2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 /* Metadata.h - glue classes that interface to metadata providers
26 #include <xmltooling/util/NDC.h>
28 using namespace shibboleth;
29 using namespace opensaml::saml2md;
33 AAP::AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace) : m_mapper(NULL), m_rule(NULL)
36 while (aaps.hasNext()) {
39 if (m_rule=m_mapper->lookup(attrName,attrNamespace)) {
47 AAP::AAP(const saml::Iterator<IAAP*>& aaps, const char* alias) : m_mapper(NULL), m_rule(NULL)
50 while (aaps.hasNext()) {
53 if (m_rule=m_mapper->lookup(alias)) {
69 void AAP::apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const RoleDescriptor* role)
72 xmltooling::NDC("apply");
74 log4cpp::Category& log=log4cpp::Category::getInstance(SHIB_LOGCAT".AAP");
76 // First check for no providers or AnyAttribute.
78 log.info("no filters specified, accepting entire assertion");
82 while (aaps.hasNext()) {
84 xmltooling::Locker locker(p);
85 if (p->anyAttribute()) {
86 log.info("any attribute enabled, accepting entire assertion");
91 // Check each statement.
92 const IAttributeRule* rule=NULL;
93 Iterator<SAMLStatement*> statements=assertion.getStatements();
94 for (unsigned int scount=0; scount < statements.size();) {
95 SAMLAttributeStatement* s=dynamic_cast<SAMLAttributeStatement*>(statements[scount]);
101 // Check each attribute, applying any matching rules.
102 Iterator<SAMLAttribute*> attrs=s->getAttributes();
103 for (unsigned long acount=0; acount < attrs.size();) {
104 SAMLAttribute* a=attrs[acount];
105 bool ruleFound=false;
107 while (aaps.hasNext()) {
109 xmltooling::Locker locker(i);
110 if (rule=i->lookup(a->getName(),a->getNamespace())) {
113 rule->apply(*a,role);
115 catch (SAMLException&) {
116 // The attribute is now defunct.
117 log.info("no values remain, removing attribute");
118 s->removeAttribute(acount--);
124 if (log.isWarnEnabled()) {
125 auto_ptr_char temp(a->getName());
126 log.warn("no rule found for attribute (%s), filtering it out",temp.get());
128 s->removeAttribute(acount--);
137 catch (SAMLException&) {
138 // The statement is now defunct.
139 log.info("no attributes remain, removing statement");
140 assertion.removeStatement(scount);
144 // Now see if we trashed it irrevocably.
145 assertion.checkValidity();