const saml2md::MetadataProvider* metadataProvider=NULL,
const xmltooling::QName* role=NULL,
const TrustEngine* trustEngine=NULL
- ) : m_issuer(NULL), m_issuerRole(NULL), m_matchingPolicy(NULL), m_metadata(metadataProvider),
- m_role(role ? *role : xmltooling::QName()), m_trust(trustEngine) {
+ ) : m_issuer(NULL), m_issuerRole(NULL), m_matchingPolicy(NULL), m_extractor(NULL),
+ m_metadata(metadataProvider), m_role(role ? *role : xmltooling::QName()), m_trust(trustEngine) {
}
/**
- * Constructor for policy using existing rules.
+ * Constructor for policy using existing rules. The lifetime of the policy rules
+ * must be at least as long as the policy object.
*
* @param rules reference to array of policy rules to use
* @param metadataProvider locked MetadataProvider instance
const saml2md::MetadataProvider* metadataProvider=NULL,
const xmltooling::QName* role=NULL,
const TrustEngine* trustEngine=NULL
- ) : m_issuer(NULL), m_issuerRole(NULL), m_matchingPolicy(NULL), m_rules(rules), m_metadata(metadataProvider),
- m_role(role ? *role : xmltooling::QName()), m_trust(trustEngine) {
+ ) : m_issuer(NULL), m_issuerRole(NULL), m_matchingPolicy(NULL), m_extractor(NULL), m_rules(rules),
+ m_metadata(metadataProvider), m_role(role ? *role : xmltooling::QName()), m_trust(trustEngine) {
}
virtual ~SecurityPolicy();
}
/**
+ * Adds a SecurityPolicyRule to the policy. The lifetime of the policy rule
+ * must be at least as long as the policy object.
+ *
+ * @param rule SecurityPolicyRule to add
+ */
+ void addRule(const SecurityPolicyRule* rule) {
+ m_rules.push_back(rule);
+ }
+
+ /**
* Sets a locked MetadataProvider for the policy.
*
* @param metadata a locked MetadataProvider or NULL
*
* @return the effective IssuerMatchingPolicy
*/
- const IssuerMatchingPolicy* getIssuerMatchingPolicy() const {
- return m_matchingPolicy ? m_matchingPolicy : &m_defaultMatching;
+ const IssuerMatchingPolicy& getIssuerMatchingPolicy() const {
+ return m_matchingPolicy ? *m_matchingPolicy : m_defaultMatching;
}
/**
*
* @param matchingPolicy the IssuerMatchingPolicy to use
*/
- void getIssuerMatchingPolicy(IssuerMatchingPolicy* matchingPolicy) {
+ void setIssuerMatchingPolicy(IssuerMatchingPolicy* matchingPolicy) {
delete m_matchingPolicy;
m_matchingPolicy = matchingPolicy;
}
+ /**
+ * Returns the MessageExtractor in effect.
+ *
+ * @return the effective MessageExtractor
+ */
+ const SecurityPolicyRule::MessageExtractor& getMessageExtractor() const {
+ return m_extractor ? *m_extractor : m_defaultExtractor;
+ }
+
+ /**
+ * Sets the MessageExtractor in effect. Setting no extractor will
+ * cause the default extractor to be used.
+ *
+ * <p>The extractor will be freed by the SecurityPolicy.
+ *
+ * @param extractor the MessageExtractor to use
+ */
+ void setMessageExtractor(SecurityPolicyRule::MessageExtractor* extractor) {
+ delete m_extractor;
+ m_extractor = extractor;
+ }
+
protected:
/** A shared matching object that just supports the default matching rules. */
static IssuerMatchingPolicy m_defaultMatching;
+ /** A shared extractor object that just supports the default SAML message types. */
+ static SecurityPolicyRule::MessageExtractor m_defaultExtractor;
+
private:
saml2::Issuer* m_issuer;
const saml2md::RoleDescriptor* m_issuerRole;
IssuerMatchingPolicy* m_matchingPolicy;
+ SecurityPolicyRule::MessageExtractor* m_extractor;
+
std::vector<const SecurityPolicyRule*> m_rules;
const saml2md::MetadataProvider* m_metadata;
xmltooling::QName m_role;