From e727d3e2763b9e80f765bb4261d4c9dc412b6f5f Mon Sep 17 00:00:00 2001
From: Martin Haase <martin.haase@daasi.de>
Date: Mon, 7 Apr 2008 15:49:30 +0000
Subject: [PATCH] Restructuring Textgrid-relevant RBAC-Soap code by Markus
Widmer. See WSDLs for interfaces, see examples for PHP Soap clients. The
latter can be interactively used, e.g.
http://rbac.textgrid.daasi.de/examples/getLeader.php.
git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@1107 7c539038-3410-0410-b1ec-0f2a7bf1c452
---
rbacSoap/TgAdministration.class.php | 735 +++++++++
rbacSoap/TgExtra.class.php | 1414 +++++++++++++++++
rbacSoap/TgReview.class.php | 606 +++++++
rbacSoap/TgSystem.class.php | 268 ++++
rbacSoap/XACML.class.php | 113 ++
rbacSoap/conf/rbacSoap.conf.xml | 34 +
rbacSoap/examples/addAscendant.php | 119 ++
rbacSoap/examples/addDescendant.php | 119 ++
rbacSoap/examples/addInheritance.php | 119 ++
rbacSoap/examples/addMember.php | 75 +
rbacSoap/examples/addRole.php | 118 ++
rbacSoap/examples/addUser.php | 120 ++
rbacSoap/examples/assignUser.php | 119 ++
rbacSoap/examples/assignedRoles.php | 128 ++
rbacSoap/examples/assignedUsers.php | 128 ++
rbacSoap/examples/authorizedRoles.php | 128 ++
rbacSoap/examples/authorizedUsers.php | 128 ++
rbacSoap/examples/checkAccess.php | 75 +
rbacSoap/examples/createProject.php | 73 +
rbacSoap/examples/createSession.php | 120 ++
rbacSoap/examples/deassignUser.php | 119 ++
rbacSoap/examples/deleteInheritance.php | 119 ++
rbacSoap/examples/deleteMember.php | 75 +
rbacSoap/examples/deleteRole.php | 117 ++
rbacSoap/examples/deleteSession.php | 119 ++
rbacSoap/examples/deleteUser.php | 119 ++
rbacSoap/examples/dropActiveRole.php | 116 ++
rbacSoap/examples/filterBySid.php | 128 ++
rbacSoap/examples/getAllProjects.php | 65 +
rbacSoap/examples/getLeader.php | 82 +
rbacSoap/examples/getMembers.php | 82 +
rbacSoap/examples/getObjects.php | 82 +
rbacSoap/examples/getOwner.php | 73 +
rbacSoap/examples/getProjectDescription.php | 73 +
rbacSoap/examples/getRights.php | 84 +
rbacSoap/examples/getSid.php | 52 +
rbacSoap/examples/grantPermission.php | 120 ++
rbacSoap/examples/publish.php | 73 +
rbacSoap/examples/registerResource.php | 75 +
rbacSoap/examples/revokePermission.php | 120 ++
rbacSoap/examples/roleOperationsOnObject.php | 128 ++
rbacSoap/examples/rolePermissions.php | 129 ++
rbacSoap/examples/sessionPermissions.php | 120 ++
rbacSoap/examples/sessionRoles.php | 128 ++
rbacSoap/examples/tgAddActiveRole.php | 73 +
rbacSoap/examples/tgAssignedProjects.php | 80 +
rbacSoap/examples/tgAssignedRoles.php | 82 +
rbacSoap/examples/tgCheckAccess.php | 76 +
rbacSoap/examples/tgGrantPermission.php | 77 +
rbacSoap/examples/tgRevokePermission.php | 77 +
rbacSoap/examples/unregisterResource.php | 73 +
rbacSoap/examples/userExists.php | 120 ++
rbacSoap/examples/userOperationsOnObject.php | 128 ++
rbacSoap/examples/userPermissions.php | 132 ++
rbacSoap/examples/xacml_test.php | 109 ++
rbacSoap/soapTypes.inc.php | 506 ++++++
rbacSoap/tgadministration.php | 26 +
rbacSoap/tgextra.php | 32 +
rbacSoap/tgreview.php | 26 +
rbacSoap/tgsystem.php | 26 +
.../wsdl/tgadministration.wsdl | 2 +-
rbacSoap/wsdl/tgextra.wsdl | 1006 ++++++++++++
tgreview.wsdl => rbacSoap/wsdl/tgreview.wsdl | 2 +-
tgsystem.wsdl => rbacSoap/wsdl/tgsystem.wsdl | 2 +-
rbacSoap/wsdl/xacml.wsdl | 109 ++
rbacSoap/wsdl/xacml.wsdl.local | 107 ++
rbacSoap/wsdl/xacml.wsdl.reduceImport | 126 ++
rbacSoap/xacml.php | 32 +
rbacSoap/xacmlTypes.inc.php | 22 +
...rol-xacml-2.0-saml-assertion-schema-os.xsd | 51 +
...trol-xacml-2.0-saml-protocol-schema-os.xsd | 60 +
rbacSoap/xsd/saml-schema-assertion-2.0.xsd | 284 ++++
rbacSoap/xsd/saml-schema-protocol-2.0.xsd | 303 ++++
tgextra.wsdl | 288 ----
74 files changed, 10883 insertions(+), 291 deletions(-)
create mode 100644 rbacSoap/TgAdministration.class.php
create mode 100644 rbacSoap/TgExtra.class.php
create mode 100644 rbacSoap/TgReview.class.php
create mode 100644 rbacSoap/TgSystem.class.php
create mode 100644 rbacSoap/XACML.class.php
create mode 100644 rbacSoap/conf/rbacSoap.conf.xml
create mode 100644 rbacSoap/examples/addAscendant.php
create mode 100644 rbacSoap/examples/addDescendant.php
create mode 100644 rbacSoap/examples/addInheritance.php
create mode 100644 rbacSoap/examples/addMember.php
create mode 100644 rbacSoap/examples/addRole.php
create mode 100644 rbacSoap/examples/addUser.php
create mode 100644 rbacSoap/examples/assignUser.php
create mode 100644 rbacSoap/examples/assignedRoles.php
create mode 100644 rbacSoap/examples/assignedUsers.php
create mode 100644 rbacSoap/examples/authorizedRoles.php
create mode 100644 rbacSoap/examples/authorizedUsers.php
create mode 100644 rbacSoap/examples/checkAccess.php
create mode 100644 rbacSoap/examples/createProject.php
create mode 100644 rbacSoap/examples/createSession.php
create mode 100644 rbacSoap/examples/deassignUser.php
create mode 100644 rbacSoap/examples/deleteInheritance.php
create mode 100644 rbacSoap/examples/deleteMember.php
create mode 100644 rbacSoap/examples/deleteRole.php
create mode 100644 rbacSoap/examples/deleteSession.php
create mode 100644 rbacSoap/examples/deleteUser.php
create mode 100644 rbacSoap/examples/dropActiveRole.php
create mode 100644 rbacSoap/examples/filterBySid.php
create mode 100644 rbacSoap/examples/getAllProjects.php
create mode 100644 rbacSoap/examples/getLeader.php
create mode 100644 rbacSoap/examples/getMembers.php
create mode 100644 rbacSoap/examples/getObjects.php
create mode 100644 rbacSoap/examples/getOwner.php
create mode 100644 rbacSoap/examples/getProjectDescription.php
create mode 100644 rbacSoap/examples/getRights.php
create mode 100644 rbacSoap/examples/getSid.php
create mode 100644 rbacSoap/examples/grantPermission.php
create mode 100644 rbacSoap/examples/publish.php
create mode 100644 rbacSoap/examples/registerResource.php
create mode 100644 rbacSoap/examples/revokePermission.php
create mode 100644 rbacSoap/examples/roleOperationsOnObject.php
create mode 100644 rbacSoap/examples/rolePermissions.php
create mode 100644 rbacSoap/examples/sessionPermissions.php
create mode 100644 rbacSoap/examples/sessionRoles.php
create mode 100644 rbacSoap/examples/tgAddActiveRole.php
create mode 100644 rbacSoap/examples/tgAssignedProjects.php
create mode 100644 rbacSoap/examples/tgAssignedRoles.php
create mode 100644 rbacSoap/examples/tgCheckAccess.php
create mode 100644 rbacSoap/examples/tgGrantPermission.php
create mode 100644 rbacSoap/examples/tgRevokePermission.php
create mode 100644 rbacSoap/examples/unregisterResource.php
create mode 100644 rbacSoap/examples/userExists.php
create mode 100644 rbacSoap/examples/userOperationsOnObject.php
create mode 100644 rbacSoap/examples/userPermissions.php
create mode 100644 rbacSoap/examples/xacml_test.php
create mode 100644 rbacSoap/soapTypes.inc.php
create mode 100644 rbacSoap/tgadministration.php
create mode 100644 rbacSoap/tgextra.php
create mode 100644 rbacSoap/tgreview.php
create mode 100644 rbacSoap/tgsystem.php
rename tgadministration.wsdl => rbacSoap/wsdl/tgadministration.wsdl (99%)
create mode 100644 rbacSoap/wsdl/tgextra.wsdl
rename tgreview.wsdl => rbacSoap/wsdl/tgreview.wsdl (99%)
rename tgsystem.wsdl => rbacSoap/wsdl/tgsystem.wsdl (99%)
create mode 100644 rbacSoap/wsdl/xacml.wsdl
create mode 100644 rbacSoap/wsdl/xacml.wsdl.local
create mode 100644 rbacSoap/wsdl/xacml.wsdl.reduceImport
create mode 100644 rbacSoap/xacml.php
create mode 100644 rbacSoap/xacmlTypes.inc.php
create mode 100644 rbacSoap/xsd/access_control-xacml-2.0-saml-assertion-schema-os.xsd
create mode 100644 rbacSoap/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd
create mode 100644 rbacSoap/xsd/saml-schema-assertion-2.0.xsd
create mode 100644 rbacSoap/xsd/saml-schema-protocol-2.0.xsd
delete mode 100644 tgextra.wsdl
diff --git a/rbacSoap/TgAdministration.class.php b/rbacSoap/TgAdministration.class.php
new file mode 100644
index 0000000..ffa1044
--- /dev/null
+++ b/rbacSoap/TgAdministration.class.php
@@ -0,0 +1,735 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 13.08.2007
+// Version: 0.1.4
+// #######################################################
+
+
+class TgAdministration {
+
+ // Global variables
+ protected $rbac;
+ protected $config;
+
+
+
+ // -----------------------------------------------------
+ // Constructor
+ // Input: none
+ // Output: object RBACcore
+ // Description:
+ // Sets the configuration and creates an instance of
+ // the RBAC-class.
+ // -----------------------------------------------------
+ public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+
+ $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+
+
+ $this->config = new SimpleConfig( $inConfigurationFilename );
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addUser
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // password / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the user is added to the system.
+ // -----------------------------------------------------
+ function addUser( $inRequest ) {
+
+ $userDomain = ""; // The domain-component of the user
+ $arrTmpDomain = Array(); // Temporary array
+ $userTreeDn = ""; // The tree of the directory where to add the user
+ $addUserResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ if( preg_match( "/^.+[@]{1}.+$/", $inRequest->username ) ) {
+
+ $arrTmpDomain = preg_split( "/[@]/", $inRequest->username );
+ $userDomain = $arrTmpDomain[1];
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "user_" . $userDomain )
+ || $this->rbac->checkAccess( $inRequest->intSid, "administer", "user_base" ) ) {
+
+ // Construct the sub-dn under which the user will be added. The base-DN is
+ // not given because the RBAC-system uses this allways as base and simply starts
+ // to act from there. To give a dn to the RBAC-function is optional and not
+ // documented or supported by the ANSI-standard! It is an implementation-specific
+ // addition.
+ $userTreeDn = $this->config->getValue( "user", "userTreeAttribute" ) . "=" . $userDomain;
+
+ try {
+
+ $addUserResult = $this->rbac->addUser( $inRequest->username, $inRequest->password, $userTreeDn );
+
+
+ $result->result = $addUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "formatFault",
+ $this->config->getValue( "errorCode", "INVALID_USER_FORMAT" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INVALID_USER_FORMAT" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: deleteUser
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given user is removed from the system.
+ // -----------------------------------------------------
+ function deleteUser( $inRequest ) {
+
+ $userDomain = ""; // The domain-component of the user
+ $arrTmpDomain = Array(); // Temporary array
+ $deleteUserResult = false; // Result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ if( preg_match( "/^.+[@]{1}.+$/", $inRequest->username ) ) {
+
+ $arrTmpDomain = preg_split( "/[@]/", $inRequest->username );
+ $userDomain = $arrTmpDomain[1];
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "user_" . $userDomain )
+ || $this->rbac->checkAccess( $inRequest->intSid, "administer", "user_base" ) ) {
+
+ try {
+
+ $deleteUserResult = $this->rbac->deleteUser( $inRequest->username );
+
+
+ $result->result = $deleteUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "formatFault",
+ $this->config->getValue( "errorCode", "INVALID_USER_FORMAT" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INVALID_USER_FORMAT" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+ // -----------------------------------------------------
+ // Function: addRole
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given role is added to the system.
+ // This function creates roles without a hirarchy, so it
+ // only has to check if there is access to the "role_base".
+ // -----------------------------------------------------
+ function addRole( $inRequest ) {
+
+ $addRoleResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $addRoleResult = $this->rbac->addRole( $inRequest->role );
+
+
+ $result->result = $addRoleResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: deleteRole
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given role is removed from the system.
+ // This function removes roles without a hirarchy, so it
+ // only has to check if there is access to the "role_base".
+ // -----------------------------------------------------
+ function deleteRole( $inRequest ) {
+
+ $deleteRoleResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $deleteRoleResult = $this->rbac->deleteRole( $inRequest->role );
+
+
+ $result->result = $deleteRoleResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: assignUser
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given user is assigned to the
+ // role.
+ // -----------------------------------------------------
+ function assignUser( $inRequest ) {
+
+ $assignUserResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to assign a user
+ // to the given role. The user may have directly the right
+ // to modify the given role or the user may have the right to
+ // modify the whole role-tree.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "delegate", $inRequest->role )
+ || $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $assignUserResult = $this->rbac->assignUser( $inRequest->username, $inRequest->role );
+
+
+ $result->result = $assignUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+ // -----------------------------------------------------
+ // Function: deassignUser
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given user is deassigned from
+ // the role.
+ // -----------------------------------------------------
+ function deassignUser( $inRequest ) {
+
+ $deassignUserResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to assign a user
+ // to the given role. The user may have directly the right
+ // to modify the given role or the user may have the right to
+ // modify the whole role-tree.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "delegate", $inRequest->role )
+ || $this-rbac-checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $deassignUserResult = $this->rbac->deassignUser( $inRequest->username, $inRequest->role );
+
+
+ $result->result = $deassignUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: grantPermission
+ // Input: intSid / xsd:string
+ // resource / xsd:string
+ // operation / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given user is deassigned from
+ // the role.
+ // -----------------------------------------------------
+ function grantPermission( $inRequest ) {
+
+ $grantPermissionResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to grant a permission
+ // to the given role. The user may have directly the right
+ // to modify the given permission or the user may have the right to
+ // modify the whole permission (resource)-tree.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "delegate", $inRequest->resource ) ) {
+
+ try {
+
+ $grantPermissionResult = $this->rbac->grantPermission( $inRequest->resource, $inRequest->operation, $inRequest->role );
+
+
+ $result->result = $grantPermissionResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: revokePermission
+ // Input: intSid / xsd:string
+ // operation / xsd:string
+ // resource / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the role loses
+ // -----------------------------------------------------
+ function revokePermission( $inRequest ) {
+
+ $revokePermissionResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to grant a permission
+ // to the given role. The user may have directly the right
+ // to modify the given permission or the user may have the right to
+ // modify the whole permission (resource)-tree.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "delegate", $inRequest->resource ) ) {
+
+ try {
+
+ $revokePermissionResult = $this->rbac->revokePermission( $inRequest->operation, $inRequest->resource, $inRequest->role );
+
+
+ $result->result = $revokePermissionResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addInheritance
+ // Input: intSid / xsd:string
+ // ascendant / xsd:string
+ // descendant / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the the role inheritance between
+ // the ascendance and the descendance is established.
+ // After this, the descendant has all the rights of
+ // the ascendant.
+ // -----------------------------------------------------
+ function addInheritance( $inRequest ) {
+
+ $addInheritanceResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to add an inheritance
+ // between the given roles. The user may have directly the right
+ // to add an inheritance to the descendant or he is allowed to
+ // modify all of the roles inheritances.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $addInheritanceResult = $this->rbac->addInheritance( $inRequest->ascendant, $inRequest->descendant );
+
+
+ $result->result = $addInheritanceResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: deleteInheritance
+ // Input: intSid / xsd:string
+ // ascendant / xsd:string
+ // descendant / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the role inheritance between
+ // the ascendance and the descendance is removed.
+ // After this, the descendant no longer has the rights of
+ // the ascendant.
+ // -----------------------------------------------------
+ function deleteInheritance( $inRequest ) {
+
+ $deleteInheritanceResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to add an inheritance
+ // between the given roles. The user may have directly the right
+ // to delete the inheritance or he is allowed to
+ // modify all of the roles inheritances.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $deleteInheritanceResult = $this->rbac->deleteInheritance( $inRequest->ascendant, $inRequest->descendant );
+
+
+ $result->result = $deleteInheritanceResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addAscendant
+ // Input: intSid / xsd:string
+ // ascendant / xsd:string
+ // descendant / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the new role "ascendant" is added and
+ // the inheritance between the ascendance and the
+ // descendance is established. After this, the descendant
+ // has all the rights of the ascendant.
+ // -----------------------------------------------------
+ function addAscendant( $inRequest ) {
+
+ $addAscendantResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to add an ascendant.
+ // The user may have directly the right to add the ascendant
+ // or he is allowed to modify all of the roles.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "delegate", $inRequest->descendant )
+ || $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $addAscendantResult = $this->rbac->addAscendant( $inRequest->ascendant, $inRequest->descendant );
+
+
+ $result->result = $addAscendantResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addDescendant
+ // Input: intSid / xsd:string
+ // ascendant / xsd:string
+ // descendant / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the new role "descendant" is added and
+ // the inheritance between the ascendance and the
+ // descendance is established. After this, the descendant
+ // has all the rights of the ascendant.
+ // -----------------------------------------------------
+ function addDescendant( $inRequest ) {
+
+ $addDescendantResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ // Test if the user has apropriate rights to add an descendant.
+ // The user may have directly the right to add the ascendant
+ // or he is allowed to modify all of the roles.
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "role_base" ) ) {
+
+ try {
+
+ $addDescendantResult = $this->rbac->addDescendant( $inRequest->ascendant, $inRequest->descendant );
+
+
+ $result->result = $addDescendantResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+}
+?>
diff --git a/rbacSoap/TgExtra.class.php b/rbacSoap/TgExtra.class.php
new file mode 100644
index 0000000..5b0ae55
--- /dev/null
+++ b/rbacSoap/TgExtra.class.php
@@ -0,0 +1,1414 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.07.2007
+// Modification date: 01.11.2007
+// Version: 0.1.3
+// #######################################################
+
+
+
+class TgExtra {
+
+ // Global variables
+ protected $rbac;
+ protected $config;
+ protected $connection;
+
+
+
+ // -----------------------------------------------------
+ // Constructor
+ // Input: none
+ // Output: object RBACcore
+ // Description:
+ // Creates initial connections to the LDAP-server and
+ // sets some configuration parameters.
+ // -----------------------------------------------------
+ public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+
+ $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+
+
+ $this->config = new SimpleConfig( $inConfigurationFilename );
+
+
+ // Create connection
+ $this->connection['user'] = new LDAP();
+ $this->connection['user']->connect( $this->config->getValue( "authentication", "host" ),
+ $this->config->getValue( "authentication", "port" ),
+ $this->config->getValue( "authentication", "version" ),
+ preg_match( "/yes/i", $this->config->getValue( "authentication", "tls" ) ) ? true : false );
+ $this->connection['user']->bind( $this->config->getValue( "authentication", "binddn" ),
+ $this->config->getValue( "authentication", "password" ) );
+
+
+ $this->connection['counter'] = new LDAP();
+ $this->connection['counter']->connect( $this->config->getValue( "counter", "host" ),
+ $this->config->getValue( "counter", "port" ),
+ $this->config->getValue( "counter", "version" ),
+ preg_match( "/yes/i", $this->config->getValue( "counter", "tls" ) ) ? true : false );
+ $this->connection['counter']->bind( $this->config->getValue( "counter", "binddn" ),
+ $this->config->getValue( "counter", "password" ) );
+
+
+ $this->connection['resource'] = $this->rbac->getConnection( "resource" );
+ $this->connection['role'] = $this->rbac->getConnection( "role" );
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: userExists
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // username / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Checks if a given user exists in the LDAP directory.
+ // -----------------------------------------------------
+ function userExists( $inRequest ) {
+
+ $result = new booleanResponse(); // The result
+
+
+ $filter = "(&" . $this->config->getValue( "authentication", "filter" );
+ $filter .= "(" . $this->config->getValue( "authentication", "namingattribute" ) . "=" . $inRequest->username . "))";
+
+
+ // Search for the users entry
+ $arrUserEntry = $this->connection['user']->search( $this->config->getValue( "authentication", "base" ), $filter, "sub",
+ Array( $this->config->getValue( "authentication", "namingattribute" ) ) );
+
+
+ if( isset( $arrUserEntry[0] )
+ && isset( $arrUserEntry[0]['dn'] ) ) {
+
+ $result->result = true;
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+ // -----------------------------------------------------
+ // Function: authenticate
+ // Input: username / xsd:string
+ // password / xsd:string
+ // log / xsd:string
+ // Output: sid / xsd:string
+ // Description
+ // Tries to authenticate the user. If this is
+ // successful a session-ID is generated and a
+ // session is startet.
