissionset = Array();
+
+
+ for( $i = 0; $i < sizeof( $arrPermission ); $i++ ) {
+
+ array_push( &$result->permissionset, new permission( $arrPermission[$i]['operation'],
+ $arrPermission[$i]['resource'] ) );
+
+ }
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: roleOperationsOnObject
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // resource / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns all operations a role has on a specific
+ // resource.
+ // -----------------------------------------------------
+ public function roleOperationsOnObject( $inRequest ) {
+
+ $arrOperation = Array(); // The operations of the role on the given resource
+ $result = new operationsetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "resource_top" ) ) {
+
+ try {
+
+ $arrOperation = $this->rbac->roleOperationsOnObject( $inRequest->role, $inRequest->resource );
+
+
+ $result->operationset = $arrOperation;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: userOperationsOnObject
+ // Input: intSid / xsd:string
+ // user / xsd:string
+ // resource / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns all operations a user has on a specific
+ // resource.
+ // -----------------------------------------------------
+ public function userOperationsOnObject( $inRequest ) {
+
+ $arrOperation = Array(); // The operations of the role on the given resource
+ $result = new operationsetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "top", "resource_top" ) ) {
+
+ try {
+
+ $arrOperation = $this->rbac->userOperationsOnObject( $inRequest->user, $inRequest->resource );
+
+
+ $result->operationset = $arrOperation;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: userPermissions
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // Output: result / array of tns:permission
+ // Description
+ // If the internal session has appropriate access the
+ // function returns all permissions a user has by
+ // beeing assigned to roles.
+ // -----------------------------------------------------
+ public function userPermissions( $inRequest ) {
+
+ $arrPermission = Array(); // The permissions of the user
+ $result = new permissionsetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "resource_top" ) ) {
+
+ try {
+
+ $arrPermission = $this->rbac->userPermissions( $inRequest->username );
+ $result->permissionset = Array();
+
+
+ for( $i = 0; $i < sizeof( $arrPermission ); $i++ ) {
+
+ array_push( &$result->permissionset, new permission( $arrPermission[$i]['operation'],
+ $arrPermission[$i]['resource'] ) );
+
+ }
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: sessionPermissions
+ // Input: intSid / xsd:string
+ // sid / xsd:string
+ // Output: result / array of tns:permission
+ // Description
+ // If the internal session has appropriate access the
+ // function returns all permissions a session has
+ // because of the roles that are active.
+ // -----------------------------------------------------
+ public function sessionPermissions( $inRequest ) {
+
+ $arrPermission = Array(); // The permissions of the user
+ $result = new permissionsetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "resource_top" ) ) {
+
+ try {
+
+ $arrPermission = $this->rbac->sessionPermissions( $inRequest->sid );
+ $result->permissionset = Array();
+
+
+ for( $i = 0; $i < sizeof( $arrPermission ); $i++ ) {
+
+ array_push( &$result->permissionset, new permission( $arrPermission[$i]['operation'],
+ $arrPermission[$i]['resource'] ) );
+
+ }
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: authorizedRoles
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns a list of all roles the user is
+ // authorized for.
+ // -----------------------------------------------------
+ public function authorizedRoles( $inRequest ) {
+
+ $userDomain = ""; // The domain-component of the user
+ $arrTmpDomain = Array(); // Temporary array
+ $arrRoleResult = Array(); // The roles of the user
+ $result = new rolesetResponse(); // The result
+
+
+ if( preg_match( "/^.+[@]{1}.+$/", $inRequest->username ) ) {
+
+
+ $arrTmpDomain = preg_split( "/[@]/", $inRequest->username );
+ $userDomain = $arrTmpDomain[1];
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "user_" . $userDomain )
+ || $this->rbac->checkAccess( $inRequest->intSid, "review", "user_base" ) ) {
+
+ try {
+
+ $arrRoleResult = $this->rbac->authorizedRoles( $inRequest->username );
+
+
+ $result->role = $arrRoleResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "formatFault",
+ $this->config->getValue( "errorCode", "INVALID_USER_FORMAT" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INVALID_USER_FORMAT" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: authorizedUsers
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns a list of all users that are
+ // authorized for this role.
+ // -----------------------------------------------------
+ public function authorizedUsers( $inRequest ) {
+
+ $arrUserResult = Array(); // The users assigned to the role
+ $result = new usersetResponse(); // The result
+
+
+ // Test if the user has apropriate rights to list the users
+ // that are authorized to that role
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", $inRequest->role )
+ || $this->rbac->checkAccess( $inRequest->intSid, "review", "role_base" ) ) {
+
+ try {
+
+ $arrUserResult = $this->rbac->authorizedUsers( $inRequest->role );
+
+
+ $result->username = $arrUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+}
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgSystem.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgSystem.class.php
new file mode 100755
index 0000000000000000000000000000000000000000..88d71ef5a001a384e0642a65d61efa26f93665a1
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgSystem.class.php
@@ -0,0 +1,268 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.07.2007
+// Modification date: 09.10.2007
+// Version: 0.2.2
+// #######################################################
+
+
+
+class TgSystem {
+
+ // Global variables
+ protected $rbac;
+ protected $config;
+
+
+
+ // -----------------------------------------------------
+ // Constructor
+ // Input: none
+ // Output: object RBACcore
+ // Description:
+ // Creates initial connections to the LDAP-server and
+ // sets some configuration parameters.
+ // -----------------------------------------------------
+ public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+
+ $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+
+
+ $this->config = new SimpleConfig( $inConfigurationFilename );
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: createSession
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // roleset / xsd:string
+ // sid / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Creates a session for a user. But first the user who
+ // wants to create a session for another user has to
+ // be authenticated and authorised.
+ // -----------------------------------------------------
+ function createSession( $inRequest ) {
+
+ $arrRole = Array(); // The initial roleset for the new session
+ $result = new booleanResponse(); // The result of the session-creation
+ $createSessionResult = false; // The result of the rbac-call
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "session_base" ) ) {
+
+ // Only if there is more than one role given, the soap-engine of
+ // PHP creates an array!
+ if( isset( $inRequest->roleset ) ) {
+
+ is_array( $inRequest->roleset ) ? $arrRole = $inRequest->roleset : $arrRole[] = $inRequest->roleset;
+
+ }
+
+
+ // Try to create the session
+ try{
+
+ $createSessionResult = $this->rbac->createSession( $inRequest->username, $arrRole, $inRequest->sid );
+
+ $result->result = true;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: deleteSession
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // sid / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Deletes a user's session. But first the user who
+ // wants to delte the session for another user has to
+ // be authenticated and authorised.
+ // -----------------------------------------------------
+ function deleteSession( $inRequest ) {
+
+ $result = new booleanResponse(); // The result of the session-creation
+ $deleteSessionResult = false; // The result of the rbac-call
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "session_base" ) ) {
+
+ // Try to create the session
+ try{
+
+ $deleteSessionResult = $this->rbac->deleteSession( $inRequest->username, $inRequest->sid );
+
+ $result->result = true;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addActiveRole
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // sid / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Adds an active role to the session. This is
+ // possible without having authenticated.
+ // -----------------------------------------------------
+ function addActiveRole( $inRequest ) {
+
+ $result = new booleanResponse(); // The result of the session-creation
+ $addActiveRoleResult = false; // The result of the rbac-call
+
+
+ // Try to add the role to the session
+ try{
+
+ $addActiveRoleResult = $this->rbac->addActiveRole( $inRequest->username, $inRequest->sid, $inRequest->role );
+
+ $result->result = true;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: dropActiveRole
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // sid / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Adds an active role to the session. This is
+ // possible without having authenticated.
+ // -----------------------------------------------------
+ function dropActiveRole( $inRequest ) {
+
+ $result = new booleanResponse(); // The result of the session-creation
+ $dropActiveRoleResult = false; // The result of the rbac-call
+
+
+ // Try to add the role to the session
+ try{
+
+ $dropActiveRoleResult = $this->rbac->dropActiveRole( $inRequest->username, $inRequest->sid, $inRequest->role );
+
+ $result->result = true;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: checkAccess
+ // Input: intSid / xsd:string
+ // sid / xsd:string
+ // operation / xsd:string
+ // resource / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Makes the "checkAccess"-call and returns the information
+ // if the access is granted or denied.
+ // -----------------------------------------------------
+ function checkAccess( $inRequest ) {
+
+ $result = new booleanResponse(); // The result of the session-creation
+ $checkAccessResult = false; // The result of the rbac-call
+
+
+ try {
+
+ $checkAccessResult = $this->rbac->checkAccess( $inRequest->sid, $inRequest->operation, $inRequest->resource );
+
+ $result->result = $checkAccessResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+}
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/XACML.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/XACML.class.php
new file mode 100755
index 0000000000000000000000000000000000000000..d638b82c5a16103dcb90b36da1212206c9ee9ff2
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/XACML.class.php
@@ -0,0 +1,122 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.07.2007
+// Modification date: 01.11.2007
+// Version: 0.1.3
+// #######################################################
+
+
+
+class XACML {
+
+ // Global variables
+ protected $rbac;
+ protected $config;
+ protected $connection;
+
+
+
+ // -----------------------------------------------------
+ // Constructor
+ // Input: none
+ // Output: object RBACcore
+ // Description:
+ // Creates initial connections to the LDAP-server and
+ // sets some configuration parameters.
+ // -----------------------------------------------------
+ public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+
+ $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+
+
+ $this->config = new SimpleConfig( $inConfigurationFilename );
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: checkXACMLaccess
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // username / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Checks if a given user exists in the LDAP directory.
