#include "attribute/Attribute.h"
#include <algorithm>
-#include <boost/scoped_ptr.hpp>
+#include <boost/bind.hpp>
#include <boost/algorithm/string.hpp>
-#include <boost/lambda/bind.hpp>
-#include <boost/lambda/lambda.hpp>
#include <boost/ptr_container/ptr_vector.hpp>
#include <xmltooling/unicode.h>
#include <xmltooling/util/ReloadableXMLFile.h>
using namespace shibsp;
using namespace xmltooling;
-using namespace boost::lambda;
using namespace boost;
using namespace std;
{
public:
XMLAccessControl(const DOMElement* e)
- : ReloadableXMLFile(e, Category::getInstance(SHIBSP_LOGCAT".AccessControl.XML")) {
+ : ReloadableXMLFile(e, Category::getInstance(SHIBSP_LOGCAT ".AccessControl.XML")) {
background_load(); // guarantees an exception or the policy is loaded
}
}
static const XMLCh _AccessControl[] = UNICODE_LITERAL_13(A,c,c,e,s,s,C,o,n,t,r,o,l);
+ static const XMLCh _Handler[] = UNICODE_LITERAL_7(H,a,n,d,l,e,r);
static const XMLCh ignoreCase[] = UNICODE_LITERAL_10(i,g,n,o,r,e,C,a,s,e);
static const XMLCh ignoreOption[] = UNICODE_LITERAL_1(i);
static const XMLCh _list[] = UNICODE_LITERAL_4(l,i,s,t);
{
if (m_alias.empty())
throw ConfigurationException("Access control rule missing require attribute");
+ if (!e->hasChildNodes())
+ return; // empty rule
- auto_arrayptr<char> vals(toUTF8(e->hasChildNodes() ? e->getFirstChild()->getNodeValue() : nullptr));
- if (!vals.get())
- return;
+ auto_arrayptr<char> vals(toUTF8(e->getTextContent()));
+ if (!vals.get() || !*vals.get())
+ throw ConfigurationException("Unable to convert Rule content into UTF-8.");
bool listflag = XMLHelper::getAttrBool(e, true, _list);
if (!listflag) {
- if (*vals.get())
- m_vals.insert(vals.get());
+ m_vals.insert(vals.get());
return;
}
string temp(vals.get());
+ trim(temp);
split(m_vals, temp, boost::is_space(), algorithm::token_compress_on);
+ if (m_vals.empty())
+ throw ConfigurationException("Rule did not contain any usable values.");
}
AccessControl::aclresult_t Rule::authorized(const SPRequest& request, const Session* session) const
request.log(SPRequest::SPWarn, string("rule requires attribute (") + m_alias + "), not found in session");
return shib_acl_false;
}
+ else if (m_vals.empty()) {
+ request.log(SPRequest::SPDebug, string("AccessControl plugin requires presence of attribute (") + m_alias + "), authz granted");
+ return shib_acl_true;
+ }
for (; attrs.first != attrs.second; ++attrs.first) {
bool caseSensitive = attrs.first->second->isCaseSensitive();
case OP_AND:
{
// Look for a rule that returns non-true.
+ for (ptr_vector<AccessControl>::const_iterator i = m_operands.begin(); i != m_operands.end(); ++i) {
+ if (i->authorized(request,session) != shib_acl_true)
+ return shib_acl_false;
+ }
+ return shib_acl_true;
+
ptr_vector<AccessControl>::const_iterator i = find_if(
m_operands.begin(), m_operands.end(),
- lambda::bind(&AccessControl::authorized, _1, boost::ref(request), session) != shib_acl_true
+ boost::bind(&AccessControl::authorized, _1, boost::cref(request), session) != shib_acl_true
);
return (i != m_operands.end()) ? shib_acl_false : shib_acl_true;
}
// Look for a rule that returns true.
ptr_vector<AccessControl>::const_iterator i = find_if(
m_operands.begin(), m_operands.end(),
- lambda::bind(&AccessControl::authorized, _1, boost::ref(request), session) == shib_acl_true
+ boost::bind(&AccessControl::authorized, _1, boost::cref(request), session) == shib_acl_true
);
return (i != m_operands.end()) ? shib_acl_true : shib_acl_false;
}
XercesJanitor<DOMDocument> docjanitor(raw.first ? raw.second->getOwnerDocument() : nullptr);
// Check for AccessControl wrapper and drop a level.
- if (XMLString::equals(raw.second->getLocalName(),_AccessControl))
+ if (XMLString::equals(raw.second->getLocalName(),_AccessControl)) {
+ raw.second = XMLHelper::getFirstChildElement(raw.second);
+ if (!raw.second)
+ throw ConfigurationException("No child element found in AccessControl parent element.");
+ }
+ else if (XMLString::equals(raw.second->getLocalName(),_Handler)) {
raw.second = XMLHelper::getFirstChildElement(raw.second);
+ if (!raw.second)
+ throw ConfigurationException("No child element found in Handler parent element.");
+ }
scoped_ptr<AccessControl> authz;
if (XMLString::equals(raw.second->getLocalName(),_Rule))