Context Navigation

source: cats/ISOcat/trunk/mod-ISOcat-control-access/control/shib-check_token.acc @ 4186

Last change on this file since 4186 was 4186, checked in by mwindhouwer, 10 years ago
The AS check_token request now uses POST, and throws an exception when a non-200 code was returned
File size: 3.6 KB

Line
1	<accessor debug="true">
2	<name>active:ISOcat.control.access.shib.check_token</name>
3	<descr>Check the Shibboleth security token?</descr>
4	<param mandatory="true">
5	<name>token</name>
6	<type canonical="true">string</type>
7	</param>
8	<idoc>
9	<accessor-debug>
10	<instr>
11	<type>log</type>
12	<operand>var:token</operand>
13	</instr>
14	</accessor-debug>
15	<instr>
16	<type>sloot.xquery</type>
17	<operator>
18	<httpCredentials>{
19	let $url :=string($props//token),
20	$cred :=replace(replace($url,'.?//',''),'@.',''),
21	$server:=replace(replace($url,'.@',''),'/.',''),
22	$port :=replace($server,'.+(:)?','')
23	return (
24	<host>{
25	replace($server,':.*','')
26	}</host>,
27	<port>{
28	if ($port!='') then ($port) else (if (matches($url,'^https:')) then ('443') else ('80'))
29	}</port>,
30	<username>{
31	replace($cred,':.*','')
32	}</username>,
33	<password>{
34	replace($cred,'.*:','')
35	}</password>
36	)
37	}</httpCredentials>
38	</operator>
39	<props>active:ISOcat.manage.system.properties</props>
40	<target>var:cred</target>
41	</instr>
42	<accessor-debug>
43	<instr>
44	<type>log</type>
45	<operand>var:cred</operand>
46	</instr>
47	</accessor-debug>
48	<instr>
49	<type>new</type>
50	<uri>active:httpState</uri>
51	<credentials>var:cred</credentials>
52	<target>var:state</target>
53	</instr>
54	<accessor-debug>
55	<instr>
56	<type>log</type>
57	<operand>var:state</operand>
58	</instr>
59	</accessor-debug>
60	<instr>
61	<type>sloot.xquery</type>
62	<operator>
63	<uri>{replace(string($props//token),'.*@','https://')}</uri>
64	</operator>
65	<props>active:ISOcat.manage.system.properties</props>
66	<token>var:token</token>
67	<target>var:url</target>
68	</instr>
69	<accessor-debug>
70	<instr>
71	<type>log</type>
72	<operand>var:url</operand>
73	</instr>
74	</accessor-debug>
75	<instr>
76	<type>sloot.xquery</type>
77	<operator>
78	<nvp>
79	<access_token>{string($token)}</access_token>
80	<scope>read</scope>
81	</nvp>
82	</operator>
83	<token>var:token</token>
84	<target>var:nvp</target>
85	</instr>
86	<accessor-debug>
87	<instr>
88	<type>log</type>
89	<operand>var:nvp</operand>
90	</instr>
91	</accessor-debug>
92	<instr>
93	<type>httpPost</type>
94	<url>curi:var:url</url>
95	<state>var:state</state>
96	<nvp>var:nvp</nvp>
97	<target>var:res</target>
98	</instr>
99	<instr>
100	<type>httpResponseCodeFilter</type>
101	<operand>var:res</operand>
102	<target>var:res</target>
103	</instr>
104	<accessor-debug>
105	<instr>
106	<type>log</type>
107	<operand>var:res</operand>
108	</instr>
109	</accessor-debug>
110	<instr>
111	<type>StringToCanonicalString</type>
112	<operand>var:res</operand>
113	<target>var:res</target>
114	</instr>
115	<instr>
116	<type>sloot.xpath2eval</type>
117	<operand>var:res</operand>
118	<operator>
119	<xpath>concat('{"response":',.,'}')</xpath>
120	</operator>
121	<param>
122	<return>
123	<string/>
124	</return>
125	</param>
126	<target>var:res</target>
127	</instr>
128	<instr>
129	<type>JSONToXML</type>
130	<operand>var:res</operand>
131	<target>var:res</target>
132	</instr>
133	<accessor-debug>
134	<instr>
135	<type>log</type>
136	<operand>var:res</operand>
137	</instr>
138	</accessor-debug>
139	<instr>
140	<type>sloot.xquery</type>
141	<operator>
142	<string>{
143	if ($response//status="200")
144	then string($response//user_name)
145	else ()
146	}</string>
147	</operator>
148	<response>var:res</response>
149	<target>this:response</target>
150	</instr>
151	</idoc>
152	<exception>
153	<debug/>
154	<trace>ffcpl:/trace/check_token.exception.xml</trace>
155	<throw/>
156	</exception>
157	<response>
158	<debug>ffcpl:/trace/check_token.response.xml</debug>
159	<mime>text/xml</mime>
160	</response>
161	</accessor>
162

Note: See TracBrowser for help on using the repository browser.

Download in other formats: