#include "SPConfig.h"\r
#include "SPRequest.h"\r
#include "TransactionLog.h"\r
+#include "attribute/filtering/AttributeFilter.h"\r
+#include "attribute/resolver/AttributeExtractor.h"\r
#include "attribute/resolver/AttributeResolver.h"\r
-#include "handler/Handler.h"\r
+#include "handler/SessionInitiator.h"\r
#include "remoting/ListenerService.h"\r
#include "security/PKIXTrustEngine.h"\r
#include "util/DOMPropertySet.h"\r
TrustEngine* getTrustEngine() const {\r
return (!m_trust && m_base) ? m_base->getTrustEngine() : m_trust;\r
}\r
+ AttributeExtractor* getAttributeExtractor() const {\r
+ return (!m_attrExtractor && m_base) ? m_base->getAttributeExtractor() : m_attrExtractor;\r
+ }\r
+ AttributeFilter* getAttributeFilter() const {\r
+ return (!m_attrFilter && m_base) ? m_base->getAttributeFilter() : m_attrFilter;\r
+ }\r
AttributeResolver* getAttributeResolver() const {\r
return (!m_attrResolver && m_base) ? m_base->getAttributeResolver() : m_attrResolver;\r
}\r
- const set<string>* getAttributeIds() const {\r
- return (m_attributeIds.empty() && m_base) ? m_base->getAttributeIds() : (m_attributeIds.empty() ? NULL : &m_attributeIds);\r
- }\r
CredentialResolver* getCredentialResolver() const {\r
return (!m_credResolver && m_base) ? m_base->getCredentialResolver() : m_credResolver;\r
}\r
const PropertySet* getRelyingParty(const EntityDescriptor* provider) const;\r
\r
- const Handler* getDefaultSessionInitiator() const;\r
- const Handler* getSessionInitiatorById(const char* id) const;\r
+ const SessionInitiator* getDefaultSessionInitiator() const;\r
+ const SessionInitiator* getSessionInitiatorById(const char* id) const;\r
const Handler* getDefaultAssertionConsumerService() const;\r
const Handler* getAssertionConsumerServiceByIndex(unsigned short index) const;\r
const vector<const Handler*>& getAssertionConsumerServicesByBinding(const XMLCh* binding) const;\r
string m_hash;\r
MetadataProvider* m_metadata;\r
TrustEngine* m_trust;\r
+ AttributeExtractor* m_attrExtractor;\r
+ AttributeFilter* m_attrFilter;\r
AttributeResolver* m_attrResolver;\r
CredentialResolver* m_credResolver;\r
vector<const XMLCh*> m_audiences;\r
- set<string> m_attributeIds;\r
\r
// manage handler objects\r
vector<Handler*> m_handlers;\r
#endif\r
ACSBindingMap m_acsBindingMap;\r
\r
- // maps unique ID strings to session initiators\r
- map<string,const Handler*> m_sessionInitMap;\r
-\r
// pointer to default session initiator\r
- const Handler* m_sessionInitDefault;\r
+ const SessionInitiator* m_sessionInitDefault;\r
+\r
+ // maps unique ID strings to session initiators\r
+ map<string,const SessionInitiator*> m_sessionInitMap;\r
\r
// RelyingParty properties\r
DOMPropertySet* m_partyDefault;\r
class SHIBSP_DLLLOCAL XMLConfigImpl : public DOMPropertySet, public DOMNodeFilter\r
{\r
public:\r
- XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer);\r
+ XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer, Category& log);\r
~XMLConfigImpl();\r
\r
RequestMapper* m_requestMapper;\r
class SHIBSP_DLLLOCAL XMLConfig : public ServiceProvider, public ReloadableXMLFile\r
{\r
public:\r
- XMLConfig(const DOMElement* e)\r
- : ReloadableXMLFile(e), m_impl(NULL), m_listener(NULL), m_sessionCache(NULL), m_tranLog(NULL) {\r
+ XMLConfig(const DOMElement* e) : ReloadableXMLFile(e, Category::getInstance(SHIBSP_LOGCAT".Config")),\r
+ m_impl(NULL), m_listener(NULL), m_sessionCache(NULL), m_tranLog(NULL) {\r
}\r
\r
void init() {\r
pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const {return m_impl->getXMLString(name,ns);}\r
pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const {return m_impl->getUnsignedInt(name,ns);}\r
pair<bool,int> getInt(const char* name, const char* ns=NULL) const {return m_impl->getInt(name,ns);}\r
- const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:sp:config:2.0") const {return m_impl->getPropertySet(name,ns);}\r
