MAKE_NONCOPYABLE(ArtifactResolver);
protected:
ArtifactResolver() {}
-
- /** Flag controlling schema validation. */
- bool m_validate;
public:
virtual ~ArtifactResolver() {}
/**
- * Controls schema validation of incoming XML messages.
- * This is separate from other forms of programmatic validation of objects,
- * but can detect a much wider range of syntax errors.
- *
- * @param validate true iff the resolver should use a validating XML parser
- */
- void setValidating(bool validate=true) {
- m_validate = validate;
- }
-
- /**
* Resolves one or more SAML 1.x artifacts into a response containing a set of
* resolved Assertions. The caller is responsible for the resulting Response.
* The supplied SecurityPolicy is used to access caller-supplied infrastructure
*
* @param artifactResolver an ArtifactResolver implementation to use
*/
- void setArtifactResolver(ArtifactResolver* artifactResolver) {
+ void setArtifactResolver(const ArtifactResolver* artifactResolver) {
m_artifactResolver = artifactResolver;
- if (m_artifactResolver)
- m_artifactResolver->setValidating(m_validate);
}
/**
- * Controls schema validation of incoming XML messages.
- * This is separate from other forms of programmatic validation of objects,
- * but can detect a much wider range of syntax errors.
- *
- * @param validate true iff the decoder should use a validating XML parser
- */
- void setValidating(bool validate=true) {
- m_validate = validate;
- if (m_artifactResolver)
- m_artifactResolver->setValidating(m_validate);
- }
-
- /**
* Decodes a transport request into a SAML protocol message, and evaluates it
* against a supplied SecurityPolicy. If the transport request does not contain
* the information necessary to decode the request, NULL will be returned.
) const=0;
protected:
- MessageDecoder() : m_artifactResolver(NULL), m_validate(false) {}
+ MessageDecoder() : m_artifactResolver(NULL) {}
/** Pointer to an ArtifactResolver implementation. */
- ArtifactResolver* m_artifactResolver;
-
- /** Flag controlling schema validation. */
- bool m_validate;
+ const ArtifactResolver* m_artifactResolver;
};
/**
* @param policy reference to SecurityPolicy to apply
* @param validating controls schema validation
*/
- SOAPClient(SecurityPolicy& policy, bool validating=false)
- : soap11::SOAPClient(validating), m_policy(policy), m_force(true), m_peer(NULL) {}
+ SOAPClient(SecurityPolicy& policy)
+ : soap11::SOAPClient(policy.getValidating()), m_policy(policy), m_force(true), m_peer(NULL) {}
virtual ~SOAPClient() {}
* @param metadataProvider locked MetadataProvider instance
* @param role identifies the role (generally IdP or SP) of the policy peer
* @param trustEngine TrustEngine to authenticate policy peer
+ * @param validate true iff XML parsing should be done with validation
*/
SecurityPolicy(
const saml2md::MetadataProvider* metadataProvider=NULL,
const xmltooling::QName* role=NULL,
- const xmltooling::TrustEngine* trustEngine=NULL
- ) : m_messageQName(NULL), m_messageID(NULL), m_issueInstant(0), m_issuer(NULL), m_issuerRole(NULL), m_secure(false),
- m_matchingPolicy(NULL), m_metadata(metadataProvider), m_role(NULL), m_trust(trustEngine) {
+ const xmltooling::TrustEngine* trustEngine=NULL,
+ bool validate=true
+ ) : m_messageQName(NULL), m_messageID(NULL), m_issueInstant(0),
+ m_issuer(NULL), m_issuerRole(NULL), m_secure(false), m_matchingPolicy(NULL),
+ m_metadata(metadataProvider), m_role(NULL), m_trust(trustEngine), m_validate(validate) {
if (role)
m_role = new xmltooling::QName(*role);
}
* @param metadataProvider locked MetadataProvider instance
* @param role identifies the role (generally IdP or SP) of the policy peer
* @param trustEngine TrustEngine to authenticate policy peer
+ * @param validate true iff XML parsing should be done with validation
*/
SecurityPolicy(
const std::vector<const SecurityPolicyRule*>& rules,
const saml2md::MetadataProvider* metadataProvider=NULL,
const xmltooling::QName* role=NULL,
- const xmltooling::TrustEngine* trustEngine=NULL
- ) : m_messageQName(NULL), m_messageID(NULL), m_issueInstant(0), m_issuer(NULL), m_issuerRole(NULL), m_secure(false),
- m_matchingPolicy(NULL), m_rules(rules), m_metadata(metadataProvider), m_role(NULL), m_trust(trustEngine) {
+ const xmltooling::TrustEngine* trustEngine=NULL,
+ bool validate=true
+ ) : m_messageQName(NULL), m_messageID(NULL), m_issueInstant(0),
+ m_issuer(NULL), m_issuerRole(NULL), m_secure(false), m_matchingPolicy(NULL),
+ m_rules(rules), m_metadata(metadataProvider), m_role(NULL), m_trust(trustEngine), m_validate(validate) {
if (role)
m_role = new xmltooling::QName(*role);
}
}
/**
+ * Returns XML message validation setting.
