/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
string getRemoteUser() const {
return string(SH_AP_USER(m_req) ? SH_AP_USER(m_req) : "");
}
+ void setAuthType(const char* authtype) {
+ if (authtype && m_dc->bBasicHijack == 1)
+ authtype = "Basic";
+ SH_AP_AUTH_TYPE(m_req) = authtype ? ap_pstrdup(m_req->pool, authtype) : NULL;
+ }
+ string getAuthType() const {
+ return string(SH_AP_AUTH_TYPE(m_req) ? SH_AP_AUTH_TYPE(m_req) : "");
+ }
void setContentType(const char* type) {
m_req->content_type = ap_psprintf(m_req->pool, type);
}
/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#define SH_AP_CONFIGFILE configfile_t
#define SH_AP_R(r) r
#define SH_AP_USER(r) r->connection->user
+#define SH_AP_AUTH_TYPE(r) r->connection->ap_auth_type
#ifdef WIN32
# define _USE_32BIT_TIME_T
/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#define SH_AP_R(r) 0,r
#define SH_AP_USER(r) r->user
+#define SH_AP_AUTH_TYPE(r) r->ap_auth_type
#define SERVER_ERROR HTTP_INTERNAL_SERVER_ERROR
#define REDIRECT HTTP_MOVED_TEMPORARILY
/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#define SH_AP_R(r) 0,r
#define SH_AP_USER(r) r->user
+#define SH_AP_AUTH_TYPE(r) r->ap_auth_type
#define SERVER_ERROR HTTP_INTERNAL_SERVER_ERROR
#define REDIRECT HTTP_MOVED_TEMPORARILY
/*\r
- * Copyright 2001-2007 Internet2\r
+ * Copyright 2001-2009 Internet2\r
*\r
* Licensed under the Apache License, Version 2.0 (the "License");\r
* you may not use this file except in compliance with the License.\r
}\r
return "";\r
}\r
+ void setAuthType(const char* authtype) {\r
+ if (authtype)\r
+ m_request_headers["AUTH_TYPE"] = authtype;\r
+ else\r
+ m_request_headers.erase("AUTH_TYPE");\r
+ }\r
+ string getAuthType() const {\r
+ map<string,string>::const_iterator i = m_request_headers.find("AUTH_TYPE");\r
+ if (i != m_request_headers.end())\r
+ return i->second;\r
+ else {\r
+ char* auth_type = FCGX_GetParam("AUTH_TYPE", m_req->envp);\r
+ if (auth_type)\r
+ return auth_type;\r
+ }\r
+ return "";\r
+ }\r
void setResponseHeader(const char* name, const char* value) {\r
// Set for later.\r
if (value)\r
/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const char* ru = pblock_findval("auth-user", m_rq->vars);
return ru ? ru : "";
}
+ void setAuthType(const char* authtype) {
+ param_free(pblock_remove("auth-type", m_rq->vars));
+ if (authtype)
+ pblock_nvinsert("auth-type", authtype, m_rq->vars);
+ }
+ string getAuthType() const {
+ const char* at = pblock_findval("auth-type", m_rq->vars);
+ return at ? at : "";
+ }
void setContentType(const char* type) {
// iPlanet seems to have a case folding problem.
param_free(pblock_remove("content-type", m_rq->srvhdrs));
// user authN was okay -- export the assertions now
param_free(pblock_remove("auth-user",rq->vars));
- // This seems to be required in order to eventually set
- // the auth-user var.
- pblock_nvinsert("auth-type","shibboleth",rq->vars);
-
res = stn.getServiceProvider().doExport(stn);
if (res.first) return (int)res.second;
/*
* Copyright 2001-2007 Internet2
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
/**
* @file shibsp/SPRequest.h
- *
- * Interface to server request being processed
+ *
+ * Interface to server request being processed
*/
#ifndef __shibsp_req_h__
#include <xmltooling/io/HTTPResponse.h>
namespace shibsp {
-
+
class SHIBSP_API Application;
class SHIBSP_API ServiceProvider;
class SHIBSP_API Session;
-
+
/**
* Interface to server request being processed
- *
+ *
* <p>To supply information from the surrounding web server environment,
* a shim must be supplied in the form of this interface to adapt the
* library to different proprietary server APIs.
- *
+ *
* <p>This interface need not be threadsafe.
*/
class SHIBSP_API SPRequest : public virtual xmltooling::HTTPRequest, public virtual xmltooling::HTTPResponse
SPRequest() {}
public:
virtual ~SPRequest() {}
-
+
/**
* Returns the locked ServiceProvider processing the request.
- *
+ *
* @return reference to ServiceProvider
*/
virtual const ServiceProvider& getServiceProvider() const=0;
/**
* Returns RequestMapper Settings associated with the request, guaranteed
* to be valid for the request's duration.
- *
+ *
* @return copy of settings
*/
virtual RequestMapper::Settings getRequestSettings() const=0;
-
+
/**
* Returns the Application governing the request.
- *
+ *
* @return reference to Application
*/
virtual const Application& getApplication() const=0;
/**
* Returns the effective base Handler URL for a resource,
* or the current request URL.
- *
+ *
* @param resource resource URL to compute handler for
* @return base location of handler
*/
* Returns a non-spoofable request header value, if possible.
* Platforms that support environment export can redirect header
* lookups by overriding this method.
- *
+ *
* @param name the name of the secure header to return
* @return the header's value, or an empty string
*/
/**
* Ensures no value exists for a request header.
- *
+ *
* @param rawname raw name of header to clear
* @param cginame CGI-equivalent name of header
*/
/**
* Sets a value for a request header.
- *
+ *
* @param name name of header to set
* @param value value to set
*/
/**
* Establish REMOTE_USER identity in request.
- *
+ *
* @param user REMOTE_USER value to set or NULL to clear
*/
virtual void setRemoteUser(const char* user)=0;
-
+
+ /**
+ * Establish AUTH_TYPE for request.
+ *
+ * @param authtype AUTH_TYPE value to set or NULL to clear
+ */
+ virtual void setAuthType(const char* authtype) {
+ }
+
/** Portable logging levels. */
enum SPLogLevel {
SPDebug,
/**
* Log to native server environment.
- *
+ *
* @param level logging level
* @param msg message to log
*/
/**
* Test logging level.
- *
+ *
* @param level logging level
* @return true iff logging level is enabled
*/
/**
* Indicates that processing was declined, meaning no action is required during this phase of processing.
- *
+ *
* @return a status code to pass back to the server-specific layer
- */
+ */
virtual long returnDecline()=0;
/**
* Indicates that processing was completed.
- *
+ *
* @return a status code to pass back to the server-specific layer
- */
+ */
virtual long returnOK()=0;
};
};
return initiator->run(request,false);
}
+ request.setAuthType("shibboleth");
+
// We're done. Everything is okay. Nothing to report. Nothing to do..
// Let the caller decide how to proceed.
log.debug("doAuthentication succeeded");