+ // -----------------------------------------------------
+ function authenticate( $inRequest ) {
+
+ $filter = ""; // search-filter
+ $result = new authenticateResponse(); // service-resonse
+ $arrUserEntry; // the users entry in the directory
+ $intSid = ""; // the generated session-ID
+ $creationResult; // the result of the creation of the session
+
+
+ // Construct the search-filter
+ $filter .= "(&" . $this->config->getValue( "authentication", "filter" );
+ $filter .= "(" . $this->config->getValue( "authentication", "namingattribute" ) . "=" . $inRequest->username . "))";
+
+
+ // Search for the users entry
+ $arrUserEntry = $this->connection['user']->search( $this->config->getValue( "authentication", "base" ), $filter, "sub",
+ Array( $this->config->getValue( "authentication", "namingattribute" ) ) );
+
+
+ if( isset( $arrUserEntry[0] )
+ && isset( $arrUserEntry[0]['dn'] ) ) {
+
+ // Try to bind with the given password
+ $bindResult = $this->connection['user']->bind( $arrUserEntry[0]['dn'], $inRequest->password );
+
+
+ if( $bindResult ) {
+
+ $intSid = $this->createSessionID();
+
+
+ // Try to create the session in the rbac-system
+ $creationResult = $this->rbac->createSession( $inRequest->username, Array(), $intSid );
+ if( $creationResult == $this->config->getValue( "errorCode", "OK" ) ) {
+
+ $result->auth = $intSid;
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "AUTHENTICATION_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "AUTHENTICATION_ERROR" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "AUTHENTICATION_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "AUTHENTICATION_ERROR" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "UNKNOWN_USER" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "UNKNOWN_USER" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgCheckAccess
+ // Input: log / xsd:string
+ // session / xsd:string
+ // operation / xsd:string
+ // resource / xsd:string
+ // Output: sid / xsd:string
+ // Description
+ // Tries to authenticate the user. If this is
+ // successful a session-ID is generated and a
+ // session is startet.
+ // -----------------------------------------------------
+ public function tgCheckAccess( $inRequest ) {
+
+ $result = new booleanResponse();
+
+
+ $result->result = $this->rbac->checkAccess( $inRequest->sid, $inRequest->operation, $inRequest->resource );
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: createSessionID
+ // Input: none
+ // Output: sid / xsd:string
+ // Description
+ // Creates a new session-ID.
+ // -----------------------------------------------------
+ public function getSid() {
+
+ $result = new getSidResponse();
+
+
+ $result->sid = $this->createSessionID();
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: filterBySid
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // sid / xsd:string
+ // resource / xsd:string
+ // operation / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the function filters all the ressources
+ // given by checking if the sid has appropriate access.
+ // -----------------------------------------------------
+ function filterBySid( $inRequest ) {
+
+ $filterBySidResult = Array(); // The resources that pass the filter
+ $result = new filterResponse(); // The result
+
+
+ $res = $inRequest->resource;
+ // Make sure it is an array
+ if( !is_array( $res ) ) {
+
+ $res = Array( $res );
+
+ }
+
+
+ try {
+
+ for( $i = 0; $i < sizeof( $res ); $i++ ) {
+
+ if( $this->rbac->checkAccess( $inRequest->sid, $inRequest->operation, $res[$i] ) ) {
+
+ $filterBySidResult[] = $res[$i];
+
+ }
+
+ }
+
+
+ $result->resource = $filterBySidResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addMember
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // username / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to add a user to a project. This is only possible
+ // if the user exists and the session has the permission
+ // "delegate" on the project.
+ // -----------------------------------------------------
+ public function addMember( $inRequest ) {
+
+ $arrSplit = Array();
+ $project = false;
+ $result = new booleanResponse(); // The return-result
+
+
+ // Extract the project from the role
+ $arrSplit = preg_split( "/[,]/", $inRequest->role );
+
+ for( $i = 0; $i < sizeof( $arrSplit ); $i++ ) {
+
+ if( preg_match( "/^tgpr[0-9]+$/i", $arrSplit[$i] ) ) {
+
+ $project = $arrSplit[$i];
+
+ }
+
+ }
+
+
+ if( $project
+ && $this->rbac->checkAccess( $inRequest->auth, "delegate", $project ) ) {
+
+ if( $this->rbac->assignUser( $inRequest->username, $inRequest->role ) ) {
+
+ $result->result = true;
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgGrantPermission
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // role / xsd:string
+ // resource / xsd:string
+ // operation / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Grants a permission
+ // -----------------------------------------------------
+ public function tgGrantPermission( $inRequest ) {
+
+ $result = new booleanResponse();
+
+
+ try {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->resource ) ) {
+
+ $result->result = $this->rbac->grantPermission( $inRequest->resource, $inRequest->operation, $inRequest->role );
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "AUTHENTICATION_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "AUTHENTICATION_ERROR" ) );
+
+ }
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgRevokePermission
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // role / xsd:string
+ // resource / xsd:string
+ // operation / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Revokes a permission.
+ // -----------------------------------------------------
+ public function tgRevokePermission( $inRequest ) {
+
+ $result = new booleanResponse();
+
+
+ try {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->resource ) ) {
+
+ $result->result = $this->rbac->revokePermission( $inRequest->operation, $inRequest->resource, $inRequest->role );
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "AUTHENTICATION_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "AUTHENTICATION_ERROR" ) );
+
+ }
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getObjects
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns a list of all projects of the user corresponding
+ // to the session-ID (auth).
+ // -----------------------------------------------------
+ public function getObjects( $inRequest ) {
+
+ $result = new resourcesetResponse(); // The return-result
+ $filter = ""; // RBAC-filter
+ $arrResource = Array(); // Resoult of the RBAC-search
+ $i = 0; // Loop
+
+
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(tgprojectid=" . $inRequest->project . "))";
+
+
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $filter, "sub",
+ Array( $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" ),
+ $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) ) );
+
+
+ for( $i = 0; $i < sizeof( $arrResource ); $i++ ) {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "read",
+ $arrResource[$i][$this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" )][0] ) ) {
+
+ $result->resource[] = $arrResource[$i][$this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" )][0];
+
+ }
+
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getOwner
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // resource / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns the owner of a resource. This owner has nothing
+ // to do with any permissions, it is just the owner.
+ // -----------------------------------------------------
+ public function getOwner( $inRequest ) {
+
+ $result = new getOwnerResponse(); // The return-result
+ $filter = ""; // RBAC-filter
+ $arrResource = Array(); // Resoult of the RBAC-search
+
+
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(|(" . $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) . "=" . $inRequest->resource . ")";
+ $filter .= " (" . $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" ) . "=" . $inRequest->resource . ")))";
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "read", $inRequest->resource ) ) {
+
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $filter, "sub",
+ Array( "tgresourceowner" ) );
+
+
+ if( sizeof( $arrResource ) == 1 ) {
+
+ $result->owner = $arrResource[0]['tgresourceowner'][0];
+
+ }
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getMembers
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns a list of members in a project.
+ // -----------------------------------------------------
+ public function getMembers( $inRequest ) {
+
+ $result = new usersetResponse(); // The return-result
+ $arrMember = Array(); // Resoult of the RBAC-search
+
+
+ $arrMember = $this->rbac->authorizedUsers( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $this->config->getValue( "project", "base" )
+ . "," . $this->rbac->getConfiguration()->getValue( "role", "base" ) );
+
+
+ // The user has to be in the project to be
+ // allowed to display all other users
+ if( in_array( $this->rbac->sessionUser( $inRequest->auth ), $arrMember ) ) {
+
+ $result->username = $arrMember;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getRights
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // resource / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns a list of operations allowed by the user
+ // on a specific resource.
+ // -----------------------------------------------------
+ public function getRights( $inRequest ) {
+
+ $arrOperation = Array();
+ $result = new operationsetResponse(); // The return-result
+
+
+ if( preg_match( "/.+/", $inRequest->username ) ) {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->resource ) ) {
+
+ $arrOperation = $this->rbac->userOperationsOnObject( $inRequest->username, $inRequest->resource );
+
+ }
+
+ }
+ else {
+
+ $arrOperation = $this->rbac->userOperationsOnObject( $this->rbac->sessionUser( $inRequest->auth ), $inRequest->resource );
+
+ }
+
+
+ $result->operation = $arrOperation;
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: publish
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns a list of operations allowed by the user
+ // on a specific resource.
+ // -----------------------------------------------------
+ public function publish( $inRequest ) {
+
+ $arrResource = Array();
+ $arrModify = Array();
+ $filter = "";
+ $result = new booleanResponse(); // The return-result
+
+
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(|(" . $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) . "=" . $inRequest->resource . ")";
+ $filter .= " (" . $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" ) . "=" . $inRequest->resource . ")))";
+
+
+ // Get the resource
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $filter, "sub",
+ Array( "tgispublic", "tgprojectid" ) );
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "publish", $inRequest->resource ) ) {
+
+ $arrModify['tgispublic'][] = "TRUE";
+ $result->result = $this->connection['resource']->modify( $arrResource[0]['dn'], $arrModify );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getProjectDescription
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // Output: result / xsd:string
+ // Description
+ // Returns the description of a project
+ // -----------------------------------------------------
+ public function getProjectDescription( $inRequest ) {
+
+ $result = new getProjectDescriptionResponse();
+ $filter = "";
+
+
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "role", "filter" );
+ $filter .= "(" . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . "))";
+
+
+ $arrProject = $this->connection['role']->getEntry( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $this->config->getValue( "project", "base" )
+ . "," . $this->rbac->getConfiguration()->getValue( "role", "base" ) );
+
+
+ if( isset( $arrProject['dn'] ) ) {
+
+ $result->description = $arrProject['tgprojectdescription'][0];
+
+ }
+ else {
+
+ $result->description = "Not available";
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgAssignedProjects
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Returns a list of all projects of the user corresponding
+ // to the session-ID (auth).
+ // -----------------------------------------------------
+ public function tgAssignedProjects( $inRequest ) {
+
+ $filter = "";
+ $username = "";
+ $arrFound = Array();
+ $result = new rolesetResponse(); // The return-result
+ $i = 0; // Loop
+ $j = 0; // Loop
+
+
+ // By default the result is an empty array
+ $result->role = Array();
+
+
+ // The user corresponding to the session
+ $username = $this->rbac->sessionUser( $inRequest->auth );
+
+
+ // Search all roles in which the user is performer.
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "role", "filter" );
+ $filter .= "(rbacPerformer=" . $username . "))";
+
+ $arrRole = $this->connection['role']->search( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "="
+ . $this->config->getValue( "project", "base" ) . ","
+ . $this->rbac->getConfiguration()->getValue( "role", "base" ),
+ $filter, "sub", Array( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) ) );
+
+
+ for( $i = 0; $i < sizeof( $arrRole ); $i++ ) {
+
+ $arrSplit = preg_split( "/[,]/", $arrRole[$i]['dn'] );
+ $projectBelong = "";
+
+
+ for( $j = 0; $j < sizeof( $arrSplit ); $j++ ) {
+
+ if( preg_match( "/^TGPR[0-9]+$/i",
+ preg_replace( "/^" . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=/i", "", $arrSplit[$j] ) ) ) {
+
+ $projectBelong = preg_replace( "/^" . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=/i", "", $arrSplit[$j] );
+
+ }
+
+ }
+
+
+ if( preg_match( "/.+/", $projectBelong )
+ && !isset( $arrFound[strtolower( $projectBelong )] ) ) {
+
+ $arrFound[strtolower( $projectBelong )] = 1;
+
+ }
+
+ }
+
+
+ foreach( $arrFound as $key => $value ) {
+
+ $result->role[] = strtoupper( $key );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: deleteMember
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // username / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to remove a user from a role. This is only possible
+ // if the user exists and the session has the permission
+ // "delegate" on the project.
+ // -----------------------------------------------------
+ public function deleteMember( $inRequest ) {
+
+ $arrSplit = Array();
+ $project = false;
+ $result = new booleanResponse(); // The return-result
+
+
+ // Extract the project from the role
+ $arrSplit = preg_split( "/[,]/", $inRequest->role );
+
+ for( $i = 0; $i < sizeof( $arrSplit ); $i++ ) {
+
+ if( preg_match( "/^tgpr[0-9]+$/i", $arrSplit[$i] ) ) {
+
+ $project = $arrSplit[$i];
+
+ }
+
+ }
+
+
+ if( $project
+ && $this->rbac->checkAccess( $inRequest->auth, "delegate", $project ) ) {
+
+ if( $this->rbac->deassignUser( $inRequest->username, $inRequest->role ) ) {
+
+ $result->result = true;
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: unregisterResource
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // uri / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to remove a resource from the directory. There for
+ // a user has to have the permission "delete" on the
+ // resource.
+ // -----------------------------------------------------
+ function unregisterResource( $inRequest ) {
+
+ $resourceNamingAttribute = ""; // The naming-attribute of the resource
+ $resourceAliasAttribute = ""; // The alias-attribute of the resource
+ $filter = ""; // The LDAP-filter to find the resource
+ $result = new booleanResponse(); // The return-result
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delete", $inRequest->uri ) ) {
+
+ // The TextGrid-resource naming-attribute
+ $resourceNamingAttribute = $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" );
+ $resourceAliasAttribute = $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" );
+
+
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(|(" . $resourceNamingAttribute . "=" . $inRequest->uri . ")";
+ $filter .= " (" . $resourceAliasAttribute . "=" . $inRequest->uri . ")))";
+
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $filter, "sub" );
+
+
+ if( sizeof( $arrResource ) == 1 ) {
+
+ $result->result = $this->connection['resource']->delete( $arrResource[0]['dn'] );
+
+ }
+ else {
+
+ return new SoapFault( "unknownResourceFault",
+ $this->config->getValue( "errorCode", "RESOURCENOTFOUND_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "RESOURCENOTFOUND_ERROR" ) );
+
+ }
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: registerResource
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // uri / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to add a resource to the directory. There for
+ // a user has to have the permission "create" on the
+ // resource "project".
+ // -----------------------------------------------------
+ function registerResource( $inRequest ) {
+
+ $connection = false; // The connection for resources
+ $registered = false; // The result of the registration-tries
+ $registerTry = 10; // The number of tries of registering the resource
+ $resourceNamingAttribute = ""; // The naming-attribute of the resource
+ $arrCounter = false; // The counter entry
+ $result = new booleanResponse(); // The return-result
+
+
+ // The TextGrid-resource naming-attribute
+ $resourceNamingAttribute = $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" );
+
+
+ // Look for the counter entry for resources.
+ $arrCounter = $this->connection['counter']->getEntry( "cn=resource," . $this->config->getValue( "counter", "base" ) );
+
+
+ // If there is a counter entry, use it
+ if( isset( $arrCounter['dn'] ) ) {
+
+ $freeNumber = $arrCounter['sn'][0] + 1;
+
+ }
+ else {
+
+ $arrResourceName = $this->connection['resource']->search( $this->config->getValue( "textGridResource", "base" ),
+ "(objectClass=textGridResource)",
+ "one", $resourceNamingAttribute );
+
+
+ // Every returned resource has to be examined for
+ // its number to get the next free one.
+ for( $i = 0; $i < sizeof( $arrResourceName ); $i++ ) {
+
+ $resourceName = preg_replace( "/^TGRS/i", "", $arrResourceName[$i][$resourceNamingAttribute][0] );
+ $maxNumber = max( $maxNumber, intval( $resourceName ) );
+
+ }
+
+
+ $freeNumber = $maxNumber + 1;
+
+ }
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "create", $inRequest->project ) ) {
+
+ // As long as the resource is not registered and the number
+ // of tries has not been reached, try to register
+ while( !$registered
+ && ($registerTry > 0) ) {
+
+ // This is the resource-entry that will be
+ // added to the directory
+ $arrEntry = Array();
+ $arrEntry['objectclass'][] = "textgridResource";
+ $arrEntry['objectclass'][] = "rbacResource";
+ $arrEntry['rbacoperation'][] = "read";
+ $arrEntry['rbacoperation'][] = "write";
+ $arrEntry['rbacoperation'][] = "delegate";
+ $arrEntry['rbacoperation'][] = "delete";
+ $arrEntry['rbacoperation'][] = "publish";
+ $arrEntry['tgresourceuri'][] = $inRequest->uri;
+ $arrEntry['tgprojectid'][] = $inRequest->project;
+ $arrEntry['tgispublic'][] = "FALSE";
+ $arrEntry[$resourceNamingAttribute][] = "TGRS" . ($freeNumber);
+ $arrEntry['tgresourceowner'][] = $this->rbac->sessionUser( $inRequest->auth );
+
+
+ // Add the default permissions to the resource
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:delegate";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:publish";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Administrator,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:delete";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Bearbeiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:read";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Bearbeiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:write";
+ $arrEntry['rbacpermission'][] = $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Beobachter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=" . $inRequest->project . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) . ":-:read";
+
+
+ // Try to add the resource with the appropriate number. If
+ // this fails, we will try again (10 times).
+ $registered = $this->connection['resource']->add( $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) . "=TGRS"
+ . $freeNumber . "," . $this->config->getValue( "textGridResource", "base" ),
+ $arrEntry );
+
+
+ $registerTry--;
+
+
+ $registered ? false : $freeNumber++;
+
+ }
+
+
+ // This entry will add or modify the directory that way
+ // that there is a counter entry.
+ $arrEntry = Array();
+ $arrEntry['objectclass'][] = "person";
+ $arrEntry['cn'][] = "resource";
+ $arrEntry['sn'][] = $freeNumber;
+
+
+ if( !isset( $arrCounter['dn'] ) ) {
+
+ $this->connection['counter']->add( "cn=resource," . $this->config->getValue( "counter", "base" ), $arrEntry );
+
+ }
+ else {
+
+ $this->connection['counter']->modify( "cn=resource," . $this->config->getValue( "counter", "base" ), $arrEntry );
+
+ }
+
+
+ $result->result = $registered;
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getLeader
+ // Input: log / xsd:string
+ // Output: project[] / tns:projectInfo
+ // Description
+ // Searches for all projects and returns them as a list.
+ // -----------------------------------------------------
+ public function getLeader( $inRequest ) {
+
+ $arrUser = Array();
+ $result = new usersetResponse();
+
+
+ $result->username = $this->rbac->assignedUsers( "Projektleiter," . $inRequest->project . "," . $this->config->getValue( "project", "base" ) );
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: getAllProjects
+ // Input: log / xsd:string
+ // Output: project[] / tns:projectInfo
+ // Description
+ // Searches for all projects and returns them as a list.
+ // -----------------------------------------------------
+ public function getAllProjects( $inRequest ) {
+
+ $arrProject = Array(); // All project-entries found
+ $connection = false; // The connection for roles
+ $result = new getAllProjectsResponse(); // Return
+
+
+ // The role-connection is needed because projects
+ // are representated as roles.
+ $connection = $this->rbac->getConnection( "resource" );
+
+
+ // Search the directory
+ $arrProject = $connection->search( $this->rbac->getConfiguration()->getValue( "project", "base" ), "(objectClass=rbacRole)", "one",
+ $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) );
+
+
+ for( $i = 0; $i < sizeof( $arrProject ); $i++ ) {
+
+ $result->project[] = new ProjectInfo( $arrProject[$i][$this->rbac->getConfiguration()->getValue( "role", "namingattribute" )][0],
+ $arrProject[$i]['tgprojectdescription'][0] );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: createProject
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // name / xsd:string
+ // description / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given role is added to the system.
+ // This function creates roles without a hirarchy, so it
+ // only has to check if there is access to the "role_base".
+ // -----------------------------------------------------
+ function createProject( $inRequest ) {
+
+ $createProjectResult = false; // The result of the process
+ $connection = false; // The connection to the projects
+ $arrProjectName = Array(); // All present projects
+ $projectName = ""; // At last Holds the project-name
+ $maxNumber = 0; // The highest free project-number
+ $result = new createProjectResponse(); // The result
+ $i = 0; // Loop
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "registerResource", "resource_base" ) ) {
+
+ // The role-connection is needed because projects
+ // are representated as roles.
+ $connection = $this->rbac->getConnection( "role" );
+
+
+ // Search the directory
+ $arrProjectName = $connection->search( $this->rbac->getConfiguration()->getValue( "project", "base" ), "(objectClass=rbacRole)", "one",
+ $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) );
+
+
+ // Every returned project has to be examined for
+ // its number to get the next free one.
+ for( $i = 0; $i < sizeof( $arrProjectName ); $i++ ) {
+
+ $projectName = preg_replace( "/^TGPR/i", "", $arrProjectName[$i][$this->rbac->getConfiguration()->getValue( "role", "namingattribute" )][0] );
+ $maxNumber = max( $maxNumber, intval( $projectName ) );
+
+ }
+
+
+ try {
+
+ // Create the project-role
+ $createProjectResult = $this->rbac->addAscendant( "TGPR" . ($maxNumber + 1),
+ $this->rbac->getConfiguration()->getValue( "project", "base" ) );
+
+
+ // The user of the session-ID will be the Leader
+ // of this new project.
+ $this->rbac->assignUser( $this->rbac->sessionUser( $inRequest->auth ),
+ $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=Projektleiter,"
+ . $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=TGPR" . ($maxNumber + 1) . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ) );
+
+
+ // Set the project-description
+ $connection->modify( $this->rbac->getConfiguration()->getValue( "role", "namingattribute" ) . "=TGPR" . ($maxNumber + 1) . ","
+ . $this->rbac->getConfiguration()->getValue( "project", "base" ),
+ Array( "tgprojectdescription" => Array( $inRequest->description ) ) );
+
+
+ $result->projectId = "TGPR" . ($maxNumber + 1);
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgAddActiveRole
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // role / xsd:string
+ // Output: sid / string
+ // Description
+ // Adds an assigned role to the list of active session
+ // roles.
+ // -----------------------------------------------------
+ public function tgAddActiveRole( $inRequest ) {
+
+ $result = new booleanResponse(); // Return
+ $username = ""; // The username corresponding to the session-ID
+
+
+ $username = $this->rbac->sessionUser( $inRequest->auth );
+
+
+ if( preg_match( "/.+/", $username ) ) {
+
+ $result->result = $this->rbac->addActiveRole( $username, $inRequest->auth, $inRequest->role );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgDropActiveRole
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // role / xsd:string
+ // Output: sid / string
+ // Description
+ // Removes a role from the list of active session roles.
+ // -----------------------------------------------------
+ public function tgDropActiveRole( $inRequest ) {
+
+ $result = new booleanResponse(); // Return
+ $username = ""; // The username corresponding to the session-ID
+
+
+ $username = $this->rbac->sessionUser( $inRequest->auth );
+
+
+ if( preg_match( "/.+/", $username ) ) {
+
+ $result->result = $this->rbac->dropActiveRole( $username, $inRequest->auth, $inRequest->role );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: tgAssignedRoles
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // username / xsd:string
+ // Output: sid / string
+ // Description
+ // Creates a random string containing characters and
+ // numbers.
+ // -----------------------------------------------------
+ public function tgAssignedRoles( $inRequest ) {
+
+ $result = new rolesetResponse();
+ $arrActiveRole = Array();
+ $arrProject = Array();
+ $arrAllreadyChecked = Array();
+ $arrProject = Array();
+ $connection = false;
+ $i = 0; // Loop
+
+
+ if( preg_match( "/.+/", $inRequest->username )
+ && !preg_match( "/^" . $inRequest->username . "$/i", $this->rbac->sessionUser( $inRequest->auth ) ) ) {
+
+ // The roles of the user
+ $arrRole = $this->rbac->assignedRoles( $inRequest->username );
+
+
+ // Extract the different projects the user is
+ // assigned by his roles.