+ *
+ * @return validation flag
+ */
+ bool getValidating() const {
+ return m_validate;
+ }
+
+ /**
* Adds a SecurityPolicyRule to the policy. The lifetime of the policy rule
* must be at least as long as the policy object.
*
}
/**
+ * Controls schema validation of incoming XML messages.
+ * This is separate from other forms of programmatic validation of objects,
+ * but can detect a much wider range of syntax errors.
+ *
+ * @param validate validation setting
+ */
+ void setValidating(bool validate=true) {
+ m_validate = validate;
+ }
+
+ /**
* Evaluates the policy against the given request and message,
* possibly populating message information in the policy object.
*
const saml2md::MetadataProvider* m_metadata;
xmltooling::QName* m_role;
const xmltooling::TrustEngine* m_trust;
+ bool m_validate;
};
};
XMLString::release(&decoded);
// Parse and bind the document into an XMLObject.
- DOMDocument* doc = (m_validate ? XMLToolingConfig::getConfig().getValidatingParser()
+ DOMDocument* doc = (policy.getValidating() ? XMLToolingConfig::getConfig().getValidatingParser()
: XMLToolingConfig::getConfig().getParser()).parse(is);
XercesJanitor<DOMDocument> janitor(doc);
auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
if (!response)
throw BindingException("Decoded message was not a SAML 1.x Response.");
- if (!m_validate)
+ if (!policy.getValidating())
SchemaValidators.validate(xmlObject.get());
// Run through the policy.
istringstream is(data);
// Parse and bind the document into an XMLObject.
- DOMDocument* doc = (m_validate ? XMLToolingConfig::getConfig().getValidatingParser()
+ DOMDocument* doc = (policy.getValidating() ? XMLToolingConfig::getConfig().getValidatingParser()
: XMLToolingConfig::getConfig().getParser()).parse(is);
XercesJanitor<DOMDocument> janitor(doc);
auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
if (!env)
throw BindingException("Decoded message was not a SOAP 1.1 Envelope.");
- if (!m_validate)
+ if (!policy.getValidating())
SchemaValidators.validate(env);
Body* body = env->getBody();
XMLString::release(&decoded);
// Parse and bind the document into an XMLObject.
- DOMDocument* doc = (m_validate ? XMLToolingConfig::getConfig().getValidatingParser()
+ DOMDocument* doc = (policy.getValidating() ? XMLToolingConfig::getConfig().getValidatingParser()
: XMLToolingConfig::getConfig().getParser()).parse(is);
XercesJanitor<DOMDocument> janitor(doc);
auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
root = static_cast<saml2::RootObject*>(request);
}
- if (!m_validate)
+ if (!policy.getValidating())
SchemaValidators.validate(xmlObject.get());
// Run through the policy.
XMLString::release(&decoded);
// Parse and bind the document into an XMLObject.
- DOMDocument* doc = (m_validate ? XMLToolingConfig::getConfig().getValidatingParser()
+ DOMDocument* doc = (policy.getValidating() ? XMLToolingConfig::getConfig().getValidatingParser()
: XMLToolingConfig::getConfig().getParser()).parse(s);
XercesJanitor<DOMDocument> janitor(doc);
auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
root = static_cast<saml2::RootObject*>(request);
}
- if (!m_validate)
+ if (!policy.getValidating())
SchemaValidators.validate(xmlObject.get());
// Run through the policy.
istringstream is(data);
// Parse and bind the document into an XMLObject.
- DOMDocument* doc = (m_validate ? XMLToolingConfig::getConfig().getValidatingParser()
+ DOMDocument* doc = (policy.getValidating() ? XMLToolingConfig::getConfig().getValidatingParser()
: XMLToolingConfig::getConfig().getParser()).parse(is);
XercesJanitor<DOMDocument> janitor(doc);
auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
if (!env)
throw BindingException("Decoded message was not a SOAP 1.1 Envelope.");
- if (!m_validate)
+ if (!policy.getValidating())
SchemaValidators.validate(env);
Body* body = env->getBody();