+ // -----------------------------------------------------
+ function checkXACMLaccess( $inRequest ) {
+
+ $version = false; // The version of the XACML-SAML-Request
+ $result = new stdClass(); // The response
+
+
+ $version = $inRequest->Version;
+ $id = $inRequest->ID;
+
+
+ if( preg_match( "/^2\.0$/", $version ) ) {
+
+ $result->Version = "2.0";
+ $result->ID = $id;
+
+ $result->Response = new stdClass();
+ $result->Response->Result = new stdClass();
+
+
+ try {
+
+ if( $this->rbac->checkAccess( $inRequest->Request->Subject->Attribute->AttributeValue->any,
+ $inRequest->Request->Action->Attribute->AttributeValue->any,
+ $inRequest->Request->Resource->Attribute->AttributeValue->any ) ) {
+
+ $result->Response->Result->Decision = "Permit";
+
+ }
+ else {
+
+ $result->Response->Result->Decision = "Deny";
+
+ }
+
+ }
+ catch( Exception $e ) {
+
+ $result->Response->Result->Decision = "NotApplicable";
+
+ }
+
+
+
+ // Return the request if the flag is set to TRUE
+ if( $inRequest->ReturnContext ) {
+
+ $result->Request = new stdClass();
+
+ isset( $inRequest->Request->Subject ) ? $result->Request->Subject = $inRequest->Request->Subject
+ : $result->Request->Subject = new sdtClass();
+
+
+ isset( $inRequest->Request->Resource ) ? $result->Request->Resource = $inRequest->Request->Resource
+ : $result->Request->Resource = new stdClass();
+
+
+ isset( $inRequest->Request->Action ) ? $result->Request->Action = $inRequest->Request->Action
+ : $result->Request->Action = new stdClass();
+
+
+ isset( $inRequest->Request->Environment ) ? $result->Request->Environment = $inRequest->Request->Environment
+ : $result->Request->Environment = new stdClass();
+
+ }
+
+ }
+
+
+ return $result;
+
+ }
+
+}
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addAscendant.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addAscendant.php
new file mode 100755
index 0000000000000000000000000000000000000000..9f7153718c8c354cb391b79ddbce98055985e598
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addAscendant.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.10.2007
+// Modification date: 18.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to add an
+// inheritance
+// -----------------------------------------------------
+$addAscReq = new addAscendantRequest();
+$addAscReq->intSid = $authResponse->sid;
+$addAscReq->ascendant = "Testrolle";
+$addAscReq->descendant = "Anwendung";
+
+echo "<HR/>";
+echo "Adding ascendant...<BR/>";
+
+try {
+
+ $addAscResponse = $soapAdministration->addAscendant( $addAscReq );
+
+ if( $addAscResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addDescendant.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addDescendant.php
new file mode 100755
index 0000000000000000000000000000000000000000..ce53a92971a962a0b6e227858bef70b4b0754e06
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addDescendant.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.10.2007
+// Modification date: 18.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to add an
+// inheritance
+// -----------------------------------------------------
+$addDescReq = new addDescendantRequest();
+$addDescReq->intSid = $authResponse->sid;
+$addDescReq->ascendant = "Anwendung";
+$addDescReq->descendant = "Testrolle";
+
+echo "<HR/>";
+echo "Adding descendant...<BR/>";
+
+try {
+
+ $addDescResponse = $soapAdministration->addDescendant( $addDescReq );
+
+ if( $addDescResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addInheritance.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addInheritance.php
new file mode 100755
index 0000000000000000000000000000000000000000..1901a915b4034ffcf22358c70ff1a99660b5d334
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addInheritance.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 04.10.2007
+// Modification date: 04.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to add an
+// inheritance
+// -----------------------------------------------------
+$addInhReq = new addInheritanceRequest();
+$addInhReq->intSid = $authResponse->sid;
+$addInhReq->ascendant = "Anwendung";
+$addInhReq->descendant = "Testrolle";
+
+echo "<HR/>";
+echo "Adding inheritance...<BR/>";
+
+try {
+
+ $addInhResponse = $soapAdministration->addInheritance( $addInhReq );
+
+ if( $addInhResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addMember.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addMember.php
new file mode 100755
index 0000000000000000000000000000000000000000..817cb1e5e14261192aab5483b3df56eb3460d961
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addMember.php
@@ -0,0 +1,75 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.03.2008
+// Modification date: 18.03.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new addMemberRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->role = $_POST['role'];
+ $regReq->username = $_POST['username'];
+
+
+ echo "<HR/>";
+ echo "Adding member...<BR/>";
+
+ try {
+
+ $addMemberResponse = $soapExtra->addMember( $regReq );
+
+ if( $addMemberResponse->result ) {
+
+ echo "DONE.<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to commit!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"addMember.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Rolle: <INPUT type=\"text\" name=\"role\" value=\"\"><BR>\n";
+echo "Benutzer (eppn): <INPUT type=\"text\" name=\"username\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addRole.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addRole.php
new file mode 100755
index 0000000000000000000000000000000000000000..53db2072b92064c84aef4ca6b7c9fcca3fbe5f60
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addRole.php
@@ -0,0 +1,118 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 06.08.2007
+// Modification date: 06.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a role you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can add a the role you
+// wish to create
+// -----------------------------------------------------
+$addRoleReq = new addRoleRequest();
+$addRoleReq->intSid = $authResponse->sid;
+$addRoleReq->role = "TGPR2,Projekt-Teilnehmer";
+
+echo "<HR/>";
+echo "Adding role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapAdministration->addRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addUser.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addUser.php
new file mode 100755
index 0000000000000000000000000000000000000000..b3c86ca5da46a4cc18caf63813c5a2e70e52d6f3
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/addUser.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can add a the user you
+// wish to create
+// -----------------------------------------------------
+$addUserReq = new addUserRequest();
+$addUserReq->intSid = $authResponse->sid;
+//$addUserReq->username = "mwidmer@uni-tuebingen.de";
+$addUserReq->username = "ShibConnector@application.int";
+$addUserReq->password = "secret";
+
+echo "<HR/>";
+echo "Adding user...<BR/>";
+
+try {
+
+ $addUserResponse = $soapAdministration->addUser( $addUserReq );
+
+ if( $addUserResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignUser.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignUser.php
new file mode 100755
index 0000000000000000000000000000000000000000..c4aa257dd7e8edf82cdcb6b97f22168d54f5f16f
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignUser.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can add a the user you
+// wish to create
+// -----------------------------------------------------
+$assUserReq = new assignUserRequest();
+$assUserReq->intSid = $authResponse->sid;
+$assUserReq->username = "mwidmer@uni-tuebingen.de";
+$assUserReq->role = "Anwendung";
+
+echo "<HR/>";
+echo "Assining user mwidmer@uni-tuebingen.de to role Anwendung...<BR/>";
+
+try {
+
+ $assUserResponse = $soapAdministration->assignUser( $assUserReq );
+
+ if( $assUserResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignedRoles.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignedRoles.php
new file mode 100755
index 0000000000000000000000000000000000000000..b0d2a30be036c963abcc64e3b9a8ebac9894f6ec
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignedRoles.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 23.07.2007
+// Modification date: 23.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "shibconnector@application.int";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "shibconnector@application.int";
+$addRoleReq->role = "sessionCreator,Anwendung";
+$addRoleReq->auth = $authResponse->auth;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapExtra->tgAddActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$arReq = new assignedRolesRequest();
+$arReq->intSid = $authResponse->auth;
+$arReq->username = "testuser@textgrid.de";
+
+echo "<HR/>";
+echo "The roles of mhaase@uni-tuebingen.de...<BR/>";
+
+try {
+
+ $rolesetResponse = $soapReview->assignedRoles( $arReq );
+
+ if( is_array( $rolesetResponse->role ) ) {
+
+ for( $i = 0; $i < sizeof( $rolesetResponse->role ); $i++ ) {
+
+ echo "Role " . $i . ": " . $rolesetResponse->role[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Role 0: " . $rolesetResponse->role . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignedUsers.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignedUsers.php
new file mode 100755
index 0000000000000000000000000000000000000000..88907ed77901c853750d38ac88bdb0eadf744694
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignedUsers.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 23.07.2007
+// Modification date: 23.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$auReq = new assignedUsersRequest();
+$auReq->intSid = $authResponse->sid;
+$auReq->role = "Projekt-1,Projekt-Teilnehmer";
+
+echo "<HR/>";
+echo "The assigned users for role serviceProvider...<BR/>";
+
+try {
+
+ $usersetResponse = $soapReview->assignedUsers( $auReq );
+
+ if( is_array( $usersetResponse->username ) ) {
+
+ for( $i = 0; $i < sizeof( $usersetResponse->username ); $i++ ) {
+
+ echo "User " . $i . ": " . $usersetResponse->username[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "User 0: " . $usersetResponse->username . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/authorizedRoles.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/authorizedRoles.php
new file mode 100755
index 0000000000000000000000000000000000000000..a3efbc2b536b8787ef5debfeb306cddaff8327b8
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/authorizedRoles.php
@@ -0,0 +1,133 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.10.2007
+// Modification date: 18.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "shibconnector@application.int";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]+/i", $authResponse->auth ) ) {
+
+ echo "DONE: " . $authResponse->auth . "<BR/>";
+
+ }
+ else {
+
+ echo "FAILED!: " . serialize( $authResponse ) . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "shibconnector@application.int";
+$addRoleReq->role = "sessionCreator,Anwendung";
+$addRoleReq->auth = $authResponse->auth;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapExtra->tgAddActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$arReq = new authorizedRolesRequest();
+$arReq->intSid = $authResponse->auth;
+$arReq->username = "testuser@textgrid.de";
+
+echo "<HR/>";
+echo "The roles of testuser@textgrid.de...<BR/>";
+
+try {
+
+ $rolesetResponse = $soapReview->authorizedRoles( $arReq );
+
+ if( is_array( $rolesetResponse->role ) ) {
+
+ for( $i = 0; $i < sizeof( $rolesetResponse->role ); $i++ ) {
+
+ echo "Role " . $i . ": " . $rolesetResponse->role[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Role 0: " . $rolesetResponse->role . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/authorizedUsers.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/authorizedUsers.php
new file mode 100755
index 0000000000000000000000000000000000000000..7b1943f78cb1fc8e6d1494f27b52eada3767bd18
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/authorizedUsers.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.10.2007
+// Modification date: 18.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$auReq = new authorizedUsersRequest();
+$auReq->intSid = $authResponse->sid;
+$auReq->role = "Projekt-1,Projekt-Teilnehmer";
+
+echo "<HR/>";
+echo "The authorized users for role Projekt-1,Projekt-Teilnehmer...<BR/>";
+
+try {
+
+ $usersetResponse = $soapReview->authorizedUsers( $auReq );
+
+ if( is_array( $usersetResponse->username ) ) {
+
+ for( $i = 0; $i < sizeof( $usersetResponse->username ); $i++ ) {
+
+ echo "User " . $i . ": " . $usersetResponse->username[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "User 0: " . $usersetResponse->username . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/checkAccess.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/checkAccess.php
new file mode 100755
index 0000000000000000000000000000000000000000..861b6564a7fae99103df37cdbd3cec493ee31088
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/checkAccess.php
@@ -0,0 +1,75 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgsystem.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['sid'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new registerResourceRequest();
+ $regReq->intSid = "";
+ $regReq->sid = $_POST['sid'];
+ $regReq->resource = $_POST['resource'];
+ $regReq->operation = $_POST['operation'];
+
+
+ echo "<HR/>";
+ echo "Checking access...<BR/>";
+
+ try {
+
+ $checkResponse = $soapSystem->checkAccess( $regReq );
+
+ if( $checkResponse->result ) {
+
+ echo "YES.<BR>";
+
+ }
+ else {
+
+ echo "NO<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"checkAccess.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "SID: <INPUT type=\"text\" name=\"sid\" value=\"\"><BR>\n";
+echo "Operation: <INPUT type=\"text\" name=\"operation\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/createProject.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/createProject.php
new file mode 100755
index 0000000000000000000000000000000000000000..7392c1dcdcb816dd0da425155c8dbf421761236d
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/createProject.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $creReq = new createProjectRequest();
+ $creReq->auth = $_POST['auth'];
+ $creReq->log = "";
+ $creReq->description = $_POST['description'];
+
+
+ echo "<HR/>";
+ echo "Creating project...<BR/>";
+
+ try {
+
+ $creResponse = $soapExtra->createProject( $creReq );
+
+ if( $creResponse->projectId ) {
+
+ echo "DONE: " . $creResponse->projectId . "<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to create new project!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"createProject.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Project-description: <INPUT type=\"text\" name=\"description\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/createSession.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/createSession.php
new file mode 100755
index 0000000000000000000000000000000000000000..efd634180e915e498a1503f0195dbc6b7106b5ad
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/createSession.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 08.07.2007
+// Modification date: 02.08.2007
+// Version: 0.1.2
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "shibConnector@application.int";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "shibConnector@application.int";
+$addRoleReq->role = "sessionCreator,Anwendung";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$creReq = new createSessionRequest();
+$creReq->intSid = $authResponse->sid;
+$creReq->username = "mhaase@uni-tuebingen.de";
+$creReq->roleset = Array( "Projekt-Teilnehmer" );
+$creReq->sid = "ABcDEFG";
+
+echo "<HR/>";
+echo "Creating the session...<BR/>";
+
+try {
+
+ $creResponse = $soapSystem->createSession( $creReq );
+
+ if( $creResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deactivateProject.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deactivateProject.php
new file mode 100755
index 0000000000000000000000000000000000000000..3085575748b87f5ffc904529129fa4a886604530
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deactivateProject.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 08.04.2008
+// Modification date: 08.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $deaReq = new deactivateProjectRequest();
+ $deaReq->auth = $_POST['auth'];
+ $deaReq->log = "";
+ $deaReq->project = $_POST['project'];
+
+
+ echo "<HR/>";
+ echo "Deactivating project...<BR/>";
+
+ try {
+
+ $response = $soapExtra->deactivateProject( $deaReq );
+
+ if( $response->result ) {
+
+ echo "DONE";
+
+ }
+ else {
+
+ echo "UNABLE TO COMMIT...";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"deactivateProject.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Project: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deassignUser.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deassignUser.php
new file mode 100755
index 0000000000000000000000000000000000000000..e60f3039f42b3c8091f1fe939fce0b4a0729f108
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deassignUser.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 08.08.2007
+// Modification date: 08.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a role you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can deassign a user from a
+// role.
