#include "Application.h"
#include "exceptions.h"
#include "ServiceProvider.h"
-#include "SessionCache.h"
+#include "SessionCacheEx.h"
#include "handler/AbstractHandler.h"
#include "handler/RemotedHandler.h"
#include "util/SPConstants.h"
using namespace shibsp;
using namespace opensaml;
using namespace xmltooling;
-using namespace log4cpp;
using namespace std;
namespace shibsp {
#pragma warning( disable : 4250 )
#endif
- class SHIBSP_API AssertionLookup : public AbstractHandler, public RemotedHandler
+ class SHIBSP_DLLLOCAL Blocker : public DOMNodeFilter
+ {
+ public:
+ short acceptNode(const DOMNode* node) const {
+ return FILTER_REJECT;
+ }
+ };
+
+ static SHIBSP_DLLLOCAL Blocker g_Blocker;
+
+ class SHIBSP_API AssertionLookup : public AbstractHandler, public RemotedHandler
{
public:
AssertionLookup(const DOMElement* e, const char* appId);
pair<bool,long> run(SPRequest& request, bool isHandler=true) const;
void receive(DDF& in, ostream& out);
+ const char* getType() const {
+ return "AssertionLookup";
+ }
+
private:
pair<bool,long> processMessage(const Application& application, HTTPRequest& httpRequest, HTTPResponse& httpResponse) const;
};
AssertionLookup::AssertionLookup(const DOMElement* e, const char* appId)
- : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".AssertionLookup"))
+ : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".AssertionLookup"), &g_Blocker)
{
setAddress("run::AssertionLookup");
if (SPConfig::getConfig().isEnabled(SPConfig::InProcess)) {
SPConfig& conf = SPConfig::getConfig();
if (conf.isEnabled(SPConfig::InProcess)) {
if (m_acl.count(request.getRemoteAddr()) == 0) {
- m_log.error("request for assertion lookup blocked from invalid address (%s)", request.getRemoteAddr());
+ m_log.error("request for assertion lookup blocked from invalid address (%s)", request.getRemoteAddr().c_str());
istringstream msg("Assertion Lookup Blocked");
- return make_pair(true,request.sendResponse(msg, HTTPResponse::XMLTOOLING_HTTP_STATUS_FORBIDDEN));
+ return make_pair(true,request.sendResponse(msg, HTTPResponse::XMLTOOLING_HTTP_STATUS_UNAUTHORIZED));
}
}
}
else {
// When not out of process, we remote all the message processing.
- DDF out,in = wrap(request, NULL, true);
+ DDF out,in = wrap(request);
DDFJanitor jin(in), jout(out);
out=request.getServiceProvider().getListenerService()->send(in);
m_log.debug("processing assertion lookup request (session: %s, assertion: %s)", key, ID);
+ SessionCacheEx* cache = dynamic_cast<SessionCacheEx*>(application.getServiceProvider().getSessionCache());
+ if (!cache) {
+ m_log.error("session cache does not support extended API");
+ throw FatalProfileException("Session cache does not support assertion lookup.");
+ }
+
// The cache will either silently pass a session or NULL back, or throw an exception out.
- Session* session = application.getServiceProvider().getSessionCache()->find(key, application);
+ Session* session = cache->find(application, ID);
if (!session) {
m_log.error("valid session (%s) not found for assertion lookup", key);
throw FatalProfileException("Session key not found.");
httpResponse.setContentType("application/samlassertion+xml");
return make_pair(true, httpResponse.sendResponse(s));
#else
- return make_pair(false,0);
+ return make_pair(false,0L);
#endif
}