2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * ChainingAttributeResolver.cpp
24 * Chains together multiple AttributeResolver plugins.
28 #include "exceptions.h"
29 #include "Application.h"
30 #include "ServiceProvider.h"
31 #include "attribute/Attribute.h"
32 #include "attribute/resolver/AttributeResolver.h"
33 #include "attribute/resolver/ResolutionContext.h"
35 #include <boost/ptr_container/ptr_vector.hpp>
36 #include <xercesc/util/XMLUniDefs.hpp>
37 #include <saml/Assertion.h>
38 #include <xmltooling/util/XMLHelper.h>
40 using namespace shibsp;
41 using namespace opensaml::saml2;
42 using namespace opensaml::saml2md;
43 using namespace xmltooling;
44 using namespace boost;
49 struct SHIBSP_DLLLOCAL ChainingContext : public ResolutionContext
52 const Application& application,
53 const GenericRequest* request,
54 const EntityDescriptor* issuer,
55 const XMLCh* protocol,
57 const XMLCh* authncontext_class,
58 const XMLCh* authncontext_decl,
59 const vector<const opensaml::Assertion*>* tokens,
60 const vector<shibsp::Attribute*>* attributes
61 ) : m_app(application), m_request(request), m_issuer(issuer), m_protocol(protocol), m_nameid(nameid),
62 m_authclass(authncontext_class), m_authdecl(authncontext_decl), m_session(nullptr) {
64 m_tokens.assign(tokens->begin(), tokens->end());
66 m_attributes.assign(attributes->begin(), attributes->end());
69 ChainingContext(const Application& application, const Session& session)
70 : m_app(application), m_request(nullptr), m_issuer(nullptr), m_protocol(nullptr), m_nameid(nullptr),
71 m_authclass(nullptr), m_authdecl(nullptr), m_session(&session) {
75 for_each(m_ownedAttributes.begin(), m_ownedAttributes.end(), xmltooling::cleanup<shibsp::Attribute>());
76 for_each(m_ownedAssertions.begin(), m_ownedAssertions.end(), xmltooling::cleanup<opensaml::Assertion>());
79 vector<shibsp::Attribute*>& getResolvedAttributes() {
80 return m_ownedAttributes;
82 vector<opensaml::Assertion*>& getResolvedAssertions() {
83 return m_ownedAssertions;
86 vector<shibsp::Attribute*> m_ownedAttributes;
87 vector<opensaml::Assertion*> m_ownedAssertions;
89 const Application& m_app;
90 const GenericRequest* m_request;
91 const EntityDescriptor* m_issuer;
92 const XMLCh* m_protocol;
93 const NameID* m_nameid;
94 const XMLCh* m_authclass;
95 const XMLCh* m_authdecl;
96 vector<const opensaml::Assertion*> m_tokens;
97 vector<shibsp::Attribute*> m_attributes;
99 const Session* m_session;
102 class SHIBSP_DLLLOCAL ChainingAttributeResolver : public AttributeResolver
105 ChainingAttributeResolver(const DOMElement* e);
106 virtual ~ChainingAttributeResolver() {}
114 ResolutionContext* createResolutionContext(
115 const Application& application,
116 const EntityDescriptor* issuer,
117 const XMLCh* protocol,
118 const NameID* nameid=nullptr,
119 const XMLCh* authncontext_class=nullptr,
120 const XMLCh* authncontext_decl=nullptr,
121 const vector<const opensaml::Assertion*>* tokens=nullptr,
122 const vector<shibsp::Attribute*>* attributes=nullptr
124 // Make sure new method gets run.
