-/*
- * Copyright 2009 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
using namespace opensaml;
using namespace xmltooling::logging;
using namespace xmltooling;
using namespace opensaml;
using namespace xmltooling::logging;
using namespace xmltooling;
- auto_ptr_char temp(e->getAttributeNS(NULL, type));
- if (temp.get() && *temp.get()) {
+ string t = XMLHelper::getAttrString(e, nullptr, type);
+ if (!t.empty()) {
- log.info("building SecurityPolicyRule of type %s", temp.get());
- m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(temp.get(),e));
+ log.info("building SecurityPolicyRule of type %s", t.c_str());
+ m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(t.c_str(), e));
const vector<saml2::AudienceRestriction*>& acvec = conds->getAudienceRestrictions();
for (vector<saml2::AudienceRestriction*>::const_iterator ac = acvec.begin(); ac != acvec.end(); ++ac) {
valid = false;
const vector<saml2::AudienceRestriction*>& acvec = conds->getAudienceRestrictions();
for (vector<saml2::AudienceRestriction*>::const_iterator ac = acvec.begin(); ac != acvec.end(); ++ac) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*ac), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*ac), request, policy);
const vector<saml2::OneTimeUse*>& otvec = conds->getOneTimeUses();
for (vector<saml2::OneTimeUse*>::const_iterator ot = otvec.begin(); ot!=otvec.end(); ++ot) {
valid = false;
const vector<saml2::OneTimeUse*>& otvec = conds->getOneTimeUses();
for (vector<saml2::OneTimeUse*>::const_iterator ot = otvec.begin(); ot!=otvec.end(); ++ot) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*ot), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*ot), request, policy);
const vector<saml2::ProxyRestriction*> pvec = conds->getProxyRestrictions();
for (vector<saml2::ProxyRestriction*>::const_iterator p = pvec.begin(); p != pvec.end(); ++p) {
valid = false;
const vector<saml2::ProxyRestriction*> pvec = conds->getProxyRestrictions();
for (vector<saml2::ProxyRestriction*>::const_iterator p = pvec.begin(); p != pvec.end(); ++p) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*p), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*p), request, policy);
const vector<saml2::Condition*>& convec = conds->getConditions();
for (vector<saml2::Condition*>::const_iterator c = convec.begin(); c != convec.end(); ++c) {
valid = false;
const vector<saml2::Condition*>& convec = conds->getConditions();
for (vector<saml2::Condition*>::const_iterator c = convec.begin(); c != convec.end(); ++c) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*c), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*c), request, policy);
if (!valid) {
throw SecurityPolicyException(
"Extension condition ($1) not successfully validated by policy.",
if (!valid) {
throw SecurityPolicyException(
"Extension condition ($1) not successfully validated by policy.",
const vector<saml1::AudienceRestrictionCondition*>& acvec = conds->getAudienceRestrictionConditions();
for (vector<saml1::AudienceRestrictionCondition*>::const_iterator ac = acvec.begin(); ac != acvec.end(); ++ac) {
valid = false;
const vector<saml1::AudienceRestrictionCondition*>& acvec = conds->getAudienceRestrictionConditions();
for (vector<saml1::AudienceRestrictionCondition*>::const_iterator ac = acvec.begin(); ac != acvec.end(); ++ac) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*ac), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*ac), request, policy);
const vector<saml1::DoNotCacheCondition*>& dncvec = conds->getDoNotCacheConditions();
for (vector<saml1::DoNotCacheCondition*>::const_iterator dnc = dncvec.begin(); dnc != dncvec.end(); ++dnc) {
valid = false;
const vector<saml1::DoNotCacheCondition*>& dncvec = conds->getDoNotCacheConditions();
for (vector<saml1::DoNotCacheCondition*>::const_iterator dnc = dncvec.begin(); dnc != dncvec.end(); ++dnc) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*dnc), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*dnc), request, policy);
const vector<saml1::Condition*>& convec = conds->getConditions();
for (vector<saml1::Condition*>::const_iterator c = convec.begin(); c != convec.end(); ++c) {
valid = false;
const vector<saml1::Condition*>& convec = conds->getConditions();
for (vector<saml1::Condition*>::const_iterator c = convec.begin(); c != convec.end(); ++c) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*c), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*c), request, policy);
if (!valid) {
throw SecurityPolicyException(
"Extension condition ($1) not successfully validated by policy.",
if (!valid) {
throw SecurityPolicyException(
"Extension condition ($1) not successfully validated by policy.",