X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=shibsp%2Fimpl%2FChainingAccessControl.cpp;h=92f972dda281c404c3188a01b555e302b6e332b8;hb=c51bfd77603cf0ddb0b5e374c35586a8435895d6;hp=6feafda1b7589cbe379928f2477096c585880e83;hpb=9e7f48f80953e4a1a0462ebc88827946716bdec7;p=shibboleth%2Fcpp-sp.git diff --git a/shibsp/impl/ChainingAccessControl.cpp b/shibsp/impl/ChainingAccessControl.cpp index 6feafda..92f972d 100644 --- a/shibsp/impl/ChainingAccessControl.cpp +++ b/shibsp/impl/ChainingAccessControl.cpp @@ -1,17 +1,21 @@ -/* - * Copyright 2009 Internet2 +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -27,12 +31,14 @@ #include "SPRequest.h" #include +#include #include #include #include using namespace shibsp; using namespace xmltooling; +using namespace boost; using namespace std; namespace shibsp { @@ -42,23 +48,21 @@ namespace shibsp { public: ChainingAccessControl(const DOMElement* e); - ~ChainingAccessControl() { - for_each(m_ac.begin(), m_ac.end(), xmltooling::cleanup()); - } + ~ChainingAccessControl() {} Lockable* lock() { - for_each(m_ac.begin(), m_ac.end(), mem_fun(&Lockable::lock)); + for_each(m_ac.begin(), m_ac.end(), mem_fun_ref(&Lockable::lock)); return this; } void unlock() { - for_each(m_ac.begin(), m_ac.end(), mem_fun(&Lockable::unlock)); + for_each(m_ac.begin(), m_ac.end(), mem_fun_ref(&Lockable::unlock)); } aclresult_t authorized(const SPRequest& request, const Session* session) const; private: enum operator_t { OP_AND, OP_OR } m_op; - vector m_ac; + ptr_vector m_ac; }; AccessControl* SHIBSP_DLLLOCAL ChainingAccessControlFactory(const DOMElement* const & e) @@ -91,30 +95,24 @@ AccessControl::~AccessControl() { } -ChainingAccessControl::ChainingAccessControl(const DOMElement* e) +ChainingAccessControl::ChainingAccessControl(const DOMElement* e) : m_op(OP_AND) { - const XMLCh* op = e ? e->getAttributeNS(NULL, _operator) : NULL; - if (XMLString::equals(op, AND)) - m_op=OP_AND; - else if (XMLString::equals(op, OR)) - m_op=OP_OR; - else + const XMLCh* op = e ? e->getAttributeNS(nullptr, _operator) : nullptr; + if (XMLString::equals(op, OR)) + m_op = OP_OR; + else if (op && *op && !XMLString::equals(op, AND)) throw ConfigurationException("Missing or unrecognized operator in Chaining AccessControl configuration."); - try { - e = e ? XMLHelper::getFirstChildElement(e, _AccessControl) : NULL; - while (e) { - auto_ptr_char type(e->getAttributeNS(NULL, _type)); - if (type.get() && *type.get()) { - Category::getInstance(SHIBSP_LOGCAT".AccessControl.Chaining").info("building AccessControl provider of type (%s)...", type.get()); - m_ac.push_back(SPConfig::getConfig().AccessControlManager.newPlugin(type.get(), e)); - } - e = XMLHelper::getNextSiblingElement(e, _AccessControl); + e = XMLHelper::getFirstChildElement(e, _AccessControl); + while (e) { + string t(XMLHelper::getAttrString(e, nullptr, _type)); + if (!t.empty()) { + Category::getInstance(SHIBSP_LOGCAT ".AccessControl.Chaining").info("building AccessControl provider of type (%s)...", t.c_str()); + auto_ptr np(SPConfig::getConfig().AccessControlManager.newPlugin(t.c_str(), e)); + m_ac.push_back(np.get()); + np.release(); } - } - catch (exception&) { - for_each(m_ac.begin(), m_ac.end(), xmltooling::cleanup()); - throw; + e = XMLHelper::getNextSiblingElement(e, _AccessControl); } if (m_ac.empty()) throw ConfigurationException("Chaining AccessControl plugin requires at least one child plugin."); @@ -125,19 +123,22 @@ AccessControl::aclresult_t ChainingAccessControl::authorized(const SPRequest& re switch (m_op) { case OP_AND: { - for (vector::const_iterator i=m_ac.begin(); i!=m_ac.end(); ++i) { - if ((*i)->authorized(request, session) != shib_acl_true) + for (ptr_vector::const_iterator i = m_ac.begin(); i != m_ac.end(); ++i) { + if (i->authorized(request, session) != shib_acl_true) { + request.log(SPRequest::SPDebug, "embedded AccessControl plugin unsuccessful, denying access"); return shib_acl_false; + } } return shib_acl_true; } case OP_OR: { - for (vector::const_iterator i=m_ac.begin(); i!=m_ac.end(); ++i) { - if ((*i)->authorized(request,session) == shib_acl_true) + for (ptr_vector::const_iterator i = m_ac.begin(); i != m_ac.end(); ++i) { + if (i->authorized(request,session) == shib_acl_true) return shib_acl_true; } + request.log(SPRequest::SPDebug, "all embedded AccessControl plugins unsuccessful, denying access"); return shib_acl_false; } }