+// -----------------------------------------------------
+$deassUserReq = new deassignUserRequest();
+$deassUserReq->intSid = $authResponse->sid;
+$deassUserReq->username = "mwidmer@uni-tuebingen.de";
+$deassUserReq->role = "testRole";
+
+echo "<HR/>";
+echo "Assigning user to role...<BR/>";
+
+try {
+
+ $deassUserResponse = $soapAdministration->deassignUser( $deassUserReq );
+
+ if( $deassUserResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
\ No newline at end of file
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteInheritance.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteInheritance.php
new file mode 100755
index 0000000000000000000000000000000000000000..52dcd2833c56101b3c651fb51b46ae988ef9a362
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteInheritance.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 04.10.2007
+// Modification date: 04.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to delete an
+// inheritance
+// -----------------------------------------------------
+$delInhReq = new deleteInheritanceRequest();
+$delInhReq->intSid = $authResponse->sid;
+$delInhReq->ascendant = "Anwendung,Testrolle";
+$delInhReq->descendant = "Testrolle";
+
+echo "<HR/>";
+echo "Deleting inheritance...<BR/>";
+
+try {
+
+ $delInhResponse = $soapAdministration->deleteInheritance( $delInhReq );
+
+ if( $delInhResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteMember.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteMember.php
new file mode 100755
index 0000000000000000000000000000000000000000..c346a5addb03ed7a13ea8334c88947107ba88e96
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteMember.php
@@ -0,0 +1,75 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.03.2008
+// Modification date: 18.03.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new deleteMemberRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->role = $_POST['role'];
+ $regReq->username = $_POST['username'];
+
+
+ echo "<HR/>";
+ echo "Removing member...<BR/>";
+
+ try {
+
+ $addMemberResponse = $soapExtra->deleteMember( $regReq );
+
+ if( $addMemberResponse->result ) {
+
+ echo "DONE.<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to commit!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"deleteMember.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Rolle: <INPUT type=\"text\" name=\"role\" value=\"\"><BR>\n";
+echo "Benutzer (eppn): <INPUT type=\"text\" name=\"username\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteRole.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteRole.php
new file mode 100755
index 0000000000000000000000000000000000000000..1c38bc16b41340c3da3c819a4b28dfaf5edf84ed
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteRole.php
@@ -0,0 +1,117 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 06.08.2007
+// Modification date: 06.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a role you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can delete the role
+// -----------------------------------------------------
+$delRoleReq = new deleteRoleRequest();
+$delRoleReq->intSid = $authResponse->sid;
+$delRoleReq->role = "testRole";
+
+echo "<HR/>";
+echo "Deleting role...<BR/>";
+
+try {
+
+ $delRoleResponse = $soapAdministration->deleteRole( $delRoleReq );
+
+ if( $delRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
\ No newline at end of file
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteSession.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteSession.php
new file mode 100755
index 0000000000000000000000000000000000000000..e21def95d91e8da2dd91af04280d76212513bbd0
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteSession.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 01.08.2007
+// Modification date: 01.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "rbacName=serviceProvider,ou=roles,ou=rbac,dc=rbac,dc=de";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$delReq = new deleteSessionRequest();
+$delReq->intSid = $authResponse->sid;
+$delReq->username = "mhaase@uni-tuebingen.de";
+$delReq->sid = "ABcDEFG";
+
+echo "<HR/>";
+echo "Deleting the session...<BR/>";
+
+try {
+
+ $delResponse = $soapSystem->deleteSession( $delReq );
+
+ if( $delResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteUser.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteUser.php
new file mode 100755
index 0000000000000000000000000000000000000000..bf350a7bf1dfbc29ca5828cf6656ac08581df46c
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/deleteUser.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$delUserReq = new deleteUserRequest();
+$delUserReq->intSid = $authResponse->sid;
+$delUserReq->username = "mwidmer@uni-tuebingen.de";
+
+echo "<HR/>";
+echo "Removing user...<BR/>";
+
+try {
+
+ $delUserResponse = $soapAdministration->deleteUser( $delUserReq );
+
+ if( $delUserResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/dropActiveRole.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/dropActiveRole.php
new file mode 100755
index 0000000000000000000000000000000000000000..b3c1cd01d87911e7eb001f2dffad403d8b075225
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/dropActiveRole.php
@@ -0,0 +1,116 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 08.07.2007
+// Modification date: 17.07.2007
+// Version: 0.1.1
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// Now you can try to drop the active role from your session
+// -----------------------------------------------------
+$dropRoleReq = new addActiveRoleRequest();
+$dropRoleReq->username = "sp00001@textgrid.de";
+$dropRoleReq->role = "serviceProvider";
+$dropRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Dropping active role...<BR/>";
+
+try {
+
+ $dropRoleResponse = $soapSystem->dropActiveRole( $dropRoleReq );
+
+ if( $dropRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/filterBySid.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/filterBySid.php
new file mode 100755
index 0000000000000000000000000000000000000000..9cd871cf8a517c4773a5fb383b14d76a38e6191f
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/filterBySid.php
@@ -0,0 +1,138 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 23.10.2007
+// Modification date: 23.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+//$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+/*
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+*/
+
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask the RBAC-system
+// form the operations a role may do on a resource.
+// -----------------------------------------------------
+$filterReq = new filterBySidRequest();
+//$filterReq->auth = "bLDCUpWHR9aDhqHngQJRod25BLj032tWPWLsuH141zx66LW3wh51MWlYZ0RndZ";
+$filterReq->auth = "";
+$filterReq->resource = Array( "textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T134649:xml%2Ftei:1",
+ "textgrid:TGPR3:TEMPLATE_TITLE+-+aesopus_teilite.xml:20080514T171605:xml%2Ftei:1",
+ "textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T134646:xml%2Ftei:1",
+ "textgrid:TGPR3:TEMPLATE_TITLE+-+aesopus_teilite.xml:20080514T155649:xml%2Ftei:1",
+ "textgrid:TGPR3:TEMPLATE_TITLE+-+werther1_teilite.xml:20080514T155659:xml%2Ftei:1",
+ "textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T134648:xml%2Ftei:1",
+ "textgrid:TGPR3:TEMPLATE_TITLE+-+werther1_teilite.xml:20080514T171613:xml%2Ftei:1",
+ "textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T134530:xml%2Ftei:1",
+ "textgrid:TGPR3:Die+Leiden+des+jungen+Werther+-+Zweyter+Theil:20080514T154944:xml%2Ftei:1" );
+$filterReq->operation = "read";
+
+echo "<HR/>";
+echo "Filtering resources...<BR/>";
+
+try {
+
+ $filterResponse = $soapExtra->filterBySid( $filterReq );
+
+ if( is_array( $filterResponse->resource ) ) {
+
+ for( $i = 0; $i < sizeof( $filterResponse->resource ); $i++ ) {
+
+ echo "Resource " . $i . ": " . $filterResponse->resource[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Resource 0: " . $filterResponse->resource . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getAllProjects.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getAllProjects.php
new file mode 100755
index 0000000000000000000000000000000000000000..a389b87d5b6936541718f95b123befbb128c35f8
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getAllProjects.php
@@ -0,0 +1,65 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+echo "<HR/>";
+echo "Listing all projects...<BR/>";
+
+try {
+
+ $getProResponse = $soapExtra->getAllProjects();
+
+ if( is_array( $getProResponse->project ) ) {
+
+ for( $i = 0; $i < sizeof( $getProResponse->project ); $i++ ) {
+
+ echo $getProResponse->project[$i]->id . " / " . $getProResponse->project[$i]->name . " / " . $getProResponse->project[$i]->description . "<BR>";
+
+ }
+
+ }
+ elseif( $getProResponse->project instanceof project ) {
+
+ echo $getProResponse->project->id . " / " . $getProResponse->project->name . " / " . $getProResponse->project->description . "<BR>";
+
+ }
+ else {
+
+ echo "No projects!<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getLeader.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getLeader.php
new file mode 100755
index 0000000000000000000000000000000000000000..7fbd1782e786be2e3dac679ea66612ce45c0ca82
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getLeader.php
@@ -0,0 +1,82 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $leaReq = new getLeaderRequest();
+ $leaReq->auth = $_POST['auth'];
+ $leaReq->log = "";
+ $leaReq->project = $_POST['project'];
+
+
+ echo "<HR/>";
+ echo "Searching leader...<BR/>";
+
+ try {
+
+ $response = $soapExtra->getLeader( $leaReq );
+
+ if( is_array( $response->username ) ) {
+
+ for( $i = 0; $i < sizeof( $response->username ); $i++ ) {
+
+ echo $response->username[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $response->username ) ) {
+
+ echo $response->username;
+
+ }
+ else {
+
+ echo "No leader found!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getLeader.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Project-Name: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getMembers.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getMembers.php
new file mode 100755
index 0000000000000000000000000000000000000000..d89821da4274e09db70ab4f6992a2be0d3365fa8
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getMembers.php
@@ -0,0 +1,82 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['project'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $memReq = new getMembersRequest();
+ $memReq->auth = $_POST['auth'];
+ $memReq->log = "";
+ $memReq->project = $_POST['project'];
+
+
+ echo "<HR/>";
+ echo "Searching members for project...<BR/>";
+
+ try {
+
+ $memResponse = $soapSystem->getMembers( $memReq );
+
+ if( is_array( $memResponse->username ) ) {
+
+ for( $i = 0; $i < sizeof( $memResponse->username ); $i++ ) {
+
+ echo $memResponse->username[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $memResponse->username ) ) {
+
+ echo $memResponse->username;
+
+ }
+ else {
+
+ echo "No members found!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getMembers.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "project: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getObjects.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getObjects.php
new file mode 100755
index 0000000000000000000000000000000000000000..2364f9cc832350542e30448cfbec13bfe8cc0867
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getObjects.php
@@ -0,0 +1,82 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['project'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new getObjectsRequest();
+ $regReq->auth = $_POST['auth'];
+ $reqReq->log = "";
+ $regReq->project = $_POST['project'];
+
+
+ echo "<HR/>";
+ echo "Searching resources for project...<BR/>";
+
+ try {
+
+ $resourceResponse = $soapSystem->getObjects( $regReq );
+
+ if( is_array( $resourceResponse->resource ) ) {
+
+ for( $i = 0; $i < sizeof( $resourceResponse->resource ); $i++ ) {
+
+ echo $resourceResponse->resource[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $resourceResponse->resource ) ) {
+
+ echo $resourceResponse->resource;
+
