X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fbinding%2FSecurityPolicyRule.h;h=f8d11e8eee29dbc10cfa53fbd7fc70a6c35126d4;hb=5d7bff8c9b4a048d34dda50c40ed355cf4dd84de;hp=f15d26332f0f7ccbf402fe404b1ae7c2a1422291;hpb=694b587ec84095f2d7c0987724956673fe7eb2b5;p=shibboleth%2Fopensaml2.git diff --git a/saml/binding/SecurityPolicyRule.h b/saml/binding/SecurityPolicyRule.h index f15d263..f8d11e8 100644 --- a/saml/binding/SecurityPolicyRule.h +++ b/saml/binding/SecurityPolicyRule.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2006 Internet2 + * Copyright 2001-2007 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -43,17 +43,26 @@ namespace opensaml { virtual ~SecurityPolicyRule() {} /** - * Evaluates the rule against the given request and message. If an Issuer is - * returned, the caller is responsible for freeing the Issuer object. + * Returns the rule's class/type. + * + * @return the class/type of the object + */ + virtual const char* getType() const=0; + + /** + * Evaluates the rule against the given request and message. + * + *

An exception will be raised if the message is invalid according to + * a policy rule. * * @param message the incoming message * @param request the protocol request * @param policy SecurityPolicy to provide various components and track message data - * - * @throws BindingException thrown if the request/message do not meet the requirements of this rule */ virtual void evaluate( - const xmltooling::XMLObject& message, const GenericRequest* request, SecurityPolicy& policy + const xmltooling::XMLObject& message, + const xmltooling::GenericRequest* request, + SecurityPolicy& policy ) const=0; }; @@ -63,25 +72,11 @@ namespace opensaml { void SAML_API registerSecurityPolicyRules(); /** - * SecurityPolicyRule for processing SAML 1.x messages. - * - * Extracts message ID, timestamp, and issuer information. - */ - #define SAML1MESSAGE_POLICY_RULE "org.opensaml.saml1.binding.SAML1MessageRule" - - /** - * SecurityPolicyRule for processing SAML 2.0 messages. - * - * Extracts message ID, timestamp, and issuer information. - */ - #define SAML2MESSAGE_POLICY_RULE "org.opensaml.saml2.binding.SAML2MessageRule" - - /** * SecurityPolicyRule for TLS client certificate authentication. * * Evaluates client certificates against the issuer's metadata. */ - #define CLIENTCERTAUTH_POLICY_RULE "org.opensaml.binding.ClientCertAuthRule" + #define CLIENTCERTAUTH_POLICY_RULE "ClientCertAuth" /** * SecurityPolicyRule for replay detection and freshness checking. @@ -94,7 +89,16 @@ namespace opensaml { * or up to a number of seconds set by an "expires" XML attribute when * instantiating the policy rule. */ - #define MESSAGEFLOW_POLICY_RULE "org.opensaml.binding.MessageFlowRule" + #define MESSAGEFLOW_POLICY_RULE "MessageFlow" + + /** + * SecurityPolicyRule for disabling security. + * + * Allows the message issuer to be authenticated regardless of the message or + * transport. Used mainly for debugging or in situations that I wouldn't care to + * comment on. + */ + #define NULLSECURITY_POLICY_RULE "NullSecurity" /** * SecurityPolicyRule for protocol message "blob" signing. @@ -102,7 +106,7 @@ namespace opensaml { * Allows the message issuer to be authenticated using a non-XML digital signature * over the message body. The transport layer is not considered. */ - #define SIMPLESIGNING_POLICY_RULE "org.opensaml.binding.SimpleSigningRule" + #define SIMPLESIGNING_POLICY_RULE "SimpleSigning" /** * SecurityPolicyRule for protocol message XML signing. @@ -110,7 +114,7 @@ namespace opensaml { * Allows the message issuer to be authenticated using an XML digital signature * over the message. The transport layer is not considered. */ - #define XMLSIGNING_POLICY_RULE "org.opensaml.binding.XMLSigningRule" + #define XMLSIGNING_POLICY_RULE "XMLSigning" }; #endif /* __saml_secrule_h__ */