class SHIBSP_DLLLOCAL XMLConfigImpl : public DOMPropertySet, public DOMNodeFilter
{
public:
- XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer, Category& log);
+ XMLConfigImpl(const DOMElement* e, bool first, XMLConfig* outer, Category& log);
~XMLConfigImpl();
RequestMapper* m_requestMapper;
}
private:
- void doExtensions(const DOMElement* e, const char* label, Category& log);
- void doListener(const DOMElement* e, Category& log);
- void doCaching(const DOMElement* e, Category& log);
+ void doExtensions(const DOMElement*, const char*, Category&);
+ void doListener(const DOMElement*, XMLConfig*, Category&);
+ void doCaching(const DOMElement*, XMLConfig*, Category&);
void cleanup();
- const XMLConfig* m_outer;
DOMDocument* m_document;
};
private:
friend class XMLConfigImpl;
XMLConfigImpl* m_impl;
- mutable ListenerService* m_listener;
- mutable SessionCache* m_sessionCache;
+ ListenerService* m_listener;
+ SessionCache* m_sessionCache;
#ifndef SHIBSP_LITE
- mutable TransactionLog* m_tranLog;
- mutable map<string,StorageService*> m_storage;
+ TransactionLog* m_tranLog;
+ map<string,StorageService*> m_storage;
#endif
};
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler = conf.AssertionConsumerServiceManager.newPlugin(bindprop.c_str(), make_pair(child, getId()));
+ handler = conf.AssertionConsumerServiceManager.newPlugin(bindprop.c_str(), pair<const DOMElement*,const char*>(child, getId()));
// Map by binding and protocol (may be > 1 per protocol and binding)
m_acsBindingMap[handler->getXMLString("Binding").second].push_back(handler);
const XMLCh* protfamily = handler->getProtocolFamily();
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- SessionInitiator* sihandler = conf.SessionInitiatorManager.newPlugin(t.c_str(), make_pair(child, getId()));
+ SessionInitiator* sihandler = conf.SessionInitiatorManager.newPlugin(t.c_str(), pair<const DOMElement*,const char*>(child, getId()));
handler = sihandler;
pair<bool,const char*> si_id = handler->getString("id");
if (si_id.first && si_id.second)
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler = conf.LogoutInitiatorManager.newPlugin(t.c_str(), make_pair(child, getId()));
+ handler = conf.LogoutInitiatorManager.newPlugin(t.c_str(), pair<const DOMElement*,const char*>(child, getId()));
}
else if (XMLString::equals(child->getLocalName(), _ArtifactResolutionService)) {
string bindprop(XMLHelper::getAttrString(child, nullptr, Binding));
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler = conf.ArtifactResolutionServiceManager.newPlugin(bindprop.c_str(), make_pair(child, getId()));
+ handler = conf.ArtifactResolutionServiceManager.newPlugin(bindprop.c_str(), pair<const DOMElement*,const char*>(child, getId()));
if (!hardArt) {
pair<bool,bool> defprop = handler->getBool("isDefault");
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler = conf.SingleLogoutServiceManager.newPlugin(bindprop.c_str(), make_pair(child, getId()));
+ handler = conf.SingleLogoutServiceManager.newPlugin(bindprop.c_str(), pair<const DOMElement*,const char*>(child, getId()));
}
else if (XMLString::equals(child->getLocalName(), _ManageNameIDService)) {
string bindprop(XMLHelper::getAttrString(child, nullptr, Binding));
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler = conf.ManageNameIDServiceManager.newPlugin(bindprop.c_str(), make_pair(child, getId()));
+ handler = conf.ManageNameIDServiceManager.newPlugin(bindprop.c_str(), pair<const DOMElement*,const char*>(child, getId()));
}
else {
string t(XMLHelper::getAttrString(child, nullptr, _type));
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler = conf.HandlerManager.newPlugin(t.c_str(), make_pair(child, getId()));
+ handler = conf.HandlerManager.newPlugin(t.c_str(), pair<const DOMElement*,const char*>(child, getId()));
}
m_handlers.push_back(handler);
acsdom->setAttributeNS(nullptr, _index, indexbuf.c_str());
log.info("adding AssertionConsumerService for Binding (%s) at (%s)", (*b)->getString("id").second, (*b)->getString("path").second);
- Handler* handler = conf.AssertionConsumerServiceManager.newPlugin((*b)->getString("id").second, make_pair(acsdom, getId()));
+ Handler* handler = conf.AssertionConsumerServiceManager.newPlugin(
+ (*b)->getString("id").second, pair<const DOMElement*,const char*>(acsdom, getId())
+ );
m_handlers.push_back(handler);
// Setup maps and defaults.