+ }
+ else {
+
+ echo "No resources found!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getObjects.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "project: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getOwner.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getOwner.php
new file mode 100755
index 0000000000000000000000000000000000000000..cc42db678e2ca1e928d05416ce219cfd5d4374a7
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getOwner.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $geoReq = new getOwnerRequest();
+ $geoReq->auth = $_POST['auth'];
+ $geoReq->log = "";
+ $geoReq->resource = $_POST['resource'];
+
+
+ echo "<HR/>";
+ echo "Looking for owner...<BR/>";
+
+ try {
+
+ $response = $soapExtra->getOwner( $geoReq );
+
+ if( $response->owner ) {
+
+ echo "Owner: " . $response->owner;
+
+ }
+ else {
+
+ echo "UNABLE TO COMMIT...";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getOwner.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getProjectDescription.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getProjectDescription.php
new file mode 100755
index 0000000000000000000000000000000000000000..35a8ad1a8f2bd5dd724581a4ec3427e10a8ad42c
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getProjectDescription.php
@@ -0,0 +1,75 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['project'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $proReg = new getProjectDescriptionRequest();
+ $proReg->auth = $_POST['auth'];
+ $proReg->log = "";
+ $proReg->project = $_POST['project'];
+
+
+ echo "<HR/>";
+ echo "Looking for description...<BR/>";
+
+ try {
+
+ $response = $soapExtra->getProjectDescription( $proReg );
+
+ if( $response->project ) {
+
+ echo "ID: " . $response->project->id . "<br>";
+ echo "Name: " . $response->project->name . "<br>";
+ echo "Description: " . $response->project->description;
+
+ }
+ else {
+
+ echo "UNABLE TO COMMIT...";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getProjectDescription.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Project: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getRights.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getRights.php
new file mode 100755
index 0000000000000000000000000000000000000000..7a7e62c70eca886576e3eab3d6a655e0bd3e6f29
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getRights.php
@@ -0,0 +1,84 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $opReq = new getMembersRequest();
+ $opReq->auth = $_POST['auth'];
+ $opReq->username = $_POST['username'];
+ $opReq->log = "";
+ $opReq->resource = $_POST['resource'];
+
+
+ echo "<HR/>";
+ echo "Searching allowed operations...<BR/>";
+
+ try {
+
+ $opResponse = $soapSystem->getRights( $opReq );
+
+ if( is_array( $opResponse->operation ) ) {
+
+ for( $i = 0; $i < sizeof( $opResponse->operation ); $i++ ) {
+
+ echo $opResponse->operation[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $opResponse->operation ) ) {
+
+ echo $opResponse->operation;
+
+ }
+ else {
+
+ echo "No operations found!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getRights.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "Username: <INPUT type=\"text\" name=\"username\" value=\"\"><BR/>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getSid.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getSid.php
new file mode 100755
index 0000000000000000000000000000000000000000..6c806c930370ee348f8727db6a5cda64b98c7f90
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getSid.php
@@ -0,0 +1,52 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 05.08.2007
+// Modification date: 05.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+//$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl",
+// Array( 'proxy_host' => "134.2.217.67", 'proxy_port' => 7777 ) );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// How to get a session-ID from the RBAC-system
+// -----------------------------------------------------
+echo "<HR/>";
+echo "Asking for a session-ID...<BR/>";
+
+try {
+
+ $getSidResponse = $soapExtra->getSid();
+
+ if( $getSidResponse->sid ) {
+
+ echo "DONE: " . $getSidResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/grantPermission.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/grantPermission.php
new file mode 100755
index 0000000000000000000000000000000000000000..eeede5556db7d8c10cb93c709bcdef9a33f2275a
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/grantPermission.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 06.08.2007
+// Modification date: 06.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a role you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to grant a permission
+// to a role.
+// -----------------------------------------------------
+$grantPermReq = new grantPermissionRequest();
+$grantPermReq->intSid = $authResponse->sid;
+$grantPermReq->resource = "ingrid.daasi.de//demo/tg-demo.xml";
+$grantPermReq->operation = "read";
+$grantPermReq->role = "Testrolle";
+
+echo "<HR/>";
+echo "Assigning user to role...<BR/>";
+
+try {
+
+ $grantPermResponse = $soapAdministration->grantPermission( $grantPermReq );
+
+ if( $grantPermResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/isPublic.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/isPublic.php
new file mode 100755
index 0000000000000000000000000000000000000000..d9eb2bad2ba58824a68a685263a1ebbd231f929e
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/isPublic.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 14.04.2008
+// Modification date: 14.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['resource'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new isPublicRequest();
+ $regReq->auth = "";
+ $reqReq->log = "";
+ $regReq->resource = $_POST['resource'];
+
+
+ echo "<HR/>";
+ echo "Checking if resource is public...<BR/>";
+
+ try {
+
+ $checkResponse = $soapSystem->isPublic( $regReq );
+
+ if( $checkResponse->result ) {
+
+ echo "YES.<BR>";
+
+ }
+ else {
+
+ echo "NO<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"isPublic.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/publish.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/publish.php
new file mode 100755
index 0000000000000000000000000000000000000000..5657e4ae60ecb68752a7941071f60332cf16ec82
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/publish.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $pubReq = new publishRequest();
+ $pubReq->auth = $_POST['auth'];
+ $pubReq->log = "";
+ $pubReq->resource = $_POST['resource'];
+
+
+ echo "<HR/>";
+ echo "Publishing resource...<BR/>";
+
+ try {
+
+ $response = $soapExtra->publish( $pubReq );
+
+ if( $response->result ) {
+
+ echo "DONE";
+
+ }
+ else {
+
+ echo "UNABLE TO COMMIT...";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"publish.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/registerResource.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/registerResource.php
new file mode 100755
index 0000000000000000000000000000000000000000..11dd88c30eecee7fef1bf61abc81199a50b977d4
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/registerResource.php
@@ -0,0 +1,75 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new registerResourceRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->project = $_POST['project'];
+ $regReq->uri = $_POST['uri'];
+
+
+ echo "<HR/>";
+ echo "Adding resource...<BR/>";
+
+ try {
+
+ $registerResourceResponse = $soapExtra->registerResource( $regReq );
+
+ if( $registerResourceResponse->result ) {
+
+ echo "DONE.<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to commit!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"registerResource.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Project-Name: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "URI: <INPUT type=\"text\" name=\"uri\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/revokePermission.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/revokePermission.php
new file mode 100755
index 0000000000000000000000000000000000000000..3aeef751f6e1e61541658f5d023ad3669bad9079
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/revokePermission.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 06.08.2007
+// Modification date: 06.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a role you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to grant a permission
+// to a role.
+// -----------------------------------------------------
+$revPermReq = new revokePermissionRequest();
+$revPermReq->intSid = $authResponse->sid;
+$revPermReq->resource = "ingrid.daasi.de//demo/tg-demo.xml";
+$revPermReq->operation = "read";
+$revPermReq->role = "Testrolle";
+
+echo "<HR/>";
+echo "Revoking permission read for role testRole...<BR/>";
+
+try {
+
+ $revPermResponse = $soapAdministration->revokePermission( $revPermReq );
+
+ if( $revPermResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/roleOperationsOnObject.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/roleOperationsOnObject.php
new file mode 100755
index 0000000000000000000000000000000000000000..d6de59bef043174aa5682bb3aef3e80f88484a53
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/roleOperationsOnObject.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.08.2007
+// Modification date: 30.08.2007
+// Version: 0.1.1
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask the RBAC-system
+// form the operations a role may do on a resource.
+// -----------------------------------------------------
+$roooReq = new roleOperationsOnObjectRequest();
+$roooReq->intSid = $authResponse->sid;
+$roooReq->role = "Projektleiter,Projekt-1,Projekt-Teilnehmer";
+$roooReq->resource = "ingrid.daasi.de//demo/tg-demo.xml";
+
+echo "<HR/>";
+echo "The allowed operations of roles Projektleiter,Projekt-1,Projekt-Teilnehmer on resource ingrid.daasi.de//demo/tg-demo.xml...<BR/>";
+
+try {
+
+ $operationsetResponse = $soapReview->roleOperationsOnObject( $roooReq );
+
+ if( is_array( $operationsetResponse->operationset ) ) {
+
+ for( $i = 0; $i < sizeof( $operationsetResponse->operationset ); $i++ ) {
+
+ echo "Operation " . $i . ": " . $operationsetResponse->operationset[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Operation 0: " . $operationsetResponse->operationset . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/rolePermissions.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/rolePermissions.php
new file mode 100755
index 0000000000000000000000000000000000000000..647180e8469c22977e190a0ef9235bf5dc6bc657
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/rolePermissions.php
@@ -0,0 +1,129 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 25.07.2007
+// Modification date: 17.08.2007
+// Version: 0.1.1
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask the RBAC-system
+// for a list of permissions a role has.
+// -----------------------------------------------------
+$permReq = new rolePermissionsRequest();
+$permReq->intSid = $authResponse->sid;
+$permReq->role = "Projektleiter,Projekt-1,Projekt-Teilnehmer";
+
+echo "<HR/>";
+echo "Query the permissions of role Projektleiter,Projekt-1,Projekt-Teilnehmer...<BR/>";
+
+try {
+
+ $permResponse = $soapReview->rolePermissions( $permReq );
+
+ if( is_array( $permResponse->permissionset ) ) {
+
+ for( $i = 0; $i < sizeof( $permResponse->permissionset ); $i++ ) {
+
+ echo $permResponse->permissionset[$i]->resource . " / "
+ . $permResponse->permissionset[$i]->operation . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo $permResponse->permissionset->resource . " / "
+ . $permResponse->permissionset->operation . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/sessionPermissions.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/sessionPermissions.php
new file mode 100755
index 0000000000000000000000000000000000000000..151c35b1b3ef82e306868d41d5d5ddc95455c8b4
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/sessionPermissions.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 08.08.2007
+// Modification date: 08.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask for a session's
+// permissions.
