2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * AttributeIssuerInEntityGroupFunctor.cpp
20 * A match function that evaluates to true if the attribute issuer is found in metadata and is a member
21 * of the given entity group.
25 #include "exceptions.h"
26 #include "attribute/filtering/FilteringContext.h"
27 #include "attribute/filtering/FilterPolicyContext.h"
28 #include "attribute/filtering/MatchFunctor.h"
30 #include <saml/saml2/metadata/Metadata.h>
32 using namespace opensaml::saml2md;
36 static const XMLCh groupID[] = UNICODE_LITERAL_7(g,r,o,u,p,I,D);
39 * A match function that evaluates to true if the attribute issuer is found in metadata and is a member
40 * of the given entity group.
42 class SHIBSP_DLLLOCAL AttributeIssuerInEntityGroupFunctor : public MatchFunctor
46 AttributeIssuerInEntityGroupFunctor(const DOMElement* e) {
47 m_group = e ? e->getAttributeNS(NULL,groupID) : NULL;
48 if (!m_group || !*m_group)
49 throw ConfigurationException("AttributeIssuerInEntityGroup MatchFunctor requires non-empty groupID attribute.");
52 bool evaluatePolicyRequirement(const FilteringContext& filterContext) const {
53 const RoleDescriptor* issuer = filterContext.getAttributeIssuerMetadata();
56 const EntitiesDescriptor* group = dynamic_cast<const EntitiesDescriptor*>(issuer->getParent()->getParent());
58 if (XMLString::equals(group->getName(), m_group))
60 group = dynamic_cast<const EntitiesDescriptor*>(group->getParent());
65 bool evaluatePermitValue(const FilteringContext& filterContext, const Attribute& attribute, size_t index) const {
66 return evaluatePolicyRequirement(filterContext);
70 MatchFunctor* SHIBSP_DLLLOCAL AttributeIssuerInEntityGroupFactory(const std::pair<const FilterPolicyContext*,const DOMElement*>& p)
72 return new AttributeIssuerInEntityGroupFunctor(p.second);