/*
- * Copyright 2001-2006 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#ifndef __shibsp_sp_h__
#define __shibsp_sp_h__
-#include <shibsp/PropertySet.h>
-#include <xmltooling/signature/CredentialResolver.h>
+#include <shibsp/util/PropertySet.h>
+#ifndef SHIBSP_LITE
+# include <saml/binding/SecurityPolicyRule.h>
+# include <xmltooling/soap/SOAPTransport.h>
+# include <xmltooling/util/StorageService.h>
+#endif
+#include <xmltooling/Lockable.h>
namespace shibsp {
- class ListenerService;
+ class SHIBSP_API Application;
+ class SHIBSP_API Handler;
+ class SHIBSP_API ListenerService;
+ class SHIBSP_API RequestMapper;
+ class SHIBSP_API SessionCache;
+ class SHIBSP_API SPRequest;
+ class SHIBSP_API TemplateParameters;
+#ifndef SHIBSP_LITE
+ class SHIBSP_API TransactionLog;
+#endif
/**
* Interface to a Shibboleth ServiceProvider instance.
* <p>A ServiceProvider exposes configuration and infrastructure services required
* by the SP implementation, allowing a flexible configuration format.
*/
- class SHIBSP_API ServiceProvider : public virtual xmltooling::Lockable, public virtual PropertySet
+ class SHIBSP_API ServiceProvider : public virtual xmltooling::Lockable, public virtual PropertySet
{
MAKE_NONCOPYABLE(ServiceProvider);
protected:
* from the SPConfig singleton.
*/
virtual void init()=0;
-
+
+#ifndef SHIBSP_LITE
+ /**
+ * Returns a TransactionLog instance.
+ *
+ * @return a TransactionLog instance
+ */
+ virtual TransactionLog* getTransactionLog() const=0;
+
+ /**
+ * Returns a StorageService instance based on an ID.
+ *
+ * @param id a NULL-terminated key identifying the StorageService to the configuration
+ * @return a StorageService if available, or NULL
+ */
+ virtual xmltooling::StorageService* getStorageService(const char* id) const=0;
+#endif
+
+ /**
+ * Returns a SessionCache instance.
+ *
+ * @param required true iff an exception should be thrown if no SessionCache is available
+ * @return a SessionCache
+ */
+ virtual SessionCache* getSessionCache(bool required=true) const=0;
+
/**
* Returns a ListenerService instance.
*
* @param required true iff an exception should be thrown if no ListenerService is available
- * @return a ListenerService if available, or NULL
+ * @return a ListenerService
*/
virtual ListenerService* getListenerService(bool required=true) const=0;
+#ifndef SHIBSP_LITE
+ /**
+ * Returns the security policy settings for an identified policy.
+ *
+ * @param id identifies the policy to return
+ * @return a PropertySet
+ */
+ virtual const PropertySet* getPolicySettings(const char* id) const=0;
+
+ /**
+ * Returns the security policy rules for an identified policy.
+ *
+ * @param id identifies the policy to return
+ * @return an array of policy rules
+ */
+ virtual const std::vector<const opensaml::SecurityPolicyRule*>& getPolicyRules(const char* id) const=0;
+
+ /**
+ * Sets implementation-specific transport options for an identified policy.
+ *
+ * @param id identifies the policy to return
+ * @param transport a SOAPTransport object
+ * @return true iff all options were successfully set
+ */
+ virtual bool setTransportOptions(const char* id, xmltooling::SOAPTransport& transport) const=0;
+#endif
+
+ /**
+ * Returns a RequestMapper instance.
+ *
+ * @param required true iff an exception should be thrown if no RequestMapper is available
+ * @return a RequestMapper
+ */
+ virtual RequestMapper* getRequestMapper(bool required=true) const=0;
+
/**
- * Returns a CredentialResolver instance mapped to a key.
+ * Returns an Application instance matching the specified ID.
*
- * @param id a NULL-terminated key identifying the CredentialResolver to the configuration
- * @return a CredentialResolver if available, or NULL
+ * @param applicationId the ID of the application
+ * @return pointer to the application, or NULL
*/
- virtual xmlsignature::CredentialResolver* getCredentialResolver(const char* id) const=0;
+ virtual const Application* getApplication(const char* applicationId) const=0;
- //virtual ISessionCache* getSessionCache() const=0;
+ /**
+ * Enforces requirements for an authenticated session.
+ *
+ * <p>If the return value's first member is true, then request processing should terminate
+ * with the second member as a status value. If false, processing can continue.
+ *
+ * @param request SP request interface
+ * @param handler true iff a request to a registered Handler location can be directly executed
+ * @return a pair containing a "request completed" indicator and a server-specific response code
+ */
+ virtual std::pair<bool,long> doAuthentication(SPRequest& request, bool handler=false) const;
- //virtual IRequestMapper* getRequestMapper() const=0;
+ /**
+ * Enforces authorization requirements based on the authenticated session.
+ *
+ * <p>If the return value's first member is true, then request processing should terminate
+ * with the second member as a status value. If false, processing can continue.
+ *
+ * @param request SP request interface
+ * @return a pair containing a "request completed" indicator and a server-specific response code
+ */
+ virtual std::pair<bool,long> doAuthorization(SPRequest& request) const;
- //virtual const IApplication* getApplication(const char* applicationId) const=0;
+ /**
+ * Publishes session contents to the request in the form of headers or environment variables.
+ *
+ * <p>If the return value's first member is true, then request processing should terminate
+ * with the second member as a status value. If false, processing can continue.
+ *
+ * @param request SP request interface
+ * @param requireSession set to true iff an error should result if no session exists
+ * @return a pair containing a "request completed" indicator and a server-specific response code
+ */
+ virtual std::pair<bool,long> doExport(SPRequest& request, bool requireSession=true) const;
+
+ /**
+ * Services requests for registered Handler locations.
+ *
+ * <p>If the return value's first member is true, then request processing should terminate
+ * with the second member as a status value. If false, processing can continue.
+ *
+ * @param request SP request interface
+ * @return a pair containing a "request completed" indicator and a server-specific response code
+ */
+ virtual std::pair<bool,long> doHandler(SPRequest& request) const;
};
/**
void SHIBSP_API registerServiceProviders();
/** SP based on integrated XML and native server configuration. */
- #define XML_SERVICE_PROVIDER "edu.internet2.middleware.shibboleth.sp.provider.XMLServiceProvider"
+ #define XML_SERVICE_PROVIDER "XML"
};
#endif /* __shibsp_sp_h__ */