Add method to read all properties.

[shibboleth/sp.git] / shibsp / ServiceProvider.cpp

diff --git a/shibsp/ServiceProvider.cpp b/shibsp/ServiceProvider.cpp
index 6bd3d6f..dd8ce3b 100644 (file)
--- a/shibsp/ServiceProvider.cpp
+++ b/shibsp/ServiceProvider.cpp
@@ -283,21 +283,27 @@ pair<bool,long> ServiceProvider::doAuthorization(SPRequest& request) const
             }
        
             Locker acllock(settings.second);
-            if (settings.second->authorized(request,session)) {
-                // Let the caller decide how to proceed.
-                request.log(SPRequest::SPDebug, "access control provider granted access");
-                return make_pair(false,0);
-            }
-            else {
-                request.log(SPRequest::SPWarn, "access control provider denied access");
-                TemplateParameters tp;
-                tp.m_map["requestURL"] = targetURL;
-                return make_pair(true,sendError(request, app, "access", tp));
+            switch (settings.second->authorized(request,session)) {
+                case AccessControl::shib_acl_true:
+                    request.log(SPRequest::SPDebug, "access control provider granted access");
+                    return make_pair(true,request.returnOK());
+
+                case AccessControl::shib_acl_false:
+                {
+                    request.log(SPRequest::SPWarn, "access control provider denied access");
+                    TemplateParameters tp;
+                    tp.m_map["requestURL"] = targetURL;
+                    return make_pair(true,sendError(request, app, "access", tp));
+                }
+
+                default:
+                    // Use the "DECLINE" interface to signal we don't know what to do.
+                    return make_pair(true,request.returnDecline());
             }
-            return make_pair(false,0);
         }
-        else
+        else {
             return make_pair(true,request.returnDecline());
+        }
     }
     catch (exception& e) {
         TemplateParameters tp(&e);
@@ -425,34 +431,6 @@ pair<bool,long> ServiceProvider::doExport(SPRequest& request, bool requireSessio
             request.setHeader(a->first.c_str(), header.c_str());
         }
 
-        // Maybe export metadata attributes.
-        pair<bool,const char*> prefix = app->getString("metadataAttributePrefix");
-        if (prefix.first && session->getEntityID()) {
-            const multimap<string,const Attribute*>& eattributes = app->getEntityAttributes(session->getEntityID());
-            for (multimap<string,const Attribute*>::const_iterator a = eattributes.begin(); a!=eattributes.end(); ++a) {
-                string hname = string(prefix.second) + a->first;
-                string header(request.getSecureHeader(hname.c_str()));
-                const vector<string>& vals = a->second->getSerializedValues();
-                for (vector<string>::const_iterator v = vals.begin(); v!=vals.end(); ++v) {
-                    if (!header.empty())
-                        header += ";";
-                    string::size_type pos = v->find_first_of(';',string::size_type(0));
-                    if (pos!=string::npos) {
-                        string value(*v);
-                        for (; pos != string::npos; pos = value.find_first_of(';',pos)) {
-                            value.insert(pos, "\\");
-                            pos += 2;
-                        }
-                        header += value;
-                    }
-                    else {
-                        header += (*v);
-                    }
-                }
-                request.setHeader(hname.c_str(), header.c_str());
-            }
-        }
-    
         return make_pair(false,0);
     }
     catch (exception& e) {