From ca7f8e399e38afdf416ac5a8500a86f335d30115 Mon Sep 17 00:00:00 2001 From: cantor Date: Tue, 7 Dec 2010 21:45:35 +0000 Subject: [PATCH] https://bugs.internet2.edu/jira/browse/SSPCPP-321 git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/branches/REL_2@3383 cb58f699-b61c-0410-a6fe-9272a202ed29 --- shibsp/Makefile.am | 1 + shibsp/attribute/filtering/AttributeFilter.h | 5 +- .../attribute/filtering/impl/AttributeFilter.cpp | 4 +- .../filtering/impl/ChainingAttributeFilter.cpp | 32 ++++++------ .../filtering/impl/DummyAttributeFilter.cpp | 58 ++++++++++++++++++++++ shibsp/impl/XMLServiceProvider.cpp | 13 +++-- shibsp/shibsp.vcxproj | 1 + shibsp/shibsp.vcxproj.filters | 3 ++ 8 files changed, 95 insertions(+), 22 deletions(-) create mode 100644 shibsp/attribute/filtering/impl/DummyAttributeFilter.cpp diff --git a/shibsp/Makefile.am b/shibsp/Makefile.am index 9766dbd..9b96cc9 100644 --- a/shibsp/Makefile.am +++ b/shibsp/Makefile.am @@ -175,6 +175,7 @@ libshibsp_la_SOURCES = \ attribute/XMLAttributeDecoder.cpp \ attribute/filtering/impl/AttributeFilter.cpp \ attribute/filtering/impl/ChainingAttributeFilter.cpp \ + attribute/filtering/impl/DummyAttributeFilter.cpp \ attribute/filtering/impl/XMLAttributeFilter.cpp \ attribute/filtering/impl/BasicFilteringContext.cpp \ attribute/filtering/impl/MatchFunctor.cpp \ diff --git a/shibsp/attribute/filtering/AttributeFilter.h b/shibsp/attribute/filtering/AttributeFilter.h index 2a249e4..635c758 100644 --- a/shibsp/attribute/filtering/AttributeFilter.h +++ b/shibsp/attribute/filtering/AttributeFilter.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2009 Internet2 + * Copyright 2001-2010 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -63,6 +63,9 @@ namespace shibsp { /** AttributeFilter based on an XML mapping schema. */ #define XML_ATTRIBUTE_FILTER "XML" + /** AttributeFilter based on rejecting/blocking all attributes. */ + #define DUMMY_ATTRIBUTE_FILTER "Dummy" + /** AttributeFilter based on chaining together other filters. */ #define CHAINING_ATTRIBUTE_FILTER "Chaining" }; diff --git a/shibsp/attribute/filtering/impl/AttributeFilter.cpp b/shibsp/attribute/filtering/impl/AttributeFilter.cpp index dc67e1f..a1fcf0f 100644 --- a/shibsp/attribute/filtering/impl/AttributeFilter.cpp +++ b/shibsp/attribute/filtering/impl/AttributeFilter.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2009 Internet2 + * Copyright 2001-2010 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,6 +29,7 @@ using namespace std; namespace shibsp { SHIBSP_DLLLOCAL PluginManager::Factory XMLAttributeFilterFactory; + SHIBSP_DLLLOCAL PluginManager::Factory DummyAttributeFilterFactory; SHIBSP_DLLLOCAL PluginManager::Factory ChainingAttributeFilterFactory; }; @@ -36,6 +37,7 @@ void SHIBSP_API shibsp::registerAttributeFilters() { SPConfig& conf = SPConfig::getConfig(); conf.AttributeFilterManager.registerFactory(XML_ATTRIBUTE_FILTER, XMLAttributeFilterFactory); + conf.AttributeFilterManager.registerFactory(DUMMY_ATTRIBUTE_FILTER, DummyAttributeFilterFactory); conf.AttributeFilterManager.registerFactory(CHAINING_ATTRIBUTE_FILTER, ChainingAttributeFilterFactory); } diff --git a/shibsp/attribute/filtering/impl/ChainingAttributeFilter.cpp b/shibsp/attribute/filtering/impl/ChainingAttributeFilter.cpp index ee4201e..58acef2 100644 --- a/shibsp/attribute/filtering/impl/ChainingAttributeFilter.cpp +++ b/shibsp/attribute/filtering/impl/ChainingAttributeFilter.cpp @@ -21,6 +21,7 @@ */ #include "internal.h" +#include "exceptions.h" #include "attribute/filtering/AttributeFilter.h" #include "attribute/filtering/FilteringContext.h" @@ -69,25 +70,22 @@ namespace shibsp { ChainingAttributeFilter::ChainingAttributeFilter(const DOMElement* e) { - SPConfig& conf = SPConfig::getConfig(); - // Load up the chain of handlers. - e = XMLHelper::getFirstChildElement(e, _AttributeFilter); - while (e) { - string t(XMLHelper::getAttrString(e, nullptr, _type)); - if (!t.empty()) { - try { - Category::getInstance(SHIBSP_LOGCAT".AttributeFilter.Chaining").info( - "building AttributeFilter of type (%s)...", t.c_str() - ); - m_filters.push_back(conf.AttributeFilterManager.newPlugin(t.c_str(), e)); - } - catch (exception& ex) { - Category::getInstance(SHIBSP_LOGCAT".AttributeFilter.Chaining").error( - "caught