e->setAttributeNS(nullptr, Location, _loc);
// Instantiate Chaining initiator around the SSO element.
- SessionInitiator* chain = conf.SessionInitiatorManager.newPlugin(CHAINING_SESSION_INITIATOR, make_pair(e, getId()));
+ SessionInitiator* chain = conf.SessionInitiatorManager.newPlugin(
+ CHAINING_SESSION_INITIATOR, pair<const DOMElement*,const char*>(e, getId())
+ );
m_handlers.push_back(chain);
m_sessionInitDefault = chain;
m_handlerMap["/Login"] = chain;
slodom->setAttributeNS(nullptr, Location, pathprop.second);
log.info("adding SingleLogoutService for Binding (%s) at (%s)", (*b)->getString("id").second, (*b)->getString("path").second);
- Handler* handler = conf.SingleLogoutServiceManager.newPlugin((*b)->getString("id").second, make_pair(slodom, getId()));
+ Handler* handler = conf.SingleLogoutServiceManager.newPlugin(
+ (*b)->getString("id").second, pair<const DOMElement*,const char*>(slodom, getId())
+ );
m_handlers.push_back(handler);
// Insert into location map.
e->setAttributeNS(nullptr, Location, _loc);
// Instantiate Chaining initiator around the SSO element.
- Handler* chain = conf.LogoutInitiatorManager.newPlugin(CHAINING_LOGOUT_INITIATOR, make_pair(e, getId()));
+ Handler* chain = conf.LogoutInitiatorManager.newPlugin(
+ CHAINING_LOGOUT_INITIATOR, pair<const DOMElement*,const char*>(e, getId())
+ );
m_handlers.push_back(chain);
m_handlerMap["/Logout"] = chain;
}
nimdom->setAttributeNS(nullptr, Location, pathprop.second);
log.info("adding ManageNameIDService for Binding (%s) at (%s)", (*b)->getString("id").second, (*b)->getString("path").second);
- Handler* handler = conf.ManageNameIDServiceManager.newPlugin((*b)->getString("id").second, make_pair(nimdom, getId()));
+ Handler* handler = conf.ManageNameIDServiceManager.newPlugin(
+ (*b)->getString("id").second, pair<const DOMElement*,const char*>(nimdom, getId())
+ );
m_handlers.push_back(handler);
// Insert into location map.
artdom->setAttributeNS(nullptr, _index, indexbuf.c_str());
log.info("adding ArtifactResolutionService for Binding (%s) at (%s)", (*b)->getString("id").second, (*b)->getString("path").second);
- Handler* handler = conf.ArtifactResolutionServiceManager.newPlugin((*b)->getString("id").second, make_pair(artdom, getId()));
+ Handler* handler = conf.ArtifactResolutionServiceManager.newPlugin(
+ (*b)->getString("id").second, pair<const DOMElement*,const char*>(artdom, getId())
+ );
m_handlers.push_back(handler);
if (!m_artifactResolutionDefault)
}
}
-void XMLConfigImpl::doListener(const DOMElement* e, Category& log)
+void XMLConfigImpl::doListener(const DOMElement* e, XMLConfig* conf, Category& log)
{
#ifdef WIN32
string plugtype(TCP_LISTENER_SERVICE);
}
log.info("building ListenerService of type %s...", plugtype.c_str());
- m_outer->m_listener = SPConfig::getConfig().ListenerServiceManager.newPlugin(plugtype.c_str(), child);
+ conf->m_listener = SPConfig::getConfig().ListenerServiceManager.newPlugin(plugtype.c_str(), child);
}
-void XMLConfigImpl::doCaching(const DOMElement* e, Category& log)
+void XMLConfigImpl::doCaching(const DOMElement* e, XMLConfig* conf, Category& log)
{
- SPConfig& conf = SPConfig::getConfig();
+ SPConfig& spConf = SPConfig::getConfig();
#ifndef SHIBSP_LITE
SAMLConfig& samlConf = SAMLConfig::getConfig();
#endif
- XMLToolingConfig& xmlConf = XMLToolingConfig::getConfig();
DOMElement* child;
#ifndef SHIBSP_LITE
- if (conf.isEnabled(SPConfig::OutOfProcess)) {
+ if (spConf.isEnabled(SPConfig::OutOfProcess)) {
+ XMLToolingConfig& xmlConf = XMLToolingConfig::getConfig();
// First build any StorageServices.