+// -----------------------------------------------------
+$permReq = new sessionPermissionsRequest();
+$permReq->intSid = $authResponse->sid;
+$permReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Query the permissions of my own session...<BR/>";
+
+try {
+
+ $permResponse = $soapReview->sessionPermissions( $permReq );
+ echo serialize( $permResponse );
+
+ for( $i = 0; $i < sizeof( $permResponse->permissionset ); $i++ ) {
+
+ echo $permResponse->permissionset[$i]->resource . " / "
+ . $permResponse->permissionset[$i]->operation . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/sessionRoles.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/sessionRoles.php
new file mode 100755
index 0000000000000000000000000000000000000000..df58bd9caec54ddcd4c7607d30ddd1be8fc864cc
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/sessionRoles.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$srReq = new sessionRolesRequest();
+$srReq->intSid = $authResponse->sid;
+$srReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Session roles...<BR/>";
+
+try {
+
+ $rolesetResponse = $soapReview->sessionRoles( $srReq );
+
+ if( is_array( $rolesetResponse->role ) ) {
+
+ for( $i = 0; $i < sizeof( $srResponse->role ); $i++ ) {
+
+ echo "Role " . $i . ": " . $rolesetResponse->role[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Role 0: " . $rolesetResponse->role . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgAddActiveRole.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgAddActiveRole.php
new file mode 100755
index 0000000000000000000000000000000000000000..de8e33aea0043b42be3c9eb7260a7c9013ace067
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgAddActiveRole.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new tgAddActiveRoleRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->role = $_POST['role'];
+
+
+ echo "<HR/>";
+ echo "Adding role...<BR/>";
+
+ try {
+
+ $addActiveRoleResponse = $soapExtra->tgAddActiveRole( $regReq );
+
+ if( $addActiveRoleResponse->result ) {
+
+ echo "DONE.<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to commit!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgAddActiveRole.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Role: <INPUT type=\"text\" name=\"role\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgAssignedProjects.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgAssignedProjects.php
new file mode 100755
index 0000000000000000000000000000000000000000..1b77845d2027b4321bd0c7b927b85522f9aa0cfa
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgAssignedProjects.php
@@ -0,0 +1,80 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new tgAssignedProjectsRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+
+
+ echo "<HR/>";
+ echo "Searching...<BR/>";
+
+ try {
+
+ $assignedProjectsResponse = $soapExtra->tgAssignedProjects( $regReq );
+
+ if( is_array( $assignedProjectsResponse->role ) ) {
+
+ for( $i = 0; $i < sizeof( $assignedProjectsResponse->role ); $i++ ) {
+
+ echo $assignedProjectsResponse->role[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $assignedProjectsResponse->role ) ) {
+
+ echo $assignedProjectsResponse->role;
+
+ }
+ else {
+
+ echo "No assigned roles!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgAssignedProjects.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgAssignedRoles.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgAssignedRoles.php
new file mode 100755
index 0000000000000000000000000000000000000000..e5d55c952d40dd14d276e3b9009fb39bd27eb02c
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgAssignedRoles.php
@@ -0,0 +1,82 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new tgAssignedRolesRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->username = $_POST['username'];
+
+
+ echo "<HR/>";
+ echo "Searching...<BR/>";
+
+ try {
+
+ $assignedRolesResponse = $soapExtra->tgAssignedRoles( $regReq );
+
+ if( is_array( $assignedRolesResponse->role ) ) {
+
+ for( $i = 0; $i < sizeof( $assignedRolesResponse->role ); $i++ ) {
+
+ echo $assignedRolesResponse->role[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $assignedRolesResponse->role ) ) {
+
+ echo $assignedRolesResponse->role;
+
+ }
+ else {
+
+ echo "No assigned roles!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgAssignedRoles.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Username (may be empty): <INPUT type=\"text\" name=\"username\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgCheckAccess.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgCheckAccess.php
new file mode 100755
index 0000000000000000000000000000000000000000..347e4ece8e1c8940c2376cbed67c722ceb0df1a0
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgCheckAccess.php
@@ -0,0 +1,76 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new tgCheckAccessRequest();
+ $regReq->auth = $_POST['auth'];
+ $reqReq->log = "";
+// $regReq->sid = $_POST['sid'];
+ $regReq->resource = $_POST['resource'];
+ $regReq->operation = $_POST['operation'];
+
+
+ echo "<HR/>";
+ echo "Checking access...<BR/>";
+
+ try {
+
+ $checkResponse = $soapSystem->tgCheckAccess( $regReq );
+
+ if( $checkResponse->result ) {
+
+ echo "YES.<BR>";
+
+ }
+ else {
+
+ echo "NO<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgCheckAccess.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Operation: <INPUT type=\"text\" name=\"operation\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgGrantPermission.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgGrantPermission.php
new file mode 100755
index 0000000000000000000000000000000000000000..1dc79c396bfed39bcac84d9e9c095e6099876b5f
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgGrantPermission.php
@@ -0,0 +1,77 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 04.04.2008
+// Modification date: 04.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $graReq = new tgGrantPermissionRequest();
+ $graReq->auth = $_POST['auth'];
+ $graReq->log = "";
+ $graReq->role = $_POST['role'];
+ $graReq->resource = $_POST['resource'];
+ $graReq->operation = $_POST['operation'];
+
+
+ echo "<HR/>";
+ echo "Trying to grant permission...<BR/>";
+
+ try {
+
+ $response = $soapExtra->tgGrantPermission( $graReq );
+
+ if( $response->result ) {
+
+ echo "DONE";
+
+ }
+ else {
+
+ echo "UNABLE TO COMMIT...";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgGrantPermission.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Role: <INPUT type=\"text\" name=\"role\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "Operation: <INPUT type=\"text\" name=\"operation\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgRevokePermission.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgRevokePermission.php
new file mode 100755
index 0000000000000000000000000000000000000000..e6d3a28801c33199d7e61b45d66925cce755bd49
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/tgRevokePermission.php
@@ -0,0 +1,77 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $revReg = new tgRevokePermissionRequest();
+ $revReg->auth = $_POST['auth'];
+ $revReg->log = "";
+ $revReg->role = $_POST['role'];
+ $revReg->resource = $_POST['resource'];
+ $revReg->operation = $_POST['operation'];
+
+
+ echo "<HR/>";
+ echo "Trying to revoke permission...<BR/>";
+
+ try {
+
+ $response = $soapExtra->tgRevokePermission( $revReg );
+
+ if( $response->result ) {
+
+ echo "DONE";
+
+ }
+ else {
+
+ echo "UNABLE TO COMMIT...";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgRevokePermission.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Role: <INPUT type=\"text\" name=\"role\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "Operation: <INPUT type=\"text\" name=\"operation\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/unregisterResource.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/unregisterResource.php
new file mode 100755
index 0000000000000000000000000000000000000000..59d8cf68140449ddec14443ec248e20cccbde8a0
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/unregisterResource.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.03.2008
+// Modification date: 17.03.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new unregisterResourceRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->uri = $_POST['uri'];
+
+
+ echo "<HR/>";
+ echo "Unregistering resource...<BR/>";
+
+ try {
+
+ $registerResourceResponse = $soapExtra->unregisterResource( $regReq );
+
+ if( $registerResourceResponse->result ) {
+
+ echo "DONE.<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to commit!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"unregisterResource.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "URI: <INPUT type=\"text\" name=\"uri\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/userExists.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/userExists.php
new file mode 100755
index 0000000000000000000000000000000000000000..845e52988a80d053527b25c7ef72e6158d2354e4
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/userExists.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "ShibConnector@application.int";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "ShibConnector@application.int";
+$addRoleReq->role = "Anwendung";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can add a the user you
+// wish to create
+// -----------------------------------------------------
+$addUserReq = new addUserRequest();
+$addUserReq->intSid = $authResponse->sid;
+//$addUserReq->username = "mwidmer@uni-tuebingen.de";
+$addUserReq->username = "ShibConnector@application.int";
+$addUserReq->password = "secret";
+
+echo "<HR/>";
+echo "Adding user...<BR/>";
+
+try {
+
+ $addUserResponse = $soapAdministration->addUser( $addUserReq );
+
+ if( $addUserResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/userOperationsOnObject.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/userOperationsOnObject.php
new file mode 100755
index 0000000000000000000000000000000000000000..33c712de4ed7a84be542b9018c036442dbf63103
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/userOperationsOnObject.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 30.08.2007
+// Modification date: 30.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask the RBAC-system
+// form the operations a user may do on a resource.
+// -----------------------------------------------------
+$roooReq = new userOperationsOnObjectRequest();
+$roooReq->intSid = $authResponse->sid;
+$roooReq->user = "mhaase@uni-tuebingen.de";
+$roooReq->resource = "ingrid.daasi.de//demo/tg-demo.xml";
+
+echo "<HR/>";
+echo "The allowed operations of user mhaase@uni-tuebingen.de on resource ingrid.daasi.de//demo/tg-demo.xml...<BR/>";
+
+try {
+
+ $operationsetResponse = $soapReview->userOperationsOnObject( $roooReq );
+
+ if( is_array( $operationsetResponse->operationset ) ) {
+
+ for( $i = 0; $i < sizeof( $operationsetResponse->operationset ); $i++ ) {
+
+ echo "Operation " . $i . ": " . $operationsetResponse->operationset[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Operations 0: " . $operationsetResponse->operationset . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/userPermissions.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/userPermissions.php
new file mode 100755
index 0000000000000000000000000000000000000000..03be0c8f7d7cf9b6887deb6f7d2b3909c6e1652c
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/userPermissions.php
@@ -0,0 +1,132 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 08.08.2007
+// Modification date: 08.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "shibConnector@application.int";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "shibConnector@application.int";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask for the users
+// permissions.
