Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Protected Member Functions | Protected Attributes | Static Protected Attributes
Arc::MCC_MsgValidator Class Reference

#include <MCCMsgValidator.h>

Inheritance diagram for Arc::MCC_MsgValidator:
Inheritance graph
Collaboration diagram for Arc::MCC_MsgValidator:
Collaboration graph

List of all members.

Public Member Functions

 MCC_MsgValidator (Config *cfg)
virtual void Next (MCCInterface *next, const std::string &label="")
 Add reference to next MCC in chain.
virtual void AddSecHandler (Config *cfg, ArcSec::SecHandler *sechandler, const std::string &label="")
 Add security components/handlers to this MCC.
virtual void Unlink ()
 Removing all links.
virtual MCC_Status process (Message &, Message &)
 Dummy Message processing method.

Protected Member Functions

bool validateMessage (Message &, std::string)
std::string getSchemaPath (std::string serviceName)
MCCInterfaceNext (const std::string &label="")
bool ProcessSecHandlers (Message &message, const std::string &label="") const
 Executes security handlers of specified queue.

Protected Attributes

std::map< std::string,
std::string > 
std::map< std::string,
MCCInterface * > 
 Set of labeled "next" components.
std::map< std::string,
std::list< ArcSec::SecHandler * > > 
 Set of labeled authentication and authorization handlers.

Static Protected Attributes

static Logger logger
 A logger for MCCs.

Detailed Description

Definition at line 10 of file MCCMsgValidator.h.

Constructor & Destructor Documentation

Definition at line 23 of file MCCMsgValidator.cpp.

                                                    : Arc::MCC(cfg) {
    // Collect services to be validated
    for(int i = 0;;++i) {
        Arc::XMLNode n = (*cfg)["ValidatedService"][i];
        if(!n) break;
        std::string servicepath = n["ServicePath"];
        if(servicepath.empty()) {
            //missing path
            logger.msg(Arc::WARNING, "Skipping service: no ServicePath found!");
        std::string schemapath = n["SchemaPath"];
        if(schemapath.empty()) {
            //missing path
            logger.msg(Arc::WARNING, "Skipping service: no SchemaPath found!");

        // register schema path with service
        schemas[servicepath] = schemapath;

Here is the call graph for this function:

Member Function Documentation

void Arc::MCC::AddSecHandler ( Config cfg,
ArcSec::SecHandler sechandler,
const std::string &  label = "" 
) [virtual, inherited]

Add security components/handlers to this MCC.

Security handlers are stacked into a few queues with each queue identified by its label. The queue labelled 'incoming' is executed for every 'request' message after the message is processed by the MCC on the service side and before processing on the client side. The queue labelled 'outgoing' is run for response message before it is processed by MCC algorithms on the service side and after processing on the client side. Those labels are just a matter of agreement and some MCCs may implement different queues executed at various message processing steps.

Definition at line 35 of file MCC.cpp.

    if (sechandler) {
      // need polishing to put the SecHandlerFactory->getinstance here
      XMLNode cn = (*cfg)["SecHandler"];
      Config cfg_(cn);

Here is the caller graph for this function:

std::string Arc::MCC_MsgValidator::getSchemaPath ( std::string  serviceName) [protected]

Definition at line 67 of file MCCMsgValidator.cpp.

    // Look for servicePath in the map.
    // Using a const_iterator since we are not going to change the values.
    for(std::map<std::string,std::string>::const_iterator iter = schemas.begin(); iter != schemas.end(); ++iter)
        if(iter->first == servicePath) {
            // found servicePath; returning schemaPath
            return iter->second;
    // nothing found; returning empty path
    return "";

Here is the caller graph for this function:

MCCInterface * Arc::MCC::Next ( const std::string &  label = "") [protected, inherited]

Definition at line 22 of file MCC.cpp.

    std::map<std::string, MCCInterface *>::iterator n = next_.find(label);
    if (n == next_.end())
      return NULL;
    return n->second;

Here is the caller graph for this function:

void Arc::MCC::Next ( MCCInterface next,
const std::string &  label = "" 
) [virtual, inherited]

Add reference to next MCC in chain.

This method is called by Loader for every potentially labeled link to next component which implements MCCInterface. If next is NULL corresponding link is removed.

Reimplemented in Arc::MCC_TLS_Client, Arc::Plexer, and Arc::MCC_GSI_Client.

Definition at line 15 of file MCC.cpp.

    if (next == NULL)
      next_[label] = next;
virtual MCC_Status Arc::MCC::process ( Message ,
) [inline, virtual, inherited]

Dummy Message processing method.

Just a placeholder.

Implements Arc::MCCInterface.

Reimplemented in Arc::MCC_TCP_Client, Arc::MCC_TCP_Service, Arc::MCC_TLS_Client, Arc::MCC_HTTP_Client, Arc::Plexer, Arc::MCC_TLS_Service, Arc::MCC_SOAP_Client, Arc::MCC_HTTP_Service, Arc::MCC_GSI_Client, Arc::MCC_SOAP_Service, Arc::MCC_MsgValidator_Service, and Arc::MCC_GSI_Service.

Definition at line 103 of file MCC.h.

      return MCC_Status();

Here is the caller graph for this function:

bool Arc::MCC::ProcessSecHandlers ( Message message,
const std::string &  label = "" 
) const [protected, inherited]

Executes security handlers of specified queue.

Returns true if the message is authorized for further processing or if there are no security handlers which implement authorization functionality. This is a convenience method and has to be called by the implemention of the MCC.

Definition at line 45 of file MCC.cpp.

