remoting/ListenerService.h
secinclude_HEADERS = \
- security/PKIXTrustEngine.h
+ security/PKIXTrustEngine.h \
+ security/SecurityPolicy.h
utilinclude_HEADERS = \
util/DOMPropertySet.h \
remoting/impl/TCPListener.cpp \
remoting/impl/UnixListener.cpp \
security/PKIXTrustEngine.cpp \
+ security/SecurityPolicy.cpp \
util/DOMPropertySet.cpp \
util/SPConstants.cpp \
util/TemplateParameters.cpp
return;\r
}\r
\r
- SecurityPolicy policy;\r
+ shibsp::SecurityPolicy policy(ctx.getApplication());\r
MetadataCredentialCriteria mcc(*AA);\r
- shibsp::SOAPClient soaper(ctx.getApplication(),policy);\r
+ shibsp::SOAPClient soaper(policy);\r
const PropertySet* policySettings = ctx.getApplication().getServiceProvider().getPolicySettings(ctx.getApplication().getString("policyId").second);\r
pair<bool,bool> signedAssertions = policySettings->getBool("signedAssertions");\r
\r
return;\r
}\r
\r
- SecurityPolicy policy;\r
+ shibsp::SecurityPolicy policy(ctx.getApplication());\r
MetadataCredentialCriteria mcc(*AA);\r
- shibsp::SOAPClient soaper(ctx.getApplication(),policy);\r
+ shibsp::SOAPClient soaper(policy);\r
const PropertySet* policySettings = ctx.getApplication().getServiceProvider().getPolicySettings(ctx.getApplication().getString("policyId").second);\r
pair<bool,bool> signedAssertions = policySettings->getBool("signedAssertions");\r
\r
#ifndef __shibsp_soap11client_h__
#define __shibsp_soap11client_h__
-#include <shibsp/Application.h>
+#include <shibsp/security/SecurityPolicy.h>
#include <saml/binding/SOAPClient.h>
#include <xmltooling/security/CredentialResolver.h>
/**
* Creates a SOAP client instance for an Application to use.
*
- * @param application reference to Application
- * @param policy reference to (empty) SecurityPolicy to apply
+ * @param policy reference to SP-SecurityPolicy to apply
*/
- SOAPClient(const Application& application, opensaml::SecurityPolicy& policy);
+ SOAPClient(SecurityPolicy& policy);
virtual ~SOAPClient() {
if (m_credResolver)
*/
#include "internal.h"
+#include "Application.h"
#include "exceptions.h"
#include "ServiceProvider.h"
#include "binding/SOAPClient.h"
using namespace log4cpp;
using namespace std;
-SOAPClient::SOAPClient(const Application& application, opensaml::SecurityPolicy& policy)
- : opensaml::SOAPClient(policy), m_app(application), m_settings(NULL), m_relyingParty(NULL), m_credResolver(NULL)
+SOAPClient::SOAPClient(SecurityPolicy& policy)
+ : opensaml::SOAPClient(policy), m_app(policy.getApplication()), m_settings(NULL), m_relyingParty(NULL), m_credResolver(NULL)
{
- pair<bool,const char*> policyId = m_app.getString("policyId");
- m_settings = application.getServiceProvider().getPolicySettings(policyId.second);
- const vector<const opensaml::SecurityPolicyRule*>& rules = application.getServiceProvider().getPolicyRules(policyId.second);
- for (vector<const opensaml::SecurityPolicyRule*>::const_iterator rule=rules.begin(); rule!=rules.end(); ++rule)
- policy.addRule(*rule);
- policy.setMetadataProvider(application.getMetadataProvider());
- policy.setTrustEngine(application.getTrustEngine());
+ m_settings = m_app.getServiceProvider().getPolicySettings(m_app.getString("policyId").second);
pair<bool,bool> validate = m_settings->getBool("validate");
policy.setValidating(validate.first && validate.second);
setValidating(validate.first && validate.second);
--- /dev/null
+/*
+ * Copyright 2001-2007 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * SecurityPolicy.cpp
+ *
+ * SP-specific SecurityPolicy subclass.
+ */
+
+#include "internal.h"
+#include "Application.h"
+#include "ServiceProvider.h"
+#include "security/SecurityPolicy.h"
+
+using namespace shibsp;
+
+SecurityPolicy::SecurityPolicy(const Application& application, const xmltooling::QName* role, bool validate)
+ : opensaml::SecurityPolicy(
+ application.getServiceProvider().getPolicyRules(application.getString("policyId").second),
+ application.getMetadataProvider(),
+ role,
+ application.getTrustEngine(),
+ validate),
+ m_application(application)
+{
+}
--- /dev/null
+/*
+ * Copyright 2001-2007 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file shibsp/security/SecurityPolicy.h
+ *
+ * SP-specific SecurityPolicy subclass.
+ */
+
+#ifndef __shibsp_secpol_h__
+#define __shibsp_secpol_h__
+
+#include <shibsp/base.h>
+#include <saml/binding/SecurityPolicy.h>
+
+namespace shibsp {
+
+ class SHIBSP_API Application;
+
+ /**
+ * SP-specific SecurityPolicy subclass.
+ */
+ class SHIBSP_API SecurityPolicy : public opensaml::SecurityPolicy
+ {
+ public:
+ /**
+ * Constructor for policy.
+ *
+ * @param application an Application instance
+ * @param role identifies the role (generally IdP or SP) of the policy peer
+ * @param validate true iff XML parsing should be done with validation
+ */
+ SecurityPolicy(const Application& application, const xmltooling::QName* role=NULL, bool validate=true);
+
+ virtual ~SecurityPolicy() {}
+
+ /**
+ * Returns the Application associated with the policy.
+ *
+ * @return the associated Application
+ */
+ const Application& getApplication() const {
+ return m_application;
+ }
+
+ private:
+ const Application& m_application;
+ };
+
+};
+
+#endif /* __shibsp_secpol_h__ */
RelativePath=".\security\PKIXTrustEngine.cpp"\r
>\r
</File>\r
+ <File\r
+ RelativePath=".\security\SecurityPolicy.cpp"\r
+ >\r
+ </File>\r
</Filter>\r
<Filter\r
Name="metadata"\r
RelativePath=".\security\PKIXTrustEngine.h"\r
>\r
</File>\r
+ <File\r
+ RelativePath=".\security\SecurityPolicy.h"\r
+ >\r
+ </File>\r
</Filter>\r
<Filter\r
Name="metadata"\r
else\r
throw MetadataException("No AttributeAuthority role found in metadata.");\r
\r
- SecurityPolicy policy;\r
- shibsp::SOAPClient soaper(*app,policy);\r
+ shibsp::SecurityPolicy policy(*app);\r
+ shibsp::SOAPClient soaper(policy);\r
MetadataCredentialCriteria mcc(*AA);\r
\r
if (ver == v20) {\r