Merge pushed attributes into resolution context.

author cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>

Mon, 20 Aug 2007 22:20:51 +0000 (22:20 +0000)

committer cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>

Mon, 20 Aug 2007 22:20:51 +0000 (22:20 +0000)
author cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Mon, 20 Aug 2007 22:20:51 +0000 (22:20 +0000)
committer cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Mon, 20 Aug 2007 22:20:51 +0000 (22:20 +0000)
diff --git a/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp b/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp

index e7915c4..2b5621d 100644 (file)
--- a/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp
+++ b/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp
@@ -78,6 +78,9 @@ namespace shibsp {
          void extractAttributes(
              const Application& application, const char* assertingParty, const saml2::Attribute& attr, vector<Attribute*>& attributes
              ) const;
+        void extractAttributes(
+            const Application& application, const char* assertingParty, const Extensions& ext, vector<Attribute*>& attributes
+            ) const;
  
          void getAttributeIds(vector<string>& attributes) const {
              attributes.insert(attributes.end(), m_attributeIds.begin(), m_attributeIds.end());
@@ -365,6 +368,18 @@ void XMLExtractorImpl::extractAttributes(
      }
  }
  
+void XMLExtractorImpl::extractAttributes(
+    const Application& application, const char* assertingParty, const Extensions& ext, vector<Attribute*>& attributes
+    ) const
+{
+    const vector<XMLObject*> exts = ext.getUnknownXMLObjects();
+    for (vector<XMLObject*>::const_iterator i = exts.begin(); i!=exts.end(); ++i) {
+        const saml2::Attribute* attr = dynamic_cast<const saml2::Attribute*>(*i);
+        if (attr)
+            extractAttributes(application, assertingParty, *attr, attributes);
+    }
+}
+
  void XMLExtractor::extractAttributes(
      const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, vector<Attribute*>& attributes
      ) const
@@ -405,6 +420,25 @@ void XMLExtractor::extractAttributes(
          throw AttributeExtractionException("Unable to extract attributes, unknown object type.");
      }
  
+    // Check for metadata.
+    if (XMLString::equals(xmlObject.getElementQName().getNamespaceURI(), samlconstants::SAML20MD_NS)) {
+        const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(&xmlObject);
+        if (!entity)
+            throw AttributeExtractionException("Unable to extract attributes, unknown metadata object type.");
+        auto_ptr_char assertingParty(issuer ? dynamic_cast<const EntityDescriptor*>(issuer->getParent())->getEntityID() : NULL);
+        const Extensions* ext = entity->getExtensions();
+        if (ext)
+            m_impl->extractAttributes(application, assertingParty.get(), *ext, attributes);
+        const EntitiesDescriptor* group = dynamic_cast<const EntitiesDescriptor*>(entity->getParent());
+        while (group) {
+            ext = group->getExtensions();
+            if (ext)
+                m_impl->extractAttributes(application, assertingParty.get(), *ext, attributes);
+            group = dynamic_cast<const EntitiesDescriptor*>(group->getParent());
+        }
+        return;
+    }
+
      // Check for attributes.
      if (XMLString::equals(xmlObject.getElementQName().getLocalPart(), saml1::Attribute::LOCAL_NAME)) {
          auto_ptr_char assertingParty(issuer ? dynamic_cast<const EntityDescriptor*>(issuer->getParent())->getEntityID() : NULL);
diff --git a/shibsp/handler/impl/AssertionConsumerService.cpp b/shibsp/handler/impl/AssertionConsumerService.cpp

index 7d675b6..eed44ec 100644 (file)
--- a/shibsp/handler/impl/AssertionConsumerService.cpp
+++ b/shibsp/handler/impl/AssertionConsumerService.cpp
@@ -281,12 +281,23 @@ ResolutionContext* AssertionConsumerService::resolveAttributes(
      const vector<const Assertion*>* tokens
      ) const
  {
-    // First we do the extraction of any pushed information.
+    const saml2md::EntityDescriptor* entity = dynamic_cast<const saml2md::EntityDescriptor*>(issuer->getParent());
+
+    // First we do the extraction of any pushed information, including from metadata.
      vector<Attribute*> resolvedAttributes;
      AttributeExtractor* extractor = application.getAttributeExtractor();
      if (extractor) {
-        m_log.debug("extracting pushed attributes...");
          Locker extlocker(extractor);
+        if (entity) {
+            m_log.debug("extracting metadata-derived attributes...");
+            try {
+                extractor->extractAttributes(application, issuer, *entity, resolvedAttributes);
+            }
+            catch (exception& ex) {
+                m_log.error("caught exception extracting attributes: %s", ex.what());
+            }
+        }
+        m_log.debug("extracting pushed attributes...");
          if (v1nameid) {
              try {
                  extractor->extractAttributes(application, issuer, *v1nameid, resolvedAttributes);
@@ -332,28 +343,28 @@ ResolutionContext* AssertionConsumerService::resolveAttributes(
      
      try {
          AttributeResolver* resolver = application.getAttributeResolver();
-        if (!resolver && !resolvedAttributes.empty()) {
-            m_log.info("no AttributeResolver available, skipping resolution");
-            return new DummyContext(resolvedAttributes);
-        }
-        
-        m_log.debug("resolving attributes...");
+        if (resolver) {
+            m_log.debug("resolving attributes...");
  
-        Locker locker(resolver);
-        auto_ptr<ResolutionContext> ctx(
-            resolver->createResolutionContext(
-                application,
-                dynamic_cast<const saml2md::EntityDescriptor*>(issuer->getParent()),
-                protocol,
-                nameid,
-                authncontext_class,
-                authncontext_decl,
-                tokens,
-                &resolvedAttributes
-                )
-            );
-        resolver->resolveAttributes(*ctx.get());
-        return ctx.release();
+            Locker locker(resolver);
+            auto_ptr<ResolutionContext> ctx(
+                resolver->createResolutionContext(
+                    application,
+                    entity,
+                    protocol,
+                    nameid,
+                    authncontext_class,
+                    authncontext_decl,
+                    tokens,
+                    &resolvedAttributes
+                    )
+                );
+            resolver->resolveAttributes(*ctx.get());
+            // Copy over any pushed attributes.
+            if (!resolvedAttributes.empty())
+                ctx->getResolvedAttributes().insert(ctx->getResolvedAttributes().end(), resolvedAttributes.begin(), resolvedAttributes.end());
+            return ctx.release();
+        }
      }
      catch (exception& ex) {
          m_log.error("attribute resolution failed: %s", ex.what());
author	cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
	Mon, 20 Aug 2007 22:20:51 +0000 (22:20 +0000)
committer	cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
	Mon, 20 Aug 2007 22:20:51 +0000 (22:20 +0000)
shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp		patch \| blob \| history
shibsp/handler/impl/AssertionConsumerService.cpp		patch \| blob \| history