child = XMLHelper::getFirstChildElement(e, _StorageService);
while (child) {
if (!t.empty()) {
try {
log.info("building StorageService (%s) of type %s...", id.c_str(), t.c_str());
- m_outer->m_storage[id] = xmlConf.StorageServiceManager.newPlugin(t.c_str(), child);
+ conf->m_storage[id] = xmlConf.StorageServiceManager.newPlugin(t.c_str(), child);
}
catch (exception& ex) {
log.crit("failed to instantiate StorageService (%s): %s", id.c_str(), ex.what());
child = XMLHelper::getNextSiblingElement(child, _StorageService);
}
- if (m_outer->m_storage.empty()) {
+ if (conf->m_storage.empty()) {
log.info("no StorageService plugin(s) installed, using (mem) in-memory instance");
- m_outer->m_storage["mem"] = xmlConf.StorageServiceManager.newPlugin(MEMORY_STORAGE_SERVICE, nullptr);
+ conf->m_storage["mem"] = xmlConf.StorageServiceManager.newPlugin(MEMORY_STORAGE_SERVICE, nullptr);
}
// Replay cache.
if (child) {
string ssid(XMLHelper::getAttrString(child, nullptr, _StorageService));
if (!ssid.empty()) {
- if (m_outer->m_storage.count(ssid)) {
+ if (conf->m_storage.count(ssid)) {
log.info("building ReplayCache on top of StorageService (%s)...", ssid.c_str());
- replaySS = m_outer->m_storage[ssid];
+ replaySS = conf->m_storage[ssid];
}
else {
log.error("unable to locate StorageService (%s), using arbitrary instance for ReplayCache", ssid.c_str());
- replaySS = m_outer->m_storage.begin()->second;
+ replaySS = conf->m_storage.begin()->second;
}
}
else {
log.info("no StorageService specified for ReplayCache, using arbitrary instance");
- replaySS = m_outer->m_storage.begin()->second;
+ replaySS = conf->m_storage.begin()->second;
}
}
else {
log.info("no ReplayCache specified, using arbitrary StorageService instance");
- replaySS = m_outer->m_storage.begin()->second;
+ replaySS = conf->m_storage.begin()->second;
}
xmlConf.setReplayCache(new ReplayCache(replaySS));
if (child) {
string ssid(XMLHelper::getAttrString(child, nullptr, _StorageService));
if (!ssid.empty()) {
- if (m_outer->m_storage.count(ssid)) {
+ if (conf->m_storage.count(ssid)) {
log.info("building ArtifactMap on top of StorageService (%s)...", ssid.c_str());
- samlConf.setArtifactMap(new ArtifactMap(child, m_outer->m_storage[ssid]));
+ samlConf.setArtifactMap(new ArtifactMap(child, conf->m_storage[ssid]));
}
else {
log.error("unable to locate StorageService (%s), using in-memory ArtifactMap", ssid.c_str());
string t(XMLHelper::getAttrString(child, nullptr, _type));
if (!t.empty()) {
log.info("building SessionCache of type %s...", t.c_str());
- m_outer->m_sessionCache = conf.SessionCacheManager.newPlugin(t.c_str(), child);
+ conf->m_sessionCache = spConf.SessionCacheManager.newPlugin(t.c_str(), child);
}
}
- if (!m_outer->m_sessionCache) {
+ if (!conf->m_sessionCache) {
log.info("no SessionCache specified, using StorageService-backed instance");
- m_outer->m_sessionCache = conf.SessionCacheManager.newPlugin(STORAGESERVICE_SESSION_CACHE, nullptr);
