/*
- * Copyright 2001-2006 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* SAML replay and freshness checking SecurityPolicyRule
*/
+#ifndef __saml_flowrule_h__
+#define __saml_flowrule_h__
+
#include <saml/binding/SecurityPolicyRule.h>
/**
* SAML replay and freshness checking SecurityPolicyRule
*
- * Subclasses can provide support for additional message types
- * by overriding the main method and then calling the check method.
+ * Some form of message rule to extract ID and timestamp must be
+ * run prior to this rule.
*/
class SAML_API MessageFlowRule : public SecurityPolicyRule
{
MessageFlowRule(const DOMElement* e);
virtual ~MessageFlowRule() {}
- std::pair<saml2::Issuer*,const saml2md::RoleDescriptor*> evaluate(
- const GenericRequest& request,
- const xmltooling::XMLObject& message,
- const saml2md::MetadataProvider* metadataProvider,
- const xmltooling::QName* role,
- const TrustEngine* trustEngine,
- const MessageExtractor& extractor
- ) const;
+ void evaluate(const xmltooling::XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const;
/**
* Controls whether rule executes replay checking.
void setExpires(time_t expires) {
m_expires = expires;
}
-
- protected:
- /**
- * Performs the check.
- *
- * @param id message identifier
- * @param issueInstant timestamp of protocol message
- *
- * @exception BindingException raised if a check fails
- */
- void check(const XMLCh* id, time_t issueInstant) const;
private:
bool m_checkReplay;
};
};
+
+#endif /* __saml_flowrule_h__ */