2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file saml/binding/SOAPClient.h
20 * Specialized SOAPClient for SAML SOAP bindings.
23 #ifndef __saml_soap11client_h__
24 #define __saml_soap11client_h__
26 #include <saml/binding/SecurityPolicy.h>
27 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
28 #include <xmltooling/soap/SOAPClient.h>
33 * Specialized SOAPClient for SAML SOAP bindings.
35 class SAML_API SOAPClient : public soap11::SOAPClient
39 * Creates a SOAP client instance with a particular SecurityPolicy.
41 * @param policy reference to SecurityPolicy to apply
43 SOAPClient(SecurityPolicy& policy)
44 : soap11::SOAPClient(policy.getValidating()), m_policy(policy), m_force(true), m_peer(NULL), m_criteria(NULL) {
47 virtual ~SOAPClient() {
51 * Controls whether to force transport/peer authentication via an X509TrustEngine.
53 * <p>Only makes sense if an X509TrustEngine is supplied by the SecurityPolicy.
55 * @param force true iff the client should refuse to communicate without this protection
57 void forceTransportAuthentication(bool force=true) {
61 using soap11::SOAPClient::send;
64 * SAML-specific method uses metadata to determine the peer name and prepare the
65 * transport layer with peer credential information. The SecurityPolicy is also reset,
66 * in case the policy is reused.
68 * @param env SOAP envelope to send
69 * @param from identity of sending application
70 * @param to peer to send message to, expressed in metadata criteria terms
71 * @param endpoint URL of endpoint to recieve message
73 virtual void send(const soap11::Envelope& env, const char* from, saml2md::MetadataCredentialCriteria& to, const char* endpoint);
76 * Override applies SecurityPolicy to envelope before returning it.
78 * @return response envelope after SecurityPolicy has been applied
80 soap11::Envelope* receive();
85 * Returns the SecurityPolicy supplied to the client.
87 * @return the associated SecurityPolicy
89 SecurityPolicy& getPolicy() const {
95 * Override prepares transport by assigning an X509TrustEngine to it, if one is
96 * attached to the policy.
98 * @param transport reference to transport layer
100 void prepareTransport(xmltooling::SOAPTransport& transport);
102 /** Reference to security policy to apply. */
103 SecurityPolicy& m_policy;
105 /** Flag controlling whether transport/peer authn is mandatory. */
108 /** Metadata-based peer identity. */
109 const saml2md::RoleDescriptor* m_peer;
111 /** Metadata-based CredentialCriteria for supplying credentials to TrustEngine. */
112 saml2md::MetadataCredentialCriteria* m_criteria;
117 #endif /* __saml_soap11client_h__ */