+ for( $i = 0; $i < sizeof( $arrRole ); $i++ ) {
+
+ $arrSplit = preg_split( "/[,]/", $arrRole[$i] );
+
+ for( $j = 0; $j < sizeof( $arrSplit ); $j++ ) {
+
+ if( preg_match( "/TGPR[0-9]+/i", $arrSplit[$j] )
+ && !in_array( trim( $arrSplit[$j] ), $arrProject ) ) {
+
+ $arrProject[] = trim( $arrSplit[$j] );
+ break;
+
+ }
+
+ }
+
+ }
+
+
+ // For each project the username is in, check if the
+ // session-ID has the right to display the assigned roles.
+ for( $i = 0; $i < sizeof( $arrProject ); $i++ ) {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $arrProject[$i] ) ) {
+
+ for( $j = 0; $j < sizeof( $arrRole ); $j++ ) {
+
+ if( preg_match( "/" . $arrProject[$i] . "/i", $arrRole[$j] ) ) {
+
+ $result->role[] = $arrRole[$j];
+
+ }
+
+ }
+
+ }
+
+ }
+
+ }
+ else {
+
+ $result->role = $this->rbac->assignedRoles( $this->rbac->sessionUser( $inRequest->auth ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: createSessionID
+ // Input: none
+ // Output: sid / string
+ // Description
+ // Creates a random string containing characters and
+ // numbers.
+ // -----------------------------------------------------
+ private function createSessionID() {
+
+ $sid = ""; // Session-ID
+ $tmp = ""; // Temporaere Session-ID
+
+
+ // Setzen eines Startwerts fuer den Zufallsgenerator
+ mt_srand( (double)microtime() * 1000000 );
+
+
+ // Erzeugen eines Zufallsstrings
+ for( $i = 0; $i < 256; $i++ ) {
+
+ $tmp = chr( mt_rand( 0, 255 ) );
+
+
+ if( preg_match( "/[a-zA-Z0-9]/", $tmp ) ) {
+
+ $sid .= $tmp;
+
+ }
+
+ }
+
+
+ return $sid;
+
+ }
+
+}
+?>
diff --git a/rbacSoap/TgReview.class.php b/rbacSoap/TgReview.class.php
new file mode 100644
index 0000000..ef0c755
--- /dev/null
+++ b/rbacSoap/TgReview.class.php
@@ -0,0 +1,606 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 13.11.2007
+// Version: 0.1.6
+// #######################################################
+
+
+class TgReview {
+
+ // Global variables
+ protected $rbac;
+ protected $config;
+
+
+
+ // -----------------------------------------------------
+ // Constructor
+ // Input: none
+ // Output: object TgReview
+ // Description:
+ // Sets the configuration and creates an instance of
+ // the RBAC-class.
+ // -----------------------------------------------------
+ public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+
+ $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+
+
+ $this->config = new SimpleConfig( $inConfigurationFilename );
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: sessionRoles
+ // Input: intSid / xsd:string
+ // sid / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns a list of all roles that are activ
+ // for the given session.
+ // -----------------------------------------------------
+ public function sessionRoles( $inRequest ) {
+
+ $arrRoleResult = Array(); // The roles of the session
+ $result = new rolesetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "session_base" ) ) {
+
+ try {
+
+ $arrRoleResult = $this->rbac->sessionRoles( $inRequest->sid );
+
+
+ $result->role = $arrRoleResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: assignedRoles
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns a list of all roles the user is
+ // assigned to.
+ // -----------------------------------------------------
+ public function assignedRoles( $inRequest ) {
+
+ $userDomain = ""; // The domain-component of the user
+ $arrTmpDomain = Array(); // Temporary array
+ $arrRoleResult = Array(); // The roles of the user
+ $result = new rolesetResponse(); // The result
+
+
+ if( preg_match( "/^.+[@]{1}.+$/", $inRequest->username ) ) {
+
+ $arrTmpDomain = preg_split( "/[@]/", $inRequest->username );
+ $userDomain = $arrTmpDomain[1];
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "user_" . $userDomain )
+ || $this->rbac->checkAccess( $inRequest->intSid, "review", "user_base" ) ) {
+
+ try {
+
+ $arrRoleResult = $this->rbac->assignedRoles( $inRequest->username );
+
+
+ $result->role = $arrRoleResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "formatFault",
+ $this->config->getValue( "errorCode", "INVALID_USER_FORMAT" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INVALID_USER_FORMAT" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: assignedUsers
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns a list of all users that are
+ // assigned to the role.
+ // -----------------------------------------------------
+ public function assignedUsers( $inRequest ) {
+
+ $arrUserResult = Array(); // The users assigned to the role
+ $result = new usersetResponse(); // The result
+
+
+ // Test if the user has apropriate rights to list the users
+ // that are assigned to the role
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", $inRequest->role )
+ || $this->rbac->checkAccess( $inRequest->intSid, "review", "role_base" ) ) {
+
+ try {
+
+ $arrUserResult = $this->rbac->assignedUsers( $inRequest->role );
+
+
+ $result->username = $arrUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: rolePermissions
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // Output: result / array of tns:permission
+ // Description
+ // If the internal session has appropriate access the
+ // function returns all permissions a role has.
+ // -----------------------------------------------------
+ public function rolePermissions( $inRequest ) {
+
+ $arrPermission = Array(); // The permissions of the role
+ $result = new permissionsetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "rolePermissions", "resource_top" ) ) {
+
+ try {
+
+ $arrPermission = $this->rbac->rolePermissions( $inRequest->role );
+ $result->permissionset = Array();
+
+
+ for( $i = 0; $i < sizeof( $arrPermission ); $i++ ) {
+
+ array_push( &$result->permissionset, new permission( $arrPermission[$i]['operation'],
+ $arrPermission[$i]['resource'] ) );
+
+ }
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: roleOperationsOnObject
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // resource / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns all operations a role has on a specific
+ // resource.
+ // -----------------------------------------------------
+ public function roleOperationsOnObject( $inRequest ) {
+
+ $arrOperation = Array(); // The operations of the role on the given resource
+ $result = new operationsetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "resource_top" ) ) {
+
+ try {
+
+ $arrOperation = $this->rbac->roleOperationsOnObject( $inRequest->role, $inRequest->resource );
+
+
+ $result->operationset = $arrOperation;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: userOperationsOnObject
+ // Input: intSid / xsd:string
+ // user / xsd:string
+ // resource / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns all operations a user has on a specific
+ // resource.
+ // -----------------------------------------------------
+ public function userOperationsOnObject( $inRequest ) {
+
+ $arrOperation = Array(); // The operations of the role on the given resource
+ $result = new operationsetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "top", "resource_top" ) ) {
+
+ try {
+
+ $arrOperation = $this->rbac->userOperationsOnObject( $inRequest->user, $inRequest->resource );
+
+
+ $result->operationset = $arrOperation;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: userPermissions
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // Output: result / array of tns:permission
+ // Description
+ // If the internal session has appropriate access the
+ // function returns all permissions a user has by
+ // beeing assigned to roles.
+ // -----------------------------------------------------
+ public function userPermissions( $inRequest ) {
+
+ $arrPermission = Array(); // The permissions of the user
+ $result = new permissionsetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "resource_top" ) ) {
+
+ try {
+
+ $arrPermission = $this->rbac->userPermissions( $inRequest->username );
+ $result->permissionset = Array();
+
+
+ for( $i = 0; $i < sizeof( $arrPermission ); $i++ ) {
+
+ array_push( &$result->permissionset, new permission( $arrPermission[$i]['operation'],
+ $arrPermission[$i]['resource'] ) );
+
+ }
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: sessionPermissions
+ // Input: intSid / xsd:string
+ // sid / xsd:string
+ // Output: result / array of tns:permission
+ // Description
+ // If the internal session has appropriate access the
+ // function returns all permissions a session has
+ // because of the roles that are active.
+ // -----------------------------------------------------
+ public function sessionPermissions( $inRequest ) {
+
+ $arrPermission = Array(); // The permissions of the user
+ $result = new permissionsetResponse(); // The result
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "resource_top" ) ) {
+
+ try {
+
+ $arrPermission = $this->rbac->sessionPermissions( $inRequest->sid );
+ $result->permissionset = Array();
+
+
+ for( $i = 0; $i < sizeof( $arrPermission ); $i++ ) {
+
+ array_push( &$result->permissionset, new permission( $arrPermission[$i]['operation'],
+ $arrPermission[$i]['resource'] ) );
+
+ }
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: authorizedRoles
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns a list of all roles the user is
+ // authorized for.
+ // -----------------------------------------------------
+ public function authorizedRoles( $inRequest ) {
+
+ $userDomain = ""; // The domain-component of the user
+ $arrTmpDomain = Array(); // Temporary array
+ $arrRoleResult = Array(); // The roles of the user
+ $result = new rolesetResponse(); // The result
+
+
+ if( preg_match( "/^.+[@]{1}.+$/", $inRequest->username ) ) {
+
+ $arrTmpDomain = preg_split( "/[@]/", $inRequest->username );
+ $userDomain = $arrTmpDomain[1];
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", "user_" . $userDomain )
+ || $this->rbac->checkAccess( $inRequest->intSid, "review", "user_base" ) ) {
+
+ try {
+
+ $arrRoleResult = $this->rbac->authorizedRoles( $inRequest->username );
+
+
+ $result->role = $arrRoleResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "formatFault",
+ $this->config->getValue( "errorCode", "INVALID_USER_FORMAT" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INVALID_USER_FORMAT" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: authorizedUsers
+ // Input: intSid / xsd:string
+ // role / xsd:string
+ // Output: result / array of xsd:string
+ // Description
+ // If the internal session has appropriate access the
+ // function returns a list of all users that are
+ // authorized for this role.
+ // -----------------------------------------------------
+ public function authorizedUsers( $inRequest ) {
+
+ $arrUserResult = Array(); // The users assigned to the role
+ $result = new usersetResponse(); // The result
+
+
+ // Test if the user has apropriate rights to list the users
+ // that are authorized to that role
+ if( $this->rbac->checkAccess( $inRequest->intSid, "review", $inRequest->role )
+ || $this->rbac->checkAccess( $inRequest->intSid, "review", "role_base" ) ) {
+
+ try {
+
+ $arrUserResult = $this->rbac->authorizedUsers( $inRequest->role );
+
+
+ $result->username = $arrUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+}
+?>
diff --git a/rbacSoap/TgSystem.class.php b/rbacSoap/TgSystem.class.php
new file mode 100644
index 0000000..6157e34
--- /dev/null
+++ b/rbacSoap/TgSystem.class.php
@@ -0,0 +1,268 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.07.2007
+// Modification date: 09.10.2007
+// Version: 0.2.2
+// #######################################################
+
+
+
+class TgSystem {
+
+ // Global variables
+ protected $rbac;
+ protected $config;
+
+
+
+ // -----------------------------------------------------
+ // Constructor
+ // Input: none
+ // Output: object RBACcore
+ // Description:
+ // Creates initial connections to the LDAP-server and
+ // sets some configuration parameters.
+ // -----------------------------------------------------
+ public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+
+ $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+
+
+ $this->config = new SimpleConfig( $inConfigurationFilename );
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: createSession
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // roleset / xsd:string
+ // sid / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Creates a session for a user. But first the user who
+ // wants to create a session for another user has to
+ // be authenticated and authorised.
+ // -----------------------------------------------------
+ function createSession( $inRequest ) {
+
+ $arrRole = Array(); // The initial roleset for the new session
+ $result = new booleanResponse(); // The result of the session-creation
+ $createSessionResult = false; // The result of the rbac-call
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "session_base" ) ) {
+
+ // Only if there is more than one role given, the soap-engine of
+ // PHP creates an array!
+ if( isset( $inRequest->roleset ) ) {
+
+ is_array( $inRequest->roleset ) ? $arrRole = $inRequest->roleset : array_push( &$arrRole, $inRequest->roleset );
+
+ }
+
+
+ // Try to create the session
+ try{
+
+ $createSessionResult = $this->rbac->createSession( $inRequest->username, $arrRole, $inRequest->sid );
+
+ $result->result = true;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: deleteSession
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // sid / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Deletes a user's session. But first the user who
+ // wants to delte the session for another user has to
+ // be authenticated and authorised.
+ // -----------------------------------------------------
+ function deleteSession( $inRequest ) {
+
+ $result = new booleanResponse(); // The result of the session-creation
+ $deleteSessionResult = false; // The result of the rbac-call
+
+
+ // Test if the user has apropriate rights
+ if( $this->rbac->checkAccess( $inRequest->intSid, "administer", "session_base" ) ) {
+
+ // Try to create the session
+ try{
+
+ $deleteSessionResult = $this->rbac->deleteSession( $inRequest->username, $inRequest->sid );
+
+ $result->result = true;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: addActiveRole
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // sid / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Adds an active role to the session. This is
+ // possible without having authenticated.
+ // -----------------------------------------------------
+ function addActiveRole( $inRequest ) {
+
+ $result = new booleanResponse(); // The result of the session-creation
+ $addActiveRoleResult = false; // The result of the rbac-call
+
+
+ // Try to add the role to the session
+ try{
+
+ $addActiveRoleResult = $this->rbac->addActiveRole( $inRequest->username, $inRequest->sid, $inRequest->role );
+
+ $result->result = true;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: dropActiveRole
+ // Input: intSid / xsd:string
+ // username / xsd:string
+ // sid / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Adds an active role to the session. This is
+ // possible without having authenticated.
+ // -----------------------------------------------------
+ function dropActiveRole( $inRequest ) {
+
+ $result = new booleanResponse(); // The result of the session-creation
+ $dropActiveRoleResult = false; // The result of the rbac-call
+
+
+ // Try to add the role to the session
+ try{
+
+ $dropActiveRoleResult = $this->rbac->dropActiveRole( $inRequest->username, $inRequest->sid, $inRequest->role );
+
+ $result->result = true;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: checkAccess
+ // Input: intSid / xsd:string
+ // sid / xsd:string
+ // operation / xsd:string
+ // resource / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Makes the "checkAccess"-call and returns the information
+ // if the access is granted or denied.
+ // -----------------------------------------------------
+ function checkAccess( $inRequest ) {
+
+ $result = new booleanResponse(); // The result of the session-creation
+ $checkAccessResult = false; // The result of the rbac-call
+
+
+ try {
+
+ $checkAccessResult = $this->rbac->checkAccess( $inRequest->sid, $inRequest->operation, $inRequest->resource );
+
+ $result->result = $checkAccessResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $rbac ), $e->getMessage() );
+
+ }
+
+
+ return $result;
+
+ }
+
+}
+?>
diff --git a/rbacSoap/XACML.class.php b/rbacSoap/XACML.class.php
new file mode 100644
index 0000000..9e6192c
--- /dev/null
+++ b/rbacSoap/XACML.class.php
@@ -0,0 +1,113 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.07.2007
+// Modification date: 01.11.2007
+// Version: 0.1.3
+// #######################################################
+
+
+
+class XACML {
+
+ // Global variables
+ protected $rbac;
+ protected $config;
+ protected $connection;
+
+
+
+ // -----------------------------------------------------
+ // Constructor
+ // Input: none
+ // Output: object RBACcore
+ // Description:
+ // Creates initial connections to the LDAP-server and
+ // sets some configuration parameters.
+ // -----------------------------------------------------
+ public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+
+ $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+
+
+ $this->config = new SimpleConfig( $inConfigurationFilename );
+
+
+ // Create connection
+ $this->connection['user'] = new LDAP();
+ $this->connection['user']->connect( $this->config->getValue( "authentication", "host" ),
+ $this->config->getValue( "authentication", "port" ),
+ $this->config->getValue( "authentication", "version" ),
+ preg_match( "/yes/i", $this->config->getValue( "authentication", "tls" ) ) ? true : false );
+ $this->connection['user']->bind( $this->config->getValue( "authentication", "binddn" ),
+ $this->config->getValue( "authentication", "password" ) );
+
+
+ $this->connection['resource'] = $this->rbac->getConnection( "resource" );
+ $this->connection['role'] = $this->rbac->getConnection( "role" );
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: checkXACMLaccess
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // username / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Checks if a given user exists in the LDAP directory.
+ // -----------------------------------------------------
+ function checkXACMLaccess( $inRequest ) {
+
+ $version = false; // The version of the XACML-SAML-Request
+ $result = new stdClass(); // The response
+
+
+ $version = $inRequest->Version;
+ $id = $inRequest->ID;
+
+
+ if( preg_match( "/^2\.0$/", $version ) ) {
+
+ $result->Version = "2.0";
+ $result->ID = $id;
+
+ $result->Response = new stdClass();
+ $result->Response->Result = new stdClass();
+ $result->Response->Result->Decision = "Permit";
+
+
+ if( $inRequest->ReturnContext ) {
+
+ $result->Request = new stdClass();
+
+ isset( $result->Request->Subject ) ? $result->Request->Subject = $inRequest->Subject : $result->Request->Subject = new stdClass();
+ isset( $result->Request->Resource ) ? $result->Request->Resource = $inRequest->Resource : $result->Request->Resource = new stdClass();
+ isset( $result->Request->Action ) ? $result->Request->Action = $inRequest->Action : $result->Request->Action = new stdClass();
+ isset( $result->Request->Environment ) ? $result->Request->Environment = $inRequest->Environment : $result->Request->Environment = new stdClass();
+
+ }
+
+ }
+
+
+ return $result;
+
+
+
+/*
+ $result = new dumpResponse(); // The result
+
+
+ $result->dump = serialize( $inRequest );
+
+
+ return $result;
+*/
+ }
+
+}
+?>
diff --git a/rbacSoap/conf/rbacSoap.conf.xml b/rbacSoap/conf/rbacSoap.conf.xml
new file mode 100644
index 0000000..5e9b451
--- /dev/null
+++ b/rbacSoap/conf/rbacSoap.conf.xml
@@ -0,0 +1,34 @@
+<CONFIGURATION>
+
+ <SECTION name="errorCode">
+ <VAR name="OK">1</VAR>
+ <VAR name="INSUFFICIENT_ACCESS">2</VAR>
+ <VAR name="AUTHENTICATION_ERROR">4</VAR>
+ </SECTION>
+
+ <SECTION name="errorDescription">
+ <VAR name="OK">Ok</VAR>
+ <VAR name="INSUFFICIENT_ACCESS">This function requires an authentication and authorization. First call tgextra#authenticate and tgpolicyengine#addActiveRole.</VAR>
+ <VAR name="AUTHENTICATION_ERROR">Authentication was not successfull. Username or password are incorrect.</VAR>
+ </SECTION>
+
+ <SECTION name="authentication">
+ <VAR name="host">rbac.textgrid.daasi.de</VAR>
+ <VAR name="port">4389</VAR>
+ <VAR name="version">3</VAR>
+ <VAR name="tls">no</VAR>
+ <VAR name="base">ou=people,ou=rbac,dc=textgrid,dc=de</VAR>
+ <VAR name="binddn">cn=manager,dc=rbac,textgrid,dc=de</VAR>
+ <VAR name="password">secret</VAR>
+ <VAR name="namingattribute">uid</VAR>
+ </SECTION>
+
+ <SECTION name="user">
+ <VAR name="userTreeAttribute">ou</VAR>
+ </SECTION>
+
+ <SECTION name="project">
+ <VAR name="baseRole">Projekt-Teilnehmer</VAR>
+ </SECTION>
+
+</CONFIGURATION>
diff --git a/rbacSoap/examples/addAscendant.php b/rbacSoap/examples/addAscendant.php
new file mode 100644
index 0000000..9f71537
--- /dev/null
+++ b/rbacSoap/examples/addAscendant.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.10.2007
+// Modification date: 18.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to add an
+// inheritance
+// -----------------------------------------------------
+$addAscReq = new addAscendantRequest();
+$addAscReq->intSid = $authResponse->sid;
+$addAscReq->ascendant = "Testrolle";
+$addAscReq->descendant = "Anwendung";
+
+echo "<HR/>";
+echo "Adding ascendant...<BR/>";
+
+try {
+
+ $addAscResponse = $soapAdministration->addAscendant( $addAscReq );
+
+ if( $addAscResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/addDescendant.php b/rbacSoap/examples/addDescendant.php
new file mode 100644
index 0000000..ce53a92
--- /dev/null
+++ b/rbacSoap/examples/addDescendant.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.10.2007
+// Modification date: 18.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to add an
+// inheritance
+// -----------------------------------------------------
+$addDescReq = new addDescendantRequest();
+$addDescReq->intSid = $authResponse->sid;
+$addDescReq->ascendant = "Anwendung";
+$addDescReq->descendant = "Testrolle";
+
+echo "<HR/>";
+echo "Adding descendant...<BR/>";
+
+try {
+
+ $addDescResponse = $soapAdministration->addDescendant( $addDescReq );
+
+ if( $addDescResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/addInheritance.php b/rbacSoap/examples/addInheritance.php
new file mode 100644
index 0000000..1901a91
--- /dev/null
+++ b/rbacSoap/examples/addInheritance.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 04.10.2007
+// Modification date: 04.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to add an
+// inheritance
+// -----------------------------------------------------
+$addInhReq = new addInheritanceRequest();
+$addInhReq->intSid = $authResponse->sid;
+$addInhReq->ascendant = "Anwendung";
+$addInhReq->descendant = "Testrolle";
+
+echo "<HR/>";
+echo "Adding inheritance...<BR/>";
+
+try {
+
+ $addInhResponse = $soapAdministration->addInheritance( $addInhReq );
+
+ if( $addInhResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/addMember.php b/rbacSoap/examples/addMember.php
new file mode 100644
index 0000000..817cb1e
--- /dev/null
+++ b/rbacSoap/examples/addMember.php
@@ -0,0 +1,75 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.03.2008
+// Modification date: 18.03.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new addMemberRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->role = $_POST['role'];
+ $regReq->username = $_POST['username'];
+
+
+ echo "<HR/>";
+ echo "Adding member...<BR/>";
+
+ try {
+
+ $addMemberResponse = $soapExtra->addMember( $regReq );
+
+ if( $addMemberResponse->result ) {
+
+ echo "DONE.<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to commit!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"addMember.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Rolle: <INPUT type=\"text\" name=\"role\" value=\"\"><BR>\n";
+echo "Benutzer (eppn): <INPUT type=\"text\" name=\"username\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/addRole.php b/rbacSoap/examples/addRole.php
new file mode 100644
index 0000000..53db207
--- /dev/null
+++ b/rbacSoap/examples/addRole.php
@@ -0,0 +1,118 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 06.08.2007
+// Modification date: 06.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a role you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can add a the role you
+// wish to create
+// -----------------------------------------------------
+$addRoleReq = new addRoleRequest();
+$addRoleReq->intSid = $authResponse->sid;
+$addRoleReq->role = "TGPR2,Projekt-Teilnehmer";
+
+echo "<HR/>";
