2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file shibsp/AccessControl.h
20 * Interface to an access control plugin
23 #ifndef __shibsp_acl_h__
24 #define __shibsp_acl_h__
26 #include <shibsp/base.h>
27 #include <xmltooling/Lockable.h>
31 class SHIBSP_API Session;
32 class SHIBSP_API SPRequest;
35 * Interface to an access control plugin
37 * Access control plugins return authorization decisions based on the intersection
38 * of the resource request and the active session. They can be implemented through
39 * cross-platform or platform-specific mechanisms.
41 class SHIBSP_API AccessControl : public virtual xmltooling::Lockable
43 MAKE_NONCOPYABLE(AccessControl);
47 virtual ~AccessControl() {}
50 * Perform an authorization check.
52 * @param request SP request information
53 * @param session active user session, if any
54 * @return true iff access should be granted
56 virtual bool authorized(const SPRequest& request, const Session* session) const=0;
60 * Registers AccessControl classes into the runtime.
62 void SHIBSP_API registerAccessControls();
64 /** AccessControl based on rudimentary XML syntax. */
65 #define XML_ACCESS_CONTROL "XML"
67 /** Reserved for Apache-style .htaccess support. */
68 #define HT_ACCESS_CONTROL "htaccess"
71 #endif /* __shibsp_acl_h__ */