2 * Copyright 2010-2011 JANET(UK)
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file shibresolver/resolver.h
20 * An embeddable component interface to Shibboleth SP attribute processing.
23 #ifndef __shibresolver_h__
24 #define __shibresolver_h__
26 #include <shibresolver/base.h>
28 #include <shibsp/RequestMapper.h>
29 #include <shibsp/SPConfig.h>
34 #ifdef SHIBRESOLVER_HAVE_GSSGNU
36 #elif defined SHIBRESOLVER_HAVE_GSSMIT
37 # include <gssapi/gssapi.h>
38 # include <gssapi/gssapi_generic.h>
43 namespace xmltooling {
44 class XMLTOOL_API XMLObject;
48 class SHIBSP_API Attribute;
49 class SHIBSP_API SPRequest;
52 namespace shibresolver {
54 #if defined (_MSC_VER)
55 #pragma warning( push )
56 #pragma warning( disable : 4250 4251 )
60 * An embeddable component interface to Shibboleth SP attribute processing.
62 class SHIBRESOLVER_API ShibbolethResolver
64 MAKE_NONCOPYABLE(ShibbolethResolver);
68 virtual ~ShibbolethResolver();
71 * Sets the calling service request, making the Shibboleth SP responsible for
72 * mapping the service to an Application instance.
74 * @param request identifies the service request performing attribute resolution
76 void setRequest(const shibsp::SPRequest* request);
79 * Sets the application ID to use for resolution, bypassing the mapping
80 * function of the Shibboleth SP.
82 * @param appID identifies an application in the SP configuration
84 void setApplicationID(const char* appID);
87 * Sets the identity issuer to use for resolution.
89 * @param issuer entityID of the identity "source", if known
91 void setIssuer(const char* issuer);
94 * Adds an XML token as input to the resolver, generally a SAML assertion.
95 * <p>The caller retains ownership of the object.
97 * @param token an input token to evaluate
99 void addToken(const xmltooling::XMLObject* token);
101 #ifdef SHIBRESOLVER_HAVE_GSSAPI
103 * Adds a GSS-API security context as input to the resolver.
104 * <p>The caller retains ownership of the context.
106 * @param ctx an input context to evaluate
108 void addToken(gss_ctx_id_t ctx);
112 * Adds an Attribute as input to the resolver.
113 * <p>The caller retains ownership of the object.
115 * @param attr an input Attribute
117 void addAttribute(shibsp::Attribute* attr);
120 * Resolves Attributes and attaches them to the resolver object.
121 * <p>The caller is responsible for transferring any Attributes it wishes to
122 * retain out of the resolver.
124 virtual void resolve();
127 * Returns a modifiable array of resolved Attribute objects.
128 * <p>The caller may take ownership of any or all by removing them
131 * @return array of resolved Attributes
133 std::vector<shibsp::Attribute*>& getResolvedAttributes();
136 * Returns mapped PropertySet and AccessControl objects, if any.
138 * @return mapped PropertySet/AccesssControl pair
140 shibsp::RequestMapper::Settings getSettings() const;
143 * Initializes SP runtime objects based on an XML configuration string or a configuration pathname.
144 * <p>Each process using the library MUST call this function exactly once before using any library classes.
146 * @param features bitmask of SP components to enable
147 * @param config a snippet of XML to parse (it <strong>MUST</strong> contain a type attribute) or a pathname
148 * @param rethrow true iff caught exceptions should be rethrown instead of just returning a true/false result
149 * @return true iff initialization was successful
153 unsigned long features = (shibsp::SPConfig::Listener|shibsp::SPConfig::InProcess),
155 unsigned long features = shibsp::SPConfig::OutOfProcess,
157 const char* config = NULL,
162 * Shuts down runtime.
164 * Each process using the library SHOULD call this function exactly once before terminating itself.
169 * Returns a ShibbolethResolver instance.
171 * @return a ShibbolethResolver instance, must be freed by the caller.
173 static ShibbolethResolver* create();
176 /** Service request. */
177 const shibsp::SPRequest* m_request;
179 /** Application ID. */
182 /** Source of identity, if known. */
183 std::string m_issuer;
186 std::vector<const xmltooling::XMLObject*> m_tokens;
188 /** Input attributes. */
189 std::vector<shibsp::Attribute*> m_inputAttributes;
192 shibsp::ServiceProvider* m_sp;
193 #ifdef SHIBRESOLVER_HAVE_GSSAPI
194 xmltooling::XMLObject* m_gsswrapper;
196 std::vector<shibsp::Attribute*> m_resolvedAttributes;
199 #if defined (_MSC_VER)
200 #pragma warning( pop )
205 #endif /* __shibresolver_h__ */