+// -----------------------------------------------------
+$permReq = new userPermissionsRequest();
+$permReq->intSid = $authResponse->sid;
+//$permReq->username = "shibConnector@application.int";
+$permReq->username = "mhaase@uni-tuebingen.de";
+
+
+echo "<HR/>";
+echo "Query the permissions of user sp00001@textgrid.de...<BR/>";
+
+try {
+
+ $permResponse = $soapReview->userPermissions( $permReq );
+
+ if( is_array( $permResponse->permissionset ) ) {
+
+ for( $i = 0; $i < sizeof( $permResponse->permissionset ); $i++ ) {
+
+ echo $permResponse->permissionset[$i]->resource . " / "
+ . $permResponse->permissionset[$i]->operation . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo $permResponse->permissionset->resource . " / "
+ . $permResponse->permissionset->operation . "<BR/>";
+
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/xacmlCheckAccess.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/xacmlCheckAccess.php
new file mode 100755
index 0000000000000000000000000000000000000000..f10dd6fffb5ee44c2b959bb01aeb56ddbd007da1
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/xacmlCheckAccess.php
@@ -0,0 +1,103 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../xacmlTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapXACML = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/xacml.wsdl.local", Array( "trace" => 1 ) );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['session'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+
+ $regReq = new stdClass();
+
+ $regReq->Version = "2.0";
+ $regReq->ID = "abcde1234";
+ $regReq->ReturnContext = true;
+ $regReq->Request = new stdClass();
+ $regReq->Request->Subject = new stdClass();
+ $regReq->Request->Resource = new stdClass();
+ $regReq->Request->Action = new stdClass();
+ $regReq->Request->Environment = new stdClass();
+
+ $regReq->Request->Subject->Attribute = new stdClass();
+ $regReq->Request->Subject->Attribute->AttributeId = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
+ $regReq->Request->Subject->Attribute->DataType = "http://www.w3.org/2001/XMLSchema#string";
+ $regReq->Request->Subject->Attribute->AttributeValue = new stdClass();
+ $regReq->Request->Subject->Attribute->AttributeValue->any = $_POST['session'];
+
+ $regReq->Request->Resource->Attribute = new stdClass();
+ $regReq->Request->Resource->Attribute->AttributeId = "urn:oasis:names:tc:xacml:1.0:resource:resource-id";
+ $regReq->Request->Resource->Attribute->DataType = "http://www.w3.org/2001/XMLSchema#anyURI";
+ $regReq->Request->Resource->Attribute->AttributeValue = new stdClass();
+ $regReq->Request->Resource->Attribute->AttributeValue->any = $_POST['resource'];
+
+ $regReq->Request->Action->Attribute = new stdClass();
+ $regReq->Request->Action->Attribute->AttributeId = "urn:oasis:names:tc:xacml:1.0:action:action-id";
+ $regReq->Request->Action->Attribute->DataType = "http://www.w3.org/2001/XMLSchema#string";
+ $regReq->Request->Action->Attribute->AttributeValue = new stdClass();
+ $regReq->Request->Action->Attribute->AttributeValue->any = $_POST['operation'];
+
+
+ echo "<HR/>";
+ echo "checking access...<BR/>";
+ echo "Look at the code to see what happens!<BR/>";
+
+
+ try {
+
+ $caResponse = $soapXACML->checkXACMLaccess( $regReq );
+
+ echo "\n\n" . $soapXACML->__getLastRequest();
+ echo "\n\n" . $soapXACML->__getLastResponse() . "\n\n";
+
+ if( preg_match( "/^permit$/i", $caResponse->Response->Result->Decision ) ) {
+
+ echo "<BR><HR><BR>Granted: YES.<BR><HR><BR>";
+
+ }
+ else {
+
+ echo "<BR><HR><BR>Granted: NO.<BR><HR><BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"xacmlCheckAccess.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Session: <INPUT type=\"text\" name=\"session\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "Operation: <INPUT type=\"text\" name=\"operation\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/phpinfo.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/phpinfo.php
new file mode 100755
index 0000000000000000000000000000000000000000..cf6086080afbe99c14fae13df55267063246b755
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/phpinfo.php
@@ -0,0 +1,3 @@
+<?php
+phpinfo();
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/soapTypes.inc.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/soapTypes.inc.php
new file mode 100755
index 0000000000000000000000000000000000000000..d61c50f9c5705d2174e6905b2d1c031147ce7b66
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/soapTypes.inc.php
@@ -0,0 +1,524 @@
+<?php
+class authenticateRequest {
+
+ public $username;
+ public $password;
+ public $log;
+
+}
+
+class authenticateResponse {
+
+ public $sid;
+
+}
+
+class getSidResponse {
+
+ public $sid;
+
+}
+
+class checkAccessRequest {
+
+ public $intSid;
+ public $operation;
+ public $resource;
+ public $sid;
+
+}
+
+class tgCheckAccessRequest {
+
+ public $auth;
+ public $log;
+ public $operation;
+ public $resource;
+ public $sid;
+
+}
+
+class tgGrantPermissionRequest {
+
+ public $auth;
+ public $log;
+ public $role;
+ public $resource;
+ public $operation;
+
+}
+
+class tgRevokePermissionRequest {
+
+ public $auth;
+ public $log;
+ public $role;
+ public $resource;
+ public $operation;
+
+}
+
+class getOwnerRequest {
+
+ public $auth;
+ public $log;
+ public $resource;
+
+}
+
+class getOwnerResponse {
+
+ public $owner;
+
+}
+
+class getMembersRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+
+}
+
+class deactivateProjectRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+
+}
+
+class getRightsRequest {
+
+ public $auth;
+ public $log;
+ public $resource;
+ public $username;
+
+}
+
+class publishRequest {
+
+ public $auth;
+ public $log;
+ public $resource;
+
+}
+
+class isPublicRequest {
+
+ public $auth;
+ public $log;
+ public $resource;
+
+}
+
+class getProjectDescriptionRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+
+}
+
+class getProjectDescriptionResponse {
+
+ public $project;
+
+}
+
+class createSessionRequest {
+
+ public $intSid;
+ public $username;
+ public $roleset;
+ public $sid;
+
+}
+
+class tgAddActiveRoleRequest {
+
+ public $auth;
+ public $log;
+ public $role;
+
+}
+
+class tgAssignedRolesRequest {
+
+ public $auth;
+ public $log;
+ public $username;
+
+}
+
+class tgAssignedProjectsRequest {
+
+ public $auth;
+ public $log;
+
+}
+
+class deleteSessionRequest {
+
+ public $intSid;
+ public $username;
+ public $sid;
+
+}
+
+class addActiveRoleRequest {
+
+ public $intSid;
+ public $username;
+ public $role;
+ public $sid;
+
+}
+
+class addUserRequest {
+
+ public $intSid;
+ public $username;
+ public $password;
+
+}
+
+class deleteUserRequest {
+
+ public $intSid;
+ public $username;
+
+}
+
+class addInheritanceRequest {
+
+ public $intSid;
+ public $ascendant;
+ public $descendant;
+
+}
+
+class deleteInheritanceRequest {
+
+ public $intSid;
+ public $ascendant;
+ public $descendant;
+
+}
+
+class addAscendantRequest {
+
+ public $intSid;
+ public $ascendant;
+ public $descendant;
+
+}
+
+class addDescendantRequest {
+
+ public $intSid;
+ public $ascendant;
+ public $descendant;
+
+}
+
+class addRoleRequest {
+
+ public $intSid;
+ public $role;
+
+}
+
+class deleteRoleRequest {
+
+ public $intSid;
+ public $role;
+
+}
+
+class grantPermissionRequest {
+
+ public $intSid;
+ public $resource;
+ public $operation;
+ public $role;
+
+}
+
+class revokePermissionRequest {
+
+ public $intSid;
+ public $resource;
+ public $operation;
+ public $role;
+
+}
+
+class assignUserRequest {
+
+ public $intSid;
+ public $username;
+ public $role;
+
+}
+
+class deassignUserRequest {
+
+ public $intSid;
+ public $username;
+ public $role;
+
+}
+
+class sessionRolesRequest {
+
+ public $intSid;
+ public $sid;
+
+}
+
+class assignedRolesRequest {
+
+ public $intSid;
+ public $username;
+
+}
+
+class authorizedRolesRequest {
+
+ public $intSid;
+ public $username;
+
+}
+
+class roleOperationsOnObjectRequest {
+
+ public $intSid;
+ public $role;
+ public $resource;
+
+}
+
+class userOperationsOnObjectRequest {
+
+ public $intSid;
+ public $user;
+ public $resource;
+
+}
+
+class operationsetResponse {
+
+ public $operationset;
+
+}
+
+class assignedUsersRequest {
+
+ public $intSid;
+ public $role;
+
+}
+
+class authorizedUsersRequest {
+
+ public $intSid;
+ public $role;
+
+}
+
+class usersetResponse {
+
+ public $username;
+
+}
+
+class rolePermissionsRequest {
+
+ public $intSid;
+ public $role;
+
+}
+
+class userPermissionsRequest {
+
+ public $intSid;
+ public $username;
+
+}
+
+class getLeaderRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+
+}
+
+class getObjectsRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+
+}
+
+class sessionPermissionsRequest {
+
+ public $intSid;
+ public $sid;
+
+}
+
+class rolesetResponse {
+
+ public $role;
+
+}
+
+class permissionsetResponse {
+
+ public $permissionset;
+
+}
+
+class resourcesetResponse {
+
+ public $resource;
+
+}
+
+class createProjectRequest {
+
+ public $auth;
+ public $log;
+ public $name;
+ public $description;
+
+}
+
+class registerResourceRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+ public $uri;
+
+}
+
+class unregisterResourceRequest {
+
+ public $auth;
+ public $log;
+ public $uri;
+
+}
+
+class addMemberRequest {
+
+ public $auth;
+ public $log;
+ public $role;
+ public $username;
+
+}
+
+class deleteMemberRequest {
+
+ public $auth;
+ public $log;
+ public $role;
+ public $username;
+
+}
+
+class createProjectResponse {
+
+ public $projectId;
+
+}
+
+class getAllProjectsResponse {
+
+ public $project;
+
+}
+
+class getAllProjectsRequest {
+
+ public $log;
+
+}
+
+class userExistsRequest {
+
+ public $auth;
+ public $log;
+ public $username;
+
+}
+
+
+class booleanResponse {
+
+ public $result;
+ public $errorCode;
+ public $errorDescription;
+
+}
+
+class filterBySidRequest {
+
+ public $auth;
+ public $log;
+ public $resource;
+ public $operation;
+
+}
+
+class filterResponse {
+
+ public $resource;
+
+}
+
+
+class permission {
+
+ public $resource;
+ public $operation;
+
+
+ public function __construct( $inOperation, $inResource ) {
+
+ $this->operation = $inOperation;
+ $this->resource = $inResource;
+
+ }
+
+}
+
+class projectInfo {
+
+ public $id;
+ public $description;
+ public $name;
+
+
+ public function __construct( $inId, $inName, $inDescription ) {
+
+ $this->id = $inId;
+ $this->description = $inDescription;
+ $this->name = $inName;
+
+ }
+
+}
+
+class checkXACMLaccessRequest {
+
+ public $request;
+
+}
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgadministration.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgadministration.php
new file mode 100755
index 0000000000000000000000000000000000000000..caea469b120083d31dbf205b1a0182b2727ccdfe
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgadministration.php
@@ -0,0 +1,26 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.07.2007