+echo "Adding role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapAdministration->addRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/addUser.php b/rbacSoap/examples/addUser.php
new file mode 100644
index 0000000..b3c86ca
--- /dev/null
+++ b/rbacSoap/examples/addUser.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can add a the user you
+// wish to create
+// -----------------------------------------------------
+$addUserReq = new addUserRequest();
+$addUserReq->intSid = $authResponse->sid;
+//$addUserReq->username = "mwidmer@uni-tuebingen.de";
+$addUserReq->username = "ShibConnector@application.int";
+$addUserReq->password = "secret";
+
+echo "<HR/>";
+echo "Adding user...<BR/>";
+
+try {
+
+ $addUserResponse = $soapAdministration->addUser( $addUserReq );
+
+ if( $addUserResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/assignUser.php b/rbacSoap/examples/assignUser.php
new file mode 100644
index 0000000..c4aa257
--- /dev/null
+++ b/rbacSoap/examples/assignUser.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can add a the user you
+// wish to create
+// -----------------------------------------------------
+$assUserReq = new assignUserRequest();
+$assUserReq->intSid = $authResponse->sid;
+$assUserReq->username = "mwidmer@uni-tuebingen.de";
+$assUserReq->role = "Anwendung";
+
+echo "<HR/>";
+echo "Assining user mwidmer@uni-tuebingen.de to role Anwendung...<BR/>";
+
+try {
+
+ $assUserResponse = $soapAdministration->assignUser( $assUserReq );
+
+ if( $assUserResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/assignedRoles.php b/rbacSoap/examples/assignedRoles.php
new file mode 100644
index 0000000..81d5bff
--- /dev/null
+++ b/rbacSoap/examples/assignedRoles.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 23.07.2007
+// Modification date: 23.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$arReq = new assignedRolesRequest();
+$arReq->intSid = $authResponse->sid;
+$arReq->username = "mhaase@uni-tuebingen.de";
+
+echo "<HR/>";
+echo "The roles of mhaase@uni-tuebingen.de...<BR/>";
+
+try {
+
+ $rolesetResponse = $soapReview->assignedRoles( $arReq );
+
+ if( is_array( $rolesetResponse->role ) ) {
+
+ for( $i = 0; $i < sizeof( $rolesetResponse->role ); $i++ ) {
+
+ echo "Role " . $i . ": " . $rolesetResponse->role[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Role 0: " . $rolesetResponse->role . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/assignedUsers.php b/rbacSoap/examples/assignedUsers.php
new file mode 100644
index 0000000..88907ed
--- /dev/null
+++ b/rbacSoap/examples/assignedUsers.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 23.07.2007
+// Modification date: 23.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$auReq = new assignedUsersRequest();
+$auReq->intSid = $authResponse->sid;
+$auReq->role = "Projekt-1,Projekt-Teilnehmer";
+
+echo "<HR/>";
+echo "The assigned users for role serviceProvider...<BR/>";
+
+try {
+
+ $usersetResponse = $soapReview->assignedUsers( $auReq );
+
+ if( is_array( $usersetResponse->username ) ) {
+
+ for( $i = 0; $i < sizeof( $usersetResponse->username ); $i++ ) {
+
+ echo "User " . $i . ": " . $usersetResponse->username[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "User 0: " . $usersetResponse->username . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/authorizedRoles.php b/rbacSoap/examples/authorizedRoles.php
new file mode 100644
index 0000000..941997b
--- /dev/null
+++ b/rbacSoap/examples/authorizedRoles.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.10.2007
+// Modification date: 18.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$arReq = new assignedRolesRequest();
+$arReq->intSid = $authResponse->sid;
+$arReq->username = "mhaase@uni-tuebingen.de";
+
+echo "<HR/>";
+echo "The roles of mhaase@uni-tuebingen.de...<BR/>";
+
+try {
+
+ $rolesetResponse = $soapReview->authorizedRoles( $arReq );
+
+ if( is_array( $rolesetResponse->role ) ) {
+
+ for( $i = 0; $i < sizeof( $rolesetResponse->role ); $i++ ) {
+
+ echo "Role " . $i . ": " . $rolesetResponse->role[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Role 0: " . $rolesetResponse->role . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/authorizedUsers.php b/rbacSoap/examples/authorizedUsers.php
new file mode 100644
index 0000000..7b1943f
--- /dev/null
+++ b/rbacSoap/examples/authorizedUsers.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.10.2007
+// Modification date: 18.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$auReq = new authorizedUsersRequest();
+$auReq->intSid = $authResponse->sid;
+$auReq->role = "Projekt-1,Projekt-Teilnehmer";
+
+echo "<HR/>";
+echo "The authorized users for role Projekt-1,Projekt-Teilnehmer...<BR/>";
+
+try {
+
+ $usersetResponse = $soapReview->authorizedUsers( $auReq );
+
+ if( is_array( $usersetResponse->username ) ) {
+
+ for( $i = 0; $i < sizeof( $usersetResponse->username ); $i++ ) {
+
+ echo "User " . $i . ": " . $usersetResponse->username[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "User 0: " . $usersetResponse->username . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/checkAccess.php b/rbacSoap/examples/checkAccess.php
new file mode 100644
index 0000000..861b656
--- /dev/null
+++ b/rbacSoap/examples/checkAccess.php
@@ -0,0 +1,75 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgsystem.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['sid'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new registerResourceRequest();
+ $regReq->intSid = "";
+ $regReq->sid = $_POST['sid'];
+ $regReq->resource = $_POST['resource'];
+ $regReq->operation = $_POST['operation'];
+
+
+ echo "<HR/>";
+ echo "Checking access...<BR/>";
+
+ try {
+
+ $checkResponse = $soapSystem->checkAccess( $regReq );
+
+ if( $checkResponse->result ) {
+
+ echo "YES.<BR>";
+
+ }
+ else {
+
+ echo "NO<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"checkAccess.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "SID: <INPUT type=\"text\" name=\"sid\" value=\"\"><BR>\n";
+echo "Operation: <INPUT type=\"text\" name=\"operation\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/createProject.php b/rbacSoap/examples/createProject.php
new file mode 100644
index 0000000..7392c1d
--- /dev/null
+++ b/rbacSoap/examples/createProject.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $creReq = new createProjectRequest();
+ $creReq->auth = $_POST['auth'];
+ $creReq->log = "";
+ $creReq->description = $_POST['description'];
+
+
+ echo "<HR/>";
+ echo "Creating project...<BR/>";
+
+ try {
+
+ $creResponse = $soapExtra->createProject( $creReq );
+
+ if( $creResponse->projectId ) {
+
+ echo "DONE: " . $creResponse->projectId . "<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to create new project!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"createProject.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Project-description: <INPUT type=\"text\" name=\"description\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/createSession.php b/rbacSoap/examples/createSession.php
new file mode 100644
index 0000000..efd6341
--- /dev/null
+++ b/rbacSoap/examples/createSession.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 08.07.2007
+// Modification date: 02.08.2007
+// Version: 0.1.2
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "shibConnector@application.int";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "shibConnector@application.int";
+$addRoleReq->role = "sessionCreator,Anwendung";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$creReq = new createSessionRequest();
+$creReq->intSid = $authResponse->sid;
+$creReq->username = "mhaase@uni-tuebingen.de";
+$creReq->roleset = Array( "Projekt-Teilnehmer" );
+$creReq->sid = "ABcDEFG";
+
+echo "<HR/>";
+echo "Creating the session...<BR/>";
+
+try {
+
+ $creResponse = $soapSystem->createSession( $creReq );
+
+ if( $creResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/deassignUser.php b/rbacSoap/examples/deassignUser.php
new file mode 100644
index 0000000..e60f303
--- /dev/null
+++ b/rbacSoap/examples/deassignUser.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 08.08.2007
+// Modification date: 08.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a role you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can deassign a user from a
+// role.
+// -----------------------------------------------------
+$deassUserReq = new deassignUserRequest();
+$deassUserReq->intSid = $authResponse->sid;
+$deassUserReq->username = "mwidmer@uni-tuebingen.de";
+$deassUserReq->role = "testRole";
+
+echo "<HR/>";
+echo "Assigning user to role...<BR/>";
+
+try {
+
+ $deassUserResponse = $soapAdministration->deassignUser( $deassUserReq );
+
+ if( $deassUserResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
\ No newline at end of file
diff --git a/rbacSoap/examples/deleteInheritance.php b/rbacSoap/examples/deleteInheritance.php
new file mode 100644
index 0000000..52dcd28
--- /dev/null
+++ b/rbacSoap/examples/deleteInheritance.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 04.10.2007
+// Modification date: 04.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to delete an
+// inheritance
+// -----------------------------------------------------
+$delInhReq = new deleteInheritanceRequest();
+$delInhReq->intSid = $authResponse->sid;
+$delInhReq->ascendant = "Anwendung,Testrolle";
+$delInhReq->descendant = "Testrolle";
+
+echo "<HR/>";
+echo "Deleting inheritance...<BR/>";
+
+try {
+
+ $delInhResponse = $soapAdministration->deleteInheritance( $delInhReq );
+
+ if( $delInhResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/deleteMember.php b/rbacSoap/examples/deleteMember.php
new file mode 100644
index 0000000..c346a5a
--- /dev/null
+++ b/rbacSoap/examples/deleteMember.php
@@ -0,0 +1,75 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.03.2008
+// Modification date: 18.03.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new deleteMemberRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->role = $_POST['role'];
+ $regReq->username = $_POST['username'];
+
+
+ echo "<HR/>";
+ echo "Removing member...<BR/>";
+
+ try {
+
+ $addMemberResponse = $soapExtra->deleteMember( $regReq );
+
+ if( $addMemberResponse->result ) {
+
+ echo "DONE.<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to commit!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"deleteMember.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Rolle: <INPUT type=\"text\" name=\"role\" value=\"\"><BR>\n";
+echo "Benutzer (eppn): <INPUT type=\"text\" name=\"username\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/deleteRole.php b/rbacSoap/examples/deleteRole.php
new file mode 100644
index 0000000..1c38bc1
--- /dev/null
+++ b/rbacSoap/examples/deleteRole.php
@@ -0,0 +1,117 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 06.08.2007
+// Modification date: 06.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a role you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can delete the role
+// -----------------------------------------------------
+$delRoleReq = new deleteRoleRequest();
+$delRoleReq->intSid = $authResponse->sid;
+$delRoleReq->role = "testRole";
+
+echo "<HR/>";
+echo "Deleting role...<BR/>";
+
+try {
+
+ $delRoleResponse = $soapAdministration->deleteRole( $delRoleReq );
+
+ if( $delRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
\ No newline at end of file
diff --git a/rbacSoap/examples/deleteSession.php b/rbacSoap/examples/deleteSession.php
new file mode 100644
index 0000000..e21def9
--- /dev/null
+++ b/rbacSoap/examples/deleteSession.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 01.08.2007
+// Modification date: 01.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "rbacName=serviceProvider,ou=roles,ou=rbac,dc=rbac,dc=de";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$delReq = new deleteSessionRequest();
+$delReq->intSid = $authResponse->sid;
+$delReq->username = "mhaase@uni-tuebingen.de";
+$delReq->sid = "ABcDEFG";
+
+echo "<HR/>";
+echo "Deleting the session...<BR/>";
+
+try {
+
+ $delResponse = $soapSystem->deleteSession( $delReq );
+
+ if( $delResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/deleteUser.php b/rbacSoap/examples/deleteUser.php
new file mode 100644
index 0000000..bf350a7
--- /dev/null
+++ b/rbacSoap/examples/deleteUser.php
@@ -0,0 +1,119 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$delUserReq = new deleteUserRequest();
+$delUserReq->intSid = $authResponse->sid;
+$delUserReq->username = "mwidmer@uni-tuebingen.de";
+
+echo "<HR/>";
+echo "Removing user...<BR/>";
+
+try {
+
+ $delUserResponse = $soapAdministration->deleteUser( $delUserReq );
+
+ if( $delUserResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/dropActiveRole.php b/rbacSoap/examples/dropActiveRole.php
new file mode 100644
index 0000000..b3c1cd0
--- /dev/null
+++ b/rbacSoap/examples/dropActiveRole.php
@@ -0,0 +1,116 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 08.07.2007
+// Modification date: 17.07.2007
+// Version: 0.1.1
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// Now you can try to drop the active role from your session
+// -----------------------------------------------------
+$dropRoleReq = new addActiveRoleRequest();
+$dropRoleReq->username = "sp00001@textgrid.de";
+$dropRoleReq->role = "serviceProvider";
+$dropRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Dropping active role...<BR/>";
+
+try {
+
+ $dropRoleResponse = $soapSystem->dropActiveRole( $dropRoleReq );
+
+ if( $dropRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/filterBySid.php b/rbacSoap/examples/filterBySid.php
new file mode 100644
index 0000000..6936133
--- /dev/null
+++ b/rbacSoap/examples/filterBySid.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 23.10.2007
+// Modification date: 23.10.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask the RBAC-system
+// form the operations a role may do on a resource.
+// -----------------------------------------------------
+$filterReq = new filterBySidRequest();
+$filterReq->intSid = $authResponse->sid;
+$filterReq->sid = "ABcDEFG";
+$filterReq->resource = Array( "ingrid.daasi.de//demo/tg-demo.xml", "ingrid.daasi.de//demo/inhaltsverzeichnis.doc" );
+$filterReq->operation = "read";
+
+echo "<HR/>";
+echo "Filter on resources ingrid.daasi.de//demo/tg-demo.xml...<BR/>";
+
+try {
+
+ $filterResponse = $soapExtra->filterBySid( $filterReq );
+
+ if( is_array( $filterResponse->resource ) ) {
+
+ for( $i = 0; $i < sizeof( $filterResponse->resource ); $i++ ) {
+
+ echo "Resource " . $i . ": " . $filterResponse->resource[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Resource 0: " . $filterResponse->resource . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/getAllProjects.php b/rbacSoap/examples/getAllProjects.php
new file mode 100644
index 0000000..c1d597c
--- /dev/null
+++ b/rbacSoap/examples/getAllProjects.php
@@ -0,0 +1,65 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+echo "<HR/>";
+echo "Listing all projects...<BR/>";
+
+try {
+
+ $getProResponse = $soapExtra->getAllProjects();
+
+ if( is_array( $getProResponse->project ) ) {
+
+ for( $i = 0; $i < sizeof( $getProResponse->project ); $i++ ) {
+
+ echo $getProResponse->project[$i]->id . " / " . $getProResponse->project[$i]->description . "<BR>";
+
+ }
+
+ }
+ elseif( $getProResponse->project instanceof project ) {
+
+ echo $getProResponse->project->id . " / " . $getProResponse->project->description . "<BR>";
+
+ }
+ else {
+
+ echo "No projects!<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/getLeader.php b/rbacSoap/examples/getLeader.php
new file mode 100644
index 0000000..7fbd178
--- /dev/null
+++ b/rbacSoap/examples/getLeader.php
@@ -0,0 +1,82 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $leaReq = new getLeaderRequest();
+ $leaReq->auth = $_POST['auth'];
+ $leaReq->log = "";
+ $leaReq->project = $_POST['project'];
+
+
+ echo "<HR/>";
+ echo "Searching leader...<BR/>";
+
+ try {
+
+ $response = $soapExtra->getLeader( $leaReq );
+
+ if( is_array( $response->username ) ) {
+
+ for( $i = 0; $i < sizeof( $response->username ); $i++ ) {
+
+ echo $response->username[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $response->username ) ) {
+
+ echo $response->username;
+
+ }
+ else {
+
+ echo "No leader found!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getLeader.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Project-Name: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/getMembers.php b/rbacSoap/examples/getMembers.php
new file mode 100644
index 0000000..d89821d
--- /dev/null
+++ b/rbacSoap/examples/getMembers.php
@@ -0,0 +1,82 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['project'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $memReq = new getMembersRequest();
+ $memReq->auth = $_POST['auth'];
+ $memReq->log = "";
+ $memReq->project = $_POST['project'];
+
+
+ echo "<HR/>";
+ echo "Searching members for project...<BR/>";
+
+ try {
+
+ $memResponse = $soapSystem->getMembers( $memReq );
+
+ if( is_array( $memResponse->username ) ) {
+
+ for( $i = 0; $i < sizeof( $memResponse->username ); $i++ ) {
+
+ echo $memResponse->username[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $memResponse->username ) ) {
+
+ echo $memResponse->username;
+
+ }
+ else {
+
+ echo "No members found!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getMembers.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "project: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/getObjects.php b/rbacSoap/examples/getObjects.php
new file mode 100644
index 0000000..2364f9c
--- /dev/null
+++ b/rbacSoap/examples/getObjects.php
@@ -0,0 +1,82 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['project'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new getObjectsRequest();
+ $regReq->auth = $_POST['auth'];
+ $reqReq->log = "";
+ $regReq->project = $_POST['project'];
+
+
+ echo "<HR/>";
+ echo "Searching resources for project...<BR/>";
+
+ try {
+
+ $resourceResponse = $soapSystem->getObjects( $regReq );
+
+ if( is_array( $resourceResponse->resource ) ) {
+
+ for( $i = 0; $i < sizeof( $resourceResponse->resource ); $i++ ) {
+
+ echo $resourceResponse->resource[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $resourceResponse->resource ) ) {
+
+ echo $resourceResponse->resource;
+
+ }
+ else {
+
+ echo "No resources found!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getObjects.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "project: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/getOwner.php b/rbacSoap/examples/getOwner.php
new file mode 100644
index 0000000..cc42db6
--- /dev/null
+++ b/rbacSoap/examples/getOwner.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $geoReq = new getOwnerRequest();
+ $geoReq->auth = $_POST['auth'];
+ $geoReq->log = "";
+ $geoReq->resource = $_POST['resource'];
+
+
+ echo "<HR/>";
+ echo "Looking for owner...<BR/>";
+
+ try {
+
+ $response = $soapExtra->getOwner( $geoReq );
+
+ if( $response->owner ) {
+
+ echo "Owner: " . $response->owner;
+
+ }
+ else {
+
+ echo "UNABLE TO COMMIT...";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getOwner.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/getProjectDescription.php b/rbacSoap/examples/getProjectDescription.php
new file mode 100644
index 0000000..2fa5283
--- /dev/null
+++ b/rbacSoap/examples/getProjectDescription.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['project'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $proReg = new getProjectDescriptionRequest();
+ $proReg->auth = $_POST['auth'];
+ $proReg->log = "";
+ $proReg->project = $_POST['project'];
+
+
+ echo "<HR/>";
+ echo "Looking for description...<BR/>";
+
+ try {
+
+ $response = $soapExtra->getProjectDescription( $proReg );
+
+ if( $response->description ) {
+
+ echo "Description: " . $response->description;
+
+ }
+ else {
+
+ echo "UNABLE TO COMMIT...";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getProjectDescription.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Project: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/getRights.php b/rbacSoap/examples/getRights.php
new file mode 100644
index 0000000..7a7e62c
--- /dev/null
+++ b/rbacSoap/examples/getRights.php
@@ -0,0 +1,84 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $opReq = new getMembersRequest();
+ $opReq->auth = $_POST['auth'];
+ $opReq->username = $_POST['username'];
+ $opReq->log = "";
+ $opReq->resource = $_POST['resource'];
+
+
+ echo "<HR/>";
+ echo "Searching allowed operations...<BR/>";
+
+ try {
+
+ $opResponse = $soapSystem->getRights( $opReq );
+
+ if( is_array( $opResponse->operation ) ) {
+
+ for( $i = 0; $i < sizeof( $opResponse->operation ); $i++ ) {
+
+ echo $opResponse->operation[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $opResponse->operation ) ) {
+
+ echo $opResponse->operation;
+
+ }
+ else {
+
+ echo "No operations found!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"getRights.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "Username: <INPUT type=\"text\" name=\"username\" value=\"\"><BR/>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/getSid.php b/rbacSoap/examples/getSid.php
new file mode 100644
index 0000000..6c806c9
--- /dev/null
+++ b/rbacSoap/examples/getSid.php
@@ -0,0 +1,52 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 05.08.2007
+// Modification date: 05.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+//$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl",
+// Array( 'proxy_host' => "134.2.217.67", 'proxy_port' => 7777 ) );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// How to get a session-ID from the RBAC-system
+// -----------------------------------------------------
+echo "<HR/>";
+echo "Asking for a session-ID...<BR/>";
+
+try {
+
+ $getSidResponse = $soapExtra->getSid();
+
+ if( $getSidResponse->sid ) {
+
+ echo "DONE: " . $getSidResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/grantPermission.php b/rbacSoap/examples/grantPermission.php
new file mode 100644
index 0000000..eeede55
--- /dev/null
+++ b/rbacSoap/examples/grantPermission.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 06.08.2007
+// Modification date: 06.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a role you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to grant a permission
+// to a role.
+// -----------------------------------------------------
+$grantPermReq = new grantPermissionRequest();
+$grantPermReq->intSid = $authResponse->sid;
+$grantPermReq->resource = "ingrid.daasi.de//demo/tg-demo.xml";
+$grantPermReq->operation = "read";
+$grantPermReq->role = "Testrolle";
+
+echo "<HR/>";
+echo "Assigning user to role...<BR/>";
+
+try {
+
+ $grantPermResponse = $soapAdministration->grantPermission( $grantPermReq );
+
+ if( $grantPermResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/publish.php b/rbacSoap/examples/publish.php
new file mode 100644
index 0000000..5657e4a
--- /dev/null
+++ b/rbacSoap/examples/publish.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $pubReq = new publishRequest();
+ $pubReq->auth = $_POST['auth'];
+ $pubReq->log = "";
+ $pubReq->resource = $_POST['resource'];
+
+
+ echo "<HR/>";
+ echo "Publishing resource...<BR/>";
+
+ try {
+
+ $response = $soapExtra->publish( $pubReq );
+
+ if( $response->result ) {
+
+ echo "DONE";
+
+ }
+ else {
+
+ echo "UNABLE TO COMMIT...";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"publish.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/registerResource.php b/rbacSoap/examples/registerResource.php
new file mode 100644
index 0000000..11dd88c
--- /dev/null
+++ b/rbacSoap/examples/registerResource.php
@@ -0,0 +1,75 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new registerResourceRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->project = $_POST['project'];
+ $regReq->uri = $_POST['uri'];
+
+
+ echo "<HR/>";
+ echo "Adding resource...<BR/>";
+
+ try {
+
+ $registerResourceResponse = $soapExtra->registerResource( $regReq );
+
+ if( $registerResourceResponse->result ) {
+
+ echo "DONE.<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to commit!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"registerResource.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Project-Name: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "URI: <INPUT type=\"text\" name=\"uri\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/revokePermission.php b/rbacSoap/examples/revokePermission.php
new file mode 100644
index 0000000..3aeef75
--- /dev/null
+++ b/rbacSoap/examples/revokePermission.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 06.08.2007
+// Modification date: 06.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a role you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can try to grant a permission
+// to a role.
