1 | <accessor debug="true"> |
---|
2 | <name>active:ISOcat.control.access.shib.check_token</name> |
---|
3 | <descr>Check the Shibboleth security token?</descr> |
---|
4 | <param mandatory="true"> |
---|
5 | <name>token</name> |
---|
6 | <type canonical="true">string</type> |
---|
7 | </param> |
---|
8 | <idoc> |
---|
9 | <instr> |
---|
10 | <type>log</type> |
---|
11 | <operand>var:token</operand> |
---|
12 | </instr> |
---|
13 | <instr> |
---|
14 | <type>sloot.xquery</type> |
---|
15 | <operator> |
---|
16 | <httpCredentials>{ |
---|
17 | let $url :=string($props//token), |
---|
18 | $cred :=replace(replace($url,'.*?//',''),'@.*',''), |
---|
19 | $server:=replace(replace($url,'.*@',''),'/.*',''), |
---|
20 | $port :=replace($server,'.+(:)?','') |
---|
21 | return ( |
---|
22 | <host>{ |
---|
23 | replace($server,':.*','') |
---|
24 | }</host>, |
---|
25 | <port>{ |
---|
26 | if ($port!='') then ($port) else (if (matches($url,'^https:')) then ('443') else ('80')) |
---|
27 | }</port>, |
---|
28 | <username>{ |
---|
29 | replace($cred,':.*','') |
---|
30 | }</username>, |
---|
31 | <password>{ |
---|
32 | replace($cred,'.*:','') |
---|
33 | }</password> |
---|
34 | ) |
---|
35 | }</httpCredentials> |
---|
36 | </operator> |
---|
37 | <props>active:ISOcat.manage.system.properties</props> |
---|
38 | <target>var:cred</target> |
---|
39 | </instr> |
---|
40 | <instr> |
---|
41 | <type>log</type> |
---|
42 | <operand>var:cred</operand> |
---|
43 | </instr> |
---|
44 | <instr> |
---|
45 | <type>new</type> |
---|
46 | <uri>active:httpState</uri> |
---|
47 | <credentials>var:cred</credentials> |
---|
48 | <target>var:state</target> |
---|
49 | </instr> |
---|
50 | <instr> |
---|
51 | <type>log</type> |
---|
52 | <operand>var:state</operand> |
---|
53 | </instr> |
---|
54 | <instr> |
---|
55 | <type>sloot.xquery</type> |
---|
56 | <operator> |
---|
57 | <uri>{string($props//token)}?access_token={string($token)}&scope=read</uri> |
---|
58 | </operator> |
---|
59 | <props>active:ISOcat.manage.system.properties</props> |
---|
60 | <token>var:token</token> |
---|
61 | <target>var:url</target> |
---|
62 | </instr> |
---|
63 | <instr> |
---|
64 | <type>log</type> |
---|
65 | <operand>var:url</operand> |
---|
66 | </instr> |
---|
67 | <instr> |
---|
68 | <type>httpGet</type> |
---|
69 | <url>curi:var:url</url> |
---|
70 | <state>var:state</state> |
---|
71 | <target>var:res</target> |
---|
72 | </instr> |
---|
73 | <!--<instr> |
---|
74 | <type>sloot.xquery</type> |
---|
75 | <operator> |
---|
76 | <uri>{string($props//token)}</uri> |
---|
77 | </operator> |
---|
78 | <props>active:ISOcat.manage.system.properties</props> |
---|
79 | <token>var:token</token> |
---|
80 | <target>var:url</target> |
---|
81 | </instr> |
---|
82 | <instr> |
---|
83 | <type>log</type> |
---|
84 | <operand>var:url</operand> |
---|
85 | </instr> |
---|
86 | <instr> |
---|
87 | <type>sloot.xquery</type> |
---|
88 | <operator> |
---|
89 | <nvp> |
---|
90 | <access_token>{string($token)}</access_token> |
---|
91 | <scope>read</scope> |
---|
92 | </nvp> |
---|
93 | </operator> |
---|
94 | <token>var:token</token> |
---|
95 | <target>var:nvp</target> |
---|
96 | </instr> |
---|
97 | <instr> |
---|
98 | <type>log</type> |
---|
99 | <operand>var:nvp</operand> |
---|
100 | </instr> |
---|
101 | <instr> |
---|
102 | <type>httpPost</type> |
---|
103 | <url>curi:var:url</url> |
---|
104 | <state>var:state</state> |
---|
105 | <nvp>var:nvp</nvp> |
---|
106 | <target>var:res</target> |
---|
107 | </instr>--> |
---|
108 | <instr> |
---|
109 | <type>log</type> |
---|
110 | <operand>var:res</operand> |
---|
111 | </instr> |
---|
112 | <instr> |
---|
113 | <type>StringToCanonicalString</type> |
---|
114 | <operand>var:res</operand> |
---|
115 | <target>var:res</target> |
---|
116 | </instr> |
---|
117 | <instr> |
---|
118 | <type>sloot.xpath2eval</type> |
---|
119 | <operand>var:res</operand> |
---|
120 | <operator> |
---|
121 | <xpath>concat('{"response":',.,'}')</xpath> |
---|
122 | </operator> |
---|
123 | <param> |
---|
124 | <return> |
---|
125 | <string/> |
---|
126 | </return> |
---|
127 | </param> |
---|
128 | <target>var:res</target> |
---|
129 | </instr> |
---|
130 | <instr> |
---|
131 | <type>JSONToXML</type> |
---|
132 | <operand>var:res</operand> |
---|
133 | <target>var:res</target> |
---|
134 | </instr> |
---|
135 | <instr> |
---|
136 | <type>log</type> |
---|
137 | <operand>var:res</operand> |
---|
138 | </instr> |
---|
139 | <instr> |
---|
140 | <type>sloot.xquery</type> |
---|
141 | <operator> |
---|
142 | <string>{ |
---|
143 | if ($response//status="200") |
---|
144 | then string($response//user_name) |
---|
145 | else () |
---|
146 | }</string> |
---|
147 | </operator> |
---|
148 | <response>var:res</response> |
---|
149 | <target>this:response</target> |
---|
150 | </instr> |
---|
151 | </idoc> |
---|
152 | <exception> |
---|
153 | <debug/> |
---|
154 | <trace>ffcpl:/trace/check_token.exception.xml</trace> |
---|
155 | <throw/> |
---|
156 | </exception> |
---|
157 | <response> |
---|
158 | <debug>ffcpl:/trace/check_token.response.xml</debug> |
---|
159 | <mime>text/xml</mime> |
---|
160 | </response> |
---|
161 | </accessor> |
---|
162 | |
---|