Support for application-specific attribute IDs.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2208 cb58f699-b61c-0410-a6fe-9272a202ed29

diff --git a/schemas/shibboleth-spconfig-2.0.xsd b/schemas/shibboleth-spconfig-2.0.xsd
index 0d70774..c145ce2 100644 (file)
--- a/schemas/shibboleth-spconfig-2.0.xsd
+++ b/schemas/shibboleth-spconfig-2.0.xsd
@@ -350,6 +350,7 @@
                        <attribute name="providerId" type="anyURI" use="required"/>\r
                        <attribute name="policyId" type="conf:string" use="required"/>\r
                        <attribute name="homeURL" type="anyURI"/>\r
+                       <attribute name="attributeIds" type="conf:listOfStrings"/>\r
                <anyAttribute namespace="##other" processContents="lax"/>\r
                </complexType>\r
        </element>\r
@@ -373,7 +374,8 @@
                        <attribute name="providerId" type="anyURI"/>\r
                        <attribute name="policyId" type="conf:string"/>\r
                        <attribute name="homeURL" type="anyURI"/>\r
-               <anyAttribute namespace="##other" processContents="lax"/>\r
+                       <attribute name="attributeIds" type="conf:listOfStrings"/>\r
+                       <anyAttribute namespace="##other" processContents="lax"/>\r
                </complexType>\r
        </element>\r
 \r

diff --git a/shibsp/Application.h b/shibsp/Application.h
index 99797e2..4b42220 100644 (file)
--- a/shibsp/Application.h
+++ b/shibsp/Application.h
@@ -99,6 +99,13 @@ namespace shibsp {
         virtual AttributeResolver* getAttributeResolver() const=0;
 
         /**
+         * Returns a set of attribute IDs to resolve for the Application.
+         *
+         * @return  a set of attribute IDs, or an empty set
+         */
+        virtual const std::set<std::string>* getAttributeIds() const=0;
+
+        /**
          * Returns the CredentialResolver instance associated with this Application.
          * 
          * @return  a CredentialResolver, or NULL

diff --git a/shibsp/attribute/resolver/impl/SimpleAttributeResolver.cpp b/shibsp/attribute/resolver/impl/SimpleAttributeResolver.cpp
index 2745e6a..b09b71b 100644 (file)
--- a/shibsp/attribute/resolver/impl/SimpleAttributeResolver.cpp
+++ b/shibsp/attribute/resolver/impl/SimpleAttributeResolver.cpp
@@ -596,15 +596,15 @@ void SimpleResolverImpl::populateQuery(saml1p::AttributeQuery& query, const stri
         if (i->second.second == id) {\r
             AttributeDesignator* a = AttributeDesignatorBuilder::buildAttributeDesignator();\r
 #ifdef HAVE_GOOD_STL\r
-            a->setAttributeName(i->first.second.c_str());\r
-            a->setAttributeNamespace(i->first.first.empty() ? shibspconstants::SHIB1_ATTRIBUTE_NAMESPACE_URI : i->first.first.c_str());\r
+            a->setAttributeName(i->first.first.c_str());\r
+            a->setAttributeNamespace(i->first.second.empty() ? shibspconstants::SHIB1_ATTRIBUTE_NAMESPACE_URI : i->first.second.c_str());\r
 #else\r
-            auto_ptr_XMLCh n(i->first.second);\r
+            auto_ptr_XMLCh n(i->first.first.c_str());\r
             a->setAttributeName(n.get());\r
-            if (i->first.first.empty())\r
+            if (i->first.second.empty())\r
                 a->setAttributeNamespace(shibspconstants::SHIB1_ATTRIBUTE_NAMESPACE_URI);\r
             else {\r
-                auto_ptr_XMLCh ns(i->first.first);\r
+                auto_ptr_XMLCh ns(i->first.second.c_str());\r
                 a->setAttributeNamespace(ns.get());\r
             }\r
 #endif\r
@@ -713,15 +713,15 @@ void SimpleResolverImpl::populateQuery(saml2p::AttributeQuery& query, const stri
         if (i->second.second == id) {\r
             saml2::Attribute* a = saml2::AttributeBuilder::buildAttribute();\r
 #ifdef HAVE_GOOD_STL\r
-            a->setName(i->first.second.c_str());\r
-            a->setNameFormat(i->first.first.empty() ? saml2::Attribute::URI_REFERENCE : i->first.first.c_str());\r
+            a->setName(i->first.first.c_str());\r
+            a->setNameFormat(i->first.second.empty() ? saml2::Attribute::URI_REFERENCE : i->first.second.c_str());\r
 #else\r
-            auto_ptr_XMLCh n(i->first.second);\r
+            auto_ptr_XMLCh n(i->first.first.c_str());\r
             a->setName(n.get());\r
-            if (i->first.first.empty())\r
+            if (i->first.second.empty())\r
                 a->setNameFormat(saml2::Attribute::URI_REFERENCE);\r
             else {\r
-                auto_ptr_XMLCh ns(i->first.first);\r
+                auto_ptr_XMLCh ns(i->first.second.c_str());\r
                 a->setNameFormat(ns.get());\r
             }\r
 #endif\r