+// -----------------------------------------------------
+$revPermReq = new revokePermissionRequest();
+$revPermReq->intSid = $authResponse->sid;
+$revPermReq->resource = "ingrid.daasi.de//demo/tg-demo.xml";
+$revPermReq->operation = "read";
+$revPermReq->role = "Testrolle";
+
+echo "<HR/>";
+echo "Revoking permission read for role testRole...<BR/>";
+
+try {
+
+ $revPermResponse = $soapAdministration->revokePermission( $revPermReq );
+
+ if( $revPermResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/roleOperationsOnObject.php b/rbacSoap/examples/roleOperationsOnObject.php
new file mode 100644
index 0000000..d6de59b
--- /dev/null
+++ b/rbacSoap/examples/roleOperationsOnObject.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.08.2007
+// Modification date: 30.08.2007
+// Version: 0.1.1
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask the RBAC-system
+// form the operations a role may do on a resource.
+// -----------------------------------------------------
+$roooReq = new roleOperationsOnObjectRequest();
+$roooReq->intSid = $authResponse->sid;
+$roooReq->role = "Projektleiter,Projekt-1,Projekt-Teilnehmer";
+$roooReq->resource = "ingrid.daasi.de//demo/tg-demo.xml";
+
+echo "<HR/>";
+echo "The allowed operations of roles Projektleiter,Projekt-1,Projekt-Teilnehmer on resource ingrid.daasi.de//demo/tg-demo.xml...<BR/>";
+
+try {
+
+ $operationsetResponse = $soapReview->roleOperationsOnObject( $roooReq );
+
+ if( is_array( $operationsetResponse->operationset ) ) {
+
+ for( $i = 0; $i < sizeof( $operationsetResponse->operationset ); $i++ ) {
+
+ echo "Operation " . $i . ": " . $operationsetResponse->operationset[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Operation 0: " . $operationsetResponse->operationset . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/rolePermissions.php b/rbacSoap/examples/rolePermissions.php
new file mode 100644
index 0000000..647180e
--- /dev/null
+++ b/rbacSoap/examples/rolePermissions.php
@@ -0,0 +1,129 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 25.07.2007
+// Modification date: 17.08.2007
+// Version: 0.1.1
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask the RBAC-system
+// for a list of permissions a role has.
+// -----------------------------------------------------
+$permReq = new rolePermissionsRequest();
+$permReq->intSid = $authResponse->sid;
+$permReq->role = "Projektleiter,Projekt-1,Projekt-Teilnehmer";
+
+echo "<HR/>";
+echo "Query the permissions of role Projektleiter,Projekt-1,Projekt-Teilnehmer...<BR/>";
+
+try {
+
+ $permResponse = $soapReview->rolePermissions( $permReq );
+
+ if( is_array( $permResponse->permissionset ) ) {
+
+ for( $i = 0; $i < sizeof( $permResponse->permissionset ); $i++ ) {
+
+ echo $permResponse->permissionset[$i]->resource . " / "
+ . $permResponse->permissionset[$i]->operation . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo $permResponse->permissionset->resource . " / "
+ . $permResponse->permissionset->operation . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/sessionPermissions.php b/rbacSoap/examples/sessionPermissions.php
new file mode 100644
index 0000000..151c35b
--- /dev/null
+++ b/rbacSoap/examples/sessionPermissions.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 08.08.2007
+// Modification date: 08.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask for a session's
+// permissions.
+// -----------------------------------------------------
+$permReq = new sessionPermissionsRequest();
+$permReq->intSid = $authResponse->sid;
+$permReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Query the permissions of my own session...<BR/>";
+
+try {
+
+ $permResponse = $soapReview->sessionPermissions( $permReq );
+ echo serialize( $permResponse );
+
+ for( $i = 0; $i < sizeof( $permResponse->permissionset ); $i++ ) {
+
+ echo $permResponse->permissionset[$i]->resource . " / "
+ . $permResponse->permissionset[$i]->operation . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/sessionRoles.php b/rbacSoap/examples/sessionRoles.php
new file mode 100644
index 0000000..df58bd9
--- /dev/null
+++ b/rbacSoap/examples/sessionRoles.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you have to add a apropriate
+// role to your active session that allows you to create
+// a session for someone else.
+// -----------------------------------------------------
+$srReq = new sessionRolesRequest();
+$srReq->intSid = $authResponse->sid;
+$srReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Session roles...<BR/>";
+
+try {
+
+ $rolesetResponse = $soapReview->sessionRoles( $srReq );
+
+ if( is_array( $rolesetResponse->role ) ) {
+
+ for( $i = 0; $i < sizeof( $srResponse->role ); $i++ ) {
+
+ echo "Role " . $i . ": " . $rolesetResponse->role[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Role 0: " . $rolesetResponse->role . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/tgAddActiveRole.php b/rbacSoap/examples/tgAddActiveRole.php
new file mode 100644
index 0000000..de8e33a
--- /dev/null
+++ b/rbacSoap/examples/tgAddActiveRole.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new tgAddActiveRoleRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->role = $_POST['role'];
+
+
+ echo "<HR/>";
+ echo "Adding role...<BR/>";
+
+ try {
+
+ $addActiveRoleResponse = $soapExtra->tgAddActiveRole( $regReq );
+
+ if( $addActiveRoleResponse->result ) {
+
+ echo "DONE.<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to commit!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgAddActiveRole.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Role: <INPUT type=\"text\" name=\"role\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/tgAssignedProjects.php b/rbacSoap/examples/tgAssignedProjects.php
new file mode 100644
index 0000000..1b77845
--- /dev/null
+++ b/rbacSoap/examples/tgAssignedProjects.php
@@ -0,0 +1,80 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new tgAssignedProjectsRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+
+
+ echo "<HR/>";
+ echo "Searching...<BR/>";
+
+ try {
+
+ $assignedProjectsResponse = $soapExtra->tgAssignedProjects( $regReq );
+
+ if( is_array( $assignedProjectsResponse->role ) ) {
+
+ for( $i = 0; $i < sizeof( $assignedProjectsResponse->role ); $i++ ) {
+
+ echo $assignedProjectsResponse->role[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $assignedProjectsResponse->role ) ) {
+
+ echo $assignedProjectsResponse->role;
+
+ }
+ else {
+
+ echo "No assigned roles!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgAssignedProjects.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/tgAssignedRoles.php b/rbacSoap/examples/tgAssignedRoles.php
new file mode 100644
index 0000000..e5d55c9
--- /dev/null
+++ b/rbacSoap/examples/tgAssignedRoles.php
@@ -0,0 +1,82 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new tgAssignedRolesRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->username = $_POST['username'];
+
+
+ echo "<HR/>";
+ echo "Searching...<BR/>";
+
+ try {
+
+ $assignedRolesResponse = $soapExtra->tgAssignedRoles( $regReq );
+
+ if( is_array( $assignedRolesResponse->role ) ) {
+
+ for( $i = 0; $i < sizeof( $assignedRolesResponse->role ); $i++ ) {
+
+ echo $assignedRolesResponse->role[$i] . "<BR>";
+
+ }
+
+ }
+ elseif( preg_match( "/.+/", $assignedRolesResponse->role ) ) {
+
+ echo $assignedRolesResponse->role;
+
+ }
+ else {
+
+ echo "No assigned roles!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgAssignedRoles.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Username (may be empty): <INPUT type=\"text\" name=\"username\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/tgCheckAccess.php b/rbacSoap/examples/tgCheckAccess.php
new file mode 100644
index 0000000..e684009
--- /dev/null
+++ b/rbacSoap/examples/tgCheckAccess.php
@@ -0,0 +1,76 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['sid'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new tgCheckAccessRequest();
+ $regReq->auth = "";
+ $reqReq->log = "";
+ $regReq->sid = $_POST['sid'];
+ $regReq->resource = $_POST['resource'];
+ $regReq->operation = $_POST['operation'];
+
+
+ echo "<HR/>";
+ echo "Checking access...<BR/>";
+
+ try {
+
+ $checkResponse = $soapSystem->tgCheckAccess( $regReq );
+
+ if( $checkResponse->result ) {
+
+ echo "YES.<BR>";
+
+ }
+ else {
+
+ echo "NO<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgCheckAccess.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "SID: <INPUT type=\"text\" name=\"sid\" value=\"\"><BR>\n";
+echo "Operation: <INPUT type=\"text\" name=\"operation\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/tgGrantPermission.php b/rbacSoap/examples/tgGrantPermission.php
new file mode 100644
index 0000000..1dc79c3
--- /dev/null
+++ b/rbacSoap/examples/tgGrantPermission.php
@@ -0,0 +1,77 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 04.04.2008
+// Modification date: 04.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $graReq = new tgGrantPermissionRequest();
+ $graReq->auth = $_POST['auth'];
+ $graReq->log = "";
+ $graReq->role = $_POST['role'];
+ $graReq->resource = $_POST['resource'];
+ $graReq->operation = $_POST['operation'];
+
+
+ echo "<HR/>";
+ echo "Trying to grant permission...<BR/>";
+
+ try {
+
+ $response = $soapExtra->tgGrantPermission( $graReq );
+
+ if( $response->result ) {
+
+ echo "DONE";
+
+ }
+ else {
+
+ echo "UNABLE TO COMMIT...";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgGrantPermission.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Role: <INPUT type=\"text\" name=\"role\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "Operation: <INPUT type=\"text\" name=\"operation\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/tgRevokePermission.php b/rbacSoap/examples/tgRevokePermission.php
new file mode 100644
index 0000000..e6d3a28
--- /dev/null
+++ b/rbacSoap/examples/tgRevokePermission.php
@@ -0,0 +1,77 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.04.2008
+// Modification date: 07.04.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $revReg = new tgRevokePermissionRequest();
+ $revReg->auth = $_POST['auth'];
+ $revReg->log = "";
+ $revReg->role = $_POST['role'];
+ $revReg->resource = $_POST['resource'];
+ $revReg->operation = $_POST['operation'];
+
+
+ echo "<HR/>";
+ echo "Trying to revoke permission...<BR/>";
+
+ try {
+
+ $response = $soapExtra->tgRevokePermission( $revReg );
+
+ if( $response->result ) {
+
+ echo "DONE";
+
+ }
+ else {
+
+ echo "UNABLE TO COMMIT...";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"tgRevokePermission.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Role: <INPUT type=\"text\" name=\"role\" value=\"\"><BR>\n";
+echo "Resource: <INPUT type=\"text\" name=\"resource\" value=\"\"><BR>\n";
+echo "Operation: <INPUT type=\"text\" name=\"operation\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/unregisterResource.php b/rbacSoap/examples/unregisterResource.php
new file mode 100644
index 0000000..59d8cf6
--- /dev/null
+++ b/rbacSoap/examples/unregisterResource.php
@@ -0,0 +1,73 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.03.2008
+// Modification date: 17.03.2008
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+ $regReq = new unregisterResourceRequest();
+ $regReq->auth = $_POST['auth'];
+ $regReq->log = "";
+ $regReq->uri = $_POST['uri'];
+
+
+ echo "<HR/>";
+ echo "Unregistering resource...<BR/>";
+
+ try {
+
+ $registerResourceResponse = $soapExtra->unregisterResource( $regReq );
+
+ if( $registerResourceResponse->result ) {
+
+ echo "DONE.<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to commit!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"unregisterResource.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "URI: <INPUT type=\"text\" name=\"uri\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/userExists.php b/rbacSoap/examples/userExists.php
new file mode 100644
index 0000000..845e529
--- /dev/null
+++ b/rbacSoap/examples/userExists.php
@@ -0,0 +1,120 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgsystem.wsdl" );
+$soapAdministration = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/tgadministration.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can add a user you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "ShibConnector@application.int";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "ShibConnector@application.int";
+$addRoleReq->role = "Anwendung";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can add a the user you
+// wish to create
+// -----------------------------------------------------
+$addUserReq = new addUserRequest();
+$addUserReq->intSid = $authResponse->sid;
+//$addUserReq->username = "mwidmer@uni-tuebingen.de";
+$addUserReq->username = "ShibConnector@application.int";
+$addUserReq->password = "secret";
+
+echo "<HR/>";
+echo "Adding user...<BR/>";
+
+try {
+
+ $addUserResponse = $soapAdministration->addUser( $addUserReq );
+
+ if( $addUserResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/userOperationsOnObject.php b/rbacSoap/examples/userOperationsOnObject.php
new file mode 100644
index 0000000..33c712d
--- /dev/null
+++ b/rbacSoap/examples/userOperationsOnObject.php
@@ -0,0 +1,128 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 30.08.2007
+// Modification date: 30.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "sp00001@textgrid.de";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "sp00001@textgrid.de";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask the RBAC-system
+// form the operations a user may do on a resource.
+// -----------------------------------------------------
+$roooReq = new userOperationsOnObjectRequest();
+$roooReq->intSid = $authResponse->sid;
+$roooReq->user = "mhaase@uni-tuebingen.de";
+$roooReq->resource = "ingrid.daasi.de//demo/tg-demo.xml";
+
+echo "<HR/>";
+echo "The allowed operations of user mhaase@uni-tuebingen.de on resource ingrid.daasi.de//demo/tg-demo.xml...<BR/>";
+
+try {
+
+ $operationsetResponse = $soapReview->userOperationsOnObject( $roooReq );
+
+ if( is_array( $operationsetResponse->operationset ) ) {
+
+ for( $i = 0; $i < sizeof( $operationsetResponse->operationset ); $i++ ) {
+
+ echo "Operation " . $i . ": " . $operationsetResponse->operationset[$i] . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo "Operations 0: " . $operationsetResponse->operationset . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/userPermissions.php b/rbacSoap/examples/userPermissions.php
new file mode 100644
index 0000000..03be0c8
--- /dev/null
+++ b/rbacSoap/examples/userPermissions.php
@@ -0,0 +1,132 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 08.08.2007
+// Modification date: 08.08.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../soapTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
+$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
+$soapReview = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgreview.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+// -----------------------------------------------------
+// Before you can create a session you have to
+// authenticate. If this was successful you get a
+// session-ID that you should keep
+// -----------------------------------------------------
+$authReq = new authenticateRequest();
+$authReq->username = "shibConnector@application.int";
+$authReq->password = "secret";
+
+
+echo "<HR/>";
+echo "Doing authentication...<BR/>";
+
+try {
+
+ $authResponse = $soapExtra->authenticate( $authReq );
+
+ if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->sid ) ) {
+
+ echo "DONE: " . $authResponse->sid . "<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+
+// -----------------------------------------------------
+// Now you can try to add an active role to your session
+// -----------------------------------------------------
+$addRoleReq = new addActiveRoleRequest();
+$addRoleReq->username = "shibConnector@application.int";
+$addRoleReq->role = "serviceProvider";
+$addRoleReq->sid = $authResponse->sid;
+
+echo "<HR/>";
+echo "Adding active role...<BR/>";
+
+try {
+
+ $addRoleResponse = $soapSystem->addActiveRole( $addRoleReq );
+
+ if( $addRoleResponse->result ) {
+
+ echo "DONE.<BR/>";
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+// -----------------------------------------------------
+// If this was successfull you can ask for the users
+// permissions.
+// -----------------------------------------------------
+$permReq = new userPermissionsRequest();
+$permReq->intSid = $authResponse->sid;
+//$permReq->username = "shibConnector@application.int";
+$permReq->username = "mhaase@uni-tuebingen.de";
+
+
+echo "<HR/>";
+echo "Query the permissions of user sp00001@textgrid.de...<BR/>";
+
+try {
+
+ $permResponse = $soapReview->userPermissions( $permReq );
+
+ if( is_array( $permResponse->permissionset ) ) {
+
+ for( $i = 0; $i < sizeof( $permResponse->permissionset ); $i++ ) {
+
+ echo $permResponse->permissionset[$i]->resource . " / "
+ . $permResponse->permissionset[$i]->operation . "<BR/>";
+
+ }
+
+ }
+ else {
+
+ echo $permResponse->permissionset->resource . " / "
+ . $permResponse->permissionset->operation . "<BR/>";
+
+
+ }
+
+}
+catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+}
+
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/rbacSoap/examples/xacml_test.php b/rbacSoap/examples/xacml_test.php
new file mode 100644
index 0000000..f85df2d
--- /dev/null
+++ b/rbacSoap/examples/xacml_test.php
@@ -0,0 +1,109 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 18.07.2007
+// Version: 0.1.0
+// #######################################################
+
+
+require_once( "../xacmlTypes.inc.php" );
+
+
+
+// -----------------------------------------------------
+// You'll need these services
+// -----------------------------------------------------
+$soapXACML = new SoapClient( "http://rbac.textgrid.daasi.de/wsdl/xacml.wsdl.local", Array( "trace" => 1 ) );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+ // -----------------------------------------------------
+ // If this was successfull you can add a the user you
+ // wish to create
+ // -----------------------------------------------------
+
+ $regReq = new stdClass();
+
+ $regReq->Version = "2.0";
+ $regReq->ID = "abcde1234";
+ $regReq->ReturnContext = true;
+ $regReq->Request = new stdClass();
+ $regReq->Request->Subject = new stdClass();
+ $regReq->Request->Resource = new stdClass();
+ $regReq->Request->Action = new stdClass();
+ $regReq->Request->Environment = new stdClass();
+
+ $regReq->Request->Subject->Attribute = new stdClass();
+ $regReq->Request->Subject->Attribute->AttributeId = "urn:oasis:names:tc:xacml:1.0:subject:subject-id";
+ $regReq->Request->Subject->Attribute->DataType = "http://www.w3.org/2001/XMLSchema#string";
+ $regReq->Request->Subject->Attribute->AttributeValue = new stdClass();
+ $regReq->Request->Subject->Attribute->AttributeValue->any = "martin.haase@daasi.de";
+
+
+
+/*
+ $regReq->username = "markus";
+ $regReq->password = "widmer";
+ $regReq->mimi = "enemenemuh";
+ $regReq->cat = new stdClass();
+ $regReq->cat->weight = 1;
+ $regReq->cat->color = "blue";
+*/
+
+/**
+ $regReq->auth = $_POST['auth'];
+ $regReq->project = $_POST['project'];
+ $regReq->uri = $_POST['uri'];
+*/
+
+ echo "<HR/>";
+ echo "checking access...<BR/>";
+
+ try {
+
+ $caResponse = $soapXACML->checkXACMLaccess( $regReq );
+
+
+ echo $soapXACML->__getLastRequest();
+ echo $soapXACML->__getLastResponse();
+
+ echo $caResponse->dump;
+
+
+ if( $caResponse->result ) {
+
+ echo "DONE.<BR>";
+
+ }
+ else {
+
+ echo "UNABLE to commit!<BR>";
+
+ }
+
+ }
+ catch( SoapFault $f ) {
+
+ echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+ }
+
+}
+
+
+echo "<FORM action=\"xacml_test.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Project-Name: <INPUT type=\"text\" name=\"project\" value=\"\"><BR>\n";
+echo "URI: <INPUT type=\"text\" name=\"uri\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+?>
diff --git a/rbacSoap/soapTypes.inc.php b/rbacSoap/soapTypes.inc.php
new file mode 100644
index 0000000..80c22b9
--- /dev/null
+++ b/rbacSoap/soapTypes.inc.php
@@ -0,0 +1,506 @@
+<?php
+class authenticateRequest {
+
+ public $username;
+ public $password;
+ public $log;
+
+}
+
+class authenticateResponse {
+
+ public $sid;
+
+}
+
+class getSidResponse {
+
+ public $sid;
+
+}
+
+class checkAccessRequest {
+
+ public $intSid;
+ public $operation;
+ public $resource;
+ public $sid;
+
+}
+
+class tgCheckAccessRequest {
+
+ public $auth;
+ public $log;
+ public $operation;
+ public $resource;
+ public $sid;
+
+}
+
+class tgGrantPermissionRequest {
+
+ public $auth;
+ public $log;
+ public $role;
+ public $resource;
+ public $operation;
+
+}
+
+class tgRevokePermissionRequest {
+
+ public $auth;
+ public $log;
+ public $role;
+ public $resource;
+ public $operation;
+
+}
+
+class getOwnerRequest {
+
+ public $auth;
+ public $log;
+ public $resource;
+
+}
+
+class getOwnerResponse {
+
+ public $owner;
+
+}
+
+class getMembersRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+
+}
+
+class getRightsRequest {
+
+ public $auth;
+ public $log;
+ public $resource;
+ public $username;
+
+}
+
+class publishRequest {
+
+ public $auth;
+ public $log;
+ public $resource;
+
+}
+
+class getProjectDescriptionRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+
+}
+
+class getProjectDescriptionResponse {
+
+ public $description;
+
+}
+
+class createSessionRequest {
+
+ public $intSid;
+ public $username;
+ public $roleset;
+ public $sid;
+
+}
+
+class tgAddActiveRoleRequest {
+
+ public $auth;
+ public $log;
+ public $role;
+
+}
+
+class tgAssignedRolesRequest {
+
+ public $auth;
+ public $log;
+ public $username;
+
+}
+
+class tgAssignedProjectsRequest {
+
+ public $auth;
+ public $log;
+
+}
+
+class deleteSessionRequest {
+
+ public $intSid;
+ public $username;
+ public $sid;
+
+}
+
+class addActiveRoleRequest {
+
+ public $intSid;
+ public $username;
+ public $role;
+ public $sid;
+
+}
+
+class addUserRequest {
+
+ public $intSid;
+ public $username;
+ public $password;
+
+}
+
+class deleteUserRequest {
+
+ public $intSid;
+ public $username;
+
+}
+
+class addInheritanceRequest {
+
+ public $intSid;
+ public $ascendant;
+ public $descendant;
+
+}
+
+class deleteInheritanceRequest {
+
+ public $intSid;
+ public $ascendant;
+ public $descendant;
+
+}
+
+class addAscendantRequest {
+
+ public $intSid;
+ public $ascendant;
+ public $descendant;
+
+}
+
+class addDescendantRequest {
+
+ public $intSid;
+ public $ascendant;
+ public $descendant;
+
+}
+
+class addRoleRequest {
+
+ public $intSid;
+ public $role;
+
+}
+
+class deleteRoleRequest {
+
+ public $intSid;
+ public $role;
+
+}
+
+class grantPermissionRequest {
+
+ public $intSid;
+ public $resource;
+ public $operation;
+ public $role;
+
+}
+
+class revokePermissionRequest {
+
+ public $intSid;
+ public $resource;
+ public $operation;
+ public $role;
+
+}
+
+class assignUserRequest {
+
+ public $intSid;
+ public $username;
+ public $role;
+
+}
+
+class deassignUserRequest {
+
+ public $intSid;
+ public $username;
+ public $role;
+
+}
+
+class sessionRolesRequest {
+
+ public $intSid;
+ public $sid;
+
+}
+
+class assignedRolesRequest {
+
+ public $intSid;
+ public $username;
+
+}
+
+class authorizedRolesRequest {
+
+ public $intSid;
+ public $username;
+
+}
+
+class roleOperationsOnObjectRequest {
+
+ public $intSid;
+ public $role;
+ public $resource;
+
+}
+
+class userOperationsOnObjectRequest {
+
+ public $intSid;
+ public $user;
+ public $resource;
+
+}
+
+class operationsetResponse {
+
+ public $operationset;
+
+}
+
+class assignedUsersRequest {
+
+ public $intSid;
+ public $role;
+
+}
+
+class authorizedUsersRequest {
+
+ public $intSid;
+ public $role;
+
+}
+
+class usersetResponse {
+
+ public $username;
+
+}
+
+class rolePermissionsRequest {
+
+ public $intSid;
+ public $role;
+
+}
+
+class userPermissionsRequest {
+
+ public $intSid;
+ public $username;
+
+}
+
+class getLeaderRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+
+}
+
+class getObjectsRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+
+}
+
+class sessionPermissionsRequest {
+
+ public $intSid;
+ public $sid;
+
+}
+
+class rolesetResponse {
+
+ public $role;
+
+}
+
+class permissionsetResponse {
+
+ public $permissionset;
+
+}
+
+class resourcesetResponse {