+// Modification date: 13.11.2007
+// Version: 1.0.0
+// #######################################################
+
+
+require_once( "soapTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "TgAdministration.class.php" );
+
+
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+
+
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "./wsdl/tgadministration.wsdl" );
+$server->setClass( "TgAdministration", "../conf/rbacSoap.conf", "../conf/system.conf", "../rbac/" );
+
+$server->handle();
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgextra.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgextra.php
new file mode 100755
index 0000000000000000000000000000000000000000..5ee86d241d02bbc1d86d93f43fb9696c1af33e42
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgextra.php
@@ -0,0 +1,32 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.07.2007
+// Modification date: 13.11.2007
+// Version: 1.0.0
+// #######################################################
+
+
+require_once( "soapTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "TgExtra.class.php" );
+
+
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+
+
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "./wsdl/tgextra.wsdl" );
+$server->setClass( "TgExtra", "../conf/rbacSoap.conf", "../conf/system.conf", "../rbac/" );
+
+
+$server->handle();
+/*
+$tge = new TgExtra( "../conf/rbacSoap.conf.xml", "../conf/system.conf.xml", "../rbac/" );
+$createProjectRequest = new CreateProjectRequest();
+$tge->createProject( $createProjectRequest );
+*/
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgreview.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgreview.php
new file mode 100755
index 0000000000000000000000000000000000000000..594d300c196e3afe7d0f9e8ae462a96451680ef7
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgreview.php
@@ -0,0 +1,26 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 13.11.2007
+// Version: 1.1.0
+// #######################################################
+
+
+require_once( "soapTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "TgReview.class.php" );
+
+
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+
+
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "./wsdl/tgreview.wsdl" );
+$server->setClass( "TgReview", "../conf/rbacSoap.conf", "../conf/system.conf", "../rbac/" );
+
+$server->handle();
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgsystem.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgsystem.php
new file mode 100755
index 0000000000000000000000000000000000000000..d55efd8ac05536f016bc111c88ad39e4cc63b8ad
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/tgsystem.php
@@ -0,0 +1,26 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.07.2007
+// Modification date: 13.11.2007
+// Version: 1.0.0
+// #######################################################
+
+
+require_once( "soapTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "TgSystem.class.php" );
+
+
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+
+
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "./wsdl/tgsystem.wsdl" );
+$server->setClass( "TgSystem", "../conf/rbacSoap.conf", "../conf/system.conf", "../rbac/" );
+
+$server->handle();
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/xacml.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xacml.php
new file mode 100755
index 0000000000000000000000000000000000000000..ea09549b61c7d489595bb5484a322d0eb3b17327
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xacml.php
@@ -0,0 +1,27 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.07.2007
+// Modification date: 13.11.2007
+// Version: 1.0.0
+// #######################################################
+
+
+require_once( "xacmlTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "XACML.class.php" );
+
+
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+
+
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "./wsdl/xacml.wsdl.local" );
+$server->setClass( "XACML", "../conf/rbacSoap.conf", "../conf/system.conf", "../rbac/" );
+
+
+$server->handle();
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/xacmlTypes.inc.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xacmlTypes.inc.php
new file mode 100755
index 0000000000000000000000000000000000000000..972cee806b516b464de673ded807f1e5cdea3c6f
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xacmlTypes.inc.php
@@ -0,0 +1,22 @@
+<?php
+class dumpResponse {
+ public $dump;
+}
+
+
+class XACMLAuthzDecisionQuery {
+ public $id;
+ public $Version;
+ public $issueInstant;
+ public $inputContextOnly;
+ public $returnContext;
+ public $request;
+}
+
+
+class Request {
+ public $subject;
+ public $resource;
+ public $action;
+}
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/access_control-xacml-2.0-saml-assertion-schema-os.xsd b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/access_control-xacml-2.0-saml-assertion-schema-os.xsd
new file mode 100644
index 0000000000000000000000000000000000000000..1dc54db668d19d75633664cc324289c2877f8fc6
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/access_control-xacml-2.0-saml-assertion-schema-os.xsd
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
+ xmlns:tns="urn:oasis:xacml:2.0:saml:assertion:schema:os"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ schemaLocation="http://rbac.textgrid.daasi.de/xsd/saml-schema-assertion-2.0.xsd"/>
+ <xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd"/>
+ <xs:annotation>
+ <xs:documentation>
+ Document identifier: access_control-xacml-2.0-saml-assertion-schema-cd-02.xsd
+ Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-cd-os.xsd
+ </xs:documentation>
+ </xs:annotation>
+ <!-- -->
+ <xs:element name="XACMLAuthzDecisionStatement"
+ type="tns:XACMLAuthzDecisionStatementType"/>
+ <xs:complexType name="XACMLAuthzDecisionStatementType">
+ <xs:complexContent>
+ <xs:extension base="saml:StatementAbstractType">
+ <xs:sequence>
+ <xs:element ref="xacml-context:Response"/>
+ <xs:element ref="xacml-context:Request" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <!-- -->
+ <xs:element name="XACMLPolicyStatement"
+ type="tns:XACMLPolicyStatementType"/>
+ <xs:complexType name="XACMLPolicyStatementType">
+ <xs:complexContent>
+ <xs:extension base="saml:StatementAbstractType">
+ <xs:choice minOccurs="0" maxOccurs="unbounded">
+ <xs:element ref="xacml:Policy"/>
+ <xs:element ref="xacml:PolicySet"/>
+ </xs:choice>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+</schema>
+
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd
new file mode 100644
index 0000000000000000000000000000000000000000..a80290f93e4c36fec6b12ac4ec5c9b272ae831f8
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ xmlns:tns="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
+ schemaLocation="http://rbac.textgrid.daasi.de/xsd/saml-schema-protocol-2.0.xsd"/>
+ <xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd"/>
+ <xs:annotation>
+ <xs:documentation>
+ Document identifier: access_control-xacml-2.0-saml-protocol-schema-os.xsd
+ Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd
+ </xs:documentation>
+ </xs:annotation>
+ <!-- -->
+ <xs:element name="XACMLAuthzDecisionQuery"
+ type="tns:XACMLAuthzDecisionQueryType"/>
+ <xs:complexType name="XACMLAuthzDecisionQueryType">
+ <xs:complexContent>
+ <xs:extension base="samlp:RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="xacml-context:Request"/>
+ </xs:sequence>
+ <xs:attribute name="InputContextOnly"
+ type="boolean"
+ use="optional"
+ default="false"/>
+ <xs:attribute name="ReturnContext"
+ type="boolean"
+ use="optional"
+ default="false"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <!-- -->
+ <xs:element name="XACMLPolicyQuery"
+ type="tns:XACMLPolicyQueryType"/>
+ <xs:complexType name="XACMLPolicyQueryType">
+ <xs:complexContent>
+ <xs:extension base="samlp:RequestAbstractType">
+ <xs:choice minOccurs="0" maxOccurs="unbounded">
+ <xs:element ref="xacml-context:Request"/>
+ <xs:element ref="xacml:Target"/>
+ <xs:element ref="xacml:PolicySetIdReference"/>
+ <xs:element ref="xacml:PolicyIdReference"/>
+ </xs:choice>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+</schema>
+
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd.save b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd.save
new file mode 100644
index 0000000000000000000000000000000000000000..bc9cba764066cd46d7990446541b5b175f3f28d2
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd.save
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ xmlns:xs="http://www.23.org/2001/XMLSchema"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
+ schemaLocation="http://rbac.textgrid.daasi.de/xsd/saml-schema-protocol-2.0.xsd"/>
+ <xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd"/>
+ <xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd"/>
+ <xs:annotation>
+ <xs:documentation>
+ Document identifier: access_control-xacml-2.0-saml-protocol-schema-os.xsd
+ Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd
+ </xs:documentation>
+ </xs:annotation>
+ <!-- -->
+ <xs:element name="XACMLAuthzDecisionQuery"
+ type="XACMLAuthzDecisionQueryType"/>
+ <xs:complexType name="XACMLAuthzDecisionQueryType">
+ <xs:complexContent>
+ <xs:extension base="samlp:RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="xacml-context:Request"/>
+ </xs:sequence>
+ <xs:attribute name="InputContextOnly"
+ type="boolean"
+ use="optional"
+ default="false"/>
+ <xs:attribute name="ReturnContext"
+ type="boolean"
+ use="optional"
+ default="false"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <!-- -->
+ <xs:element name="XACMLPolicyQuery"
+ type="XACMLPolicyQueryType"/>
+ <xs:complexType name="XACMLPolicyQueryType">
+ <xs:complexContent>
+ <xs:extension base="samlp:RequestAbstractType">
+ <xs:choice minOccurs="0" maxOccurs="unbounded">>
+ <xs:element ref="xacml-context:Request"/>
+ <xs:element ref="xacml:Target"/>
+ <xs:element ref="xacml:PolicySetIdReference"/>
+ <xs:element ref="xacml:PolicyIdReference"/>
+ </xs:choice>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+</schema>
+
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/saml-schema-assertion-2.0.xsd b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/saml-schema-assertion-2.0.xsd
new file mode 100644
index 0000000000000000000000000000000000000000..122dc3b3963b16dbb23f78a75ccf4ccee359da7b
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/saml-schema-assertion-2.0.xsd
@@ -0,0 +1,284 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+ <import namespace="http://www.w3.org/2001/04/xmlenc#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: saml-schema-assertion-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V1.0 (November, 2002):
+ Initial Standard Schema.
+ V1.1 (September, 2003):
+ Updates within the same V1.0 namespace.
+ V2.0 (March, 2005):
+ New assertion schema for SAML V2.0 namespace.
