Not all modules can call doHandlePOST() from doCheckAuthN().

Add a flag so the module can decide whether to enable that.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@1334 cb58f699-b61c-0410-a6fe-9272a202ed29

diff --git a/apache/mod_apache.cpp b/apache/mod_apache.cpp
index bdd0df4..f290783 100644 (file)
--- a/apache/mod_apache.cpp
+++ b/apache/mod_apache.cpp
@@ -402,7 +402,7 @@ extern "C" int shib_check_user(request_rec* r)
     ShibTargetApache sta(r);
 
     // Check user authentication, the set the post handler bypass
-    pair<bool,void*> res = sta.doCheckAuthN((sta.m_dc->bRequireSession == 1));
+    pair<bool,void*> res = sta.doCheckAuthN((sta.m_dc->bRequireSession == 1), true);
     apr_pool_userdata_setn((const void*)42,g_UserDataKey,NULL,r->pool);
     if (res.first) return (int)res.second;
 

diff --git a/isapi_shib/isapi_shib.cpp b/isapi_shib/isapi_shib.cpp
index 4e0d2ad..9e15c04 100644 (file)
--- a/isapi_shib/isapi_shib.cpp
+++ b/isapi_shib/isapi_shib.cpp
@@ -510,11 +510,11 @@ extern "C" DWORD WINAPI HttpFilterProc(PHTTP_FILTER_CONTEXT pfc, DWORD notificat
        ShibTargetIsapiF stf(pfc, pn, map_i->second);
 
        // "false" because we don't override the Shib settings
-       pair<bool,void*> res = ste.doCheckAuthN(false);
+       pair<bool,void*> res = ste.doCheckAuthN();
        if (res.first) return (DWORD)res.second;
 
        // "false" because we don't override the Shib settings
-       res = ste.doExportAssertions(false);
+       res = ste.doExportAssertions();
        if (res.first) return (DWORD)res.second;
 
        res = ste.doCheckAuthZ();

diff --git a/shib-target/shib-target.cpp b/shib-target/shib-target.cpp
index b947c5d..7867b61 100644 (file)
--- a/shib-target/shib-target.cpp
+++ b/shib-target/shib-target.cpp
@@ -186,7 +186,7 @@ void ShibTarget::init(ShibTargetConfig *config,
 // The web server modules implement a subclass and then call into 
 // these methods once they instantiate their request object.
 pair<bool,void*>
-ShibTarget::doCheckAuthN(bool requireSessionFlag)
+ShibTarget::doCheckAuthN(bool requireSessionFlag, bool handlePost)
 {
   saml::NDC ndc("ShibTarget::doCheckAuthN");
 
@@ -203,8 +203,12 @@ ShibTarget::doCheckAuthN(bool requireSessionFlag)
     if (! shireURL)
       throw ShibTargetException(SHIBRPC_OK, "Cannot map target URL to Shire URL.  Check configuration");
 
-    if (strstr(targetURL,shireURL))
-      return doHandlePOST();
+    if (strstr(targetURL,shireURL)) {
+      if (handlePost)
+       return doHandlePOST();
+      else
+       return pair<bool,void*>(true, returnOK());
+    }
 
     string auth_type = getAuthType();
     if (strcasecmp(auth_type.c_str(),"shibboleth"))

diff --git a/shib-target/shib-target.h b/shib-target/shib-target.h
index a08e5cf..67cbad7 100644 (file)
--- a/shib-target/shib-target.h
+++ b/shib-target/shib-target.h
@@ -496,10 +496,19 @@ namespace shibtarget {
     //   is not valid, and the caller should continue processing (the API Call
     //   finished successfully).
     //
-    std::pair<bool,void*> doCheckAuthN(bool requireSession);
+    //   The arguments are all overrides..  The requireSession and
+    //   exportAssertion values passed in here are only used if the
+    //   settings resource is negative.
+    //
+    //   The handlePost argument declares whether doCheckAuthN() should
+    //   automatically call doHandlePOST() when it encounters a request for
+    //   the ShireURL;  if false it will call returnOK() instead.
+    //
+    std::pair<bool,void*> doCheckAuthN(bool requireSession = false,
+                                      bool handlePost = false);
     std::pair<bool,void*> doHandlePOST(void);
     std::pair<bool,void*> doCheckAuthZ(void);
-    std::pair<bool,void*> doExportAssertions(bool exportAssertion);
+    std::pair<bool,void*> doExportAssertions(bool exportAssertion = false);
 
     //**************************************************************************
     // These APIs are for backwards-compatibility.  Hopefully they can