+
+ public $resource;
+
+}
+
+class createProjectRequest {
+
+ public $auth;
+ public $log;
+ public $name;
+ public $description;
+
+}
+
+class registerResourceRequest {
+
+ public $auth;
+ public $log;
+ public $project;
+ public $uri;
+
+}
+
+class unregisterResourceRequest {
+
+ public $auth;
+ public $log;
+ public $uri;
+
+}
+
+class addMemberRequest {
+
+ public $auth;
+ public $log;
+ public $role;
+ public $username;
+
+}
+
+class deleteMemberRequest {
+
+ public $auth;
+ public $log;
+ public $role;
+ public $username;
+
+}
+
+class createProjectResponse {
+
+ public $projectId;
+
+}
+
+class getAllProjectsResponse {
+
+ public $project;
+
+}
+
+class getAllProjectsRequest {
+
+ public $log;
+
+}
+
+class userExistsRequest {
+
+ public $auth;
+ public $log;
+ public $username;
+
+}
+
+
+class booleanResponse {
+
+ public $result;
+ public $errorCode;
+ public $errorDescription;
+
+}
+
+class filterBySidRequest {
+
+ public $auth;
+ public $log;
+ public $resource;
+ public $operation;
+
+}
+
+class filterResponse {
+
+ public $resource;
+
+}
+
+
+class permission {
+
+ public $resource;
+ public $operation;
+
+
+ public function __construct( $inOperation, $inResource ) {
+
+ $this->operation = $inOperation;
+ $this->resource = $inResource;
+
+ }
+
+}
+
+class projectInfo {
+
+ public $id;
+ public $description;
+
+
+ public function __construct( $inId, $inDescription ) {
+
+ $this->id = $inId;
+ $this->description = $inDescription;
+
+ }
+
+}
+
+class checkXACMLaccessRequest {
+
+ public $request;
+
+}
+?>
diff --git a/rbacSoap/tgadministration.php b/rbacSoap/tgadministration.php
new file mode 100644
index 0000000..c80fb00
--- /dev/null
+++ b/rbacSoap/tgadministration.php
@@ -0,0 +1,26 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 17.07.2007
+// Modification date: 13.11.2007
+// Version: 1.0.0
+// #######################################################
+
+
+require_once( "soapTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "TgAdministration.class.php" );
+
+
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+
+
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "http://rbac.textgrid.daasi.de/wsdl/tgadministration.wsdl" );
+$server->setClass( "TgAdministration", "../conf/rbacSoap.conf.xml", "../conf/system.conf.xml", "../rbac/" );
+
+$server->handle();
+?>
diff --git a/rbacSoap/tgextra.php b/rbacSoap/tgextra.php
new file mode 100644
index 0000000..0679357
--- /dev/null
+++ b/rbacSoap/tgextra.php
@@ -0,0 +1,32 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.07.2007
+// Modification date: 13.11.2007
+// Version: 1.0.0
+// #######################################################
+
+
+require_once( "soapTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "TgExtra.class.php" );
+
+
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+
+
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "http://rbac.textgrid.daasi.de/wsdl/tgextra.wsdl" );
+$server->setClass( "TgExtra", "../conf/rbacSoap.conf", "../conf/system.conf", "../rbac/" );
+
+
+$server->handle();
+/*
+$tge = new TgExtra( "../conf/rbacSoap.conf.xml", "../conf/system.conf.xml", "../rbac/" );
+$createProjectRequest = new CreateProjectRequest();
+$tge->createProject( $createProjectRequest );
+*/
+?>
diff --git a/rbacSoap/tgreview.php b/rbacSoap/tgreview.php
new file mode 100644
index 0000000..fae8fad
--- /dev/null
+++ b/rbacSoap/tgreview.php
@@ -0,0 +1,26 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 18.07.2007
+// Modification date: 13.11.2007
+// Version: 1.0.0
+// #######################################################
+
+
+require_once( "soapTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "TgReview.class.php" );
+
+
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+
+
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "http://rbac.textgrid.daasi.de/wsdl/tgreview.wsdl" );
+$server->setClass( "TgReview", "../conf/rbacSoap.conf.xml", "../conf/system.conf.xml", "../rbac/" );
+
+$server->handle();
+?>
diff --git a/rbacSoap/tgsystem.php b/rbacSoap/tgsystem.php
new file mode 100644
index 0000000..713e645
--- /dev/null
+++ b/rbacSoap/tgsystem.php
@@ -0,0 +1,26 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.07.2007
+// Modification date: 13.11.2007
+// Version: 1.0.0
+// #######################################################
+
+
+require_once( "soapTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "TgSystem.class.php" );
+
+
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+
+
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "http://rbac.textgrid.daasi.de/wsdl/tgsystem.wsdl" );
+$server->setClass( "TgSystem", "../conf/rbacSoap.conf.xml", "../conf/system.conf.xml", "../rbac/" );
+
+$server->handle();
+?>
diff --git a/tgadministration.wsdl b/rbacSoap/wsdl/tgadministration.wsdl
similarity index 99%
rename from tgadministration.wsdl
rename to rbacSoap/wsdl/tgadministration.wsdl
index b9afad6..f5691c2 100644
--- a/tgadministration.wsdl
+++ b/rbacSoap/wsdl/tgadministration.wsdl
@@ -548,7 +548,7 @@
//-->
<wsdl:service name="tgadministration">
<wsdl:port binding="tns:binding_tgadministration" name="tgadministration">
- <soap:address location="http://textgrid.regengedanken.de/rbacSoap/tgadministration.php" />
+ <soap:address location="http://rbac.textgrid.daasi.de/tgadministration.php" />
</wsdl:port>
</wsdl:service>
diff --git a/rbacSoap/wsdl/tgextra.wsdl b/rbacSoap/wsdl/tgextra.wsdl
new file mode 100644
index 0000000..340841c
--- /dev/null
+++ b/rbacSoap/wsdl/tgextra.wsdl
@@ -0,0 +1,1006 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<wsdl:definitions name="tgextra"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:tns="http://textgrid.info/namespaces/middleware/tgauth"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ targetNamespace="http://textgrid.info/namespaces/middleware/tgauth">
+
+
+ <!--
+ ####################
+ # Typ-Definitionen #
+ ####################
+ //-->
+ <wsdl:types>
+ <xsd:schema targetNamespace="http://textgrid.info/namespaces/middleware/tgauth">
+
+ <!-- #### authenticate #### //-->
+ <xsd:element name="authenticateRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="username" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="password" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <xsd:element name="authenticateResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <!-- #### userExists #### //-->
+ <xsd:element name="userExistsRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="username" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <!-- #### createProject #### //-->
+ <xsd:element name="createProjectRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="name" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="description" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <xsd:element name="createProjectResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="projectId" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <!-- #### filterBySid #### //-->
+ <xsd:element name="filterBySidRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="resource" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
+ <xsd:element name="operation" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <!-- #### addMember #### //-->
+ <xsd:element name="addMemberRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="username" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="role" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <!-- #### deleteMember #### //-->
+ <xsd:element name="deleteMemberRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="username" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="role" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <!-- #### getSid #### //-->
+ <xsd:element name="getSidResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="sid" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <!-- #### registerResource #### //-->
+ <xsd:element name="registerResourceRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="project" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="uri" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <!-- #### unregisterResource #### //-->
+ <xsd:element name="unregisterResourceRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="uri" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### getObjects #### //-->
+ <xsd:element name="getObjectsRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="project" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### getAllProjects #### //-->
+ <xsd:element name="getAllProjectsRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <xsd:element name="getAllProjectsResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="project" type="tns:projectInfo" minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### tgCheckAccess #### //-->
+ <xsd:element name="tgCheckAccessRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="sid" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="operation" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="resource" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### tgAddActiveRole #### //-->
+ <xsd:element name="tgAddActiveRoleRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="role" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### tgDropActiveRole #### //-->
+ <xsd:element name="tgDropActiveRoleRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="role" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### tgAssignedRoles #### //-->
+ <xsd:element name="tgAssignedRolesRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="username" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### tgAssignedProjects #### //-->
+ <xsd:element name="tgAssignedProjectsRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### getLeader #### //-->
+ <xsd:element name="getLeaderRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="project" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### tgGrantPermission #### //-->
+ <xsd:element name="tgGrantPermissionRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="role" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="operation" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="resource" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### tgRevokePermission #### //-->
+ <xsd:element name="tgRevokePermissionRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="role" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="operation" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="resource" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### getOwner #### //-->
+ <xsd:element name="getOwnerRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="resource" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <xsd:element name="getOwnerResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="owner" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### getMembers #### //-->
+ <xsd:element name="getMembersRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="project" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### getRights #### //-->
+ <xsd:element name="getRightsRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="resource" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="username" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### publish #### //-->
+ <xsd:element name="publishRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="resource" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### getProjectDescription #### //-->
+ <xsd:element name="getProjectDescriptionRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="project" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <xsd:element name="getProjectDescriptionResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="description" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <xsd:element name="filterResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="resource" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <xsd:element name="booleanResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="result" type="xsd:boolean" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <xsd:element name="rolesetResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="role" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <xsd:element name="usersetResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="username" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <xsd:element name="resourcesetResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="resource" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <xsd:element name="operationsetResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="operation" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <xsd:element name="projectInfo">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="id" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="description" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+
+ <!-- #### authenticationFault #### //-->
+ <xsd:element name="authenticationFaultResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="fault" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <!-- #### unknownResourceFault #### //-->
+ <xsd:element name="unknownResourceFaultResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="fault" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ </xsd:schema>
+ </wsdl:types>
+
+
+ <!--
+ #################
+ # WSDL-Messages #
+ #################
+ //-->
+
+ <!-- #### authenticate #### //-->
+ <wsdl:message name="authenticateRequest">
+ <wsdl:part element="tns:authenticateRequest" name="authenticateInput" />
+ </wsdl:message>
+ <wsdl:message name="authenticateResponse">
+ <wsdl:part element="tns:authenticateResponse" name="authenticateOutput" />
+ </wsdl:message>
+
+ <!-- #### userExists #### //-->
+ <wsdl:message name="userExistsRequest">
+ <wsdl:part element="tns:userExistsRequest" name="userExistsInput" />
+ </wsdl:message>
+ <wsdl:message name="userExistsResponse">
+ <wsdl:part element="tns:booleanResponse" name="userExistsOutput" />
+ </wsdl:message>
+
+ <!-- #### createProject #### //-->
+ <wsdl:message name="createProjectRequest">
+ <wsdl:part element="tns:createProjectRequest" name="createProjectInput" />
+ </wsdl:message>
+ <wsdl:message name="createProjectResponse">
+ <wsdl:part element="tns:createProjectResponse" name="createProjectOutput" />
+ </wsdl:message>
+
+ <!-- #### getObjects #### //-->
+ <wsdl:message name="getObjectsRequest">
+ <wsdl:part element="tns:getObjectsRequest" name="getObjectsInput" />
+ </wsdl:message>
+ <wsdl:message name="getObjectsResponse">
+ <wsdl:part element="tns:resourcesetResponse" name="getObjectsOutput" />
+ </wsdl:message>
+
+ <!-- #### addMember #### //-->
+ <wsdl:message name="addMemberRequest">
+ <wsdl:part element="tns:addMemberRequest" name="addMemberInput" />
+ </wsdl:message>
+ <wsdl:message name="addMemberResponse">
+ <wsdl:part element="tns:booleanResponse" name="addMemberOutput" />
+ </wsdl:message>
+
+ <!-- #### deleteMember #### //-->
+ <wsdl:message name="deleteMemberRequest">
+ <wsdl:part element="tns:deleteMemberRequest" name="deleteMemberInput" />
+ </wsdl:message>
+ <wsdl:message name="deleteMemberResponse">
+ <wsdl:part element="tns:booleanResponse" name="deleteMemberOutput" />
+ </wsdl:message>
+
+ <!-- #### tgCheckAccess #### //-->
+ <wsdl:message name="tgCheckAccessRequest">
+ <wsdl:part element="tns:tgCheckAccessRequest" name="tgCheckAccessInput" />
+ </wsdl:message>
+ <wsdl:message name="tgCheckAccessResponse">
+ <wsdl:part element="tns:booleanResponse" name="tgCheckAccessOutput" />
+ </wsdl:message>
+
+ <!-- #### tgAddActiveRole #### //-->
+ <wsdl:message name="tgAddActiveRoleRequest">
+ <wsdl:part element="tns:tgAddActiveRoleRequest" name="tgAddActiveRoleInput" />
+ </wsdl:message>
+ <wsdl:message name="tgAddActiveRoleResponse">
+ <wsdl:part element="tns:booleanResponse" name="tgAddActiveRoleOutput" />
+ </wsdl:message>
+
+ <!-- #### tgDropActiveRole #### //-->
+ <wsdl:message name="tgDropActiveRoleRequest">
+ <wsdl:part element="tns:tgDropActiveRoleRequest" name="tgDropActiveRoleInput" />
+ </wsdl:message>
+ <wsdl:message name="tgDropActiveRoleResponse">
+ <wsdl:part element="tns:booleanResponse" name="tgDropActiveRoleOutput" />
+ </wsdl:message>
+
+ <!-- #### tgAssignedRoles #### //-->
+ <wsdl:message name="tgAssignedRolesRequest">
+ <wsdl:part element="tns:tgAssignedRolesRequest" name="tgAssignedRolesInput" />
+ </wsdl:message>
+ <wsdl:message name="tgAssignedRolesResponse">
+ <wsdl:part element="tns:rolesetResponse" name="tgAssignedRolesOutput" />
+ </wsdl:message>
+
+ <!-- #### tgAssignedProjects #### //-->
+ <wsdl:message name="tgAssignedProjectsRequest">
+ <wsdl:part element="tns:tgAssignedProjectsRequest" name="tgAssignedProjectsInput" />
+ </wsdl:message>
+ <wsdl:message name="tgAssignedProjectsResponse">
+ <wsdl:part element="tns:rolesetResponse" name="tgAssignedProjectsOutput" />
+ </wsdl:message>
+
+ <!-- #### getAllProjects #### //-->
+ <wsdl:message name="getAllProjectsRequest">
+ <wsdl:part element="tns:getAllProjectsRequest" name="getAllProjectsInput" />
+ </wsdl:message>
+ <wsdl:message name="getAllProjectsResponse">
+ <wsdl:part element="tns:getAllProjectsResponse" name="getAllProjectsOutput" />
+ </wsdl:message>
+
+ <!-- #### getLeader #### //-->
+ <wsdl:message name="getLeaderRequest">
+ <wsdl:part element="tns:getLeaderRequest" name="getLeaderInput" />
+ </wsdl:message>
+ <wsdl:message name="getLeaderResponse">
+ <wsdl:part element="tns:usersetResponse" name="getLeaderOutput" />
+ </wsdl:message>
+
+ <!-- #### registerResource #### //-->
+ <wsdl:message name="registerResourceRequest">
+ <wsdl:part element="tns:registerResourceRequest" name="registerResourceInput" />
+ </wsdl:message>
+ <wsdl:message name="registerResourceResponse">
+ <wsdl:part element="tns:booleanResponse" name="registerResourceOutput" />
+ </wsdl:message>
+
+ <!-- #### unregisterResource #### //-->
+ <wsdl:message name="unregisterResourceRequest">
+ <wsdl:part element="tns:unregisterResourceRequest" name="unregisterResourceInput" />
+ </wsdl:message>
+ <wsdl:message name="unregisterResourceResponse">
+ <wsdl:part element="tns:booleanResponse" name="unregisterResourceOutput" />
+ </wsdl:message>
+
+ <!-- #### filterBySid #### //-->
+ <wsdl:message name="filterBySidRequest">
+ <wsdl:part element="tns:filterBySidRequest" name="filterBySidInput" />
+ </wsdl:message>
+ <wsdl:message name="filterBySidResponse">
+ <wsdl:part element="tns:filterResponse" name="filterBySidOutput" />
+ </wsdl:message>
+
+ <!-- #### tgGrantPermission #### //-->
+ <wsdl:message name="tgGrantPermissionRequest">
+ <wsdl:part element="tns:tgGrantPermissionRequest" name="tgGrantPermissionInput" />
+ </wsdl:message>
+ <wsdl:message name="tgGrantPermissionResponse">
+ <wsdl:part element="tns:booleanResponse" name="tgGrantPermissionOutput" />
+ </wsdl:message>
+
+ <!-- #### tgRevokePermission #### //-->
+ <wsdl:message name="tgRevokePermissionRequest">
+ <wsdl:part element="tns:tgRevokePermissionRequest" name="tgRevokePermissionInput" />
+ </wsdl:message>
+ <wsdl:message name="tgRevokePermissionResponse">
+ <wsdl:part element="tns:booleanResponse" name="tgRevokePermissionOutput" />
+ </wsdl:message>
+
+ <!-- #### getOwner #### //-->
+ <wsdl:message name="getOwnerRequest">
+ <wsdl:part element="tns:getOwnerRequest" name="getOwnerInput" />
+ </wsdl:message>
+ <wsdl:message name="getOwnerResponse">
+ <wsdl:part element="tns:getOwnerResponse" name="getOwnerOutput" />
+ </wsdl:message>
+
+ <!-- #### getMembers #### //-->
+ <wsdl:message name="getMembersRequest">
+ <wsdl:part element="tns:getMembersRequest" name="getMembersInput" />
+ </wsdl:message>
+ <wsdl:message name="getMembersResponse">
+ <wsdl:part element="tns:usersetResponse" name="getMembersOutput" />
+ </wsdl:message>
+
+ <!-- #### getRights #### //-->
+ <wsdl:message name="getRightsRequest">
+ <wsdl:part element="tns:getRightsRequest" name="getRightsInput" />
+ </wsdl:message>
+ <wsdl:message name="getRightsResponse">
+ <wsdl:part element="tns:operationsetResponse" name="getRightsOutput" />
+ </wsdl:message>
+
+ <!-- #### publish #### //-->
+ <wsdl:message name="publishRequest">
+ <wsdl:part element="tns:publishRequest" name="publishInput" />
+ </wsdl:message>
+ <wsdl:message name="publishResponse">
+ <wsdl:part element="tns:booleanResponse" name="publishOutput" />
+ </wsdl:message>
+
+ <!-- #### getProjectDescription #### //-->
+ <wsdl:message name="getProjectDescriptionRequest">
+ <wsdl:part element="tns:getProjectDescriptionRequest" name="getProjectDescriptionInput" />
+ </wsdl:message>
+ <wsdl:message name="getProjectDescriptionResponse">
+ <wsdl:part element="tns:getProjectDescriptionResponse" name="getProjectDescriptionOutput" />
+ </wsdl:message>
+
+ <!-- #### getSid #### //-->
+ <wsdl:message name="getSidResponse">
+ <wsdl:part element="tns:getSidResponse" name="getSidOutput" />
+ </wsdl:message>
+
+ <!-- #### authenticationFault #### //-->
+ <wsdl:message name="authenticationFault">
+ <wsdl:part element="tns:authenticationFaultResponse" name="authenticationFault" />
+ </wsdl:message>
+
+ <!-- #### unknownResourceFault #### //-->
+ <wsdl:message name="unknownResourceFault">
+ <wsdl:part element="tns:unknownResourceFaultResponse" name="unknownResourceFault" />
+ </wsdl:message>
+
+
+
+ <!--
+ ##########################
+ # Port-Type-Definitionen #
+ ##########################
+ //-->
+ <wsdl:portType name="port_tgextra">
+
+ <!-- #### authenticate #### //-->
+ <wsdl:operation name="authenticate">
+ <wsdl:input message="tns:authenticateRequest" />
+ <wsdl:output message="tns:authenticateResponse" />
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
+ </wsdl:operation>
+
+ <!-- #### userExists #### //-->
+ <wsdl:operation name="userExists">
+ <wsdl:input message="tns:userExistsRequest" />
+ <wsdl:output message="tns:userExistsResponse" />
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
+ </wsdl:operation>
+
+ <!-- #### createProject #### //-->
+ <wsdl:operation name="createProject">
+ <wsdl:input message="tns:createProjectRequest" />
+ <wsdl:output message="tns:createProjectResponse" />
+ </wsdl:operation>
+
+ <!-- #### getObjects #### //-->
+ <wsdl:operation name="getObjects">
+ <wsdl:input message="tns:getObjectsRequest" />
+ <wsdl:output message="tns:getObjectsResponse" />
+ </wsdl:operation>
+
+ <!-- #### addMember #### //-->
+ <wsdl:operation name="addMember">
+ <wsdl:input message="tns:addMemberRequest" />
+ <wsdl:output message="tns:addMemberResponse" />
+ </wsdl:operation>
+
+ <!-- #### deleteMember #### //-->
+ <wsdl:operation name="deleteMember">
+ <wsdl:input message="tns:deleteMemberRequest" />
+ <wsdl:output message="tns:deleteMemberResponse" />
+ </wsdl:operation>
+
+ <!-- #### tgAddActiveRole #### //-->
+ <wsdl:operation name="tgAddActiveRole">
+ <wsdl:input message="tns:tgAddActiveRoleRequest" />
+ <wsdl:output message="tns:tgAddActiveRoleResponse" />
+ </wsdl:operation>
+
+ <!-- #### tgDropActiveRole #### //-->
+ <wsdl:operation name="tgDropActiveRole">
+ <wsdl:input message="tns:tgDropActiveRoleRequest" />
+ <wsdl:output message="tns:tgDropActiveRoleResponse" />
+ </wsdl:operation>
+
+ <!-- #### tgCheckAccess #### //-->
+ <wsdl:operation name="tgCheckAccess">
+ <wsdl:input message="tns:tgCheckAccessRequest" />
+ <wsdl:output message="tns:tgCheckAccessResponse" />
+ </wsdl:operation>
+
+ <!-- #### tgAssignedRoles #### //-->
+ <wsdl:operation name="tgAssignedRoles">
+ <wsdl:input message="tns:tgAssignedRolesRequest" />
+ <wsdl:output message="tns:tgAssignedRolesResponse" />
+ </wsdl:operation>
+
+ <!-- #### tgAssignedProjects #### //-->
+ <wsdl:operation name="tgAssignedProjects">
+ <wsdl:input message="tns:tgAssignedProjectsRequest" />
+ <wsdl:output message="tns:tgAssignedProjectsResponse" />
+ </wsdl:operation>
+
+ <!-- #### getAllProjects #### //-->
+ <wsdl:operation name="getAllProjects">
+ <wsdl:input message="tns:getAllProjectsRequest" />
+ <wsdl:output message="tns:getAllProjectsResponse" />
+ </wsdl:operation>
+
+ <!-- #### getLeader #### //-->
+ <wsdl:operation name="getLeader">
+ <wsdl:input message="tns:getLeaderRequest" />
+ <wsdl:output message="tns:getLeaderResponse" />
+ </wsdl:operation>
+
+ <!-- #### registerResource #### //-->
+ <wsdl:operation name="registerResource">