+ conf->m_sessionCache = spConf.SessionCacheManager.newPlugin(STORAGESERVICE_SESSION_CACHE, nullptr);
}
}
-XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer, Category& log)
+XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, XMLConfig* outer, Category& log)
: m_requestMapper(nullptr),
#ifndef SHIBSP_LITE
m_policy(nullptr),
#endif
- m_outer(outer), m_document(nullptr)
+ m_document(nullptr)
{
#ifdef _DEBUG
xmltooling::NDC ndc("XMLConfigImpl");
try {
SPConfig& conf=SPConfig::getConfig();
-#ifndef SHIBSP_LITE
- SAMLConfig& samlConf=SAMLConfig::getConfig();
-#endif
XMLToolingConfig& xmlConf=XMLToolingConfig::getConfig();
const DOMElement* SHAR=XMLHelper::getFirstChildElement(e, OutOfProcess);
const DOMElement* SHIRE=XMLHelper::getFirstChildElement(e, InProcess);
#ifndef SHIBSP_LITE
if (first)
- m_outer->m_tranLog = new TransactionLog();
+ outer->m_tranLog = new TransactionLog();
#endif
}
log.info("Shibboleth SP Version %s", PACKAGE_VERSION);
#ifndef SHIBSP_LITE
log.info(
- "Library versions: Xerces-C %s, XML-Security-C %s, XMLTooling-C %s, OpenSAML-C %s, Shibboleth %s",
+ "Library versions: %s %s, Xerces-C %s, XML-Security-C %s, XMLTooling-C %s, OpenSAML-C %s, Shibboleth %s",
+# if defined(LOG4SHIB_VERSION)
+ "log4shib", LOG4SHIB_VERSION,
+# elif defined(LOG4CPP_VERSION)
+ "log4cpp", LOG4CPP_VERSION,
+# else
+ "", "",
+# endif
XERCES_FULLVERSIONDOT, XSEC_FULLVERSIONDOT, XMLTOOLING_FULLVERSIONDOT, OPENSAML_FULLVERSIONDOT, SHIBSP_FULLVERSIONDOT
);
#else
log.info(
- "Library versions: Xerces-C %s, XMLTooling-C %s, Shibboleth %s",
+ "Library versions: %s %s, Xerces-C %s, XMLTooling-C %s, Shibboleth %s",
+# if defined(LOG4SHIB_VERSION)
+ "log4shib", LOG4SHIB_VERSION,
+# elif defined(LOG4CPP_VERSION)
+ "log4cpp", LOG4CPP_VERSION,
+# else
+ "", "",
+# endif
XERCES_FULLVERSIONDOT, XMLTOOLING_FULLVERSIONDOT, SHIBSP_FULLVERSIONDOT
);
#endif
// Instantiate the ListenerService and SessionCache objects.
if (conf.isEnabled(SPConfig::Listener))
- doListener(e, log);
+ doListener(e, outer, log);
#ifndef SHIBSP_LITE
- if (m_outer->m_listener && conf.isEnabled(SPConfig::OutOfProcess) && !conf.isEnabled(SPConfig::InProcess)) {
- m_outer->m_listener->regListener("set::RelayState", const_cast<XMLConfig*>(m_outer));
- m_outer->m_listener->regListener("get::RelayState", const_cast<XMLConfig*>(m_outer));
- m_outer->m_listener->regListener("set::PostData", const_cast<XMLConfig*>(m_outer));
- m_outer->m_listener->regListener("get::PostData", const_cast<XMLConfig*>(m_outer));
+ if (outer->m_listener && conf.isEnabled(SPConfig::OutOfProcess) && !conf.isEnabled(SPConfig::InProcess)) {
+ outer->m_listener->regListener("set::RelayState", outer);
+ outer->m_listener->regListener("get::RelayState", outer);
+ outer->m_listener->regListener("set::PostData", outer);
+ outer->m_listener->regListener("get::PostData", outer);
}
#endif
if (conf.isEnabled(SPConfig::Caching))
- doCaching(e, log);
+ doCaching(e, outer, log);
} // end of first-time-only stuff
// Back to the fully dynamic stuff...next up is the RequestMapper.
