Attribute filtering code.

[shibboleth/sp.git] / shibsp / attribute / resolver / impl / QueryAttributeResolver.cpp

diff --git a/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp b/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp
index 2c45326..b873757 100644 (file)
--- a/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp
+++ b/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp
@@ -25,6 +25,8 @@
 #include "ServiceProvider.h"
 #include "SessionCache.h"
 #include "attribute/Attribute.h"
+#include "attribute/filtering/AttributeFilter.h"
+#include "attribute/filtering/BasicFilteringContext.h"
 #include "attribute/resolver/AttributeExtractor.h"
 #include "attribute/resolver/AttributeResolver.h"
 #include "attribute/resolver/ResolutionContext.h"
@@ -149,6 +151,9 @@ namespace shibsp {
             for_each(m_SAML1Designators.begin(), m_SAML1Designators.end(), xmltooling::cleanup<AttributeDesignator>());
             for_each(m_SAML2Designators.begin(), m_SAML2Designators.end(), xmltooling::cleanup<saml2::Attribute>());
         }
+
+        Lockable* lock() {return this;}
+        void unlock() {}
         
         ResolutionContext* createResolutionContext(
             const Application& application,
@@ -164,9 +169,6 @@ namespace shibsp {
             return new QueryContext(application,session);
         }
 
-        Lockable* lock() {return this;}
-        void unlock() {}
-        
         void resolveAttributes(ResolutionContext& ctx) const;
 
     private:
@@ -321,9 +323,18 @@ bool QueryResolver::SAML1Query(QueryContext& ctx) const
             Locker extlocker(extractor);
             extractor->extractAttributes(ctx.getApplication(), AA, *newtoken, ctx.getResolvedAttributes());
         }
+
+        AttributeFilter* filter = ctx.getApplication().getAttributeFilter();
+        if (filter) {
+            BasicFilteringContext fc(ctx.getApplication(), AA);
+            Locker filtlocker(filter);
+            filter->filterAttributes(fc, ctx.getResolvedAttributes());
+        }
     }
     catch (exception& ex) {
         m_log.error("caught exception extracting/filtering attributes from query result: %s", ex.what());
+        for_each(ctx.getResolvedAttributes().begin(), ctx.getResolvedAttributes().end(), cleanup_pair<string,shibsp::Attribute>());
+        ctx.getResolvedAttributes().clear();
     }
 
     return true;
@@ -423,9 +434,18 @@ bool QueryResolver::SAML2Query(QueryContext& ctx) const
             Locker extlocker(extractor);
             extractor->extractAttributes(ctx.getApplication(), AA, *newtoken, ctx.getResolvedAttributes());
         }
+
+        AttributeFilter* filter = ctx.getApplication().getAttributeFilter();
+        if (filter) {
+            BasicFilteringContext fc(ctx.getApplication(), AA);
+            Locker filtlocker(filter);
+            filter->filterAttributes(fc, ctx.getResolvedAttributes());
+        }
     }
     catch (exception& ex) {
         m_log.error("caught exception extracting/filtering attributes from query result: %s", ex.what());
+        for_each(ctx.getResolvedAttributes().begin(), ctx.getResolvedAttributes().end(), cleanup_pair<string,shibsp::Attribute>());
+        ctx.getResolvedAttributes().clear();
     }
 
     return true;