+ </documentation>
+ </annotation>
+ <attributeGroup name="IDNameQualifiers">
+ <attribute name="NameQualifier" type="string" use="optional"/>
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
+ </attributeGroup>
+ <element name="BaseID" type="saml:BaseIDAbstractType"/>
+ <complexType name="BaseIDAbstractType" abstract="true">
+ <attributeGroup ref="saml:IDNameQualifiers"/>
+ </complexType>
+ <element name="NameID" type="saml:NameIDType"/>
+ <complexType name="NameIDType">
+ <simpleContent>
+ <extension base="string">
+ <attributeGroup ref="saml:IDNameQualifiers"/>
+ <attribute name="Format" type="anyURI" use="optional"/>
+ <attribute name="SPProvidedID" type="string" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <complexType name="EncryptedElementType">
+ <sequence>
+ <element ref="xenc:EncryptedData"/>
+ <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <element name="EncryptedID" type="saml:EncryptedElementType"/>
+ <element name="Issuer" type="saml:NameIDType"/>
+ <element name="AssertionIDRef" type="NCName"/>
+ <element name="AssertionURIRef" type="anyURI"/>
+ <element name="Assertion" type="saml:AssertionType"/>
+ <complexType name="AssertionType">
+ <sequence>
+ <element ref="saml:Issuer"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="saml:Subject" minOccurs="0"/>
+ <element ref="saml:Conditions" minOccurs="0"/>
+ <element ref="saml:Advice" minOccurs="0"/>
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:Statement"/>
+ <element ref="saml:AuthnStatement"/>
+ <element ref="saml:AuthzDecisionStatement"/>
+ <element ref="saml:AttributeStatement"/>
+ </choice>
+ </sequence>
+ <attribute name="Version" type="string" use="required"/>
+ <attribute name="ID" type="ID" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ </complexType>
+ <element name="Subject" type="saml:SubjectType"/>
+ <complexType name="SubjectType">
+ <choice>
+ <sequence>
+ <choice>
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
+ </choice>
+ </complexType>
+ <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+ <complexType name="SubjectConfirmationType">
+ <sequence>
+ <choice minOccurs="0">
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+ </sequence>
+ <attribute name="Method" type="anyURI" use="required"/>
+ </complexType>
+ <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
+ <complexType name="SubjectConfirmationDataType" mixed="true">
+ <complexContent>
+ <restriction base="anyType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ <attribute name="Recipient" type="anyURI" use="optional"/>
+ <attribute name="InResponseTo" type="NCName" use="optional"/>
+ <attribute name="Address" type="string" use="optional"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </restriction>
+ </complexContent>
+ </complexType>
+ <complexType name="KeyInfoConfirmationDataType" mixed="false">
+ <complexContent>
+ <restriction base="saml:SubjectConfirmationDataType">
+ <sequence>
+ <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
+ </sequence>
+ </restriction>
+ </complexContent>
+ </complexType>
+ <element name="Conditions" type="saml:ConditionsType"/>
+ <complexType name="ConditionsType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:Condition"/>
+ <element ref="saml:AudienceRestriction"/>
+ <element ref="saml:OneTimeUse"/>
+ <element ref="saml:ProxyRestriction"/>
+ </choice>
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ </complexType>
+ <element name="Condition" type="saml:ConditionAbstractType"/>
+ <complexType name="ConditionAbstractType" abstract="true"/>
+ <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
+ <complexType name="AudienceRestrictionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType">
+ <sequence>
+ <element ref="saml:Audience" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Audience" type="anyURI"/>
+ <element name="OneTimeUse" type="saml:OneTimeUseType" />
+ <complexType name="OneTimeUseType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType"/>
+ </complexContent>
+ </complexType>
+ <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
+ <complexType name="ProxyRestrictionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType">
+ <sequence>
+ <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Count" type="nonNegativeInteger" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Advice" type="saml:AdviceType"/>
+ <complexType name="AdviceType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:AssertionIDRef"/>
+ <element ref="saml:AssertionURIRef"/>
+ <element ref="saml:Assertion"/>
+ <element ref="saml:EncryptedAssertion"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+ <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
+ <element name="Statement" type="saml:StatementAbstractType"/>
+ <complexType name="StatementAbstractType" abstract="true"/>
+ <element name="AuthnStatement" type="saml:AuthnStatementType"/>
+ <complexType name="AuthnStatementType">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <sequence>
+ <element ref="saml:SubjectLocality" minOccurs="0"/>
+ <element ref="saml:AuthnContext"/>
+ </sequence>
+ <attribute name="AuthnInstant" type="dateTime" use="required"/>
+ <attribute name="SessionIndex" type="string" use="optional"/>
+ <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+ <complexType name="SubjectLocalityType">
+ <attribute name="Address" type="string" use="optional"/>
+ <attribute name="DNSName" type="string" use="optional"/>
+ </complexType>
+ <element name="AuthnContext" type="saml:AuthnContextType"/>
+ <complexType name="AuthnContextType">
+ <sequence>
+ <choice>
+ <sequence>
+ <element ref="saml:AuthnContextClassRef"/>
+ <choice minOccurs="0">
+ <element ref="saml:AuthnContextDecl"/>
+ <element ref="saml:AuthnContextDeclRef"/>
+ </choice>
+ </sequence>
+ <choice>
+ <element ref="saml:AuthnContextDecl"/>
+ <element ref="saml:AuthnContextDeclRef"/>
+ </choice>
+ </choice>
+ <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <element name="AuthnContextClassRef" type="anyURI"/>
+ <element name="AuthnContextDeclRef" type="anyURI"/>
+ <element name="AuthnContextDecl" type="anyType"/>
+ <element name="AuthenticatingAuthority" type="anyURI"/>
+ <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
+ <complexType name="AuthzDecisionStatementType">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ <attribute name="Decision" type="saml:DecisionType" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <simpleType name="DecisionType">
+ <restriction base="string">
+ <enumeration value="Permit"/>
+ <enumeration value="Deny"/>
+ <enumeration value="Indeterminate"/>
+ </restriction>
+ </simpleType>
+ <element name="Action" type="saml:ActionType"/>
+ <complexType name="ActionType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="Namespace" type="anyURI" use="required"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="Evidence" type="saml:EvidenceType"/>
+ <complexType name="EvidenceType">
+ <choice maxOccurs="unbounded">
+ <element ref="saml:AssertionIDRef"/>
+ <element ref="saml:AssertionURIRef"/>
+ <element ref="saml:Assertion"/>
+ <element ref="saml:EncryptedAssertion"/>
+ </choice>
+ </complexType>
+ <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+ <complexType name="AttributeStatementType">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <choice maxOccurs="unbounded">
+ <element ref="saml:Attribute"/>
+ <element ref="saml:EncryptedAttribute"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Attribute" type="saml:AttributeType"/>
+ <complexType name="AttributeType">
+ <sequence>
+ <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Name" type="string" use="required"/>
+ <attribute name="NameFormat" type="anyURI" use="optional"/>
+ <attribute name="FriendlyName" type="string" use="optional"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+ <element name="AttributeValue" type="anyType" nillable="true"/>
+ <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
+</schema>
+
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/saml-schema-protocol-2.0.xsd b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/saml-schema-protocol-2.0.xsd
new file mode 100644
index 0000000000000000000000000000000000000000..6c6502c5f8d05ebee81c8190d70b23a3ddf3e105
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xsd/saml-schema-protocol-2.0.xsd
@@ -0,0 +1,303 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ schemaLocation="saml-schema-assertion-2.0.xsd"/>
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: saml-schema-protocol-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V1.0 (November, 2002):
+ Initial Standard Schema.
+ V1.1 (September, 2003):
+ Updates within the same V1.0 namespace.
+ V2.0 (March, 2005):
+ New protocol schema based in a SAML V2.0 namespace.
+ </documentation>
+ </annotation>
+ <complexType name="RequestAbstractType" abstract="true">
+ <sequence>
+ <element ref="saml:Issuer" minOccurs="0"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="samlp:Extensions" minOccurs="0"/>
+ </sequence>
+ <attribute name="ID" type="ID" use="required"/>
+ <attribute name="Version" type="string" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ <attribute name="Destination" type="anyURI" use="optional"/>
+ <attribute name="Consent" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="Extensions" type="samlp:ExtensionsType"/>
+ <complexType name="ExtensionsType">
+ <sequence>
+ <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <complexType name="StatusResponseType">
+ <sequence>
+ <element ref="saml:Issuer" minOccurs="0"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="samlp:Extensions" minOccurs="0"/>
+ <element ref="samlp:Status"/>
+ </sequence>
+ <attribute name="ID" type="ID" use="required"/>
+ <attribute name="InResponseTo" type="NCName" use="optional"/>
+ <attribute name="Version" type="string" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ <attribute name="Destination" type="anyURI" use="optional"/>
+ <attribute name="Consent" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="Status" type="samlp:StatusType"/>
+ <complexType name="StatusType">
+ <sequence>
+ <element ref="samlp:StatusCode"/>
+ <element ref="samlp:StatusMessage" minOccurs="0"/>
+ <element ref="samlp:StatusDetail" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="StatusCode" type="samlp:StatusCodeType"/>
+ <complexType name="StatusCodeType">
+ <sequence>
+ <element ref="samlp:StatusCode" minOccurs="0"/>
+ </sequence>
+ <attribute name="Value" type="anyURI" use="required"/>
+ </complexType>
+ <element name="StatusMessage" type="string"/>
+ <element name="StatusDetail" type="samlp:StatusDetailType"/>
+ <complexType name="StatusDetailType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
+ <complexType name="AssertionIDRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
+ <complexType name="SubjectQueryAbstractType" abstract="true">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="saml:Subject"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
+ <complexType name="AuthnQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
+ </sequence>
+ <attribute name="SessionIndex" type="string" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
+ <complexType name="RequestedAuthnContextType">
+ <choice>
+ <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
+ <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
+ </choice>
+ <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
+ </complexType>
+ <simpleType name="AuthnContextComparisonType">
+ <restriction base="string">
+ <enumeration value="exact"/>
+ <enumeration value="minimum"/>
+ <enumeration value="maximum"/>
+ <enumeration value="better"/>
+ </restriction>
+ </simpleType>
+ <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
+ <complexType name="AttributeQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
+ <complexType name="AuthzDecisionQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
+ <complexType name="AuthnRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="saml:Subject" minOccurs="0"/>
+ <element ref="samlp:NameIDPolicy" minOccurs="0"/>
+ <element ref="saml:Conditions" minOccurs="0"/>
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
+ <element ref="samlp:Scoping" minOccurs="0"/>
+ </sequence>
+ <attribute name="ForceAuthn" type="boolean" use="optional"/>
+ <attribute name="IsPassive" type="boolean" use="optional"/>
+ <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
+ <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
+ <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
+ <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
+ <attribute name="ProviderName" type="string" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
+ <complexType name="NameIDPolicyType">
+ <attribute name="Format" type="anyURI" use="optional"/>
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
+ <attribute name="AllowCreate" type="boolean" use="optional"/>
+ </complexType>
+ <element name="Scoping" type="samlp:ScopingType"/>
+ <complexType name="ScopingType">
+ <sequence>
+ <element ref="samlp:IDPList" minOccurs="0"/>
+ <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
+ </complexType>
+ <element name="RequesterID" type="anyURI"/>
+ <element name="IDPList" type="samlp:IDPListType"/>
+ <complexType name="IDPListType">
+ <sequence>
+ <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
+ <element ref="samlp:GetComplete" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="IDPEntry" type="samlp:IDPEntryType"/>
+ <complexType name="IDPEntryType">
+ <attribute name="ProviderID" type="anyURI" use="required"/>
+ <attribute name="Name" type="string" use="optional"/>
+ <attribute name="Loc" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="GetComplete" type="anyURI"/>
+ <element name="Response" type="samlp:ResponseType"/>
+ <complexType name="ResponseType">
+ <complexContent>
+ <extension base="samlp:StatusResponseType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:Assertion"/>
+ <element ref="saml:EncryptedAssertion"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
+ <complexType name="ArtifactResolveType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="samlp:Artifact"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Artifact" type="string"/>
+ <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
+ <complexType name="ArtifactResponseType">
+ <complexContent>
+ <extension base="samlp:StatusResponseType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
+ <complexType name="ManageNameIDRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <choice>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <choice>
+ <element ref="samlp:NewID"/>
+ <element ref="samlp:NewEncryptedID"/>
+ <element ref="samlp:Terminate"/>
+ </choice>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="NewID" type="string"/>
+ <element name="NewEncryptedID" type="saml:EncryptedElementType"/>
+ <element name="Terminate" type="samlp:TerminateType"/>
+ <complexType name="TerminateType"/>
+ <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
+ <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
+ <complexType name="LogoutRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <choice>
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Reason" type="string" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SessionIndex" type="string"/>
+ <element name="LogoutResponse" type="samlp:StatusResponseType"/>
+ <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
+ <complexType name="NameIDMappingRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <choice>
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="samlp:NameIDPolicy"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
+ <complexType name="NameIDMappingResponseType">
+ <complexContent>
+ <extension base="samlp:StatusResponseType">
+ <choice>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+</schema>
+