}
if (first) {
-#ifdef SHIBSP_XMLSEC_WHITELISTING
- vector<xstring>::const_iterator alg;
if (!m_policy->getAlgorithmBlacklist().empty()) {
- for (alg = m_policy->getAlgorithmBlacklist().begin(); alg != m_policy->getAlgorithmBlacklist().end(); ++alg)
+#ifdef SHIBSP_XMLSEC_WHITELISTING
+ for (vector<xstring>::const_iterator alg = m_policy->getAlgorithmBlacklist().begin(); alg != m_policy->getAlgorithmBlacklist().end(); ++alg)
XSECPlatformUtils::blacklistAlgorithm(alg->c_str());
+#else
+ log.crit("XML-Security-C library prior to 1.6.0 does not support algorithm white/blacklists");
+#endif
}
else if (!m_policy->getAlgorithmWhitelist().empty()) {
- for (alg = m_policy->getAlgorithmWhitelist().begin(); alg != m_policy->getAlgorithmWhitelist().end(); ++alg)
+#ifdef SHIBSP_XMLSEC_WHITELISTING
+ for (vector<xstring>::const_iterator alg = m_policy->getAlgorithmWhitelist().begin(); alg != m_policy->getAlgorithmWhitelist().end(); ++alg)
XSECPlatformUtils::whitelistAlgorithm(alg->c_str());
- }
#else
- log.fatal("XML-Security-C library prior to 1.6.0 does not support algorithm white/blacklists");
- throw ConfigurationException("XML-Security-C library prior to 1.6.0 does not support algorithm white/blacklists.");
+ log.crit("XML-Security-C library prior to 1.6.0 does not support algorithm white/blacklists");
#endif
+ }
}
// Process TransportOption elements.
log.fatal("can't build default Application object, missing conf:ApplicationDefaults element?");
throw ConfigurationException("can't build default Application object, missing conf:ApplicationDefaults element?");
}
- XMLApplication* defapp = new XMLApplication(m_outer, pp, child);
+ XMLApplication* defapp = new XMLApplication(outer, pp, child);
m_appmap[defapp->getId()] = defapp;
// Load any overrides.
child = XMLHelper::getFirstChildElement(child, ApplicationOverride);
while (child) {
- auto_ptr<XMLApplication> iapp(new XMLApplication(m_outer, pp, child, defapp));
+ auto_ptr<XMLApplication> iapp(new XMLApplication(outer, pp, child, defapp));
if (m_appmap.count(iapp->getId()))
log.crit("found conf:ApplicationOverride element with duplicate id attribute (%s), skipping it", iapp->getId());
else {
child = XMLHelper::getNextSiblingElement(child, ApplicationOverride);
}
+
+ // Check for extra AuthTypes to recognize.
+ if (conf.isEnabled(SPConfig::InProcess)) {
+ const PropertySet* inprocs = getPropertySet("InProcess");
+ if (inprocs) {
+ pair<bool,const char*> extraAuthTypes = inprocs->getString("extraAuthTypes");
+ if (extraAuthTypes.first) {
+ string types=extraAuthTypes.second;
+ unsigned int j_types=0;
+ for (unsigned int i_types=0; i_types < types.length(); i_types++) {
+ if (types.at(i_types) == ' ') {
+ outer->m_authTypes.insert(types.substr(j_types, i_types - j_types));
+ j_types = i_types + 1;
+ }
+ }
+ outer->m_authTypes.insert(types.substr(j_types, types.length() - j_types));
+ }
+ }
+ }
}
catch (exception&) {
cleanup();