diff --git a/shibsp/handler/impl/AssertionConsumerService.cpp b/shibsp/handler/impl/AssertionConsumerService.cpp
index 02995c4..829208b 100644 (file)
--- a/shibsp/handler/impl/AssertionConsumerService.cpp
+++ b/shibsp/handler/impl/AssertionConsumerService.cpp
@@ -248,7 +248,7 @@ ResolutionContext* AssertionConsumerService::resolveAttributes(
         auto_ptr<ResolutionContext> ctx(
             resolver->createResolutionContext(application, httpRequest.getRemoteAddr().c_str(), issuer, nameid, tokens)
             );
-        resolver->resolveAttributes(*ctx.get());
+        resolver->resolveAttributes(*ctx.get(), application.getAttributeIds());
         return ctx.release();
     }
     catch (exception& ex) {

diff --git a/shibsp/impl/XMLServiceProvider.cpp b/shibsp/impl/XMLServiceProvider.cpp
index 849fc16..e5c96a6 100644 (file)
--- a/shibsp/impl/XMLServiceProvider.cpp
+++ b/shibsp/impl/XMLServiceProvider.cpp
@@ -97,6 +97,9 @@ namespace {
         AttributeResolver* getAttributeResolver() const {\r
             return (!m_attrResolver && m_base) ? m_base->getAttributeResolver() : m_attrResolver;\r
         }\r
+        const set<string>* getAttributeIds() const {\r
+            return (m_attributeIds.empty() && m_base) ? m_base->getAttributeIds() : (m_attributeIds.empty() ? NULL : &m_attributeIds);\r
+        }\r
         CredentialResolver* getCredentialResolver() const {\r
             return (!m_credResolver && m_base) ? m_base->getCredentialResolver() : m_credResolver;\r
         }\r
@@ -126,6 +129,7 @@ namespace {
         AttributeResolver* m_attrResolver;\r
         CredentialResolver* m_credResolver;\r
         vector<const XMLCh*> m_audiences;\r
+        set<string> m_attributeIds;\r
 \r
         // manage handler objects\r
         vector<Handler*> m_handlers;\r
@@ -361,6 +365,25 @@ XMLApplication::XMLApplication(
         m_hash+=getString("providerId").second;\r
         m_hash=samlConf.hashSHA1(m_hash.c_str(), true);\r
 \r
+        pair<bool,const char*> attributes = getString("attributeIds");\r
+        if (attributes.first) {\r
+            char* dup = strdup(attributes.second);\r
+            char* pos;\r
+            char* start = dup;\r
+            while (start && *start) {\r
+                while (*start && isspace(*start))\r
+                    start++;\r
+                if (!*start)\r
+                    break;\r
+                pos = strchr(start,' ');\r
+                if (pos)\r
+                    *pos=0;\r
+                m_attributeIds.insert(start);\r
+                start = pos ? pos+1 : NULL;\r
+            }\r
+            free(dup);\r
+        }\r
+\r
         const PropertySet* sessions = getPropertySet("Sessions");\r
 \r
         // Process handlers.\r