return false;\r
}\r
\r
- // Find the attribute matching the require rule.\r
- map<string,const Attribute*>::const_iterator attr = session->getAttributes().find(m_alias);\r
- if (attr == session->getAttributes().end()) {\r
+ // Find the attribute(s) matching the require rule.\r
+ pair<multimap<string,Attribute*>::const_iterator, multimap<string,Attribute*>::const_iterator> attrs =\r
+ session->getAttributes().equal_range(m_alias);\r
+ if (attrs.first == attrs.second) {\r
request.log(SPRequest::SPWarn, string("rule requires attribute (") + m_alias + "), not found in session");\r
return false;\r
}\r
\r
- bool caseSensitive = attr->second->isCaseSensitive();\r
+ for (; attrs.first != attrs.second; ++attrs.first) {\r
+ bool caseSensitive = attrs.first->second->isCaseSensitive();\r
\r
- // Now we have to intersect the attribute's values against the rule's list.\r
- const vector<string>& vals = attr->second->getSerializedValues();\r
- for (vector<string>::const_iterator i=m_vals.begin(); i!=m_vals.end(); ++i) {\r
- for (vector<string>::const_iterator j=vals.begin(); j!=vals.end(); ++j) {\r
- if ((caseSensitive && *i == *j) || (!caseSensitive && !strcasecmp(i->c_str(),j->c_str()))) {\r
- request.log(SPRequest::SPDebug, string("AccessControl plugin expecting ") + *j + ", authz granted");\r
- return true;\r
+ // Now we have to intersect the attribute's values against the rule's list.\r
+ const vector<string>& vals = attrs.first->second->getSerializedValues();\r
+ for (vector<string>::const_iterator i=m_vals.begin(); i!=m_vals.end(); ++i) {\r
+ for (vector<string>::const_iterator j=vals.begin(); j!=vals.end(); ++j) {\r
+ if ((caseSensitive && *i == *j) || (!caseSensitive && !strcasecmp(i->c_str(),j->c_str()))) {\r
+ request.log(SPRequest::SPDebug, string("AccessControl plugin expecting ") + *j + ", authz granted");\r
+ return true;\r
+ }\r
}\r
}\r
}\r
projects / shibboleth / sp.git / blobdiff