+ const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:2.0:native:sp:config") const {return m_impl->getPropertySet(name,ns);}\r
const DOMElement* getElement() const {return m_impl->getElement();}\r
\r
// ServiceProvider\r
static const XMLCh _Application[] = UNICODE_LITERAL_11(A,p,p,l,i,c,a,t,i,o,n);\r
static const XMLCh Applications[] = UNICODE_LITERAL_12(A,p,p,l,i,c,a,t,i,o,n,s);\r
static const XMLCh _ArtifactMap[] = UNICODE_LITERAL_11(A,r,t,i,f,a,c,t,M,a,p);\r
+ static const XMLCh _AttributeExtractor[] = UNICODE_LITERAL_18(A,t,t,r,i,b,u,t,e,E,x,t,r,a,c,t,o,r);\r
+ static const XMLCh _AttributeFilter[] = UNICODE_LITERAL_15(A,t,t,r,i,b,u,t,e,F,i,l,t,e,r);\r
static const XMLCh _AttributeResolver[] = UNICODE_LITERAL_17(A,t,t,r,i,b,u,t,e,R,e,s,o,l,v,e,r);\r
static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);\r
static const XMLCh DefaultRelyingParty[] = UNICODE_LITERAL_19(D,e,f,a,u,l,t,R,e,l,y,i,n,g,P,a,r,t,y);\r
static const XMLCh Rule[] = UNICODE_LITERAL_4(R,u,l,e);\r
static const XMLCh SecurityPolicies[] = UNICODE_LITERAL_16(S,e,c,u,r,i,t,y,P,o,l,i,c,i,e,s);\r
static const XMLCh _SessionCache[] = UNICODE_LITERAL_12(S,e,s,s,i,o,n,C,a,c,h,e);\r
- static const XMLCh SessionInitiator[] = UNICODE_LITERAL_16(S,e,s,s,i,o,n,I,n,i,t,i,a,t,o,r);\r
+ static const XMLCh _SessionInitiator[] = UNICODE_LITERAL_16(S,e,s,s,i,o,n,I,n,i,t,i,a,t,o,r);\r
static const XMLCh _StorageService[] = UNICODE_LITERAL_14(S,t,o,r,a,g,e,S,e,r,v,i,c,e);\r
static const XMLCh TCPListener[] = UNICODE_LITERAL_11(T,C,P,L,i,s,t,e,n,e,r);\r
static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);\r
const ServiceProvider* sp,\r
const DOMElement* e,\r
const XMLApplication* base\r
- ) : m_sp(sp), m_base(base), m_metadata(NULL), m_trust(NULL), m_attrResolver(NULL), m_credResolver(NULL),\r
- m_partyDefault(NULL), m_sessionInitDefault(NULL), m_acsDefault(NULL)\r
+ ) : m_sp(sp), m_base(base), m_metadata(NULL), m_trust(NULL), m_attrExtractor(NULL), m_attrFilter(NULL), m_attrResolver(NULL),\r
+ m_credResolver(NULL), m_partyDefault(NULL), m_sessionInitDefault(NULL), m_acsDefault(NULL)\r
{\r
#ifdef _DEBUG\r
xmltooling::NDC ndc("XMLApplication");\r
m_hash+=getString("entityID").second;\r
m_hash=samlConf.hashSHA1(m_hash.c_str(), true);\r
\r
- pair<bool,const char*> attributes = getString("attributeIds");\r
- if (attributes.first) {\r
- char* dup = strdup(attributes.second);\r
- char* pos;\r
- char* start = dup;\r
- while (start && *start) {\r
- while (*start && isspace(*start))\r
- start++;\r
- if (!*start)\r
- break;\r
- pos = strchr(start,' ');\r
- if (pos)\r
- *pos=0;\r
- m_attributeIds.insert(start);\r
- start = pos ? pos+1 : NULL;\r
- }\r
- free(dup);\r
- }\r
-\r
const PropertySet* sessions = getPropertySet("Sessions");\r
\r
// Process handlers.\r
m_acsDefault=handler;\r
}\r
}\r
- else if (XMLString::equals(child->getLocalName(),SessionInitiator)) {\r
+ else if (XMLString::equals(child->getLocalName(),_SessionInitiator)) {\r
auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
if (!type.get() || !*(type.get())) {\r
log.warn("SessionInitiator element has no type attribute, skipping it...");\r
child = XMLHelper::getNextSiblingElement(child);\r
continue;\r
}\r
- handler=conf.SessionInitiatorManager.newPlugin(type.get(),make_pair(child, getId()));\r
+ SessionInitiator* sihandler=conf.SessionInitiatorManager.newPlugin(type.get(),make_pair(child, getId()));\r
+ handler=sihandler;\r
pair<bool,const char*> si_id=handler->getString("id");\r
if (si_id.first && si_id.second)\r
- m_sessionInitMap[si_id.second]=handler;\r
+ m_sessionInitMap[si_id.second]=sihandler;\r
if (!hardSessionInit) {\r
pair<bool,bool> defprop=handler->getBool("isDefault");\r
if (defprop.first) {\r
if (defprop.second) {\r
hardSessionInit=true;\r
- m_sessionInitDefault=handler;\r