exception processing embedded AttributeFilter element: %s", ex.what() - ); + try { + e = XMLHelper::getFirstChildElement(e, _AttributeFilter); + while (e) { + string t(XMLHelper::getAttrString(e, nullptr, _type)); + if (!t.empty()) { + Category::getInstance(SHIBSP_LOGCAT".AttributeFilter.Chaining").info("building AttributeFilter of type (%s)...", t.c_str()); + m_filters.push_back(SPConfig::getConfig().AttributeFilterManager.newPlugin(t.c_str(), e)); } + e = XMLHelper::getNextSiblingElement(e, _AttributeFilter); } - e = XMLHelper::getNextSiblingElement(e, _AttributeFilter); } + catch (exception&) { + for_each(m_filters.begin(), m_filters.end(), xmltooling::cleanup()); + throw; + } + if (m_filters.empty()) + throw ConfigurationException("Chaining AttributeFilter plugin requires at least one child plugin."); } diff --git a/shibsp/attribute/filtering/impl/DummyAttributeFilter.cpp b/shibsp/attribute/filtering/impl/DummyAttributeFilter.cpp new file mode 100644 index 0000000..1fe4dc9 --- /dev/null +++ b/shibsp/attribute/filtering/impl/DummyAttributeFilter.cpp @@ -0,0 +1,58 @@ +/* + * Copyright 2010 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * DummyAttributeFilter.cpp + * + * Pathological AttributeFilter that rejects all attributes. + */ + +#include "internal.h" +#include "attribute/Attribute.h" +#include "attribute/filtering/AttributeFilter.h" + +using namespace shibsp; +using namespace xmltooling; +using namespace std; + +namespace shibsp { + + class SHIBSP_DLLLOCAL DummyAttributeFilter : public AttributeFilter + { + public: + DummyAttributeFilter(const DOMElement* e) { + } + virtual ~DummyAttributeFilter() { + } + + Lockable* lock() { + return this; + } + void unlock() { + } + + void filterAttributes(const FilteringContext& context, vector& attributes) const { + Category::getInstance(SHIBSP_LOGCAT".AttributeFilter.Dummy").warn("filtering out all attributes"); + for_each(attributes.begin(), attributes.end(), xmltooling::cleanup()); + attributes.clear(); + } + }; + + AttributeFilter* SHIBSP_DLLLOCAL DummyAttributeFilterFactory(const DOMElement* const & e) + { + return new DummyAttributeFilter(e); + } +}; diff --git a/shibsp/impl/XMLServiceProvider.cpp b/shibsp/impl/XMLServiceProvider.cpp index 51e90c1..1dfc15d 100644 --- a/shibsp/impl/XMLServiceProvider.cpp +++ b/shibsp/impl/XMLServiceProvider.cpp @@ -203,7 +203,8 @@ namespace { const char* chainingType, const XMLCh* localName, DOMElement* e, - Category& log + Category& log, + const char* dummyType=nullptr ); void doAttributeInfo(); void doHandlers(const ProtocolProvider*, const DOMElement*, Category&); @@ -681,7 +682,8 @@ template T* XMLApplication::doChainedPlugins( const char* chainingType, const XMLCh* localName, DOMElement* e, - Category& log + Category& log, + const char* dummyType ) { string t; @@ -715,6 +717,11 @@ template T* XMLApplication::doChainedPlugins( } catch (exception& ex) { log.crit("error building %s: %s", pluginType, ex.what()); + if (dummyType) { + // Install a dummy version as a safety valve. + log.crit("installing safe %s in place of failed version", pluginType); + return pluginMgr.newPlugin(dummyType, nullptr); + } } } @@ -1321,7 +1328,7 @@ void XMLApplication::doAttributePlugins(DOMElement* e, Category& log) doChainedPlugins(conf.AttributeExtractorManager, "AttributeExtractor", CHAINING_ATTRIBUTE_EXTRACTOR, _AttributeExtractor, e, log); m_attrFilter = - doChainedPlugins(conf.AttributeFilterManager, "AttributeFilter", CHAINING_ATTRIBUTE_FILTER, _AttributeFilter, e, log); + doChainedPlugins(conf.AttributeFilterManager, "AttributeFilter", CHAINING_ATTRIBUTE_FILTER, _AttributeFilter, e, log, DUMMY_ATTRIBUTE_FILTER); m_attrResolver = doChainedPlugins(conf.AttributeResolverManager, "AttributeResolver", CHAINING_ATTRIBUTE_RESOLVER, _AttributeResolver, e, log); diff --git a/shibsp/shibsp.vcxproj b/shibsp/shibsp.vcxproj index 30750b3..786536f 100644 --- a/shibsp/shibsp.vcxproj +++ b/shibsp/shibsp.vcxproj @@ -183,6 +183,7 @@ + diff --git a/shibsp/shibsp.vcxproj.filters b/shibsp/shibsp.vcxproj.filters index 15b7d70..cee9649 100644 --- a/shibsp/shibsp.vcxproj.filters +++ b/shibsp/shibsp.vcxproj.filters @@ -384,6 +384,9 @@ Source Files\attribute\filtering\impl + + Source Files\attribute\filtering\impl + -- 2.1.4