projects / shibboleth / cpp-sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Code for default security policy, make policyId optional.
[shibboleth/cpp-sp.git] / shibsp / impl / XMLSecurityPolicyProvider.cpp
diff --git a/shibsp/impl/XMLSecurityPolicyProvider.cpp b/shibsp/impl/XMLSecurityPolicyProvider.cpp
index 75e39c5..ac15595 100644 (file)
--- a/shibsp/impl/XMLSecurityPolicyProvider.cpp
+++ b/shibsp/impl/XMLSecurityPolicyProvider.cpp
@@ -74,6 +74,7 @@ namespace shibsp {
         DOMDocument* m_document;\r
         vector<xstring> m_whitelist,m_blacklist;\r
         map< string,pair< PropertySet*,vector<const SecurityPolicyRule*> > > m_policyMap;\r
+        map< string,pair< PropertySet*,vector<const SecurityPolicyRule*> > >::const_iterator m_defaultPolicy;\r
 \r
         friend class SHIBSP_DLLLOCAL XMLSecurityPolicyProvider;\r
     };\r
@@ -91,14 +92,18 @@ namespace shibsp {
             delete m_impl;\r
         }\r
 \r
-        const PropertySet* getPolicySettings(const char* id) const {\r
+        const PropertySet* getPolicySettings(const char* id=nullptr) const {\r
+            if (!id || !*id)\r
+                return m_impl->m_defaultPolicy->second.first;\r
             map<string,pair<PropertySet*,vector<const SecurityPolicyRule*> > >::const_iterator i = m_impl->m_policyMap.find(id);\r
             if (i != m_impl->m_policyMap.end())\r
                 return i->second.first;\r
             throw ConfigurationException("Security Policy ($1) not found, check <SecurityPolicies> element.", params(1,id));\r
         }\r
 \r
-        const vector<const SecurityPolicyRule*>& getPolicyRules(const char* id) const {\r
+        const vector<const SecurityPolicyRule*>& getPolicyRules(const char* id=nullptr) const {\r
+            if (!id || !*id)\r
+                return m_impl->m_defaultPolicy->second.second;\r
             map<string,pair<PropertySet*,vector<const SecurityPolicyRule*> > >::const_iterator i = m_impl->m_policyMap.find(id);\r
             if (i != m_impl->m_policyMap.end())\r
                 return i->second.second;\r
@@ -172,7 +177,8 @@ SecurityPolicy* SecurityPolicyProvider::createSecurityPolicy(
     return new SecurityPolicy(application, role, (validate.first && validate.second), policyId);\r
 }\r
 \r
-XMLSecurityPolicyProviderImpl::XMLSecurityPolicyProviderImpl(const DOMElement* e, Category& log) : m_document(nullptr)\r
+XMLSecurityPolicyProviderImpl::XMLSecurityPolicyProviderImpl(const DOMElement* e, Category& log)\r
+    : m_document(nullptr), m_defaultPolicy(m_policyMap.end())\r
 {\r
 #ifdef _DEBUG\r
     xmltooling::NDC ndc("XMLSecurityPolicyProviderImpl");\r
@@ -214,6 +220,10 @@ XMLSecurityPolicyProviderImpl::XMLSecurityPolicyProviderImpl(const DOMElement* e
         settings->load(e, nullptr, &filter);\r
         rules.first = settings.release();\r
 \r
+        // Set default policy if not set, or id is "default".\r
+        if (m_defaultPolicy == m_policyMap.end() || id == "default")\r
+            m_defaultPolicy = m_policyMap.find(id);\r
+\r
         // Process PolicyRule elements.\r
         const DOMElement* rule = XMLHelper::getFirstChildElement(e, PolicyRule);\r
         while (rule) {\r
@@ -253,6 +263,9 @@ XMLSecurityPolicyProviderImpl::XMLSecurityPolicyProviderImpl(const DOMElement* e
 \r
         e = XMLHelper::getNextSiblingElement(e, Policy);\r
     }\r
+\r
+    if (m_defaultPolicy == m_policyMap.end())\r
+        throw ConfigurationException("XML SecurityPolicyProvider requires at least one Policy.");\r
 }\r
 \r
 pair<bool,DOMElement*> XMLSecurityPolicyProvider::load(bool backup)\r
Unnamed repository; edit this file 'description' to name the repository.