+ <wsdl:input message="tns:registerResourceRequest" />
+ <wsdl:output message="tns:registerResourceResponse" />
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
+ </wsdl:operation>
+
+ <!-- #### unregisterResource #### //-->
+ <wsdl:operation name="unregisterResource">
+ <wsdl:input message="tns:unregisterResourceRequest" />
+ <wsdl:output message="tns:unregisterResourceResponse" />
+ <wsdl:fault name="unknownResourceFault" message="tns:unknownResourceFault" />
+ </wsdl:operation>
+
+ <!-- #### filterBySid #### //-->
+ <wsdl:operation name="filterBySid">
+ <wsdl:input message="tns:filterBySidRequest" />
+ <wsdl:output message="tns:filterBySidResponse" />
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
+ </wsdl:operation>
+
+ <!-- #### tgGrantPermission #### //-->
+ <wsdl:operation name="tgGrantPermission">
+ <wsdl:input message="tns:tgGrantPermissionRequest" />
+ <wsdl:output message="tns:tgGrantPermissionResponse" />
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
+ </wsdl:operation>
+
+ <!-- #### tgRevokePermission #### //-->
+ <wsdl:operation name="tgRevokePermission">
+ <wsdl:input message="tns:tgRevokePermissionRequest" />
+ <wsdl:output message="tns:tgRevokePermissionResponse" />
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
+ </wsdl:operation>
+
+ <!-- #### getOwner #### //-->
+ <wsdl:operation name="getOwner">
+ <wsdl:input message="tns:getOwnerRequest" />
+ <wsdl:output message="tns:getOwnerResponse" />
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
+ </wsdl:operation>
+
+ <!-- #### getMembers #### //-->
+ <wsdl:operation name="getMembers">
+ <wsdl:input message="tns:getMembersRequest" />
+ <wsdl:output message="tns:getMembersResponse" />
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
+ </wsdl:operation>
+
+ <!-- #### getRights #### //-->
+ <wsdl:operation name="getRights">
+ <wsdl:input message="tns:getRightsRequest" />
+ <wsdl:output message="tns:getRightsResponse" />
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
+ </wsdl:operation>
+
+ <!-- #### publish #### //-->
+ <wsdl:operation name="publish">
+ <wsdl:input message="tns:publishRequest" />
+ <wsdl:output message="tns:publishResponse" />
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
+ </wsdl:operation>
+
+ <!-- #### getProjectDescription #### //-->
+ <wsdl:operation name="getProjectDescription">
+ <wsdl:input message="tns:getProjectDescriptionRequest" />
+ <wsdl:output message="tns:getProjectDescriptionResponse" />
+ </wsdl:operation>
+
+ <!-- #### getSid #### //-->
+ <wsdl:operation name="getSid">
+ <wsdl:output message="tns:getSidResponse" />
+ </wsdl:operation>
+
+ </wsdl:portType>
+
+
+
+ <!--
+ ###########
+ # Binding #
+ ###########
+ //-->
+ <wsdl:binding name="binding_tgextra" type="tns:port_tgextra">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
+
+ <!-- #### authenticate #### //-->
+ <wsdl:operation name="authenticate">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/authenticate" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
+ </wsdl:operation>
+
+ <!-- #### userExists #### //-->
+ <wsdl:operation name="userExists">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/userExists" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
+ </wsdl:operation>
+
+ <!-- #### createProject #### //-->
+ <wsdl:operation name="createProject">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/createProject" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### getObjects #### //-->
+ <wsdl:operation name="getObjects">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getObjects" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### addMember #### //-->
+ <wsdl:operation name="addMember">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/addMember" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### deleteMember #### //-->
+ <wsdl:operation name="deleteMember">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/deleteMember" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### tgAddActiveRole #### //-->
+ <wsdl:operation name="tgAddActiveRole">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/tgAddActiveRole" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### tgDropActiveRole #### //-->
+ <wsdl:operation name="tgDropActiveRole">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/tgDropActiveRole" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### tgCheckAccess #### //-->
+ <wsdl:operation name="tgCheckAccess">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/tgCheckAccess" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### tgAssignedRoles #### //-->
+ <wsdl:operation name="tgAssignedRoles">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/tgAssignedRoles" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### tgAssignedProjects #### //-->
+ <wsdl:operation name="tgAssignedProjects">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/tgAssignedProjects" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### getAllProjects #### //-->
+ <wsdl:operation name="getAllProjects">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getAllProjects" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### getLeader #### //-->
+ <wsdl:operation name="getLeader">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getLeader" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### registerResource #### //-->
+ <wsdl:operation name="registerResource">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/registerResource" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
+ </wsdl:operation>
+
+ <!-- #### unregisterResource #### //-->
+ <wsdl:operation name="unregisterResource">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/unregisterResource" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <wsdl:fault name="unknownResourceFault"><soap:fault name="unknownResourceFault" use="literal"/></wsdl:fault>
+ </wsdl:operation>
+
+ <!-- #### filterBySid #### //-->
+ <wsdl:operation name="filterBySid">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/filterBySid" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
+ </wsdl:operation>
+
+ <!-- #### tgGrantPermission #### //-->
+ <wsdl:operation name="tgGrantPermission">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/tgGrantPermission" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
+ </wsdl:operation>
+
+ <!-- #### tgRevokePermission #### //-->
+ <wsdl:operation name="tgRevokePermission">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/tgRevokePermission" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
+ </wsdl:operation>
+
+ <!-- #### getOwner #### //-->
+ <wsdl:operation name="getOwner">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getOwner" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
+ </wsdl:operation>
+
+ <!-- #### getMembers #### //-->
+ <wsdl:operation name="getMembers">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getMembers" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
+ </wsdl:operation>
+
+ <!-- #### getRights #### //-->
+ <wsdl:operation name="getRights">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getRights" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
+ </wsdl:operation>
+
+ <!-- #### publish #### //-->
+ <wsdl:operation name="publish">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/publish" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
+ </wsdl:operation>
+
+ <!-- #### getProjectDescription #### //-->
+ <wsdl:operation name="getProjectDescription">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getProjectDescription" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ <!-- #### getSid #### //-->
+ <wsdl:operation name="getSid">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getSid" />
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ </wsdl:binding>
+
+
+
+ <!--
+ #####################
+ # Servicedefinition #
+ #####################
+ //-->
+ <wsdl:service name="tgextra">
+ <wsdl:port binding="tns:binding_tgextra" name="tgextra">
+ <soap:address location="http://rbac.textgrid.daasi.de/tgextra.php" />
+ </wsdl:port>
+ </wsdl:service>
+
+</wsdl:definitions>
diff --git a/tgreview.wsdl b/rbacSoap/wsdl/tgreview.wsdl
similarity index 99%
rename from tgreview.wsdl
rename to rbacSoap/wsdl/tgreview.wsdl
index 033af6a..0e67483 100644
--- a/tgreview.wsdl
+++ b/rbacSoap/wsdl/tgreview.wsdl
@@ -490,7 +490,7 @@
//-->
<wsdl:service name="tgreview">
<wsdl:port binding="tns:binding_tgreview" name="tns:tgreview">
- <soap:address location="http://textgrid.regengedanken.de/rbacSoap/tgreview.php" />
+ <soap:address location="http://rbac.textgrid.daasi.de/tgreview.php" />
</wsdl:port>
</wsdl:service>
diff --git a/tgsystem.wsdl b/rbacSoap/wsdl/tgsystem.wsdl
similarity index 99%
rename from tgsystem.wsdl
rename to rbacSoap/wsdl/tgsystem.wsdl
index 3e5fc58..fe4f886 100644
--- a/tgsystem.wsdl
+++ b/rbacSoap/wsdl/tgsystem.wsdl
@@ -277,7 +277,7 @@
//-->
<wsdl:service name="tgsystem">
<wsdl:port binding="tns:binding_tgsystem" name="tgsystem">
- <soap:address location="http://textgrid.regengedanken.de/rbacSoap/tgsystem.php" />
+ <soap:address location="http://rbac.textgrid.daasi.de/tgsystem.php" />
</wsdl:port>
</wsdl:service>
diff --git a/rbacSoap/wsdl/xacml.wsdl b/rbacSoap/wsdl/xacml.wsdl
new file mode 100644
index 0000000..7d81b46
--- /dev/null
+++ b/rbacSoap/wsdl/xacml.wsdl
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<wsdl:definitions name="xacml"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:tns="http://daasi.de/namespaces/rbac/xacml"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ targetNamespace="http://daasi.de/namespaces/rbac/xacml"
+ xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os">
+
+
+ <!--
+ ####################
+ # Typ-Definitionen #
+ ####################
+ //-->
+ <wsdl:types>
+ <xsd:schema targetNamespace="http://daasi.de/namespaces/rbac/xacml">
+ <xsd:import namespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
+ schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-os.xsd"/>
+ <xsd:import namespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd"/>
+
+ <xsd:element name="checkXACMLaccessRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="request" type="xacml-samlp:XACMLAuthzDecisionQuery" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ <xsd:element name="checkXACMLaccessResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="response" type="xacml-saml:XACMLAuthzDecisionStatement" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+
+ </xsd:schema>
+
+ </wsdl:types>
+
+
+ <!--
+ #################
+ # WSDL-Messages #
+ #################
+ //-->
+
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:message name="checkXACMLaccessRequest">
+ <wsdl:part element="tns:checkXACMLaccessRequest" name="checkXACMLaccessInput" />
+ </wsdl:message>
+ <wsdl:message name="checkXACMLaccessResponse">
+ <wsdl:part element="tns:checkXACMLaccessResponse" name="checkXACMLaccessOutput" />
+ </wsdl:message>
+
+
+
+ <!--
+ ##########################
+ # Port-Type-Definitionen #
+ ##########################
+ //-->
+ <wsdl:portType name="port_xacml">
+
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:operation name="checkXACMLaccess">
+ <wsdl:input message="tns:checkXACMLaccessRequest" />
+ <wsdl:output message="tns:checkXACMLaccessResponse" />
+ </wsdl:operation>
+
+ </wsdl:portType>
+
+
+
+ <!--
+ ###########
+ # Binding #
+ ###########
+ //-->
+ <wsdl:binding name="binding_xacml" type="tns:port_xacml">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
+
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:operation name="checkXACMLaccess">
+ <soap:operation soapAction="http://daasi.de/rbac/xacml/checkXACMLaccess" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ </wsdl:binding>
+
+
+
+ <!--
+ #####################
+ # Servicedefinition #
+ #####################
+ //-->
+ <wsdl:service name="xacml">
+ <wsdl:port binding="tns:binding_xacml" name="tns:xacml">
+ <soap:address location="http://rbac.textgrid.daasi.de/xacml.php" />
+ </wsdl:port>
+ </wsdl:service>
+
+</wsdl:definitions>
diff --git a/rbacSoap/wsdl/xacml.wsdl.local b/rbacSoap/wsdl/xacml.wsdl.local
new file mode 100644
index 0000000..8bff4db
--- /dev/null
+++ b/rbacSoap/wsdl/xacml.wsdl.local
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<wsdl:definitions name="xacml"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:tns="http://daasi.de/namespaces/rbac/xacml"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ targetNamespace="http://daasi.de/namespaces/rbac/xacml"
+ xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os">
+
+
+ <!--
+ ####################
+ # Typ-Definitionen #
+ ####################
+ //-->
+ <wsdl:types>
+ <xsd:schema targetNamespace="http://daasi.de/namespaces/rbac/xacml">
+ <xsd:import namespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
+ schemaLocation="http://rbac.textgrid.daasi.de/xsd/access_control-xacml-2.0-saml-assertion-schema-os.xsd"/>
+ <xsd:import namespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ schemaLocation="http://rbac.textgrid.daasi.de/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd"/>
+
+ <xsd:element name="testRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="username" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="password" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ <xsd:attribute name="mimi"
+ type="boolean"
+ use="optional"
+ default="false" />
+ </xsd:complexType>
+ </xsd:element>
+
+ </xsd:schema>
+
+ </wsdl:types>
+
+
+ <!--
+ #################
+ # WSDL-Messages #
+ #################
+ //-->
+
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:message name="checkXACMLaccessRequest">
+ <wsdl:part element="xacml-samlp:XACMLAuthzDecisionQuery" name="checkXACMLaccessInput" />
+<!-- <wsdl:part element="tns:testRequest" name="checkXACMLaccessInput" /> -->
+ </wsdl:message>
+ <wsdl:message name="checkXACMLaccessResponse">
+ <wsdl:part element="xacml-saml:XACMLAuthzDecisionStatement" name="checkXACMLaccessOutput" />
+ </wsdl:message>
+
+
+
+ <!--
+ ##########################
+ # Port-Type-Definitionen #
+ ##########################
+ //-->
+ <wsdl:portType name="port_xacml">
+
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:operation name="checkXACMLaccess">
+ <wsdl:input message="tns:checkXACMLaccessRequest" />
+ <wsdl:output message="tns:checkXACMLaccessResponse" />
+ </wsdl:operation>
+
+ </wsdl:portType>
+
+
+
+ <!--
+ ###########
+ # Binding #
+ ###########
+ //-->
+ <wsdl:binding name="binding_xacml" type="tns:port_xacml">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
+
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:operation name="checkXACMLaccess">
+ <soap:operation soapAction="http://daasi.de/rbac/xacml/checkXACMLaccess" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ </wsdl:binding>
+
+
+
+ <!--
+ #####################
+ # Servicedefinition #
+ #####################
+ //-->
+ <wsdl:service name="xacml">
+ <wsdl:port binding="tns:binding_xacml" name="tns:xacml">
+ <soap:address location="http://rbac.textgrid.daasi.de/xacml.php" />
+ </wsdl:port>
+ </wsdl:service>
+
+</wsdl:definitions>
diff --git a/rbacSoap/wsdl/xacml.wsdl.reduceImport b/rbacSoap/wsdl/xacml.wsdl.reduceImport
new file mode 100644
index 0000000..3fe0f65
--- /dev/null
+++ b/rbacSoap/wsdl/xacml.wsdl.reduceImport
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<wsdl:definitions name="xacml"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:tns="http://daasi.de/namespaces/rbac/xacml"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ targetNamespace="http://daasi.de/namespaces/rbac/xacml"
+ xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os">
+
+
+ <!--
+ ####################
+ # Typ-Definitionen #
+ ####################
+ //-->
+ <wsdl:types>
+ <xsd:schema targetNamespace="http://daasi.de/namespaces/rbac/xacml">
+ <xsd:import namespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
+ schemaLocation="http://rbac.textgrid.daasi.de/xsd/access_control-xacml-2.0-saml-assertion-schema-os.xsd"/>
+ <xsd:import namespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ schemaLocation="http://rbac.textgrid.daasi.de/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd"/>
+
+ <xsd:complexType name="cat">
+ <xsd:sequence>
+ <xsd:element name="color" type="xsd:string" />
+ <xsd:element name="weight" type="xsd:integer" />
+ </xsd:sequence>
+ </xsd:complexType>
+
+ <xsd:element name="generalRequest" type="tns:generalRequestType" />
+
+ <xsd:complexType name="generalRequestType">
+ <xsd:attribute name="ids" type="xsd:string" use="required" />
+ </xsd:complexType>
+
+
+ <xsd:element name="testRequest" type="tns:testRequestType" />
+
+ <xsd:complexType name="testRequestType">
+ <xsd:complexContent>
+ <xsd:extension base="tns:generalRequestType">
+ <xsd:sequence>
+ <xsd:element name="username" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="password" type="xsd:string" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="cat" type="tns:cat" minOccurs="1" maxOccurs="1" />
+ </xsd:sequence>
+ <xsd:attribute name="mimi"
+ type="xsd:string"
+ use="optional"
+ default="false" />
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+
+ </xsd:schema>
+
+ </wsdl:types>
+
+
+ <!--
+ #################
+ # WSDL-Messages #
+ #################
+ //-->
+
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:message name="checkXACMLaccessRequest">
+<!-- <wsdl:part element="xacml-samlp:XACMLAuthzDecisionQuery" name="checkXACMLaccessInput" /> -->
+ <wsdl:part element="tns:testRequest" name="checkXACMLaccessInput" />
+ </wsdl:message>
+ <wsdl:message name="checkXACMLaccessResponse">
+ <wsdl:part element="xacml-saml:XACMLAuthzDecisionStatement" name="checkXACMLaccessOutput" />
+ </wsdl:message>
+
+
+
+ <!--
+ ##########################
+ # Port-Type-Definitionen #
+ ##########################
+ //-->
+ <wsdl:portType name="port_xacml">
+
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:operation name="checkXACMLaccess">
+ <wsdl:input message="tns:checkXACMLaccessRequest" />
+ <wsdl:output message="tns:checkXACMLaccessResponse" />
+ </wsdl:operation>
+
+ </wsdl:portType>
+
+
+
+ <!--
+ ###########
+ # Binding #
+ ###########
+ //-->
+ <wsdl:binding name="binding_xacml" type="tns:port_xacml">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
+
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:operation name="checkXACMLaccess">
+ <soap:operation soapAction="http://daasi.de/rbac/xacml/checkXACMLaccess" />
+ <wsdl:input><soap:body use="literal" /></wsdl:input>
+ <wsdl:output><soap:body use="literal" /></wsdl:output>
+ </wsdl:operation>
+
+ </wsdl:binding>
+
+
+
+ <!--
+ #####################
+ # Servicedefinition #
+ #####################
+ //-->
+ <wsdl:service name="xacml">
+ <wsdl:port binding="tns:binding_xacml" name="tns:xacml">
+ <soap:address location="http://rbac.textgrid.daasi.de/xacml.php" />
+ </wsdl:port>
+ </wsdl:service>
+
+</wsdl:definitions>
diff --git a/rbacSoap/xacml.php b/rbacSoap/xacml.php
new file mode 100644
index 0000000..9de80d7
--- /dev/null
+++ b/rbacSoap/xacml.php
@@ -0,0 +1,32 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.07.2007
+// Modification date: 13.11.2007
+// Version: 1.0.0
+// #######################################################
+
+
+require_once( "xacmlTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "XACML.class.php" );
+
+
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+
+
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "http://rbac.textgrid.daasi.de/wsdl/xacml.wsdl.local" );
+$server->setClass( "XACML", "../conf/rbacSoap.conf", "../conf/system.conf", "../rbac/" );
+
+
+$server->handle();
+/*
+$tge = new XACML( "../conf/rbacSoap.conf.xml", "../conf/system.conf.xml", "../rbac/" );
+$createProjectRequest = new CreateProjectRequest();
+$tge->createProject( $createProjectRequest );
+*/
+?>
diff --git a/rbacSoap/xacmlTypes.inc.php b/rbacSoap/xacmlTypes.inc.php
new file mode 100644
index 0000000..972cee8
--- /dev/null
+++ b/rbacSoap/xacmlTypes.inc.php
@@ -0,0 +1,22 @@
+<?php
+class dumpResponse {
+ public $dump;
+}
+
+
+class XACMLAuthzDecisionQuery {
+ public $id;
+ public $Version;
+ public $issueInstant;
+ public $inputContextOnly;
+ public $returnContext;
+ public $request;
+}
+
+
+class Request {
+ public $subject;
+ public $resource;
+ public $action;
+}
+?>
diff --git a/rbacSoap/xsd/access_control-xacml-2.0-saml-assertion-schema-os.xsd b/rbacSoap/xsd/access_control-xacml-2.0-saml-assertion-schema-os.xsd
new file mode 100644
index 0000000..1dc54db
--- /dev/null
+++ b/rbacSoap/xsd/access_control-xacml-2.0-saml-assertion-schema-os.xsd
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
+ xmlns:tns="urn:oasis:xacml:2.0:saml:assertion:schema:os"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ schemaLocation="http://rbac.textgrid.daasi.de/xsd/saml-schema-assertion-2.0.xsd"/>
+ <xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd"/>
+ <xs:annotation>
+ <xs:documentation>
+ Document identifier: access_control-xacml-2.0-saml-assertion-schema-cd-02.xsd
+ Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-cd-os.xsd
+ </xs:documentation>
+ </xs:annotation>
+ <!-- -->
+ <xs:element name="XACMLAuthzDecisionStatement"
+ type="tns:XACMLAuthzDecisionStatementType"/>
+ <xs:complexType name="XACMLAuthzDecisionStatementType">
+ <xs:complexContent>
+ <xs:extension base="saml:StatementAbstractType">
+ <xs:sequence>
+ <xs:element ref="xacml-context:Response"/>
+ <xs:element ref="xacml-context:Request" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <!-- -->
+ <xs:element name="XACMLPolicyStatement"
+ type="tns:XACMLPolicyStatementType"/>
+ <xs:complexType name="XACMLPolicyStatementType">
+ <xs:complexContent>
+ <xs:extension base="saml:StatementAbstractType">
+ <xs:choice minOccurs="0" maxOccurs="unbounded">
+ <xs:element ref="xacml:Policy"/>
+ <xs:element ref="xacml:PolicySet"/>
+ </xs:choice>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+</schema>
+
diff --git a/rbacSoap/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd b/rbacSoap/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd
new file mode 100644
index 0000000..a80290f
--- /dev/null
+++ b/rbacSoap/xsd/access_control-xacml-2.0-saml-protocol-schema-os.xsd
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ xmlns:tns="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
+ schemaLocation="http://rbac.textgrid.daasi.de/xsd/saml-schema-protocol-2.0.xsd"/>
+ <xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd"/>
+ <xs:annotation>
+ <xs:documentation>
+ Document identifier: access_control-xacml-2.0-saml-protocol-schema-os.xsd
+ Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd
+ </xs:documentation>
+ </xs:annotation>
+ <!-- -->
+ <xs:element name="XACMLAuthzDecisionQuery"
+ type="tns:XACMLAuthzDecisionQueryType"/>
+ <xs:complexType name="XACMLAuthzDecisionQueryType">
+ <xs:complexContent>
+ <xs:extension base="samlp:RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="xacml-context:Request"/>
+ </xs:sequence>
+ <xs:attribute name="InputContextOnly"
+ type="boolean"
+ use="optional"
+ default="false"/>
+ <xs:attribute name="ReturnContext"
+ type="boolean"
+ use="optional"
+ default="false"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <!-- -->
+ <xs:element name="XACMLPolicyQuery"
+ type="tns:XACMLPolicyQueryType"/>
+ <xs:complexType name="XACMLPolicyQueryType">
+ <xs:complexContent>
+ <xs:extension base="samlp:RequestAbstractType">
+ <xs:choice minOccurs="0" maxOccurs="unbounded">
+ <xs:element ref="xacml-context:Request"/>
+ <xs:element ref="xacml:Target"/>
+ <xs:element ref="xacml:PolicySetIdReference"/>
+ <xs:element ref="xacml:PolicyIdReference"/>
+ </xs:choice>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+</schema>
+
diff --git a/rbacSoap/xsd/saml-schema-assertion-2.0.xsd b/rbacSoap/xsd/saml-schema-assertion-2.0.xsd
new file mode 100644
index 0000000..122dc3b
--- /dev/null
+++ b/rbacSoap/xsd/saml-schema-assertion-2.0.xsd
@@ -0,0 +1,284 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+ <import namespace="http://www.w3.org/2001/04/xmlenc#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: saml-schema-assertion-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V1.0 (November, 2002):
+ Initial Standard Schema.