    // Each MCC/Service can define security handler queues in the configuration
    // file, the queues have labels specified in handlers configuration 'event'
    // attribute.
    // Security handlers in one queue are called sequentially.
    // Each one should be configured carefully, because there can be some
    // relationship between them (e.g. authentication should be put in front
    // of authorization).
    // The SecHandler::Handle() only returns true/false with true meaning that
    // handler processed message successfuly. If SecHandler implements
    // authorization functionality, it returns false if message is disallowed
    // and true otherwise.
    // If any SecHandler in the handler chain produces some information which
    // will be used by some following handler, the information should be
    // stored in the attributes of message (e.g. the Identity extracted from
    // authentication will be used by authorization to make access control
    // decision).
    std::map<std::string, std::list<ArcSec::SecHandler *> >::const_iterator q =
    if (q == sechandlers_.end()) {
     "No security processing/check requested for '%s'", label);
      return true;
    for (std::list<ArcSec::SecHandler *>::const_iterator h = q->second.begin();
         h != q->second.end(); ++h) {
      const ArcSec::SecHandler *handler = *h;
      if (!handler)
        continue; // Shouldn't happen. Just a sanity check.
      if (!(handler->Handle(&message))) {
        logger.msg(INFO, "Security processing/check failed");
        return false;
    logger.msg(DEBUG, "Security processing/check passed");
    return true;

Here is the call graph for this function:

Here is the caller graph for this function:

void Arc::MCC::Unlink ( ) [virtual, inherited]

Removing all links.

Useful for destroying chains.

Definition at line 29 of file MCC.cpp.

    for (std::map<std::string, MCCInterface *>::iterator n = next_.begin();
         n != next_.end(); n = next_.begin())

Here is the caller graph for this function:

bool Arc::MCC_MsgValidator::validateMessage ( Message msg,
std::string  schemaPath 
) [protected]

Definition at line 81 of file MCCMsgValidator.cpp.

    // create parser ctxt for schema accessible on schemaPath
    xmlSchemaParserCtxtPtr schemaParserP = xmlSchemaNewParserCtxt(schemaPath.c_str());

    if(!schemaParserP) {
        // could not create context
        logger.msg(ERROR, "Parser Context creation failed!");
        return false;

    // parse schema
    xmlSchemaPtr schemaP = xmlSchemaParse(schemaParserP);

    if(!schemaP) {
        // could not parse schema
        logger.msg(ERROR, "Cannot parse schema!");
        // have to free parser ctxt
        return false;

    // we do not need schemaParserP any more, so it can be freed

    // Extracting payload
    MessagePayload* payload = msg.Payload();
    if(!payload) {
        logger.msg(ERROR, "Empty payload!");
        return false;

    // Converting payload to SOAP
    PayloadSOAP* plsp = NULL; 
    plsp = dynamic_cast<PayloadSOAP*>(payload);
    if(!plsp) {
        // cast failed
        logger.msg(ERROR, "Could not convert payload!");
        return false;
    PayloadSOAP soapPL(*plsp);

    if(!soapPL) {
        logger.msg(ERROR, "Could not create PayloadSOAP!");
        return false;

    std::string arcPSstr;
    // get SOAP payload as string

    // parse string into libxml2 xmlDoc
    xmlDocPtr lxdocP = xmlParseDoc(xmlCharStrdup(arcPSstr.c_str()));

    // create XPath context; later, we will have to free it!
    xmlXPathContextPtr xpCtxtP = xmlXPathNewContext(lxdocP);

    // content is the first child _element_ of SOAP Body
    std::string exprstr = "//*[local-name()='Body' and namespace-uri()=''][1]/*[1]";

    // result is a xmlXPathObjectPtr; later, we will have to free it!
    xmlXPathObjectPtr xpObP = xmlXPathEval(xmlCharStrdup(exprstr.c_str()),xpCtxtP);

    // xnsP is the set of result nodes
    xmlNodeSetPtr xnsP = xpObP->nodesetval;

    // the set has only one member (content) - see above (exprstr)
    xmlNodePtr content = xnsP->nodeTab[0];
    // create a new xmlDoc for content
    xmlDocPtr doc = xmlNewDoc(xmlCharStrdup("1.0"));

    // create schema validation context
    xmlSchemaValidCtxtPtr validity_ctxt_ptr = xmlSchemaNewValidCtxt(schemaP);

    // copy & add content to doc as a child
    xmlNodePtr tmpNode = xmlDocCopyNode(content, doc, 1);
    xmlAddChild((xmlNodePtr)doc, tmpNode);

    // validate against schema
    bool result = (xmlSchemaValidateDoc(validity_ctxt_ptr, doc) == 0);

    // free resources and return result






    return result;

Here is the call graph for this function:

Here is the caller graph for this function:

Member Data Documentation

A logger for MCCs.

A logger intended to be the parent of loggers in the different MCCs.

Reimplemented from Arc::MCC.

Definition at line 14 of file MCCMsgValidator.h.

std::map<std::string, MCCInterface *> Arc::MCC::next_ [protected, inherited]

Set of labeled "next" components.

Each implemented MCC must call process() method of corresponding MCCInterface from this set in own process() method.

Definition at line 50 of file MCC.h.

std::map<std::string,std::string> Arc::MCC_MsgValidator::schemas [protected]

Definition at line 15 of file MCCMsgValidator.h.

std::map<std::string, std::list<ArcSec::SecHandler *> > Arc::MCC::sechandlers_ [protected, inherited]

Set of labeled authentication and authorization handlers.

MCC calls sequence of handlers at specific point depending on associated identifier. In most aces those are "in" and "out" for incoming and outgoing messages correspondingly.

Definition at line 57 of file MCC.h.

The documentation for this class was generated from the following files: