2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file shibsp/AccessControl.h
20 * Interface to an access control plugin
23 #ifndef __shibsp_acl_h__
24 #define __shibsp_acl_h__
26 #include <shibsp/base.h>
27 #include <xmltooling/Lockable.h>
31 class SHIBSP_API Session;
32 class SHIBSP_API SPRequest;
35 * Interface to an access control plugin
37 * Access control plugins return authorization decisions based on the intersection
38 * of the resource request and the active session. They can be implemented through
39 * cross-platform or platform-specific mechanisms.
41 class SHIBSP_API AccessControl : public virtual xmltooling::Lockable
43 MAKE_NONCOPYABLE(AccessControl);
47 virtual ~AccessControl() {}
50 * Possible results from an access control decision.
55 shib_acl_indeterminate
59 * Perform an authorization check.
61 * @param request SP request information
62 * @param session active user session, if any
63 * @return true iff access should be granted
65 virtual aclresult_t authorized(const SPRequest& request, const Session* session) const=0;
69 * Registers AccessControl classes into the runtime.
71 void SHIBSP_API registerAccessControls();
73 /** Chains together multiple plugins. */
74 #define CHAINING_ACCESS_CONTROL "Chaining"
76 /** AccessControl based on rudimentary XML syntax. */
77 #define XML_ACCESS_CONTROL "XML"
79 /** Reserved for Apache-style .htaccess support. */
80 #define HT_ACCESS_CONTROL "htaccess"
83 #endif /* __shibsp_acl_h__ */