+ V1.1 (September, 2003):
+ Updates within the same V1.0 namespace.
+ V2.0 (March, 2005):
+ New assertion schema for SAML V2.0 namespace.
+ </documentation>
+ </annotation>
+ <attributeGroup name="IDNameQualifiers">
+ <attribute name="NameQualifier" type="string" use="optional"/>
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
+ </attributeGroup>
+ <element name="BaseID" type="saml:BaseIDAbstractType"/>
+ <complexType name="BaseIDAbstractType" abstract="true">
+ <attributeGroup ref="saml:IDNameQualifiers"/>
+ </complexType>
+ <element name="NameID" type="saml:NameIDType"/>
+ <complexType name="NameIDType">
+ <simpleContent>
+ <extension base="string">
+ <attributeGroup ref="saml:IDNameQualifiers"/>
+ <attribute name="Format" type="anyURI" use="optional"/>
+ <attribute name="SPProvidedID" type="string" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <complexType name="EncryptedElementType">
+ <sequence>
+ <element ref="xenc:EncryptedData"/>
+ <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <element name="EncryptedID" type="saml:EncryptedElementType"/>
+ <element name="Issuer" type="saml:NameIDType"/>
+ <element name="AssertionIDRef" type="NCName"/>
+ <element name="AssertionURIRef" type="anyURI"/>
+ <element name="Assertion" type="saml:AssertionType"/>
+ <complexType name="AssertionType">
+ <sequence>
+ <element ref="saml:Issuer"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="saml:Subject" minOccurs="0"/>
+ <element ref="saml:Conditions" minOccurs="0"/>
+ <element ref="saml:Advice" minOccurs="0"/>
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:Statement"/>
+ <element ref="saml:AuthnStatement"/>
+ <element ref="saml:AuthzDecisionStatement"/>
+ <element ref="saml:AttributeStatement"/>
+ </choice>
+ </sequence>
+ <attribute name="Version" type="string" use="required"/>
+ <attribute name="ID" type="ID" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ </complexType>
+ <element name="Subject" type="saml:SubjectType"/>
+ <complexType name="SubjectType">
+ <choice>
+ <sequence>
+ <choice>
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
+ </choice>
+ </complexType>
+ <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+ <complexType name="SubjectConfirmationType">
+ <sequence>
+ <choice minOccurs="0">
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+ </sequence>
+ <attribute name="Method" type="anyURI" use="required"/>
+ </complexType>
+ <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
+ <complexType name="SubjectConfirmationDataType" mixed="true">
+ <complexContent>
+ <restriction base="anyType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ <attribute name="Recipient" type="anyURI" use="optional"/>
+ <attribute name="InResponseTo" type="NCName" use="optional"/>
+ <attribute name="Address" type="string" use="optional"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </restriction>
+ </complexContent>
+ </complexType>
+ <complexType name="KeyInfoConfirmationDataType" mixed="false">
+ <complexContent>
+ <restriction base="saml:SubjectConfirmationDataType">
+ <sequence>
+ <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
+ </sequence>
+ </restriction>
+ </complexContent>
+ </complexType>
+ <element name="Conditions" type="saml:ConditionsType"/>
+ <complexType name="ConditionsType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:Condition"/>
+ <element ref="saml:AudienceRestriction"/>
+ <element ref="saml:OneTimeUse"/>
+ <element ref="saml:ProxyRestriction"/>
+ </choice>
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ </complexType>
+ <element name="Condition" type="saml:ConditionAbstractType"/>
+ <complexType name="ConditionAbstractType" abstract="true"/>
+ <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
+ <complexType name="AudienceRestrictionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType">
+ <sequence>
+ <element ref="saml:Audience" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Audience" type="anyURI"/>
+ <element name="OneTimeUse" type="saml:OneTimeUseType" />
+ <complexType name="OneTimeUseType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType"/>
+ </complexContent>
+ </complexType>
+ <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
+ <complexType name="ProxyRestrictionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType">
+ <sequence>
+ <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Count" type="nonNegativeInteger" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Advice" type="saml:AdviceType"/>
+ <complexType name="AdviceType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:AssertionIDRef"/>
+ <element ref="saml:AssertionURIRef"/>
+ <element ref="saml:Assertion"/>
+ <element ref="saml:EncryptedAssertion"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+ <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
+ <element name="Statement" type="saml:StatementAbstractType"/>
+ <complexType name="StatementAbstractType" abstract="true"/>
+ <element name="AuthnStatement" type="saml:AuthnStatementType"/>
+ <complexType name="AuthnStatementType">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <sequence>
+ <element ref="saml:SubjectLocality" minOccurs="0"/>
+ <element ref="saml:AuthnContext"/>
+ </sequence>
+ <attribute name="AuthnInstant" type="dateTime" use="required"/>
+ <attribute name="SessionIndex" type="string" use="optional"/>
+ <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+ <complexType name="SubjectLocalityType">
+ <attribute name="Address" type="string" use="optional"/>
+ <attribute name="DNSName" type="string" use="optional"/>
+ </complexType>
+ <element name="AuthnContext" type="saml:AuthnContextType"/>
+ <complexType name="AuthnContextType">
+ <sequence>
+ <choice>
+ <sequence>
+ <element ref="saml:AuthnContextClassRef"/>
+ <choice minOccurs="0">
+ <element ref="saml:AuthnContextDecl"/>
+ <element ref="saml:AuthnContextDeclRef"/>
+ </choice>
+ </sequence>
+ <choice>
+ <element ref="saml:AuthnContextDecl"/>
+ <element ref="saml:AuthnContextDeclRef"/>
+ </choice>
+ </choice>
+ <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <element name="AuthnContextClassRef" type="anyURI"/>
+ <element name="AuthnContextDeclRef" type="anyURI"/>
+ <element name="AuthnContextDecl" type="anyType"/>
+ <element name="AuthenticatingAuthority" type="anyURI"/>
+ <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
+ <complexType name="AuthzDecisionStatementType">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ <attribute name="Decision" type="saml:DecisionType" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <simpleType name="DecisionType">
+ <restriction base="string">
+ <enumeration value="Permit"/>
+ <enumeration value="Deny"/>
+ <enumeration value="Indeterminate"/>
+ </restriction>
+ </simpleType>
+ <element name="Action" type="saml:ActionType"/>
+ <complexType name="ActionType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="Namespace" type="anyURI" use="required"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="Evidence" type="saml:EvidenceType"/>
+ <complexType name="EvidenceType">
+ <choice maxOccurs="unbounded">
+ <element ref="saml:AssertionIDRef"/>
+ <element ref="saml:AssertionURIRef"/>
+ <element ref="saml:Assertion"/>
+ <element ref="saml:EncryptedAssertion"/>
+ </choice>
+ </complexType>
+ <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+ <complexType name="AttributeStatementType">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <choice maxOccurs="unbounded">
+ <element ref="saml:Attribute"/>
+ <element ref="saml:EncryptedAttribute"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Attribute" type="saml:AttributeType"/>
+ <complexType name="AttributeType">
+ <sequence>
+ <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Name" type="string" use="required"/>
+ <attribute name="NameFormat" type="anyURI" use="optional"/>
+ <attribute name="FriendlyName" type="string" use="optional"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+ <element name="AttributeValue" type="anyType" nillable="true"/>
+ <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
+</schema>
+
diff --git a/rbacSoap/xsd/saml-schema-protocol-2.0.xsd b/rbacSoap/xsd/saml-schema-protocol-2.0.xsd
new file mode 100644
index 0000000..6c6502c
--- /dev/null
+++ b/rbacSoap/xsd/saml-schema-protocol-2.0.xsd
@@ -0,0 +1,303 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ schemaLocation="saml-schema-assertion-2.0.xsd"/>
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: saml-schema-protocol-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V1.0 (November, 2002):
+ Initial Standard Schema.
+ V1.1 (September, 2003):
+ Updates within the same V1.0 namespace.
+ V2.0 (March, 2005):
+ New protocol schema based in a SAML V2.0 namespace.
+ </documentation>
+ </annotation>
+ <complexType name="RequestAbstractType" abstract="true">
+ <sequence>
+ <element ref="saml:Issuer" minOccurs="0"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="samlp:Extensions" minOccurs="0"/>
+ </sequence>
+ <attribute name="ID" type="ID" use="required"/>
+ <attribute name="Version" type="string" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ <attribute name="Destination" type="anyURI" use="optional"/>
+ <attribute name="Consent" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="Extensions" type="samlp:ExtensionsType"/>
+ <complexType name="ExtensionsType">
+ <sequence>
+ <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <complexType name="StatusResponseType">
+ <sequence>
+ <element ref="saml:Issuer" minOccurs="0"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="samlp:Extensions" minOccurs="0"/>
+ <element ref="samlp:Status"/>
+ </sequence>
+ <attribute name="ID" type="ID" use="required"/>
+ <attribute name="InResponseTo" type="NCName" use="optional"/>
+ <attribute name="Version" type="string" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ <attribute name="Destination" type="anyURI" use="optional"/>
+ <attribute name="Consent" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="Status" type="samlp:StatusType"/>
+ <complexType name="StatusType">
+ <sequence>
+ <element ref="samlp:StatusCode"/>
+ <element ref="samlp:StatusMessage" minOccurs="0"/>
+ <element ref="samlp:StatusDetail" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="StatusCode" type="samlp:StatusCodeType"/>
+ <complexType name="StatusCodeType">
+ <sequence>
+ <element ref="samlp:StatusCode" minOccurs="0"/>
+ </sequence>
+ <attribute name="Value" type="anyURI" use="required"/>
+ </complexType>
+ <element name="StatusMessage" type="string"/>
+ <element name="StatusDetail" type="samlp:StatusDetailType"/>
+ <complexType name="StatusDetailType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
+ <complexType name="AssertionIDRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
+ <complexType name="SubjectQueryAbstractType" abstract="true">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="saml:Subject"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
+ <complexType name="AuthnQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
+ </sequence>
+ <attribute name="SessionIndex" type="string" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
+ <complexType name="RequestedAuthnContextType">
+ <choice>
+ <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
+ <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
+ </choice>
+ <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
+ </complexType>
+ <simpleType name="AuthnContextComparisonType">
+ <restriction base="string">
+ <enumeration value="exact"/>
+ <enumeration value="minimum"/>
+ <enumeration value="maximum"/>
+ <enumeration value="better"/>
+ </restriction>
+ </simpleType>
+ <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
+ <complexType name="AttributeQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
+ <complexType name="AuthzDecisionQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
+ <complexType name="AuthnRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="saml:Subject" minOccurs="0"/>
+ <element ref="samlp:NameIDPolicy" minOccurs="0"/>
+ <element ref="saml:Conditions" minOccurs="0"/>
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
+ <element ref="samlp:Scoping" minOccurs="0"/>
+ </sequence>
+ <attribute name="ForceAuthn" type="boolean" use="optional"/>
+ <attribute name="IsPassive" type="boolean" use="optional"/>
+ <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
+ <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
+ <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
+ <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
+ <attribute name="ProviderName" type="string" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
+ <complexType name="NameIDPolicyType">
+ <attribute name="Format" type="anyURI" use="optional"/>
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
+ <attribute name="AllowCreate" type="boolean" use="optional"/>
+ </complexType>
+ <element name="Scoping" type="samlp:ScopingType"/>
+ <complexType name="ScopingType">
+ <sequence>
+ <element ref="samlp:IDPList" minOccurs="0"/>
+ <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
+ </complexType>
+ <element name="RequesterID" type="anyURI"/>
+ <element name="IDPList" type="samlp:IDPListType"/>
+ <complexType name="IDPListType">
+ <sequence>
+ <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
+ <element ref="samlp:GetComplete" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="IDPEntry" type="samlp:IDPEntryType"/>
+ <complexType name="IDPEntryType">
+ <attribute name="ProviderID" type="anyURI" use="required"/>
+ <attribute name="Name" type="string" use="optional"/>
+ <attribute name="Loc" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="GetComplete" type="anyURI"/>
+ <element name="Response" type="samlp:ResponseType"/>
+ <complexType name="ResponseType">
+ <complexContent>
+ <extension base="samlp:StatusResponseType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:Assertion"/>
+ <element ref="saml:EncryptedAssertion"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
+ <complexType name="ArtifactResolveType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="samlp:Artifact"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Artifact" type="string"/>
+ <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
+ <complexType name="ArtifactResponseType">
+ <complexContent>
+ <extension base="samlp:StatusResponseType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
+ <complexType name="ManageNameIDRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <choice>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <choice>
+ <element ref="samlp:NewID"/>
+ <element ref="samlp:NewEncryptedID"/>
+ <element ref="samlp:Terminate"/>
+ </choice>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="NewID" type="string"/>
+ <element name="NewEncryptedID" type="saml:EncryptedElementType"/>
+ <element name="Terminate" type="samlp:TerminateType"/>
+ <complexType name="TerminateType"/>
+ <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
+ <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
+ <complexType name="LogoutRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <choice>
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Reason" type="string" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SessionIndex" type="string"/>
+ <element name="LogoutResponse" type="samlp:StatusResponseType"/>
+ <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
+ <complexType name="NameIDMappingRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <choice>
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="samlp:NameIDPolicy"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
+ <complexType name="NameIDMappingResponseType">
+ <complexContent>
+ <extension base="samlp:StatusResponseType">
+ <choice>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+</schema>
+
diff --git a/tgextra.wsdl b/tgextra.wsdl
deleted file mode 100644
index 1d97f3a..0000000
--- a/tgextra.wsdl
+++ /dev/null
@@ -1,288 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<wsdl:definitions name="tgextra"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns:tns="http://textgrid.info/namespaces/middleware/tgauth"
- xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- targetNamespace="http://textgrid.info/namespaces/middleware/tgauth">
-
-
- <!--
- ####################
- # Typ-Definitionen #
- ####################
- //-->
- <wsdl:types>
- <xsd:schema targetNamespace="http://textgrid.info/namespaces/middleware/tgauth">
-
- <!-- #### authenticate #### //-->
- <xsd:element name="authenticateRequest">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="username" type="xsd:string" minOccurs="1" maxOccurs="1" />
- <xsd:element name="password" type="xsd:string" minOccurs="1" maxOccurs="1" />
- <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- <xsd:element name="authenticateResponse">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="sid" type="xsd:string" minOccurs="1" maxOccurs="1" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- <!-- #### userExists #### //-->
- <xsd:element name="userExistsRequest">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
- <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
- <xsd:element name="username" type="xsd:string" minOccurs="1" maxOccurs="1" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- <!-- #### createProject #### //-->
- <xsd:element name="createProjectRequest">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="auth" type="xsd:string" minOccurs="0" maxOccurs="1" />
- <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
- <xsd:element name="name" type="xsd:string" minOccurs="1" maxOccurs="1" />
- <xsd:element name="description" type="xsd:string" minOccurs="0" maxOccurs="1" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- <xsd:element name="createProjectResponse">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="projectId" type="xsd:string" minOccurs="1" maxOccurs="1" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- <!-- #### filterBySid #### //-->
- <xsd:element name="filterBySidRequest">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
- <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
- <xsd:element name="resource" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
- <xsd:element name="operation" type="xsd:string" minOccurs="1" maxOccurs="1" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- <!-- #### getSid #### //-->
- <xsd:element name="getSidResponse">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="sid" type="xsd:string" minOccurs="1" maxOccurs="1" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- <!-- #### registerResource #### //-->
- <xsd:element name="registerResourceRequest">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1" />
- <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1" />
- <xsd:element name="project" type="xsd:string" minOccurs="1" maxOccurs="1" />
- <xsd:element name="uri" type="xsd:string" minOccurs="1" maxOccurs="1" />
- <xsd:element name="description" type="xsd:string" minOccurs="1" maxOccurs="1" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
-
- <xsd:element name="filterResponse">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="resource" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
-
- <xsd:element name="booleanResponse">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="result" type="xsd:string" minOccurs="1" maxOccurs="1" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
-
- <!-- #### authenticationFault #### //-->
- <xsd:element name="authenticationFaultResponse">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="fault" type="xsd:string" minOccurs="1" maxOccurs="1" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
-
- </xsd:schema>
- </wsdl:types>
-
-
- <!--
- #################
- # WSDL-Messages #
- #################
- //-->
-
- <!-- #### authenticate #### //-->
- <wsdl:message name="authenticateRequest">
- <wsdl:part element="tns:authenticateRequest" name="authenticateInput" />
- </wsdl:message>
- <wsdl:message name="authenticateResponse">
- <wsdl:part element="tns:authenticateResponse" name="authenticateOutput" />
- </wsdl:message>
-
- <!-- #### userExists #### //-->
- <wsdl:message name="userExistsRequest">
- <wsdl:part element="tns:userExistsRequest" name="userExistsInput" />
- </wsdl:message>
- <wsdl:message name="userExistsResponse">
- <wsdl:part element="tns:booleanResponse" name="userExistsOutput" />
- </wsdl:message>
-
- <!-- #### createProject #### //-->
- <wsdl:message name="createProjectRequest">
- <wsdl:part element="tns:createProjectRequest" name="createProjectInput" />
- </wsdl:message>
- <wsdl:message name="createProjectResponse">
- <wsdl:part element="tns:createProjectResponse" name="createProjectOutput" />
- </wsdl:message>
-
- <!-- #### filterBySid #### //-->
- <wsdl:message name="filterBySidRequest">
- <wsdl:part element="tns:filterBySidRequest" name="filterBySidInput" />
- </wsdl:message>
- <wsdl:message name="filterBySidResponse">
- <wsdl:part element="tns:filterResponse" name="filterBySidOutput" />
- </wsdl:message>
-
- <!-- #### getSid #### //-->
- <wsdl:message name="getSidResponse">
- <wsdl:part element="tns:getSidResponse" name="getSidOutput" />
- </wsdl:message>
-
- <!-- #### authenticationFault #### //-->
- <wsdl:message name="authenticationFault">
- <wsdl:part element="tns:authenticationFaultResponse" name="authenticationFault" />
- </wsdl:message>
-
-
-
- <!--
- ##########################
- # Port-Type-Definitionen #
- ##########################
- //-->
- <wsdl:portType name="port_tgextra">
-
- <!-- #### authenticate #### //-->
- <wsdl:operation name="authenticate">
- <wsdl:input message="tns:authenticateRequest" />
- <wsdl:output message="tns:authenticateResponse" />
- <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
- </wsdl:operation>
-
- <!-- #### userExists #### //-->
- <wsdl:operation name="userExists">
- <wsdl:input message="tns:userExistsRequest" />
- <wsdl:output message="tns:userExistsResponse" />
- <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
- </wsdl:operation>
-
- <!-- #### createProject #### //-->
- <wsdl:operation name="createProject">
- <wsdl:input message="tns:createProjectRequest" />
- <wsdl:output message="tns:createProjectResponse" />
- </wsdl:operation>
-
- <!-- #### filterBySid #### //-->
- <wsdl:operation name="filterBySid">
- <wsdl:input message="tns:filterBySidRequest" />
- <wsdl:output message="tns:filterBySidResponse" />
- <wsdl:fault name="authenticationFault" message="tns:authenticationFault" />
- </wsdl:operation>
-
- <!-- #### getSid #### //-->
- <wsdl:operation name="getSid">
- <wsdl:output message="tns:getSidResponse" />
- </wsdl:operation>
-
- </wsdl:portType>
-
-
-
- <!--
- ###########
- # Binding #
- ###########
- //-->
- <wsdl:binding name="binding_tgextra" type="tns:port_tgextra">
- <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
-
- <!-- #### authenticate #### //-->
- <wsdl:operation name="authenticate">
- <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/authenticate" />
- <wsdl:input><soap:body use="literal" /></wsdl:input>
- <wsdl:output><soap:body use="literal" /></wsdl:output>
- <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
- </wsdl:operation>
-
- <!-- #### userExists #### //-->
- <wsdl:operation name="userExists">
- <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/userExists" />
- <wsdl:input><soap:body use="literal" /></wsdl:input>
- <wsdl:output><soap:body use="literal" /></wsdl:output>
- <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
- </wsdl:operation>
-
- <!-- #### createProject #### //-->
- <wsdl:operation name="createProject">
- <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/createProject" />
- <wsdl:input><soap:body use="literal" /></wsdl:input>
- <wsdl:output><soap:body use="literal" /></wsdl:output>
- </wsdl:operation>
-
- <!-- #### filterBySid #### //-->
- <wsdl:operation name="filterBySid">
- <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/filterBySid" />
- <wsdl:input><soap:body use="literal" /></wsdl:input>
- <wsdl:output><soap:body use="literal" /></wsdl:output>
- <wsdl:fault name="authenticationFault"><soap:fault name="authenticationFault" use="literal"/></wsdl:fault>
- </wsdl:operation>
-
- <!-- #### getSid #### //-->
- <wsdl:operation name="getSid">
- <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getSid" />
- <wsdl:output><soap:body use="literal" /></wsdl:output>
- </wsdl:operation>
-
- </wsdl:binding>
-
-
-
- <!--
- #####################
- # Servicedefinition #
- #####################
- //-->
- <wsdl:service name="tgextra">
- <wsdl:port binding="tns:binding_tgextra" name="tgextra">
- <soap:address location="http://rbac.textgrid.daasi.de/tgextra.php" />
- </wsdl:port>
- </wsdl:service>
-
-</wsdl:definitions>
--
GitLab