From: cantor Date: Sat, 27 Oct 2007 02:22:15 +0000 (+0000) Subject: Revamp error handler to default to redirectable. X-Git-Tag: 2.4~684 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fsp.git;a=commitdiff_plain;h=678a6cf9ca7f3a2f73b56ab27945184cda2f9936 Revamp error handler to default to redirectable. Support per-resource redirect policy via RequestMap. Generalize trapping of metadata errors. git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2577 cb58f699-b61c-0410-a6fe-9272a202ed29 --- diff --git a/shibsp/ServiceProvider.cpp b/shibsp/ServiceProvider.cpp index 09d6a41..65c1164 100644 --- a/shibsp/ServiceProvider.cpp +++ b/shibsp/ServiceProvider.cpp @@ -45,11 +45,34 @@ using namespace std; namespace shibsp { SHIBSP_DLLLOCAL PluginManager::Factory XMLServiceProviderFactory; - long SHIBSP_DLLLOCAL sendError(SPRequest& request, const Application* app, const char* page, TemplateParameters& tp, bool mayRedirect=false) + long SHIBSP_DLLLOCAL sendError(SPRequest& request, const Application* app, const char* page, TemplateParameters& tp, bool mayRedirect=true) { + // The properties we need can be set in the RequestMap, or the Errors element. + bool mderror = dynamic_cast(tp.getRichException())!=NULL; + pair redirectErrors = pair(false,NULL); + pair pathname = pair(false,NULL); + const PropertySet* props=app ? app->getPropertySet("Errors") : NULL; + + try { + RequestMapper::Settings settings = request.getRequestSettings(); + if (mderror) + pathname = settings.first->getString("metadataError"); + if (!pathname.first) { + string pagename(page); + pagename += "Error"; + pathname = settings.first->getString(pagename.c_str()); + } + if (mayRedirect) + redirectErrors = settings.first->getString("redirectErrors"); + } + catch (exception& ex) { + request.log(SPRequest::SPError, ex.what()); + } + if (mayRedirect) { // Check for redirection on errors instead of template. - pair redirectErrors = app ? app->getString("redirectErrors") : pair(false,NULL); + if (!redirectErrors.first && props) + redirectErrors = props->getString("redirectErrors"); if (redirectErrors.first) { string loc(redirectErrors.second); loc = loc + '?' + tp.toQueryString(); @@ -61,23 +84,12 @@ namespace shibsp { request.setResponseHeader("Expires","01-Jan-1997 12:00:00 GMT"); request.setResponseHeader("Cache-Control","private,no-store,no-cache"); - // Error templates come from the request's settings or from the Errors property set. - pair pathname = pair(false,NULL); - try { - RequestMapper::Settings settings = request.getRequestSettings(); - string pagename(page); - pagename += "Error"; - pathname = settings.first->getString(pagename.c_str()); - } - catch (exception& ex) { - request.log(SPRequest::SPError, ex.what()); + if (!pathname.first && props) { + if (mderror) + pathname=props->getString("metadata"); + if (!pathname.first) + pathname=props->getString(page); } - - // Nothing for request, so check app properties. - const PropertySet* props=app ? app->getPropertySet("Errors") : NULL; - if (!pathname.first && props) - pathname=props->getString(page); - if (pathname.first) { ifstream infile(pathname.second); if (infile) { @@ -90,7 +102,7 @@ namespace shibsp { if (!strcmp(page,"access")) { istringstream msg("Access Denied"); - return request.sendResponse(msg, HTTPResponse::XMLTOOLING_HTTP_STATUS_FORBIDDEN); + return request.sendResponse(msg, HTTPResponse::XMLTOOLING_HTTP_STATUS_UNAUTHORIZED); } string errstr = string("sendError could not process error template (") + page + ")"; @@ -150,7 +162,7 @@ pair ServiceProvider::doAuthentication(SPRequest& request, bool handl else { TemplateParameters tp; tp.m_map["requestURL"] = targetURL.substr(0,targetURL.find('?')); - return make_pair(true,sendError(request, app, "ssl", tp)); + return make_pair(true,sendError(request, app, "ssl", tp, false)); } } } @@ -284,7 +296,7 @@ pair ServiceProvider::doAuthorization(SPRequest& request) const request.log(SPRequest::SPWarn, "access control provider denied access"); TemplateParameters tp; tp.m_map["requestURL"] = targetURL; - return make_pair(true,sendError(request, app, "access", tp)); + return make_pair(true,sendError(request, app, "access", tp, false)); } default: @@ -468,21 +480,9 @@ pair ServiceProvider::doHandler(SPRequest& request) const throw ConfigurationException("Configured Shibboleth handler failed to process the request."); } - catch (opensaml::saml2md::MetadataException& e) { - TemplateParameters tp(&e); - tp.m_map["requestURL"] = targetURL.substr(0,targetURL.find('?')); - // See if a metadata error page is installed. - const PropertySet* props=app ? app->getPropertySet("Errors") : NULL; - if (props) { - pair p=props->getString("metadata"); - if (p.first) - return make_pair(true,sendError(request, app, "metadata", tp, true)); - } - return make_pair(true,sendError(request, app, "session", tp, true)); - } catch (exception& e) { TemplateParameters tp(&e); tp.m_map["requestURL"] = targetURL.substr(0,targetURL.find('?')); - return make_pair(true,sendError(request, app, "session", tp, true)); + return make_pair(true,sendError(request, app, "session", tp)); } }