X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fprofile%2Fimpl%2FDelegationRestrictionRule.cpp;h=66e92a7c3c02c737f180cc4ac733f5f066264834;hb=b200befa360fe74b3b8865a654f54a6647723755;hp=27274aaab34db768a08fce244cfea84941f53b89;hpb=16d5976c9821b70d95675983702e0032d8769467;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/profile/impl/DelegationRestrictionRule.cpp b/saml/saml2/profile/impl/DelegationRestrictionRule.cpp index 27274aa..66e92a7 100644 --- a/saml/saml2/profile/impl/DelegationRestrictionRule.cpp +++ b/saml/saml2/profile/impl/DelegationRestrictionRule.cpp @@ -1,17 +1,21 @@ -/* - * Copyright 2009-2010 Internet2 +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -27,6 +31,7 @@ #include "util/SAMLConstants.h" #include +#include #include #include #include @@ -35,6 +40,7 @@ using namespace opensaml::saml2; using namespace opensaml; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost; using namespace std; namespace opensaml { @@ -45,7 +51,6 @@ namespace opensaml { DelegationRestrictionRule(const DOMElement* e); virtual ~DelegationRestrictionRule() { - for_each(m_delegates.begin(), m_delegates.end(), xmltooling::cleanup()); } const char* getType() const { return DELEGATION_POLICY_RULE; @@ -53,7 +58,7 @@ namespace opensaml { bool evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const; private: - vector m_delegates; + ptr_vector m_delegates; enum { MATCH_ANY, MATCH_NEWEST, @@ -89,21 +94,21 @@ namespace opensaml { _isSameDelegate(const Delegate* d) : m_operand(d) {} // d1 is the input from the message, d2 is from the policy - bool operator()(const Delegate* d1, const Delegate* d2) const { + bool operator()(const Delegate* d1, const Delegate& d2) const { if (!d1->getNameID()) { Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.DelegationRestriction").error( "rule doesn't support evaluation of BaseID or EncryptedID in a Delegate" ); return false; } - if (!d2->getConfirmationMethod() || XMLString::equals(d1->getConfirmationMethod(), d2->getConfirmationMethod())) { - return matches(d1->getNameID(), d2->getNameID()); + if (!d2.getConfirmationMethod() || XMLString::equals(d1->getConfirmationMethod(), d2.getConfirmationMethod())) { + return matches(d1->getNameID(), d2.getNameID()); } return false; } // d is from the policy - bool operator()(const Delegate* d) const { + bool operator()(const Delegate& d) const { return this->operator()(m_operand, d); } }; @@ -128,21 +133,15 @@ DelegationRestrictionRule::DelegationRestrictionRule(const DOMElement* e) else if (m && *m && !XMLString::equals(m, any)) throw SecurityPolicyException("Invalid value for \"match\" attribute in Delegation rule."); - try { - DOMElement* d = XMLHelper::getFirstChildElement(e, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME); - while (d) { - auto_ptr wrapper(XMLObjectBuilder::buildOneFromElement(d)); - Delegate* down = dynamic_cast(wrapper.get()); - if (down) { - m_delegates.push_back(down); - wrapper.release(); - } - d = XMLHelper::getNextSiblingElement(d, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME); + DOMElement* d = XMLHelper::getFirstChildElement(e, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME); + while (d) { + auto_ptr wrapper(XMLObjectBuilder::buildOneFromElement(d)); + Delegate* down = dynamic_cast(wrapper.get()); + if (down) { + m_delegates.push_back(down); + wrapper.release(); } - } - catch (exception&) { - for_each(m_delegates.begin(), m_delegates.end(), xmltooling::cleanup()); - throw; + d = XMLHelper::getNextSiblingElement(d, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME); } } }