125 return createResolutionContext(application, nullptr, issuer, protocol, nameid, authncontext_class, authncontext_decl, tokens, attributes);
128 ResolutionContext* createResolutionContext(
129 const Application& application,
130 const GenericRequest* request,
131 const EntityDescriptor* issuer,
132 const XMLCh* protocol,
133 const NameID* nameid=nullptr,
134 const XMLCh* authncontext_class=nullptr,
135 const XMLCh* authncontext_decl=nullptr,
136 const vector<const opensaml::Assertion*>* tokens=nullptr,
137 const vector<shibsp::Attribute*>* attributes=nullptr
139 return new ChainingContext(application, request, issuer, protocol, nameid, authncontext_class, authncontext_decl, tokens, attributes);
142 ResolutionContext* createResolutionContext(const Application& application, const Session& session) const {
143 return new ChainingContext(application, session);
146 void resolveAttributes(ResolutionContext& ctx) const;
148 void getAttributeIds(vector<string>& attributes) const {
149 for (ptr_vector<AttributeResolver>::iterator i = m_resolvers.begin(); i != m_resolvers.end(); ++i) {
150 Locker locker(&(*i));
151 i->getAttributeIds(attributes);
156 mutable ptr_vector<AttributeResolver> m_resolvers;
159 static const XMLCh _AttributeResolver[] = UNICODE_LITERAL_17(A,t,t,r,i,b,u,t,e,R,e,s,o,l,v,e,r);
160 static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
162 SHIBSP_DLLLOCAL PluginManager<AttributeResolver,string,const DOMElement*>::Factory QueryResolverFactory;
163 SHIBSP_DLLLOCAL PluginManager<AttributeResolver,string,const DOMElement*>::Factory SimpleAggregationResolverFactory;
165 AttributeResolver* SHIBSP_DLLLOCAL ChainingResolverFactory(const DOMElement* const & e)
167 return new ChainingAttributeResolver(e);
171 void SHIBSP_API shibsp::registerAttributeResolvers()
173 SPConfig::getConfig().AttributeResolverManager.registerFactory(QUERY_ATTRIBUTE_RESOLVER, QueryResolverFactory);
174 SPConfig::getConfig().AttributeResolverManager.registerFactory(SIMPLEAGGREGATION_ATTRIBUTE_RESOLVER, SimpleAggregationResolverFactory);
175 SPConfig::getConfig().AttributeResolverManager.registerFactory(CHAINING_ATTRIBUTE_RESOLVER, ChainingResolverFactory);
178 ResolutionContext::ResolutionContext()
182 ResolutionContext::~ResolutionContext()
186 AttributeResolver::AttributeResolver()
190 AttributeResolver::~AttributeResolver()
194 ResolutionContext* AttributeResolver::createResolutionContext(
195 const Application& application,
196 const GenericRequest* request,
197 const EntityDescriptor* issuer,
198 const XMLCh* protocol,
199 const NameID* nameid,
200 const XMLCh* authncontext_class,
201 const XMLCh* authncontext_decl,
202 const vector<const opensaml::Assertion*>* tokens,
203 const vector<shibsp::Attribute*>* attributes
206 // Default call into deprecated method.
207 return createResolutionContext(application, issuer, protocol, nameid, authncontext_class, authncontext_decl, tokens, attributes);
210 ResolutionContext* AttributeResolver::createResolutionContext(
211 const Application& application,
212 const EntityDescriptor* issuer,
213 const XMLCh* protocol,
214 const NameID* nameid,
215 const XMLCh* authncontext_class,
216 const XMLCh* authncontext_decl,
217 const vector<const opensaml::Assertion*>* tokens,
218 const vector<shibsp::Attribute*>* attributes
221 // Default for deprecated method.
222 throw ConfigurationException("Deprecated method implementation should always be overridden.");
226 ChainingAttributeResolver::ChainingAttributeResolver(const DOMElement* e)
228 SPConfig& conf = SPConfig::getConfig();
230 // Load up the chain of handlers.
231 e = XMLHelper::getFirstChildElement(e, _AttributeResolver);
233 string t(XMLHelper::getAttrString(e, nullptr, _type));
236 Category::getInstance(SHIBSP_LOGCAT".AttributeResolver."CHAINING_ATTRIBUTE_RESOLVER).info(
237 "building AttributeResolver of type (%s)...", t.c_str()
239 auto_ptr<AttributeResolver> np(conf.AttributeResolverManager.newPlugin(t.c_str(), e));
240 m_resolvers.push_back(np.get());
243 catch (exception& ex) {
244 Category::getInstance(SHIBSP_LOGCAT".AttributeResolver."CHAINING_ATTRIBUTE_RESOLVER).error(
245 "caught exception processing embedded AttributeResolver element: %s", ex.what()
249 e = XMLHelper::getNextSiblingElement(e, _AttributeResolver);
253 void ChainingAttributeResolver::resolveAttributes(ResolutionContext& ctx) const
255 ChainingContext& chain = dynamic_cast<ChainingContext&>(ctx);
256 for (ptr_vector<AttributeResolver>::iterator i = m_resolvers.begin(); i != m_resolvers.end(); ++i) {
258 Locker locker(&(*i));
259 scoped_ptr<ResolutionContext> context(
261 i->createResolutionContext(chain.m_app, *chain.m_session) :
262 i->createResolutionContext(
263 chain.m_app, chain.m_request, chain.m_issuer, chain.m_protocol, chain.m_nameid, chain.m_authclass, chain.m_authdecl, &chain.m_tokens, &chain.m_attributes
267 i->resolveAttributes(*context);
269 chain.m_attributes.insert(chain.m_attributes.end(), context->getResolvedAttributes().begin(), context->getResolvedAttributes().end());
270 chain.m_ownedAttributes.insert(chain.m_ownedAttributes.end(), context->getResolvedAttributes().begin(), context->getResolvedAttributes().end());
271 context->getResolvedAttributes().clear();
273 chain.m_tokens.insert(chain.m_tokens.end(), context->getResolvedAssertions().begin(), context->getResolvedAssertions().end());
274 chain.m_ownedAssertions.insert(chain.m_ownedAssertions.end(), context->getResolvedAssertions().begin(), context->getResolvedAssertions().end());
275 context->getResolvedAssertions().clear();
277 catch (exception& ex) {
278 Category::getInstance(SHIBSP_LOGCAT".AttributeResolver."CHAINING_ATTRIBUTE_RESOLVER).error(
279 "caught exception applying AttributeResolver in chain: %s", ex.what()