X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2MessageRule.cpp;h=1c921f4446195e2f3ba070057933b070190e4fc8;hb=a0323c50525a6ff43795da2dc786e5aeaf726d41;hp=55caab5bcfadd2398db7461199aeee2c85bc671f;hpb=a004f9ad85aa0d4eb8d312c3f50cdff1b063ea96;p=shibboleth%2Fopensaml2.git diff --git a/saml/saml2/binding/impl/SAML2MessageRule.cpp b/saml/saml2/binding/impl/SAML2MessageRule.cpp index 55caab5..1c921f4 100644 --- a/saml/saml2/binding/impl/SAML2MessageRule.cpp +++ b/saml/saml2/binding/impl/SAML2MessageRule.cpp @@ -28,14 +28,14 @@ #include "saml2/metadata/MetadataProvider.h" #include "util/SAMLConstants.h" -#include +#include using namespace opensaml::saml2md; using namespace opensaml::saml2p; using namespace opensaml::saml2; using namespace opensaml; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; namespace opensaml { @@ -45,7 +45,10 @@ namespace opensaml { SAML2MessageRule(const DOMElement* e) {} virtual ~SAML2MessageRule() {} - void evaluate(const xmltooling::XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const; + const char* getType() const { + return SAML2MESSAGE_POLICY_RULE; + } + void evaluate(const XMLObject& message, const GenericRequest* request, const XMLCh* protocol, SecurityPolicy& policy) const; }; SecurityPolicyRule* SAML_DLLLOCAL SAML2MessageRuleFactory(const DOMElement* const & e) @@ -54,18 +57,20 @@ namespace opensaml { } }; -void SAML2MessageRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const +void SAML2MessageRule::evaluate( + const XMLObject& message, const GenericRequest* request, const XMLCh* protocol, SecurityPolicy& policy + ) const { - Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.SAML2Message"); - - const QName& q = message.getElementQName(); - policy.setMessageQName(&q); - + // Only handle SAML 2.0 protocol and 2.0 messages. + if (!XMLString::equals(protocol, samlconstants::SAML20P_NS)) + return; + const QName& q = message.getElementQName(); if (!XMLString::equals(q.getNamespaceURI(), samlconstants::SAML20P_NS)&& - !XMLString::equals(q.getNamespaceURI(), samlconstants::SAML20_NS)) { + !XMLString::equals(q.getNamespaceURI(), samlconstants::SAML20_NS)) return; - } + Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.SAML2Message"); + try { const saml2::RootObject& samlRoot = dynamic_cast(message); policy.setMessageID(samlRoot.getID()); @@ -116,7 +121,7 @@ void SAML2MessageRule::evaluate(const XMLObject& message, const GenericRequest* } log.debug("matched message issuer against metadata, searching for applicable role..."); - const RoleDescriptor* roledesc=entity->getRoleDescriptor(*policy.getRole(), samlconstants::SAML20P_NS); + const RoleDescriptor* roledesc=entity->getRoleDescriptor(*policy.getRole(), protocol); if (!roledesc) { log.warn("unable to find compatible role (%s) in metadata", policy.getRole()->toString().c_str()); return;