projects / shibboleth / cpp-sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Rework POST handling to avoid remoting data if handler doesn't run.
[shibboleth/cpp-sp.git] / shibsp / handler / impl / AssertionConsumerService.cpp
diff --git a/shibsp/handler/impl/AssertionConsumerService.cpp b/shibsp/handler/impl/AssertionConsumerService.cpp
index 8a4dae1..99a21da 100644 (file)
--- a/shibsp/handler/impl/AssertionConsumerService.cpp
+++ b/shibsp/handler/impl/AssertionConsumerService.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -147,18 +147,16 @@ pair<bool,long> AssertionConsumerService::processMessage(
     Locker metadataLocker(application.getMetadataProvider());
 
     // Create the policy.
-    shibsp::SecurityPolicy policy(application, &m_role, validate.first && validate.second);
+    shibsp::SecurityPolicy policy(application, &m_role, validate.first && validate.second, policyId.second);
 
     string relayState;
-    const char* m_template =  getString("postTemplate").second;
-
     try {
         // Decode the message and process it in a protocol-specific way.
         auto_ptr<XMLObject> msg(m_decoder->decode(relayState, httpRequest, policy));
         if (!msg.get())
             throw BindingException("Failed to decode an SSO protocol response.");
-        string postData;
-        recoverPostData(application, httpRequest, httpResponse, postData, relayState);
+        DDF postData = recoverPostData(application, httpRequest, httpResponse, relayState.c_str());
+        DDFJanitor postjan(postData);
         recoverRelayState(application, httpRequest, httpResponse, relayState);
         implementProtocol(application, httpRequest, httpResponse, policy, settings, *msg.get());
 
@@ -169,12 +167,14 @@ pair<bool,long> AssertionConsumerService::processMessage(
             maintainHistory(application, httpRequest, httpResponse, issuer.get());
 
         // Now redirect to the state value. By now, it should be set to *something* usable.
-        if (postData.empty()) {
-          m_log.debug("ACS returning via redirect to: %s", relayState.c_str());
-          return make_pair(true, httpResponse.sendRedirect(relayState.c_str()));
-        } else {
-          m_log.debug("ACS returning via post to: %s", relayState.c_str());
-          return make_pair(true,sendPostResponse(application, httpResponse, relayState, postData));
+        // First check for POST data.
+        if (!postData.islist()) {
+            m_log.debug("ACS returning via redirect to: %s", relayState.c_str());
+            return make_pair(true, httpResponse.sendRedirect(relayState.c_str()));
+        }
+        else {
+            m_log.debug("ACS returning via POST to: %s", relayState.c_str());
+            return make_pair(true, sendPostResponse(application, httpResponse, relayState.c_str(), postData));
         }
     }
     catch (XMLToolingException& ex) {
Unnamed repository; edit this file 'description' to name the repository.