-/*
- * Copyright 2009-2010 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
#include "SPRequest.h"
#include <algorithm>
+#include <boost/ptr_container/ptr_vector.hpp>
#include <xmltooling/unicode.h>
#include <xmltooling/util/XMLHelper.h>
#include <xercesc/util/XMLUniDefs.hpp>
using namespace shibsp;
using namespace xmltooling;
+using namespace boost;
using namespace std;
namespace shibsp {
public:
ChainingAccessControl(const DOMElement* e);
- ~ChainingAccessControl() {
- for_each(m_ac.begin(), m_ac.end(), xmltooling::cleanup<AccessControl>());
- }
+ ~ChainingAccessControl() {}
Lockable* lock() {
- for_each(m_ac.begin(), m_ac.end(), mem_fun<Lockable*,Lockable>(&Lockable::lock));
+ for_each(m_ac.begin(), m_ac.end(), mem_fun_ref<Lockable*,Lockable>(&Lockable::lock));
return this;
}
void unlock() {
- for_each(m_ac.begin(), m_ac.end(), mem_fun<void,Lockable>(&Lockable::unlock));
+ for_each(m_ac.begin(), m_ac.end(), mem_fun_ref<void,Lockable>(&Lockable::unlock));
}
aclresult_t authorized(const SPRequest& request, const Session* session) const;
private:
enum operator_t { OP_AND, OP_OR } m_op;
- vector<AccessControl*> m_ac;
+ ptr_vector<AccessControl> m_ac;
};
AccessControl* SHIBSP_DLLLOCAL ChainingAccessControlFactory(const DOMElement* const & e)
{
}
-ChainingAccessControl::ChainingAccessControl(const DOMElement* e)
+ChainingAccessControl::ChainingAccessControl(const DOMElement* e) : m_op(OP_AND)
{
const XMLCh* op = e ? e->getAttributeNS(nullptr, _operator) : nullptr;
- if (XMLString::equals(op, AND))
- m_op=OP_AND;
- else if (XMLString::equals(op, OR))
- m_op=OP_OR;
- else
+ if (XMLString::equals(op, OR))
+ m_op = OP_OR;
+ else if (op && *op && !XMLString::equals(op, AND))
throw ConfigurationException("Missing or unrecognized operator in Chaining AccessControl configuration.");
- try {
- e = e ? XMLHelper::getFirstChildElement(e, _AccessControl) : nullptr;
- while (e) {
- auto_ptr_char type(e->getAttributeNS(nullptr, _type));
- if (type.get() && *type.get()) {
- Category::getInstance(SHIBSP_LOGCAT".AccessControl.Chaining").info("building AccessControl provider of type (%s)...", type.get());
- m_ac.push_back(SPConfig::getConfig().AccessControlManager.newPlugin(type.get(), e));
- }
- e = XMLHelper::getNextSiblingElement(e, _AccessControl);
+ e = XMLHelper::getFirstChildElement(e, _AccessControl);
+ while (e) {
+ string t(XMLHelper::getAttrString(e, nullptr, _type));
+ if (!t.empty()) {
+ Category::getInstance(SHIBSP_LOGCAT ".AccessControl.Chaining").info("building AccessControl provider of type (%s)...", t.c_str());
+ auto_ptr<AccessControl> np(SPConfig::getConfig().AccessControlManager.newPlugin(t.c_str(), e));
+ m_ac.push_back(np.get());
+ np.release();
}
- }
- catch (exception&) {
- for_each(m_ac.begin(), m_ac.end(), xmltooling::cleanup<AccessControl>());
- throw;
+ e = XMLHelper::getNextSiblingElement(e, _AccessControl);
}
if (m_ac.empty())
throw ConfigurationException("Chaining AccessControl plugin requires at least one child plugin.");
switch (m_op) {
case OP_AND:
{
- for (vector<AccessControl*>::const_iterator i=m_ac.begin(); i!=m_ac.end(); ++i) {
- if ((*i)->authorized(request, session) != shib_acl_true)
+ for (ptr_vector<AccessControl>::const_iterator i = m_ac.begin(); i != m_ac.end(); ++i) {
+ if (i->authorized(request, session) != shib_acl_true) {
+ request.log(SPRequest::SPDebug, "embedded AccessControl plugin unsuccessful, denying access");
return shib_acl_false;
+ }
}
return shib_acl_true;
}
case OP_OR:
{
- for (vector<AccessControl*>::const_iterator i=m_ac.begin(); i!=m_ac.end(); ++i) {
- if ((*i)->authorized(request,session) == shib_acl_true)
+ for (ptr_vector<AccessControl>::const_iterator i = m_ac.begin(); i != m_ac.end(); ++i) {
+ if (i->authorized(request,session) == shib_acl_true)
return shib_acl_true;
}
+ request.log(SPRequest::SPDebug, "all embedded AccessControl plugins unsuccessful, denying access");
return shib_acl_false;
}
}