+ m_sessionInitDefault=sihandler;\r
}\r
}\r
else if (!m_sessionInitDefault)\r
- m_sessionInitDefault=handler;\r
+ m_sessionInitDefault=sihandler;\r
}\r
}\r
else if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,SingleLogoutService::LOCAL_NAME)) {\r
}\r
\r
if (conf.isEnabled(SPConfig::AttributeResolution)) {\r
+ child = XMLHelper::getFirstChildElement(e,_AttributeExtractor);\r
+ if (child) {\r
+ auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ log.info("building AttributeExtractor of type %s...",type.get());\r
+ try {\r
+ m_attrExtractor = conf.AttributeExtractorManager.newPlugin(type.get(),child);\r
+ }\r
+ catch (exception& ex) {\r
+ log.crit("error building AttributeExtractor: %s", ex.what());\r
+ }\r
+ }\r
+\r
+ child = XMLHelper::getFirstChildElement(e,_AttributeFilter);\r
+ if (child) {\r
+ auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ log.info("building AttributeFilter of type %s...",type.get());\r
+ try {\r
+ m_attrFilter = conf.AttributeFilterManager.newPlugin(type.get(),child);\r
+ }\r
+ catch (exception& ex) {\r
+ log.crit("error building AttributeFilter: %s", ex.what());\r
+ }\r
+ }\r
+\r
child = XMLHelper::getFirstChildElement(e,_AttributeResolver);\r
if (child) {\r
auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
for_each(m_handlers.begin(),m_handlers.end(),xmltooling::cleanup<Handler>());\r
delete m_credResolver;\r
delete m_attrResolver;\r
+ delete m_attrFilter;\r
+ delete m_attrExtractor;\r
delete m_trust;\r
delete m_metadata;\r
}\r
XMLString::equals(name,AssertionConsumerService::LOCAL_NAME) ||\r
XMLString::equals(name,SingleLogoutService::LOCAL_NAME) ||\r
XMLString::equals(name,ManageNameIDService::LOCAL_NAME) ||\r
- XMLString::equals(name,SessionInitiator) ||\r
+ XMLString::equals(name,_SessionInitiator) ||\r
XMLString::equals(name,DefaultRelyingParty) ||\r
XMLString::equals(name,RelyingParty) ||\r
XMLString::equals(name,_MetadataProvider) ||\r
XMLString::equals(name,_TrustEngine) ||\r
XMLString::equals(name,_CredentialResolver) ||\r
+ XMLString::equals(name,_AttributeFilter) ||\r
+ XMLString::equals(name,_AttributeExtractor) ||\r
XMLString::equals(name,_AttributeResolver))\r
return FILTER_REJECT;\r
\r
return m_partyDefault;\r
}\r
\r
-const Handler* XMLApplication::getDefaultSessionInitiator() const\r
+const SessionInitiator* XMLApplication::getDefaultSessionInitiator() const\r
{\r
if (m_sessionInitDefault) return m_sessionInitDefault;\r
return m_base ? m_base->getDefaultSessionInitiator() : NULL;\r
}\r
\r
-const Handler* XMLApplication::getSessionInitiatorById(const char* id) const\r
+const SessionInitiator* XMLApplication::getSessionInitiatorById(const char* id) const\r
{\r
- map<string,const Handler*>::const_iterator i=m_sessionInitMap.find(id);\r
+ map<string,const SessionInitiator*>::const_iterator i=m_sessionInitMap.find(id);\r
if (i!=m_sessionInitMap.end()) return i->second;\r
return m_base ? m_base->getSessionInitiatorById(id) : NULL;\r
}\r
}\r
}\r
\r
-XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer) : m_requestMapper(NULL), m_outer(outer), m_document(NULL)\r
+XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer, Category& log)\r
+ : m_requestMapper(NULL), m_outer(outer), m_document(NULL)\r
{\r
#ifdef _DEBUG\r
xmltooling::NDC ndc("XMLConfigImpl");\r
#endif\r
- Category& log=Category::getInstance(SHIBSP_LOGCAT".Config");\r
\r
try {\r
SPConfig& conf=SPConfig::getConfig();\r
// If we own it, wrap it.\r
XercesJanitor<DOMDocument> docjanitor(raw.first ? raw.second->getOwnerDocument() : NULL);\r
\r
- XMLConfigImpl* impl = new XMLConfigImpl(raw.second,(m_impl==NULL),this);\r
+ XMLConfigImpl* impl = new XMLConfigImpl(raw.second,(m_impl==NULL),this,m_log);\r
\r
// If we held the document, transfer it to the impl. If we didn't, it's a no-op.\r
impl->setDocument(docjanitor.release());\r