2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * @file shibsp/attribute/filtering/MatchFunctor.h
24 * A function that evaluates whether an expressed criteria is met by the current filter context.
27 #ifndef __shibsp_matchfunc_h__
28 #define __shibsp_matchfunc_h__
30 #include <shibsp/base.h>
34 class SHIBSP_API Attribute;
35 class SHIBSP_API FilteringContext;
38 * A function that evaluates whether an expressed criteria is met by the current filter context.
40 class SHIBSP_API MatchFunctor
42 MAKE_NONCOPYABLE(MatchFunctor);
46 virtual ~MatchFunctor();
49 * Evaluates this matching criteria. This evaluation is used when a filtering engine determines policy
52 * @param filterContext current filtering context
53 * @return true if the criteria for this matching function are met
54 * @throws AttributeFilteringException thrown if the function can not be evaluated
56 virtual bool evaluatePolicyRequirement(const FilteringContext& filterContext) const=0;
59 * Evaluates this matching criteria. This evaluation is used when a filtering engine is filtering attribute
62 * @param filterContext the current filtering context
63 * @param attribute the attribute being evaluated
64 * @param index the index of the attribute value being evaluated
65 * @return true if the criteria for this matching function are met
66 * @throws AttributeFilteringException thrown if the function can not be evaluated
68 virtual bool evaluatePermitValue(const FilteringContext& filterContext, const Attribute& attribute, size_t index) const=0;
71 /** Always evaluates to true. */
72 extern SHIBSP_API xmltooling::QName AnyMatchFunctorType;
74 /** Conjunction MatchFunctor. */
75 extern SHIBSP_API xmltooling::QName AndMatchFunctorType;
77 /** Disjunction MatchFunctor. */
78 extern SHIBSP_API xmltooling::QName OrMatchFunctorType;
80 /** Negating MatchFunctor. */
81 extern SHIBSP_API xmltooling::QName NotMatchFunctorType;
83 /** Matches the issuing entity's name. */
84 extern SHIBSP_API xmltooling::QName AttributeIssuerStringType;
86 /** Matches the requesting entity's name. */
87 extern SHIBSP_API xmltooling::QName AttributeRequesterStringType;
89 /** Matches the principal's authentication method/class or context reference. */
90 extern SHIBSP_API xmltooling::QName AuthenticationMethodStringType;
92 /** Matches an attribute's string value. */
93 extern SHIBSP_API xmltooling::QName AttributeValueStringType;
95 /** Matches an attribute's "scope". */
96 extern SHIBSP_API xmltooling::QName AttributeScopeStringType;
98 /** Matches the issuing entity's name. */
99 extern SHIBSP_API xmltooling::QName AttributeIssuerRegexType;
101 /** Matches the requesting entity's name. */
102 extern SHIBSP_API xmltooling::QName AttributeRequesterRegexType;
104 /** Matches the principal's authentication method/class or context reference. */
105 extern SHIBSP_API xmltooling::QName AuthenticationMethodRegexType;
107 /** Matches an attribute's string value. */
108 extern SHIBSP_API xmltooling::QName AttributeValueRegexType;
110 /** Matches an attribute's "scope". */
111 extern SHIBSP_API xmltooling::QName AttributeScopeRegexType;
113 /** Matches based on the number of values. */
114 extern SHIBSP_API xmltooling::QName NumberOfAttributeValuesType;
116 /** Matches based on metadata groups of issuer. */
117 extern SHIBSP_API xmltooling::QName AttributeIssuerInEntityGroupType;
119 /** Matches based on metadata groups of requester. */
120 extern SHIBSP_API xmltooling::QName AttributeRequesterInEntityGroupType;
122 /** Matches based on metadata groups of requester. */
123 extern SHIBSP_API xmltooling::QName InEntityGroupType;
125 /** Matches based on entity attributes of issuer. */
126 extern SHIBSP_API xmltooling::QName AttributeIssuerEntityAttributeExactMatchType;
128 /** Matches based on entity attributes of requester. */
129 extern SHIBSP_API xmltooling::QName AttributeRequesterEntityAttributeExactMatchType;
131 /** Matches based on entity attributes of requester. */
132 extern SHIBSP_API xmltooling::QName EntityAttributeExactMatchType;
134 /** Matches based on entity attributes of issuer and a regex. */
135 extern SHIBSP_API xmltooling::QName AttributeIssuerEntityAttributeRegexMatchType;
137 /** Matches based on entity attributes of requester and a regex. */
138 extern SHIBSP_API xmltooling::QName AttributeRequesterEntityAttributeRegexMatchType;
140 /** Matches based on entity attributes of requester and a regex. */
141 extern SHIBSP_API xmltooling::QName EntityAttributeRegexMatchType;
143 /** Matches based on issuer and pluggable criteria. */
144 extern SHIBSP_API xmltooling::QName AttributeIssuerEntityMatcherType;
146 /** Matches based on requester and pluggable criteria. */
147 extern SHIBSP_API xmltooling::QName AttributeRequesterEntityMatcherType;
149 /** Matches based on metadata Scope extensions. */
150 extern SHIBSP_API xmltooling::QName AttributeScopeMatchesShibMDScopeType;
152 /** Matches based on NameID NameQualifiers. */
153 extern SHIBSP_API xmltooling::QName NameIDQualifierStringType;
155 /** Matches based on RegistrationAuthority extension in issuer's metadata. */
156 extern SHIBSP_API xmltooling::QName AttributeIssuerRegistrationAuthorityType;
158 /** Matches based on RegistrationAuthority extension in requester's metadata. */
159 extern SHIBSP_API xmltooling::QName RegistrationAuthorityType;
162 * Registers MatchFunctor classes into the runtime.
164 void SHIBSP_API registerMatchFunctors();
167 #endif /* __shibsp_matchfunc_h__ */